chore(deps): Bump YamlDotNet from 18.0.0 to 18.1.0

[dependabot]

Updated YamlDotNet from 18.0.0 to 18.1.0.

Release notes

Sourced from YamlDotNet's releases.

18.1.0

What's Changed

• Use NET 10 with benchmarks by @​mcraiha in Use NET 10 with benchmarks aaubry/YamlDotNet#1099
• Revert package upgrades by @​EdwardCooke in Revert package upgrades aaubry/YamlDotNet#1104
• Added default maximum recursion level of 130 (max when using defaults on Windows/.net8) by @​EdwardCooke in Added default maximum recursion level of 130 (max when using defaults on Windows/.net8) aaubry/YamlDotNet#1110
• Static deserializer builder needed the default maximum recursion by @​EdwardCooke in Static deserializer builder needed the default maximum recursion aaubry/YamlDotNet#1111

New Contributors

• @​mcraiha made their first contribution in Use NET 10 with benchmarks aaubry/YamlDotNet#1099

Full Changelog: aaubry/YamlDotNet@v18.0.0...v18.1.0

Breaking

• Maximum depth of yaml files is now 130 by default. If you need higher you will need to adjust the maximum yaml depth. Going above 130 runs the risk of stack overflow exceptions when any exception happens inside of the deserialization

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

PR Review Summary

Check	Status	Details
🔍 Code Review	⚠️ Missing	No current-run comment
🛡️ Security Scan	⚠️ Missing	No current-run comment
🔄 Breaking Changes	⚠️ Missing	No current-run comment
📝 Docs Sync	⚠️ Missing	No current-run comment
🧪 Test Coverage	⚠️ Missing	No current-run comment

Verdict: ⚠️ AI review incomplete; ready for human review

AI review comments are untrusted advisory output. The summary reports workflow-generated completion status only, not model-authored pass/fail claims.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

agent-governance-dotnet/src/AgentGovernance/AgentGovernance.csproj

Package	Version	License	Issue Type
YamlDotNet	18.1.0	Null	Unknown License

Allowed Licenses:

MIT, Apache-2.0, Apache-2.0 WITH LLVM-exception, BSD-2-Clause, BSD-3-Clause, ISC, PSF-2.0, Python-2.0, 0BSD, Unlicense, CC0-1.0, CC-BY-4.0, Zlib, BSL-1.0, MPL-2.0, JSON, Unicode-3.0, CDLA-Permissive-2.0

Excluded from license check:

pkg:cargo/futures-timer

OpenSSF Scorecard

Package	Version	Score	Details
nuget/YamlDotNet	18.1.0	Unknown	Unknown

Scanned Files

• agent-governance-dotnet/src/AgentGovernance/AgentGovernance.csproj

[github-actions]

📦 Dependency diff (SBOM)

Comparing main → dependabot/nuget/agent-governance-dotnet/src/AgentGovernance/YamlDotNet-18.1.0.

✅ No dependency changes detected.