fix(deps): update dependency js-yaml to v4.1.1 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
js-yaml	4.1.0 -> 4.1.1

GitHub Vulnerability Alerts

CVE-2025-64718

Impact

In js-yaml 4.1.0 and below, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__). All users who parse untrusted yaml documents may be impacted.

Patches

Problem is patched in js-yaml 4.1.1.

Workarounds

You can protect against this kind of attack on the server by using node --disable-proto=delete or deno (in Deno, pollution protection is on by default).

References

https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html

---

Release Notes

nodeca/js-yaml (js-yaml)

v4.1.1

Compare Source

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cypress]

BanManager-WebUI    Run #9013

Run Properties:   Passed #9013  •  6a0a3d1eda ℹ️: Merge 94d9ea9681845629cac740f9c5b99ca01876b6c8 into 817ff146cab0b833e03fb726ff3b...

Project	BanManager-WebUI
Branch Review	refs/pull/1676/merge
Run status	Passed #9013
Run duration	00m 47s
Commit	6a0a3d1eda ℹ️: Merge 94d9ea9681845629cac740f9c5b99ca01876b6c8 into 817ff146cab0b833e03fb726ff3b...
Committer	renovate[bot]
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	0
Skipped	0
Passing	15
View all changes introduced in this branch ↗︎