build(deps): bump js-yaml from 4.1.0 to 4.1.1 by dependabot[bot] · Pull Request #860 · docker/actions-toolkit (original) (raw)
Bumps js-yaml from 4.1.0 to 4.1.1.
Changelog
Sourced from js-yaml's changelog.
[4.1.1] - 2025-11-12
Security
- Fix prototype pollution issue in yaml merge (<<) operator.
Commits
- cc482e7 4.1.1 released
- 50968b8 dist rebuild
- d092d86 lint fix
- 383665f fix prototype pollution in merge (<<)
- 0d3ca7a README.md: HTTP => HTTPS (#678)
- 49baadd doc: 'empty' style option for !!null
- ba3460e Fix demo link (#618)
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)