[Snyk] Upgrade js-yaml from 4.1.1 to 4.2.0

[snyk-io]

Snyk has created this PR to upgrade js-yaml from 4.1.1 to 4.2.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.

• The recommended version was released 22 days ago.

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[snyk-io]

This minor version upgrade introduces new safety features that could potentially impact systems processing very large or complex YAML files.

Key Changes:

• New Loader Limits: To prevent potential denial-of-service attacks, two new loader options have been added with default values: maxDepth: 100 and maxMergeSeqLength: 20. While intended as a safeguard, these new limits could cause parsing to fail for valid YAML documents that exceed this depth or merge sequence length.
• Bug Fixes: The release also includes several bug fixes related to number parsing, whitespace handling, and tag handles.

Recommendation: The risk is assessed as medium because the new default limits introduce stricter validation. It is recommended to verify that your production YAML documents do not exceed these new limits before upgrading.

Source: CHANGELOG.md

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.