Update js-yaml dependency and regenerate distribution files

Bump js-yaml from 4.1.0 to 4.1.1
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
2025-12-14 22:25:11 +00:00 · 2025-11-17 11:52:30 +05:30 · 2025-11-14 15:43:08 +00:00
4 changed files with 26 additions and 19 deletions
--- a/.licenses/npm/js-yaml.dep.yml
+++ b/.licenses/npm/js-yaml.dep.yml
@@ -1,9 +1,9 @@
 ---
 name: js-yaml
-version: 4.1.0
+version: 4.1.1
 type: npm
 summary: YAML 1.2 parser and serializer
-homepage: https://github.com/nodeca/js-yaml
+homepage:
 license: mit
 licenses:
 - sources: LICENSE
--- a/dist/index.js
+++ b/dist/index.js
@@ -13162,6 +13162,22 @@ function charFromCodepoint(c) {
  );
 }

+// set a property of a literal object, while protecting against prototype pollution,
+// see https://github.com/nodeca/js-yaml/issues/164 for more details
+function setProperty(object, key, value) {
+  // used for this specific key only because Object.defineProperty is slow
+  if (key === '__proto__') {
+    Object.defineProperty(object, key, {
+      configurable: true,
+      enumerable: true,
+      writable: true,
+      value: value
+    });
+  } else {
+    object[key] = value;
+  }
+}
+
 var simpleEscapeCheck = new Array(256); // integer, for fast access
 var simpleEscapeMap = new Array(256);
 for (var i = 0; i < 256; i++) {
@@ -13340,7 +13356,7 @@ function mergeMappings(state, destination, source, overridableKeys) {
    key = sourceKeys[index];

    if (!_hasOwnProperty.call(destination, key)) {
-      destination[key] = source[key];
+      setProperty(destination, key, source[key]);
      overridableKeys[key] = true;
    }
  }
@@ -13400,17 +13416,7 @@ function storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, valu
      throwError(state, 'duplicated mapping key');
    }

-    // used for this specific key only because Object.defineProperty is slow
-    if (keyNode === '__proto__') {
-      Object.defineProperty(_result, keyNode, {
-        configurable: true,
-        enumerable: true,
-        writable: true,
-        value: valueNode
-      });
-    } else {
-      _result[keyNode] = valueNode;
-    }
+    setProperty(_result, keyNode, valueNode);
    delete overridableKeys[keyNode];
  }

--- a/package-lock.json
+++ b/package-lock.json
@@ -12,7 +12,7 @@
        "@actions/core": "^1.11.1",
        "@actions/github": "^6.0.0",
        "@octokit/plugin-retry": "^6.0.0",
-        "js-yaml": "^4.1.0",
+        "js-yaml": "^4.1.1",
        "lodash.isequal": "^4.5.0",
        "minimatch": "^10.0.1"
      },
@@ -4225,9 +4225,10 @@
      "dev": true
    },
    "node_modules/js-yaml": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
-      "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+      "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+      "license": "MIT",
      "dependencies": {
        "argparse": "^2.0.1"
      },
--- a/package.json
+++ b/package.json
@@ -30,7 +30,7 @@
    "@actions/core": "^1.11.1",
    "@actions/github": "^6.0.0",
    "@octokit/plugin-retry": "^6.0.0",
-    "js-yaml": "^4.1.0",
+    "js-yaml": "^4.1.1",
    "lodash.isequal": "^4.5.0",
    "minimatch": "^10.0.1"
  },