build(deps): Bump js-yaml from 4.1.0 to 4.1.1 in /packages/agent-mesh/sdks/typescript

[dependabot]

Bumps js-yaml from 4.1.0 to 4.1.1.

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Commits

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Welcome to the Agent Governance Toolkit! Thanks for your first pull request.
Please ensure tests pass, code follows style (ruff check), and you have signed the CLA.
See our Contributing Guide.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 1e85383.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
npm/js-yaml	4.1.1	🟢 3.8	Details Check Score Reason Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 4 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• packages/agent-mesh/sdks/typescript/package.json

[github-actions]

🤖 AI Agent: code-reviewer

Review of Pull Request: Bump js-yaml from 4.1.0 to 4.1.1

Summary

This PR updates the js-yaml dependency from version 4.1.0 to 4.1.1 in the agent-mesh/sdks/typescript package. The update addresses a security vulnerability related to prototype pollution in the YAML merge (<<) operator.

---

🔴 CRITICAL: Security Vulnerability Fix

The changelog for js-yaml 4.1.1 explicitly mentions a fix for a prototype pollution vulnerability in the YAML merge (<<) operator. Prototype pollution is a critical security issue that can lead to arbitrary code execution or data tampering.

Impact on the Repository:

• If the agent-mesh SDK processes untrusted YAML input, this vulnerability could allow attackers to manipulate the prototype chain of JavaScript objects, potentially leading to a security breach.
• Upgrading to 4.1.1 is essential to mitigate this risk.

Action Required:

• Ensure thorough testing of YAML parsing functionality in the agent-mesh SDK to confirm that the fix does not introduce regressions.
• Audit YAML usage in the codebase to ensure no unsafe patterns (e.g., processing untrusted YAML without validation).

---

💡 SUGGESTION: Add a Security Test for YAML Parsing

To prevent regressions or future vulnerabilities:

1. Add a test case to validate that YAML merge (<<) operator does not allow prototype pollution.
2. Use a known exploit payload to confirm the vulnerability is mitigated.

Example payload:

merge:
  <<: !!js/function "function() { return global.process.exit(1); }"

Expected behavior: The payload should not execute or modify the prototype chain.

---

💡 SUGGESTION: Document Security Implications

Since this SDK may be used in security-sensitive environments, consider documenting:

• The risks of processing untrusted YAML.
• Best practices for securely handling YAML input.

---

🟡 WARNING: Dependency Update in a Public Package

Updating js-yaml could potentially introduce breaking changes, even in a patch release. While the changelog does not indicate any breaking changes, it is prudent to:

1. Run integration tests for the agent-mesh SDK to ensure compatibility.
2. Verify backward compatibility with any downstream consumers of the SDK.

---

Final Recommendation

• Approve this PR after confirming that the fix does not introduce regressions or compatibility issues.
• Address the suggestions to improve security posture and documentation.

Let me know if you need additional guidance or assistance!

[github-actions]

🤖 AI Agent: security-scanner — Security Analysis of PR: Bump `js-yaml` from 4.1.0 to 4.1.1

Security Analysis of PR: Bump js-yaml from 4.1.0 to 4.1.1

---

1. Prototype Pollution Fix in js-yaml

• Finding: 🔴 CRITICAL
  • The changelog for js-yaml 4.1.1 explicitly mentions a fix for a prototype pollution vulnerability in the YAML merge (<<) operator. Prototype pollution is a severe issue that can allow attackers to manipulate the prototype of JavaScript objects, potentially leading to arbitrary code execution, privilege escalation, or bypassing security policies.
  • Since the agent-mesh package is part of the agent-governance-toolkit, which is a security-critical library, this vulnerability could allow malicious YAML input to compromise the integrity of the policy engine or other security mechanisms.
  • Attack Vector: An attacker could craft a malicious YAML file with the << operator to inject properties into the prototype chain of objects used by the library. This could bypass policy checks, inject unauthorized behavior, or escalate privileges.
  • Fix: Upgrading to js-yaml 4.1.1 addresses this issue by patching the vulnerability. The PR correctly updates the dependency to the secure version.

