Unleash / unleash / 19388766833
86%
master: 91%

LAST BUILD BRANCH: main
DEFAULT BRANCH: master
Ran
Jobs 1
Files 1218
Run time 2min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 91.172% (+0.008%) from 91.164%
19388766833

push

github

web-flow 
chore(deps): update dependency js-yaml to v4.1.1 [security] (#10986)

This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [js-yaml](https://redirect.github.com/nodeca/js-yaml) | [`4.1.0` ->
`4.1.1`](https://renovatebot.com/diffs/npm/js-yaml/4.1.0/4.1.1) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/js-yaml/4.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/js-yaml/4.1.0/4.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-64718](https://redirect.github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m)

### Impact

In js-yaml 4.1.0 and below, it's possible for an attacker to modify the
prototype of the result of a parsed yaml document via prototype
pollution (`__proto__`). All users who parse untrusted yaml documents
may be impacted.

### Patches

Problem is patched in js-yaml 4.1.1.

### Workarounds

You can protect against this kind of attack on the server by using `node
--disable-proto=delete` or `deno` (in Deno, pollution protection is on
by default).

### References


https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html

---

### Release Notes

<details>
<summary>nodeca/js-yaml (js-yaml)</summary>

###
[`v4.1.1`](https://redirect.github.com/nodeca/js-yaml/blob/HEAD/CHANGELOG.md#411---2025-11-12)

[Compare
Source](https://redirect.github.com/nodeca/js-yaml/compare/4.1.0...4.1.1)

##### Security

- Fix prototype pollution issue in yaml merge (<<) operator.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
a... (continued)

7232 of 7286 branches covered (99.26%)

69131 of 75825 relevant lines covered (91.17%)

452.6 hits per line

Jobs
ID Job ID Ran Files Coverage
1 19388766833.1 1218
91.17
 GitHub Action Run
Source Files on build 19388766833