From fda0283490b699d98ddeabfa6f7b20b43adbce49 Mon Sep 17 00:00:00 2001
From: Brian Gough <briangough@users.noreply.github.com>
Date: Mon, 1 Jun 2026 12:20:06 +0100
Subject: [PATCH] Merge pull request #33377 from
 overleaf/lucie/js-yaml-security-fix

[Security Upgrade]: js-yaml in yarn.lock

GitOrigin-RevId: 4f388ca74de0e33a4f8894b1aa7e7963d1de552d
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index aebb61de16..ac7292b56a 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,7 @@
     "@xmldom/xmldom": "0.8.13",
     "argparse/underscore": "1.13.8",
     "east/underscore": "1.13.8",
-    "referer-parser/js-yaml": "^4.1.0",
+    "referer-parser/js-yaml": "^4.1.1",
     "sandboxed-module": "patch:sandboxed-module@npm%3A2.0.4#~/.yarn/patches/sandboxed-module-npm-2.0.4-f8b45aacc9.patch",
     "request/tough-cookie": "5.1.2",
     "request/form-data": "2.5.5",