From 91d23a5116c7865914912090b34db4807a4bf845 Mon Sep 17 00:00:00 2001
From: "hash-worker[bot]" <180894564+hash-worker[bot]@users.noreply.github.com>
Date: Wed, 17 Jun 2026 17:15:18 +0000
Subject: [PATCH] Update npm package `js-yaml` to v4.2.0 [SECURITY]

---
 apps/hash-api/package.json                | 2 +-
 libs/@local/repo-chores/node/package.json | 2 +-
 tests/hash-playwright/package.json        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/hash-api/package.json b/apps/hash-api/package.json
index 953c2a39a94..ed0807b0a60 100644
--- a/apps/hash-api/package.json
+++ b/apps/hash-api/package.json
@@ -93,7 +93,7 @@
     "http-terminator": "3.2.0",
     "immer": "10.1.3",
     "install": "0.13.0",
-    "js-yaml": "4.1.1",
+    "js-yaml": "4.2.0",
     "jsonpath": "1.3.0",
     "keyv": "5.6.0",
     "lodash": "4.18.1",
diff --git a/libs/@local/repo-chores/node/package.json b/libs/@local/repo-chores/node/package.json
index 038633b2231..25e757f52ac 100644
--- a/libs/@local/repo-chores/node/package.json
+++ b/libs/@local/repo-chores/node/package.json
@@ -24,7 +24,7 @@
     "fs-extra": "11.3.2",
     "globby": "15.0.0",
     "ignore": "7.0.5",
-    "js-yaml": "4.1.1",
+    "js-yaml": "4.2.0",
     "regex-parser": "2.3.1",
     "tsx": "4.20.6",
     "typescript": "5.9.3",
diff --git a/tests/hash-playwright/package.json b/tests/hash-playwright/package.json
index a3e41a32e75..1105fb193dc 100644
--- a/tests/hash-playwright/package.json
+++ b/tests/hash-playwright/package.json
@@ -21,7 +21,7 @@
     "@playwright/test": "1.58.2",
     "execa": "9.6.0",
     "graphql": "16.11.0",
-    "js-yaml": "4.1.1"
+    "js-yaml": "4.2.0"
   },
   "devDependencies": {
     "@apps/hash-api": "workspace:*",