chore(deps): update dependency @playwright/mcp to v0.0.55

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@playwright/mcp (source)	0.0.52 → 0.0.55

---

Release Notes

microsoft/playwright-mcp (@​playwright/mcp)

v0.0.55

Compare Source

🔐 Security & Safety

• MCP now enforces protocol and filesystem access restrictions by default:
  • Browser navigation and API requests are limited to http:, https:, about:, and data: URLs; file:// is blocked.
  • File uploads (setInputFiles, file choosers, MCP file tools) are restricted to workspace root directories (or cwd if no roots are configured).
• Added --allow-unrestricted-file-access (and allowUnrestrictedFileAccess config) to explicitly opt out, allowing:
  • Access to files outside workspace roots.
  • Navigation and requests to file:// URLs.

📁 Artifacts & Output

• MCP-recorded videos are now saved under outputDir/videos

v0.0.54

Compare Source

Bug Fixes

• MCP extension now only connects to MCP server running on the same machine (microsoft/playwright#38626)

v0.0.53

Compare Source

Bug Fixes

• Fixed persistence of saveVideo in configs (microsoft/playwright#38621)
• Fixed issue with empty snapshots sometimes written into .md files (microsoft/playwright#38583)
• Removed 50 MB upload limit when uploading files in the Playwright extension (https://redirect.github.com/microsoft/playwright/pull/38614)-

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🔒 MCP Security Scan Results

❌ playwright-mcp

• Status: Failed
• Tools scanned: 22
• Vulnerabilities found: 2

Security issues detected:

• [W005] The tool is not in our registry, even though the server is.
• [W005] The tool is not in our registry, even though the server is.

Allowed issues (not blocking):

• [TF001] Data leak toxic flow detected. The same agent has access to at least one tool that produces untrusted content, one tool that can access private data, and one tool that can behave as a public sink. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF001 (Allowed: Data leak risk acceptable - tool designed for browser automation and web testing workflows where external content interaction is essential. Users should be aware of potential data exposure when automating web interactions.)
• [TF002] Destructive toxic flow detected. The same agent has access to at least one tool that produces untrusted content and one tool that can behave destructively. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF002 (Allowed: Destructive flow risk acceptable - browser automation tools are core functionality for web testing and automation. Users should only use with trusted prompts and on non-production systems.)

---

Summary: Scanned 1 MCP server(s), found 2 security issue(s).

⚠️ Action Required: Security issues were detected. Please review and address them before merging.