chore(deps): bump js-yaml to fix prototype pollution in merge

[antonis]

Summary

• Fixes prototype pollution via merge (<<) in both the 3.x and 4.x series
• 3.x (3.14.1 → 3.14.2): uses parent-scoped resolutions for the four 3.x consumers (@istanbuljs/load-nyc-config, @yarnpkg/parsers, cosmiconfig, front-matter) to preserve 3.x API compatibility — js-yaml 4.x has breaking API changes (safeLoad removed)
• 4.x (4.1.0 → 4.1.1): unscoped resolution covers all remaining consumers

Dependabot alerts

• https://github.com/getsentry/sentry-react-native/security/dependabot/376
• https://github.com/getsentry/sentry-react-native/security/dependabot/377

Test plan

• yarn install resolves 3.x consumers to 3.14.2 and 4.x consumers to 4.1.1
• yarn build passes
• yarn test passes

🤖 Generated with Claude Code

[github-actions]

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

• chore(deps): bump js-yaml to fix prototype pollution in merge by antonis in #5709

• chore(deps): bump axios to ^1.13.5 by antonis in #5708
• chore(deps): bump on-headers to ^1.1.0 by antonis in #5704
• chore(deps): bump dottie from 2.0.6 to 2.0.7 by dependabot in #5731
• Cirrus Labs runners for other important workflows (where it makes sense to do so) + Ubuntu update (22.04 -> 24.04) by alwx in #5696
• chore(deps): bump diff to ^5.2.2 by antonis in #5705
• chore(deps): update Bundler Plugins to v5.1.1 by github-actions in #5700
• chore(deps): update JavaScript SDK to v10.40.0 by github-actions in #5715
• ci: Cancel in-progress CI jobs when a PR is closed or merged by antonis in #5725

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

Android (legacy) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	501.10 ms	512.40 ms	11.30 ms
Size	43.75 MiB	48.46 MiB	4.71 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
ec14be7+dirty	403.50 ms	411.46 ms	7.96 ms
e76d0d3+dirty	404.18 ms	411.53 ms	7.35 ms
785ffb1	471.92 ms	460.96 ms	-10.96 ms
ff5a06a+dirty	405.97 ms	439.24 ms	33.27 ms
6416d6c+dirty	407.30 ms	422.00 ms	14.70 ms
eec00c2+dirty	447.08 ms	469.04 ms	21.96 ms
7480abe+dirty	411.60 ms	405.81 ms	-5.78 ms
c08359e	421.87 ms	445.37 ms	23.50 ms
64cd15c	439.02 ms	427.63 ms	-11.39 ms
af9331b	449.77 ms	479.20 ms	29.43 ms

App size

Revision	Plain	With Sentry	Diff
ec14be7+dirty	17.75 MiB	19.69 MiB	1.94 MiB
e76d0d3+dirty	17.75 MiB	19.71 MiB	1.96 MiB
785ffb1	17.75 MiB	20.15 MiB	2.41 MiB
ff5a06a+dirty	43.75 MiB	48.05 MiB	4.29 MiB
6416d6c+dirty	43.75 MiB	48.05 MiB	4.30 MiB
eec00c2+dirty	43.75 MiB	48.05 MiB	4.29 MiB
7480abe+dirty	17.75 MiB	19.68 MiB	1.94 MiB
c08359e	17.75 MiB	20.15 MiB	2.41 MiB
64cd15c	17.75 MiB	20.15 MiB	2.41 MiB
af9331b	17.75 MiB	19.68 MiB	1.94 MiB

Previous results on branch: antonis/bump-js-yaml

Startup times

Revision	Plain	With Sentry	Diff
1c0070d+dirty	396.42 ms	444.56 ms	48.14 ms
8c6a2d5+dirty	402.84 ms	427.48 ms	24.64 ms

App size

Revision	Plain	With Sentry	Diff
1c0070d+dirty	43.75 MiB	48.46 MiB	4.71 MiB
8c6a2d5+dirty	43.75 MiB	48.46 MiB	4.71 MiB

[github-actions]

iOS (legacy) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	1222.44 ms	1226.71 ms	4.27 ms
Size	3.38 MiB	4.78 MiB	1.40 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
ea3e26e+dirty	1229.13 ms	1228.46 ms	-0.67 ms
80e4616+dirty	1221.32 ms	1225.64 ms	4.32 ms
818a608+dirty	1205.76 ms	1208.00 ms	2.24 ms
77061ed+dirty	1233.16 ms	1234.88 ms	1.71 ms
bef3709+dirty	1222.07 ms	1220.24 ms	-1.83 ms
a206511+dirty	1185.00 ms	1186.35 ms	1.35 ms
74979ac+dirty	1210.49 ms	1213.31 ms	2.82 ms
a2bb688+dirty	1223.53 ms	1232.90 ms	9.37 ms
8a868fe+dirty	1221.50 ms	1230.78 ms	9.28 ms
d590428+dirty	1211.77 ms	1220.51 ms	8.75 ms

App size

Revision	Plain	With Sentry	Diff
ea3e26e+dirty	3.41 MiB	4.58 MiB	1.17 MiB
80e4616+dirty	3.38 MiB	4.60 MiB	1.22 MiB
818a608+dirty	2.63 MiB	3.91 MiB	1.28 MiB
77061ed+dirty	2.63 MiB	3.98 MiB	1.34 MiB
bef3709+dirty	3.38 MiB	4.78 MiB	1.40 MiB
a206511+dirty	3.41 MiB	4.67 MiB	1.25 MiB
74979ac+dirty	3.38 MiB	4.60 MiB	1.22 MiB
a2bb688+dirty	2.63 MiB	3.99 MiB	1.36 MiB
8a868fe+dirty	3.38 MiB	4.60 MiB	1.22 MiB
d590428+dirty	3.38 MiB	4.78 MiB	1.39 MiB

