chore(deps): Bump the npm_and_yarn group across 2 directories with 6 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the /autogpt_platform/frontend directory:

Package	From	To
next	15.4.4	15.4.10
storybook	9.0.17	9.1.17
js-yaml	4.1.0	4.1.1
mdast-util-to-hast	13.2.0	13.2.1
qs	6.14.0	6.14.1
validator	13.15.15	13.15.26

Bumps the npm_and_yarn group with 1 update in the /classic/benchmark/frontend directory: next.

Updates next from 15.4.4 to 15.4.10

Release notes

Sourced from next's releases.

v15.4.10

Please see the Next.js Security Update for information about this security patch.

v15.4.8

Please see CVE-2025-66478 for additional details about this release.

Commits

• 43cb546 v15.4.10
• 6129673 Backport facebook/react#35351 for 15.4.9 (#87087)
• d1449e5 v15.4.9
• 596f513 Update React Version (#42)
• 2ff781e Update React Version (#31)
• d0edaac Backport Next.js changes to v15.4.9 (#24)
• bd84546 lock binaries
• 4966847 v15.4.8
• bf8d31c update version script
• bed530f Update React Version for Next.js 15.4.8 (#9)
• Additional commits viewable in compare view

Updates storybook from 9.0.17 to 9.1.17

Release notes

Sourced from storybook's releases.

v9.1.17

9.1.17

• Core: Fix .env-file parsing, thanks @​jreinhold!

v9.1.16

9.1.16

• CLI: Fix Nextjs project creation in empty directories - #32828, thanks @​yannbf!
• Core: Add `experimental_devServer` preset - #32862, thanks @​yannbf!
• Telemetry: Fix preview-first-load event - #32859, thanks @​shilman!

v9.1.15

9.1.15

• Core: Add `preview-first-load` telemetry - #32770, thanks @​shilman!
• Dependencies: Update `vite-plugin-storybook-nextjs` - #32821, thanks @​ndelangen!

v9.1.14

9.1.14

• NextJS: Add NextJS 16 support - #32791, thanks @​yannbf and @​ndelangen!
• Addon-Vitest: Support Vitest 4 - #32819, thanks @​yannbf and @​ndelangen!
• CSF: Fix `play-fn` tag for methods - #32695, thanks @​shilman!

v9.1.12

9.1.12

• Maintenance: Hotfix for missing nextjs dts files, thanks @​ndelangen!

v9.1.11

9.1.11

• Automigration: Improve the viewport/backgrounds automigration - #32619, thanks @​valentinpalkovic!
• Mocking: Fix `sb.mock` usage in Storybook's deployed in subpaths - #32678, thanks @​valentinpalkovic!
• NextJS-Vite: Automatically fix bad PostCSS configuration - #32691, thanks @​ndelangen!
• React Native Web: Fix REACT_NATIVE_AND_RNW should detect vite builder - #32718, thanks @​dannyhw!
• Telemetry: Add metadata for react routers - #32615, thanks @​shilman!

v9.1.10

9.1.10

• Automigrations: Add automigration for viewport and backgrounds - #31614, thanks @​valentinpalkovic!
• Telemetry: Log userAgent in onboarding - #32566, thanks @​shilman!

v9.1.9

9.1.9

• Angular: Enable experimental zoneless detection on Angular v21 - #32580, thanks @​yannbf!
• Svelte: Ignore inherited HTMLAttributes docgen when using utility types - #32173, thanks @​steciuk!

... (truncated)

Changelog

Sourced from storybook's changelog.

10.1.11

• React: Fix several CSF factory bugs - #33354, thanks @​kasperpeulen!
• UI: Fix React error 300 on some addons - #33381, thanks @​Sidnioulz!

10.1.10

• Core: Fix .env-file parsing - #33383, thanks @​JReinhold!
• Next.js: Handle v14 compatibility for draftMode import - #33341, thanks @​tanujbhaud!

10.1.9

• Telemetry: Remove instance of check for sub-error handling - #33356, thanks @​valentinpalkovic!

10.1.8

• React-Vite: Update @​joshwooding/vite-plugin-react-docgen-typescript - #33349, thanks @​valentinpalkovic!

10.1.7

• Automigrate: Fix missing await - #33333, thanks @​valentinpalkovic!
• CLI: Remove REACT_PROJECT projectType - #33334, thanks @​valentinpalkovic!
• Core: Exclude open from pre-bundling to make local xdg-open reachable - #33325, thanks @​Sidnioulz!
• Nextjs-Vite: Install vite during migration if not installed yet - #33316, thanks @​ghengeveld!
• Telemetry: Fix race condition in telemetry cache causing malformed JSON - #33323, thanks @​valentinpalkovic!

