fix(deps): bump js-yaml from ^4.1.1 to ^4.2.0

[antonis]

📢 Type of change

• Bugfix
• New feature
• Enhancement
• Refactoring

📜 Description

Bumps the js-yaml resolution from ^4.1.1 to ^4.2.0 to fix a medium-severity quadratic-complexity DoS vulnerability in merge key handling via repeated aliases.

Resolves Dependabot alert #554.

💡 Motivation and Context

js-yaml versions before 4.2.0 are vulnerable to quadratic-complexity DoS when parsing YAML with repeated aliases in merge keys. Bumping the resolution range ensures all transitive consumers resolve to a patched version.

💚 How did you test it?

• yarn install completes successfully
• CI will validate no regressions

📝 Checklist

• I added tests to verify changes
• No new PII added or SDK only sends newly added PII if sendDefaultPII is enabled
• I updated the docs if needed.
• I updated the wizard if needed.
• All tests passing
• No breaking changes

🔮 Next steps

[github-actions]

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

• fix(deps): bump js-yaml from ^4.1.1 to ^4.2.0 by antonis in #6298

• chore: Bump sample and perf test apps to React Native 0.86.0 by antonis in #6287
• fix(deps): bump form-data from 4.0.5 to 4.0.6 by antonis in #6297
• fix(ci): Handle @sentry-internal/* package renames in JS updater by antonis in #6295
• Record network request/response bodies in Session Replay by alwx in #6288
• chore(deps): bump tar from 7.5.11 to 7.5.16 by dependabot in #6293
• fix(ci): Update renamed @sentry-internal/* packages in JS updater script by antonis in #6294
• chore(deps): bump launch-editor from 2.11.1 to 2.14.1 by dependabot in #6291
• chore(deps-dev): bump @babel/core from 7.26.7 to 7.29.6 by dependabot in #6292
• fix(deps): Resolve shell-quote to >=1.8.4 (Dependabot RNSentryModule.captureEvent is ignoring environment #547) by antonis in #6286
• fix(ci): Support version catalog in android SDK version check by antonis in #6280
• test(e2e): Bump E2E tests to React Native 0.86.0 by antonis in #6268
• feat(android): Add nativeStackAndroid support to NativeLinkedErrors by lucas-zimerman in #6278
• chore(deps): bump ruby/setup-ruby from 1.310.0 to 1.313.0 by dependabot in #6282
• chore(deps): update Maestro to v2.6.1 by github-actions in #6277
• chore(deps): bump gradle/actions from 6.1.0 to 6.2.0 by dependabot in #6284
• chore(deps): bump getsentry/craft from 2.26.8 to 2.26.10 by dependabot in #6283
• chore(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml from 2.26.8 to 2.26.10 by dependabot in #6281
• chore(deps): update Sentry Android Gradle Plugin to v6.11.0 by github-actions in #6275
• chore(deps): update Android SDK to v8.43.2 by github-actions in #6273
• chore(deps): bump joi from 17.13.3 to 17.13.4 by dependabot in #6279
• chore(deps): update Cocoa SDK to v9.17.1 by github-actions in #6272
• docs(replay): clarify fast renderer option docs by leohara in #6276
• feat(core): Warn when multiple versions of Sentry JS SDK are detected by antonis in #6269

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

iOS (legacy) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	3858.87 ms	1231.33 ms	-2627.54 ms
Size	5.15 MiB	6.69 MiB	1.54 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
5125c43+dirty	3846.45 ms	1221.12 ms	-2625.32 ms
8929511+dirty	1216.42 ms	1219.02 ms	2.60 ms
a3265b6+dirty	3826.31 ms	1207.87 ms	-2618.44 ms
c004dae+dirty	3850.32 ms	1227.79 ms	-2622.53 ms
9210ae6+dirty	3815.93 ms	1214.14 ms	-2601.79 ms
3d377b5+dirty	1218.48 ms	1219.51 ms	1.03 ms
853723c+dirty	3852.60 ms	1234.64 ms	-2617.96 ms
04207c4+dirty	1191.27 ms	1189.78 ms	-1.48 ms
4953e94+dirty	1212.06 ms	1214.83 ms	2.77 ms
0b5a379+dirty	3828.91 ms	1214.12 ms	-2614.79 ms

App size

Revision	Plain	With Sentry	Diff
5125c43+dirty	5.15 MiB	6.68 MiB	1.53 MiB
8929511+dirty	3.38 MiB	4.80 MiB	1.42 MiB
a3265b6+dirty	5.15 MiB	6.68 MiB	1.53 MiB
c004dae+dirty	5.15 MiB	6.67 MiB	1.51 MiB
9210ae6+dirty	5.15 MiB	6.68 MiB	1.53 MiB
3d377b5+dirty	3.38 MiB	4.76 MiB	1.38 MiB
853723c+dirty	5.15 MiB	6.69 MiB	1.53 MiB
04207c4+dirty	3.38 MiB	4.76 MiB	1.38 MiB
4953e94+dirty	3.38 MiB	4.73 MiB	1.35 MiB
0b5a379+dirty	5.15 MiB	6.70 MiB	1.54 MiB

[github-actions]

