Update dependency js-yaml to v4.1.1 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
js-yaml	4.1.0 → 4.1.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

js-yaml has prototype pollution in merge (<<)

CVE-2025-64718 / GHSA-mh29-5h37-fv8m

More information

Details

Impact

In js-yaml 4.1.0, 4.0.0, and 3.14.1 and below, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__). All users who parse untrusted yaml documents may be impacted.

Patches

Problem is patched in js-yaml 4.1.1 and 3.14.2.

Workarounds

You can protect against this kind of attack on the server by using node --disable-proto=delete or deno (in Deno, pollution protection is on by default).

References

https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html

Severity

• CVSS Score: 5.3 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

• https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m
• https://nvd.nist.gov/vuln/detail/CVE-2025-64718
• https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879
• https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266
• https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876
• https://github.com/advisories/GHSA-mh29-5h37-fv8m

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

nodeca/js-yaml (js-yaml)

v4.1.1

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for kongdocs ready!

Name	Link
🔨 Latest commit	5e7508f
🔍 Latest deploy log	https://app.netlify.com/projects/kongdocs/deploys/69fd91877eb2170008ea254b
😎 Deploy Preview	https://deploy-preview-8926--kongdocs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	9 paths audited Performance: 72 (🟢 up 10 from production) Accessibility: 77 (🔴 down 10 from production) Best Practices: 99 (no change from production) SEO: 83 (🔴 down 9 from production) PWA: - View the detailed breakdown and full score reports
🤖 Make changes	Run an agent on this branch

---

To edit notification comments on pull requests, go to your Netlify project configuration.