CVE 2025-64718 Update `js-yaml` to `4.1.1`

[PierreFritsch]

https://nvd.nist.gov/vuln/detail/CVE-2025-64718

In js-yaml 4.1.0 and below, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__).
The problem is patched in js-yaml 4.1.1.

[rafael-nogueras]

I hope this PR gets merged soon, since we need this to address that CVE.