Android (legacy) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	407.29 ms	445.50 ms	38.21 ms
Size	48.26 MiB	53.53 MiB	5.28 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
ae37560+dirty	470.40 ms	564.12 ms	93.72 ms
37a2091+dirty	407.82 ms	441.22 ms	33.40 ms
71abba0+dirty	496.54 ms	525.16 ms	28.63 ms
94af3bd+dirty	503.48 ms	542.37 ms	38.89 ms
9474ead+dirty	411.45 ms	446.80 ms	35.35 ms
c151573+dirty	530.34 ms	559.43 ms	29.09 ms
6176a94+dirty	410.90 ms	452.20 ms	41.31 ms
c823bb5+dirty	409.87 ms	478.57 ms	68.70 ms
ef27341+dirty	412.94 ms	443.98 ms	31.04 ms
4953e94+dirty	442.02 ms	456.52 ms	14.50 ms

App size

Revision	Plain	With Sentry	Diff
ae37560+dirty	48.30 MiB	53.60 MiB	5.29 MiB
37a2091+dirty	48.30 MiB	53.58 MiB	5.28 MiB
71abba0+dirty	48.30 MiB	53.49 MiB	5.19 MiB
94af3bd+dirty	48.30 MiB	53.57 MiB	5.26 MiB
9474ead+dirty	48.30 MiB	53.61 MiB	5.30 MiB
c151573+dirty	48.30 MiB	53.54 MiB	5.24 MiB
6176a94+dirty	48.30 MiB	53.54 MiB	5.24 MiB
c823bb5+dirty	48.30 MiB	53.58 MiB	5.28 MiB
ef27341+dirty	48.30 MiB	53.54 MiB	5.24 MiB
4953e94+dirty	43.75 MiB	48.08 MiB	4.33 MiB

[github-actions]

Android (new) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	418.92 ms	454.06 ms	35.14 ms
Size	48.26 MiB	53.53 MiB	5.28 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
ae37560+dirty	428.96 ms	456.86 ms	27.90 ms
37a2091+dirty	429.71 ms	477.00 ms	47.29 ms
71abba0+dirty	411.04 ms	453.67 ms	42.63 ms
94af3bd+dirty	413.04 ms	451.76 ms	38.71 ms
5c1e987+dirty	444.71 ms	475.13 ms	30.42 ms
9474ead+dirty	432.18 ms	481.92 ms	49.73 ms
c151573+dirty	485.39 ms	495.18 ms	9.79 ms
6176a94+dirty	403.58 ms	446.73 ms	43.15 ms
df5d108+dirty	434.82 ms	447.39 ms	12.57 ms
c823bb5+dirty	468.26 ms	516.16 ms	47.90 ms

App size

Revision	Plain	With Sentry	Diff
ae37560+dirty	48.30 MiB	53.60 MiB	5.29 MiB
37a2091+dirty	48.30 MiB	53.58 MiB	5.28 MiB
71abba0+dirty	48.30 MiB	53.49 MiB	5.19 MiB
94af3bd+dirty	48.30 MiB	53.57 MiB	5.26 MiB
5c1e987+dirty	43.94 MiB	48.94 MiB	5.00 MiB
9474ead+dirty	48.30 MiB	53.61 MiB	5.30 MiB
c151573+dirty	48.30 MiB	53.54 MiB	5.24 MiB
6176a94+dirty	48.30 MiB	53.54 MiB	5.24 MiB
df5d108+dirty	43.94 MiB	48.94 MiB	5.00 MiB
c823bb5+dirty	48.30 MiB	53.58 MiB	5.28 MiB

[github-actions]

iOS (new) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	3844.57 ms	1228.63 ms	-2615.94 ms
Size	5.15 MiB	6.69 MiB	1.54 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
5125c43+dirty	3827.94 ms	1208.79 ms	-2619.15 ms
8929511+dirty	1223.41 ms	1222.49 ms	-0.92 ms
a3265b6+dirty	3844.26 ms	1235.60 ms	-2608.66 ms
c004dae+dirty	3857.82 ms	1224.87 ms	-2632.95 ms
9210ae6+dirty	3834.11 ms	1216.64 ms	-2617.47 ms
3d377b5+dirty	1201.55 ms	1201.80 ms	0.25 ms
853723c+dirty	3849.33 ms	1221.07 ms	-2628.26 ms
04207c4+dirty	1228.55 ms	1226.04 ms	-2.51 ms
4953e94+dirty	1217.41 ms	1223.53 ms	6.12 ms
0b5a379+dirty	3857.69 ms	1230.34 ms	-2627.35 ms

App size

Revision	Plain	With Sentry	Diff
5125c43+dirty	5.15 MiB	6.68 MiB	1.53 MiB
8929511+dirty	3.38 MiB	4.80 MiB	1.42 MiB
a3265b6+dirty	5.15 MiB	6.68 MiB	1.53 MiB
c004dae+dirty	5.15 MiB	6.67 MiB	1.51 MiB
9210ae6+dirty	5.15 MiB	6.68 MiB	1.53 MiB
3d377b5+dirty	3.38 MiB	4.76 MiB	1.38 MiB
853723c+dirty	5.15 MiB	6.69 MiB	1.53 MiB
04207c4+dirty	3.38 MiB	4.76 MiB	1.38 MiB
4953e94+dirty	3.38 MiB	4.73 MiB	1.35 MiB
0b5a379+dirty	5.15 MiB	6.70 MiB	1.54 MiB

[github-actions]

	Fails
🚫	Pull request is not ready for merge, please add the "ready-to-merge" label to the pull request

Generated by 🚫 dangerJS against dd7a7c0