security: Fix Dependabot alert — yaml stack overflow vulnerability

[williamzujkowski]

Dependabot #1: yaml package vulnerable to stack overflow via deeply nested YAML collections (medium severity). Likely a transitive dependency. Need to identify which package pulls it in and update/override.

[williamzujkowski]

Investigation

yaml@2.8.3 is a transitive peer dependency of vite (via vitest). This is the latest published version — no patch available upstream yet.

Risk assessment: Low. The vulnerability is stack overflow via deeply nested YAML collections. Our project only parses controlled YAML (our own config, frontmatter we generate). No untrusted YAML input paths exist.

Action: Monitor for yaml@2.8.4+ release. No override needed since 2.8.3 is already latest. Will close when upstream patches.