10.1.6

• Manager: Do not display non-existing shortcuts in the settings page - #32711, thanks @​DKER2!
• Preview: Enforce inert body if manager is focus-trapped - #33186, thanks @​Sidnioulz!
• Telemetry: Await pending operations in getLastEvents to prevent race conditions - #33285, thanks @​valentinpalkovic!
• UI: Fix keyboard navigation bug for "reset" option in Select - #33268, thanks @​Sidnioulz!

10.1.5

• Addon-Vitest: Isolate error reasons during postinstall - #33295, thanks @​valentinpalkovic!
• CLI: Fix react native template not copying in init - #33308, thanks @​dannyhw!
• Docs: Support Rolldown bundler module namespace objects - #33280, thanks @​akornmeier!

10.1.4

• Core: Enhance getPrettier function to provide prettier interface - #33260, thanks @​valentinpalkovic!
• NextJS: Alias image to use fileURLToPath for better resolution - #33256, thanks @​ndelangen!
• Telemetry: Cache Storybook metadata by main config content hash - #33247, thanks @​valentinpalkovic!

10.1.3

• Angular: Honor --loglevel and --logfile in dev/build - #33212, thanks @​valentinpalkovic!
• Core: Minor UI fixes - #33218, thanks @​ghengeveld!
• Telemetry: Add playwright-prompt - #33229, thanks @​valentinpalkovic!

... (truncated)

Commits

• d0d5a3d Bump version from 9.1.16 to 9.1.17 MANUALLY
• a06c257 filter env vars from .env files
• a54a04c Bump version from "9.1.15" to "9.1.16" [skip ci]
• ebd7ff5 Merge pull request #32859 from storybookjs/shilman/first-load-new-user
• da2da6e Merge pull request #32862 from storybookjs/yann/patch-dev-server-preset
• d0d17d9 Bump version from "9.1.14" to "9.1.15" [skip ci]
• b3129cd fix exports
• a78540a Merge pull request #32770 from storybookjs/shilman/preview-first-load
• 5afb39f Bump version from "9.1.13" to "9.1.14" [skip ci]
• 0617aaa improve typings of storybook/internal/babel
• Additional commits viewable in compare view

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Commits

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

Updates mdast-util-to-hast from 13.2.0 to 13.2.1

Release notes

Sourced from mdast-util-to-hast's releases.

13.2.1

Fix

• ab3a795 Fix support for spaces in class names

Types

• efb5312 Refactor to use @imports
• a5bc210 Add declaration maps

Full Changelog: syntax-tree/mdast-util-to-hast@13.2.0...13.2.1

Commits

• 174795b 13.2.1
• 3d05b3a Update Node in Actions
• ab3a795 Fix support for spaces in class names
• efb5312 Refactor to use @imports
• a5bc210 Add declaration maps
• b54955d Add .tsbuildinfo to .gitignore
• See full diff in compare view

Updates qs from 6.14.0 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

• [Fix] ensure arrayLength applies to [] notation as well
• [Fix] parse: when a custom decoder returns null for a key, ignore that key
• [Refactor] parse: extract key segment splitting helper
• [meta] add threat model
• [actions] add workflow permissions
• [Tests] stringify: increase coverage
• [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

Commits

• 3fa11a5 v6.14.1
• a626704 [Dev Deps] update npmignore
• 3086902 [Fix] ensure arrayLength applies to [] notation as well
• fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
• 0b06aac [Dev Deps] update @ljharb/eslint-config
• 64951f6 [Refactor] parse: extract key segment splitting helper
• e1bd259 [Dev Deps] update @ljharb/eslint-config
• f4b3d39 [eslint] add eslint 9 optional peer dep
• 6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
• 973dc3c [actions] add workflow permissions
• Additional commits viewable in compare view

Updates validator from 13.15.15 to 13.15.26

Release notes

Sourced from validator's releases.

