Update dependency js-yaml to v4

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
js-yaml	3.14.2 → 4.2.0

---

Release Notes

nodeca/js-yaml (js-yaml)

v4.2.0

Compare Source

Added

• Added docs/safety.md with notes about processing untrusted YAML.
• Added maxDepth (100) loader option. Not a problem, but gives a better
  exception instead of RangeError on stack overflow.
• Added maxMergeSeqLength (20) loader option. Not a problem after merge fix,
  but an additional restriction for safety.
• Added sourcemaps to dist/ builds.

Changed

• Stop resolving numbers with underscores as numeric scalars, #​627.
• Switched dev toolchains to Vite / neostandard.
• Updated demo.
• Reorganized tests.
• dist/ files are no longer kept in the repository.

Fixed

• Fix parsing of properties on the first implicit block mapping key, #​62.
• Fix trailing whitespace handling when folding flow scalar lines, #​307.
• Reject top-level block scalars without content indentation, #​280.
• Ensure numbers survive round-trip, #​737.
• Fix test coverage for issue #​221.
• Fix flow scalar trailing whitespace folding, #​307.
• Fix digits in YAML named tag handles.

Security

• Fix potential DoS via quadratic complexity in merge - deduplicate repeated
  elements (makes sense for malformed files > 10K).

v4.1.1

Compare Source

v4.1.0

Compare Source

Added

• Types are now exported as yaml.types.XXX.
• Every type now has options property with original arguments kept as they were
  (see yaml.types.int.options as an example).

Changed

• Schema.extend() now keeps old type order in case of conflicts
  (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

v4.0.0

Compare Source

Changed

• Check migration guide to see details for all breaking changes.
• Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are
  moved to js-yaml-js-types package.
• Breaking: removed safe* functions. Use load, loadAll, dump
  instead which are all now safe by default.
• yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use
  yaml.DEFAULT_SCHEMA instead.
• yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
• !!binary now always mapped to Uint8Array on load.
• Reduced nesting of /lib folder.
• Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal,
  0o1234 is octal, 1:23 is parsed as string instead of base60).
• dump() no longer quotes :, [, ], (, ) except when necessary, #​470, #​557.
• Line and column in exceptions are now formatted as (X:Y) instead of
  at line X, column Y (also present in compact format), #​332.
• Code snippet created in exceptions now contains multiple lines with line numbers.
• dump() now serializes undefined as null in collections and removes keys with
  undefined in mappings, #​571.
• dump() with skipInvalid=true now serializes invalid items in collections as null.
• Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #​576.
• Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #​258.

Added

• Added .mjs (es modules) support.
• Added quotingType and forceQuotes options for dumper to configure
  string literal style, #​290, #​529.
• Added styles: { '!!null': 'empty' } option for dumper
  (serializes { foo: null } as "foo: "), #​570.
• Added replacer option (similar to option in JSON.stringify), #​339.
• Custom Tag can now handle all tags or multiple tags with the same prefix, #​385.

Fixed

• Astral characters are no longer encoded by dump(), #​587.
• "duplicate mapping key" exception now points at the correct column, #​452.
• Extra commas in flow collections (e.g. [foo,,bar]) now throw an exception
  instead of producing null, #​321.
• __proto__ key no longer overrides object prototype, #​164.
• Removed bower.json.
• Tags are now url-decoded in load() and url-encoded in dump()
  (previously usage of custom non-ascii tags may have led to invalid YAML that can't be parsed).
• Anchors now work correctly with empty nodes, #​301.
• Fix incorrect parsing of invalid block mapping syntax, #​418.
• Throw an error if block sequence/mapping indent contains a tab, #​80.

---

Configuration

📅 Schedule: (in timezone Europe/London)

• Branch creation
  • Between 04:00 PM and 07:59 PM, Monday through Friday (* 16-19 * * 1-5)
• Automerge
  • Between 02:00 PM and 06:59 PM, Monday through Thursday (* 14-18 * * 1-4)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.