Previous results on branch: antonis/bump-js-yaml

Startup times

Revision	Plain	With Sentry	Diff
8c6a2d5+dirty	1209.67 ms	1212.80 ms	3.13 ms
1c0070d+dirty	1225.49 ms	1228.74 ms	3.25 ms

App size

Revision	Plain	With Sentry	Diff
8c6a2d5+dirty	3.38 MiB	4.78 MiB	1.40 MiB
1c0070d+dirty	3.38 MiB	4.78 MiB	1.40 MiB

[github-actions]

iOS (new) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	1218.34 ms	1219.46 ms	1.12 ms
Size	3.38 MiB	4.78 MiB	1.40 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
ea3e26e+dirty	1216.61 ms	1214.15 ms	-2.47 ms
80e4616+dirty	1206.90 ms	1205.94 ms	-0.96 ms
818a608+dirty	1218.84 ms	1223.18 ms	4.34 ms
77061ed+dirty	1210.77 ms	1218.45 ms	7.68 ms
bef3709+dirty	1217.79 ms	1225.33 ms	7.54 ms
a206511+dirty	1225.02 ms	1223.74 ms	-1.28 ms
74979ac+dirty	1212.33 ms	1212.54 ms	0.21 ms
a2bb688+dirty	1244.82 ms	1238.60 ms	-6.22 ms
8a868fe+dirty	1206.85 ms	1215.04 ms	8.19 ms
d590428+dirty	1221.23 ms	1225.27 ms	4.03 ms

App size

Revision	Plain	With Sentry	Diff
ea3e26e+dirty	3.41 MiB	4.58 MiB	1.17 MiB
80e4616+dirty	3.38 MiB	4.60 MiB	1.22 MiB
818a608+dirty	3.19 MiB	4.48 MiB	1.29 MiB
77061ed+dirty	3.19 MiB	4.54 MiB	1.36 MiB
bef3709+dirty	3.38 MiB	4.78 MiB	1.40 MiB
a206511+dirty	3.41 MiB	4.67 MiB	1.25 MiB
74979ac+dirty	3.38 MiB	4.60 MiB	1.22 MiB
a2bb688+dirty	3.19 MiB	4.56 MiB	1.37 MiB
8a868fe+dirty	3.38 MiB	4.60 MiB	1.22 MiB
d590428+dirty	3.38 MiB	4.78 MiB	1.39 MiB

Previous results on branch: antonis/bump-js-yaml

Startup times

Revision	Plain	With Sentry	Diff
8c6a2d5+dirty	1222.98 ms	1224.71 ms	1.73 ms
1c0070d+dirty	1213.49 ms	1221.12 ms	7.63 ms

App size

Revision	Plain	With Sentry	Diff
8c6a2d5+dirty	3.38 MiB	4.78 MiB	1.40 MiB
1c0070d+dirty	3.38 MiB	4.78 MiB	1.40 MiB

[github-actions]

Android (new) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	371.07 ms	413.14 ms	42.07 ms
Size	43.94 MiB	49.34 MiB	5.40 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
785ffb1+dirty	380.65 ms	451.83 ms	71.18 ms
59d1977+dirty	366.15 ms	393.21 ms	27.06 ms
95aaf8a+dirty	342.82 ms	393.75 ms	50.93 ms
5ee3314+dirty	358.69 ms	394.00 ms	35.31 ms
b1579bc+dirty	391.87 ms	456.26 ms	64.39 ms
4052277+dirty	369.90 ms	381.16 ms	11.26 ms
4a17c8f+dirty	368.54 ms	381.43 ms	12.89 ms
eb07ba3+dirty	419.49 ms	482.12 ms	62.63 ms
cdf7e97+dirty	389.79 ms	418.13 ms	28.34 ms
93137d1+dirty	367.58 ms	434.94 ms	67.36 ms

App size

Revision	Plain	With Sentry	Diff
785ffb1+dirty	7.15 MiB	8.42 MiB	1.27 MiB
59d1977+dirty	43.94 MiB	49.22 MiB	5.29 MiB
95aaf8a+dirty	7.15 MiB	8.41 MiB	1.26 MiB
5ee3314+dirty	7.15 MiB	8.43 MiB	1.28 MiB
b1579bc+dirty	43.94 MiB	49.27 MiB	5.33 MiB
4052277+dirty	43.94 MiB	49.38 MiB	5.44 MiB
4a17c8f+dirty	43.94 MiB	48.82 MiB	4.88 MiB
eb07ba3+dirty	7.15 MiB	8.42 MiB	1.27 MiB
cdf7e97+dirty	43.94 MiB	49.22 MiB	5.29 MiB
93137d1+dirty	7.15 MiB	8.43 MiB	1.28 MiB

Previous results on branch: antonis/bump-js-yaml

Startup times

Revision	Plain	With Sentry	Diff
1c0070d+dirty	459.65 ms	483.59 ms	23.93 ms
8c6a2d5+dirty	486.24 ms	531.04 ms	44.80 ms

App size

Revision	Plain	With Sentry	Diff
1c0070d+dirty	43.94 MiB	49.34 MiB	5.40 MiB
8c6a2d5+dirty	43.94 MiB	49.33 MiB	5.39 MiB

[lucas-zimerman]

LGTM! once test passes

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}