Fix vulnerability in js-yaml by upgrading to 4.1.1

Xavier Jurado Cristobal · meta-codesync[bot] · commit 0c1ab2a79ebf · 2025-11-19T03:17:30.000-08:00
Summary:
Updated the `js-yaml` dependency from version 4.1.0 to ^4.1.1 to address a known security vulnerability. The package was added as a direct dependency to ensure explicit control over the version and allow future patch and minor version updates.

This change affects the QuickLayout documentation site which uses Docusaurus. The semver range (^4.1.1) ensures that future patch versions (4.1.2, 4.1.3, etc.) and minor versions (4.2.0, 4.3.0, etc.) will be automatically picked up while preventing breaking changes from major version updates.

Reviewed By: saadhzahid

Differential Revision: D87346632

fbshipit-source-id: 0ba9971a8386264b6ef8cf4fb3c2c0cf06f8e8c1
diff --git a/Sources/QuickLayout/docs/package.json b/Sources/QuickLayout/docs/package.json
@@ -23,6 +23,7 @@
     "classnames": "^2.5.1",
     "clsx": "^2.0.0",
     "docusaurus-plugin-internaldocs-fb": "1.19.2",
+    "js-yaml": "^4.1.1",
     "loader-utils": "3.3.1",
     "prism-react-renderer": "^2.3.0",
     "react": "^18.2.0",
diff --git a/Sources/QuickLayout/docs/yarn.lock b/Sources/QuickLayout/docs/yarn.lock
@@ -8050,17 +8050,17 @@ joi@^17.9.2:
   integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==
 
 js-yaml@^3.13.1:
-  version "3.14.1"
-  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.14.1.tgz#dae812fdb3825fa306609a8717383c50c36a0537"
-  integrity sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==
+  version "3.14.2"
+  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.14.2.tgz#77485ce1dd7f33c061fd1b16ecea23b55fcb04b0"
+  integrity sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==
   dependencies:
     argparse "^1.0.7"
     esprima "^4.0.0"
 
-js-yaml@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602"
-  integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==
+js-yaml@^4.1.0, js-yaml@^4.1.1:
+  version "4.1.1"
+  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.1.tgz#854c292467705b699476e1a2decc0c8a3458806b"
+  integrity sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==
   dependencies:
     argparse "^2.0.1"
 
@@ -12076,7 +12076,7 @@ spdy@^4.0.2:
 sprintf-js@~1.0.2:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c"
-  integrity sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=
+  integrity sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==
 
 srcset@^4.0.0:
   version "4.0.0"
