build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 in the npm_and_yarn group across 1 directory

[dependabot]

Bumps the npm_and_yarn group with 1 update in the / directory: js-yaml.

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Commits

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

EntelligenceAI PR Summary

This PR restructures package dependencies in package-lock.json to fix dependency resolution and align with updated package requirements.

• Removed peer dependency flag from numerous development dependencies (ansi-regex, argparse, cli-highlight, execa, js-yaml, etc.)
• Added peer dependency flag to @octokit/core
• Updated js-yaml from version 4.1.0 to 4.1.1
• Changes affect how packages are resolved and installed in the dependency tree

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[entelligence-ai-pr-reviews]

🔒 Entelligence AI Vulnerability Scanner

✅ No security vulnerabilities found!

Your code passed our comprehensive security analysis.

---

[entelligence-ai-pr-reviews]

Walkthrough

This PR restructures the dependency tree in package-lock.json by reclassifying numerous development dependencies from peer dependencies to regular dependencies. The change removes the "peer": true flag from packages like ansi-regex, argparse, cli-highlight, execa, js-yaml, and many others, while adding this flag to @octokit/core. Additionally, js-yaml is upgraded from version 4.1.0 to 4.1.1. This restructuring likely addresses dependency resolution issues or aligns the package configuration with updated requirements, ensuring proper installation and resolution of the dependency tree.

Changes

File(s)	Summary
package-lock.json	Restructured dependency tree by removing "peer": true flag from multiple development dependencies (ansi-regex, argparse, cli-highlight, execa, js-yaml, and others), added peer dependency flag to @octokit/core, and updated js-yaml from version 4.1.0 to 4.1.1.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant Dev as Developer
    participant NPM as NPM Package Manager
    participant Lock as package-lock.json
    
    Note over Dev,Lock: Dependency Reclassification Update
    
    Dev->>NPM: Update dependency classifications
    activate NPM
    
    NPM->>Lock: Remove "peer: true" from multiple packages
    Note right of Lock: Packages like @sindresorhus/is,<br/>ansi-regex, any-promise, etc.<br/>moved from peer to regular dev deps
    
    NPM->>Lock: Add "peer: true" to @octokit/core
    Note right of Lock: @octokit/core marked as peer dependency
    
    NPM->>Lock: Update js-yaml: 4.1.0 → 4.1.1
    Note right of Lock: Minor patch version bump
    
    NPM-->>Dev: Lockfile updated
    deactivate NPM
    
    Note over Dev,Lock: No runtime behavior changes<br/>No component interaction changes<br/>Pure dependency metadata update

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.