---

2. Deserialization Risks

• Finding: 🟠 HIGH
  • YAML deserialization is inherently risky, especially in security-critical contexts. Even with the prototype pollution fix, improper use of js-yaml (e.g., loading untrusted YAML without strict schema validation) could expose the library to other deserialization attacks.
  • Attack Vector: If untrusted YAML input is deserialized without strict schema validation, an attacker could inject malicious payloads or unexpected data structures, potentially bypassing security policies or causing crashes.
  • Fix: Ensure that all YAML deserialization in the agent-mesh package uses js-yaml's safeLoad or equivalent safe methods with strict schema validation. Avoid using load unless absolutely necessary and properly sandboxed.

---

3. Supply Chain Risks

• Finding: 🟡 MEDIUM
  • While this PR upgrades to a secure version of js-yaml, supply chain risks remain a concern. The js-yaml package is a widely used dependency, and any compromise in its distribution (e.g., via dependency hijacking or typosquatting) could have cascading effects on this security-critical library.
  • Attack Vector: An attacker could compromise the js-yaml package or publish a malicious package with a similar name (e.g., js_yaml) to inject malicious code into the agent-governance-toolkit.
  • Fix: Use a package integrity verification mechanism, such as npm ci with lockfiles, to ensure that the exact version of js-yaml is installed. Additionally, consider implementing dependency signing or monitoring tools like Snyk or Dependabot for ongoing supply chain security.

---

4. Credential Exposure

• Finding: 🔵 LOW
  • There is no evidence in this PR that credentials or sensitive information are exposed. However, if js-yaml is used to parse YAML files containing secrets, ensure that error messages or logs do not inadvertently expose sensitive data.
  • Fix: Audit logging and error-handling mechanisms to ensure no sensitive information is leaked when YAML parsing errors occur.

---

Recommendations

1. Merge the PR: Upgrading to js-yaml 4.1.1 is critical to address the prototype pollution vulnerability.
2. Audit YAML Parsing: Review all usages of js-yaml in the agent-mesh package to ensure that:
   • Only safe deserialization methods (e.g., safeLoad) are used.
   • Strict schemas are enforced to validate input structure.
3. Implement Supply Chain Protections:
   • Use npm ci to lock dependencies to specific versions.
   • Regularly audit dependencies for vulnerabilities using tools like Snyk or Dependabot.
4. Test for Exploits: Add tests to validate that malicious YAML payloads exploiting prototype pollution or other deserialization vulnerabilities are effectively blocked.

---

Final Rating of Findings

1. Prototype Pollution Fix: 🔴 CRITICAL
2. Deserialization Risks: 🟠 HIGH
3. Supply Chain Risks: 🟡 MEDIUM
4. Credential Exposure: 🔵 LOW

By merging this PR and implementing the recommended mitigations, the security posture of the agent-governance-toolkit will be significantly improved.

[imran-siddique]

LGTM — legitimate security fix for CVE-2025-64718 (prototype pollution). Patch-level bump 4.1.0->4.1.1, released 2025-11-12 (well past 7-day rule). Single-line diff, no unexpected files. Lock files were intentionally removed in #713; npm install in CI handles resolution.

[github-actions]

✅ PR Review Summary

Check	Status	Details
🔍 Code Review	⏳ Pending	Awaiting results
🛡️ Security Scan	❌ Failed	Security Analysis of PR: Bump js-yaml from 4.1.0 to 4.1.1
🔄 Breaking Changes	⏳ Pending	Awaiting results
📝 Docs Sync	⏳ Pending	Awaiting results
🧪 Test Coverage	⏳ Pending	Awaiting results

Verdict: ❌ Changes needed — see failures above

💡 Individual agent reports are collapsed below for reference.