From 92b4b6528c55b13edb4509bb10a639547f958b50 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 20 Nov 2025 10:16:31 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
---
 package-lock.json | 9 +++++----
 package.json      | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e156c34..5a177ca 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -12,7 +12,7 @@
         "@octokit/rest": "^18.0.3",
         "bluebird": "^3.7.2",
         "docopt": "0.6.2",
-        "js-yaml": "3.14.0",
+        "js-yaml": "^3.14.2",
         "mkdirp": "1.0.4",
         "openpgp": "4.10.8",
         "request": "2.88.2",
@@ -882,9 +882,10 @@
       "integrity": "sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo="
     },
     "node_modules/js-yaml": {
-      "version": "3.14.0",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.0.tgz",
-      "integrity": "sha512-/4IbIeHcD9VMHFqDR/gQ7EdZdLimOvW2DdcxFjdyyZ9NsbS+ccrXqVWDtab/lRl5AlUqmpBx8EhPaWR+OtY17A==",
+      "version": "3.14.2",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
+      "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
+      "license": "MIT",
       "dependencies": {
         "argparse": "^1.0.7",
         "esprima": "^4.0.0"
diff --git a/package.json b/package.json
index 14ccbdc..04106ee 100644
--- a/package.json
+++ b/package.json
@@ -19,7 +19,7 @@
     "@octokit/rest": "^18.0.3",
     "bluebird": "^3.7.2",
     "docopt": "0.6.2",
-    "js-yaml": "3.14.0",
+    "js-yaml": "3.14.2",
     "mkdirp": "1.0.4",
     "openpgp": "4.10.8",
     "request": "2.88.2",