fix(deps): vuln minor: express · patch: js-yaml

[gh-worker-campaigns-3e9aa4]

Summary: Security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

• . (npm)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
js-yaml	4.1.0	4.1.1	patch	Direct	2 MODERATE
express	4.19.2	4.22.1	minor	Direct	2 LOW

---

Security Details

ℹ️ Other Vulnerabilities (4)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
js-yaml	GHSA-mh29-5h37-fv8m	MODERATE	js-yaml has prototype pollution in merge (<<)	4.1.0	4.1.1
js-yaml	CVE-2025-64718	MODERATE	js-yaml has prototype pollution in merge (<<)	4.1.0	-
express	GHSA-qw6h-vgh9-j6wx	LOW	express vulnerable to XSS via response.redirect()	4.19.2	4.20.0
express	CVE-2024-43796	LOW	express vulnerable to XSS via response.redirect()	4.19.2	-

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

[dd-prapprover]

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

• ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-05-07T20:45:38Z
• ⬜ CI tests passed
• ⬜ Approved
• ⬜ Merge Started
• ⬜ Merged

➡️ Current phase: waiting for CI tests to complete...