chore(deps): bump tar and pdfjs-dist in /apps/frontend

[dependabot]

Removes tar. It's no longer used after updating ancestor dependency pdfjs-dist. These dependencies need to be updated together.

Removes tar

Updates pdfjs-dist from 3.4.120 to 5.4.624

Release notes

Sourced from pdfjs-dist's releases.

v5.4.624

This release contains improvements for accessibility, the annotation editor, image decoding, performance and the viewer.

Changes since v5.4.530

• Bump the stable version in pdfjs.config by @​timvandermeij in mozilla/pdf.js#20540
• Get glyph contours when stroking using a pattern by @​calixteman in mozilla/pdf.js#20515
• Use the PDFium JBig2 decoder compiled into wasm by @​calixteman in mozilla/pdf.js#20546
• Update dependencies and translations to the most recent versions by @​timvandermeij in mozilla/pdf.js#20547
• Fix wasm url issue for the jbig2 decoder by @​calixteman in mozilla/pdf.js#20548
• Revert "Remove some files from talos tests because they aren't available on webarchive" by @​timvandermeij in mozilla/pdf.js#20549
• Aria-hide artifacts in the text layer (bug 2004951) by @​calixteman in mozilla/pdf.js#20550
• Don't add an aria-label on MathML elements in the struct tree (bug 2004951) by @​calixteman in mozilla/pdf.js#20551
• Add some tests for the JBIG2 js decoder by @​calixteman in mozilla/pdf.js#20552
• Update jbig2 decoder (pdfium@3c679253a9e17c10be696d345c63636b18b7f925) by @​calixteman in mozilla/pdf.js#20566
• Don't use contents stream which have an image format by @​calixteman in mozilla/pdf.js#20570
• Hide the text in the text layer associated with MathML elements (bug 2009627) by @​calixteman in mozilla/pdf.js#20567
• Make sure the caret is black in dark mode when in caret browsing mode by @​calixteman in mozilla/pdf.js#20569
• Add the possibility to drag & drop some thumbnails in the pages view (bug 2009573) by @​calixteman in mozilla/pdf.js#20559
• Select the dropped thumbnail (bug 2010820) by @​calixteman in mozilla/pdf.js#20578
• The 'find in page' feature must correctly work after the pages have been reorganized (bug 2010814) by @​calixteman in mozilla/pdf.js#20577
• Avoid exception after having moved an annotation by @​calixteman in mozilla/pdf.js#20572
• Add the possibility to order the pages in an extracted pdf (bug 1997379) by @​calixteman in mozilla/pdf.js#20475
• Bump lodash from 4.17.21 to 4.17.23 by @​dependabot[bot] in mozilla/pdf.js#20588
• Update image pattern in gulpfile to accommodate missing images by @​dgiessing in mozilla/pdf.js#20554
• Hide the menu container in changing it's visibility by @​calixteman in mozilla/pdf.js#20583
• Fix links and outline after reorganizing a pdf by @​calixteman in mozilla/pdf.js#20580
• Use DecompressionStream in async code by @​calixteman in mozilla/pdf.js#20593
• Fix the drag marker dimensions in the thumbnails view by @​calixteman in mozilla/pdf.js#20591
• Bug 1999154 - Add the ability to undo comment deletion by @​marco-c in mozilla/pdf.js#20586
• Refactor a bit page mapping stuff in order to be able to support delete/copy pages by @​calixteman in mozilla/pdf.js#20587
• Add a manage button in the thumbnail view in order to save an edited pdf (bug 2010830) by @​calixteman in mozilla/pdf.js#20582
• Fix the sidebar resizer accessibility by @​calixteman in mozilla/pdf.js#20598
• [Node.js] Don't abort the full request for local PDF files smaller than two range requests, and use standard ReadableStreams by @​Snuffleupagus in mozilla/pdf.js#20594
• Simplify the NetworkManager class, and inline it in the PDFNetworkStream class by @​Snuffleupagus in mozilla/pdf.js#20595
• Simplify the FileSpec class, and remove no longer needed polyfills by @​Snuffleupagus in mozilla/pdf.js#20596
• Remove unit-tests for global ReadableStream and URL by @​Snuffleupagus in mozilla/pdf.js#20605
• Improve preferences building, and generate the preferences_schema.json file for the Chromium addon by @​Snuffleupagus in mozilla/pdf.js#20603
• Replace the IPDFStream, IPDFStreamReader, and IPDFStreamRangeReader interfaces with proper base classes by @​Snuffleupagus in mozilla/pdf.js#20602
• fix: Fix mailto links truncated at dash by @​kairosci in mozilla/pdf.js#20565

v5.4.530

This release, the final one of 2025, contains improvements for accessibility, font conversion, image conversion, performance, text selection and the viewer.

Changes since v5.4.449

• Bump the stable version in pdfjs.config by @​timvandermeij in mozilla/pdf.js#20469
• [Editor] Pointer type initialization only when the user changes the mode by @​legraina in mozilla/pdf.js#20226
• Update dependencies and translations to the most recent versions by @​timvandermeij in mozilla/pdf.js#20470
• Aria-hide the text content part of a MathML formula (bug 1998046) by @​calixteman in mozilla/pdf.js#20471
• Inject the text from the text layer in the MathML tags when they're in the struct tree (bug 1998046) by @​calixteman in mozilla/pdf.js#20472
• Add a menu class in order to be used in the new UI for the merge feature by @​calixteman in mozilla/pdf.js#20483

... (truncated)

Commits

• 384c620 Merge pull request #20565 from kairosci/fix-bug-20557
• e4cd317 Merge pull request #20602 from Snuffleupagus/BasePDFStream-2
• ecb09d6 Add the current loading percentage to the onPassword callback
• 4ca205b Add an abstract BasePDFStreamRangeReader class, that all the old `IPDFStrea...
• 54d8c5e Add an abstract BasePDFStreamReader class, that all the old `IPDFStreamRead...
• 4a8fb4d Add an abstract BasePDFStream class, that all the old IPDFStream implemen...
• a80f10f Remove the onProgress callback from the IPDFStreamRangeReader interface
• 05b78ce Stop registering an onProgress callback on the PDFWorkerStreamRangeReader...
• 9872657 Remove the unused IPDFStreamRangeReader.prototype.isStreamingSupported getter
• 62d5408 Stop tracking progressiveDataLength in the ChunkedStreamManager class
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for pdfjs-dist since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.