13.15.26

Fixes, New Locales and Enhancements

• #2535 isHexColor: add require_hashtag option @​Numbers0689
• #2633 isURL: handle possible bypass with URL-encoded content @​WikiRik
• #2634 isIBAN: improve IR locale @​ds1371dani
• Doc fixes and others:
  • #2640 @​WikiRik

New Contributors

• @​ds1371dani made their first contribution in validatorjs/validator.js#2634
• @​Numbers0689 made their first contribution in validatorjs/validator.js#2535

Full Changelog: validatorjs/validator.js@13.15.23...13.15.26

13.15.23

Fixes, New Locales and Enhancements

• Doc fixes and others:
  • #2631 @​WikiRik

Full Changelog: validatorjs/validator.js@13.15.22...13.15.23

13.15.22

Fixes, New Locales and Enhancements

• #2622 isURL: fix regression with hostnames with ports @​mbtools
• #2616 isLength: improve handling Unicode variation selectors @​koral--
• Doc fixes and others:
  • #2621 @​mbtools

New Contributors

• @​mbtools made their first contribution in validatorjs/validator.js#2622
• @​koral-- made their first contribution in validatorjs/validator.js#2616

Full Changelog: validatorjs/validator.js@13.15.20...13.15.22

13.15.20

Fixes, New Locales and Enhancements

• #2556 isMobilePhone: add ar-QA locale @​WardKhaddour
• #2576 isAlpha/isAlphanuneric: add Indic locales (ta-IN, te-IN, kn-IN, ml-IN, gu-IN, pa-IN, or-IN) @​avadootharajesh
• #2574 isBase64: improve padding regex @​KrayzeeKev
• #2584 isVAT: improve FR locale @​iamAmer
• #2608 isURL: improve protocol detection. Resolves CVE-2025-56200 @​theofidry
• Doc fixes and others:
  • #2563 @​stoneLeaf
  • #2581 @​camillobruni

... (truncated)

Changelog

Sourced from validator's changelog.

13.15.26

Fixes, New Locales and Enhancements

• #2535 isHexColor: add require_hashtag option @​Numbers0689
• #2633 isURL: handle possible bypass with URL-encoded content @​WikiRik
• #2634 isIBAN: improve IR locale @​ds1371dani
• Doc fixes and others:
  • #2640 @​WikiRik

13.15.23

Fixes, New Locales and Enhancements

• Doc fixes and others:
  • #2631 @​WikiRik

13.15.22

Fixes, New Locales and Enhancements

• #2622 isURL: fix regression with hostnames with ports @​mbtools
• #2616 isLength: improve handling Unicode variation selectors @​koral--
• Doc fixes and others:
  • #2621 @​mbtools

13.15.20

Fixes, New Locales and Enhancements

• #2556 isMobilePhone: add ar-QA locale @​WardKhaddour
• #2576 isAlpha/isAlphanuneric: add Indic locales (ta-IN, te-IN, kn-IN, ml-IN, gu-IN, pa-IN, or-IN) @​avadootharajesh
• #2574 isBase64: improve padding regex @​KrayzeeKev
• #2584 isVAT: improve FR locale @​iamAmer
• #2608 isURL: improve protocol detection. Resolves CVE-2025-56200 @​theofidry
• Doc fixes and others:
  • #2563 @​stoneLeaf
  • #2581 @​camillobruni

Commits

• 784e52a docs(matches): add ReDoS note to README (#2640)
• 6531047 fix(isHexColor): add require_hashtag option (#2535)
• f605a9c fix(isURL): handle possible bypass with URL-encoded content (#2633)
• a165ebe fix(isIBAN): improve IR locale (#2634)
• 9113304 fix(build): move to trusted publishing (#2631)
• f2b5c17 maintenance: 2511 release (#2627)
• d457eca fix(isLength): correctly handle Unicode variation selectors (#2616)
• f2e3633 docs: add install instructions to contibution guide (#2621)
• cf40145 fix: URL validation for hostnames with ports (no protocol) (#2622)
• 4af6124 maintenance: 2510 release (#2585)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for validator since your current version.

Updates next from 13.5.11 to 16.1.1

Release notes

Sourced from next's releases.

v15.4.10

Please see the Next.js Security Update for information about this security patch.

v15.4.8

Please see CVE-2025-66478 for additional details about this release.

Commits

• 43cb546 v15.4.10
• 6129673 Backport facebook/react#35351 for 15.4.9 (#87087)
• d1449e5 v15.4.9
• 596f513 Update React Version (#42)
• 2ff781e Update React Version (#31)
• d0edaac Backport Next.js changes to v15.4.9 (#24)
• bd84546 lock binaries
• 4966847 v15.4.8
• bf8d31c update version script
• bed530f Update React Version for Next.js 15.4.8 (#9)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.