build(deps): Upgrade js-yaml 4.x to 4.1.1 to fix GHSA-mh29-5h37-fv8m (#209)

The same advisory also affects [email protected] (fixed in 4.1.1). This
instance is pulled in by [email protected] and @eslint/[email protected], both of
which require js-yaml@^4.1.0.

No resolutions override is added: a broad "js-yaml" entry cannot safely pin
both the 3.x and 4.x instances simultaneously since the two major versions
have incompatible APIs (safeLoad/safeDump were removed in 4.x). Since
^4.1.0 naturally satisfies 4.1.1, removing the stale lockfile entry is
sufficient.

Co-authored-by: Claude <[email protected]>

Author: oioki

yarn.lock

@@ -4239,9 +4239,9 @@ js-yaml@^3.13.1:
     esprima "^4.0.0"
 
 js-yaml@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz"
-  integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==
+  version "4.1.1"
+  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.1.tgz#854c292467705b699476e1a2decc0c8a3458806b"
+  integrity sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==
   dependencies:
     argparse "^2.0.1"