Update js-yaml to 4.1.1 to address security vulnerability CVE-2025-64718

[possible-evan]

See vulnerability here https://avd.aquasec.com/nvd/2025/cve-2025-64718/

yarn why js-yaml

├─ @datadog/datadog-ci@npm:4.1.3
│  └─ js-yaml@npm:3.13.1 (via npm:3.13.1)

This package is using 3.x. 4.x has been patched but 3.x has not yet. A request for 3.x to be patched has been submitted here nodeca/js-yaml#730

[ava-silver]

Thanks for reporting this! I've put up #1978 to address this, once it gets merged I'll cut a release with it.

[possible-evan]

@ava-silver thanks for the quick turnaround!

[JamiesWhiteShirt]

Hi! Please consider if a caret dependency specifier (^4.1.1) would be more appropriate for the js-yaml dependency. That way you don't have to update datadog-ci to support newer versions of js-yaml should any new security issues appear.

[Drarig29]

This should be fixed in version 4.2.2. And yes @JamiesWhiteShirt, we'll consider using a caret