Skip to content

⬆️(dependencies) update linkifyjs to v4.3.2 [SECURITY] #2731

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

⬆️(dependencies) update linkifyjs to v4.3.2 [SECURITY] #2731

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jul 29, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
linkifyjs (source) 4.2.0 -> 4.3.2 age confidence

GitHub Vulnerability Alerts

CVE-2025-8101

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2.

Release Notes

nfrasser/linkifyjs (linkifyjs)

v4.3.2

Compare Source

  • Replace assign helper with Object.assign to avoid prototype pollution

v4.3.1

Compare Source

  • Use correct simple-html-tokenizer version for linkify-html

v4.3.0

Compare Source

  • HTML comments opened or closed with 3 dashes tokenized correctly
  • Restore support for delimiter apostrophes in URLs
  • Rename dist file .cjs.js and .es.js extensions to .cjs and .mjs, respectively

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jul 29, 2025
@renovate renovate bot force-pushed the renovate/npm-linkifyjs-vulnerability branch from 155c30c to 0443d04 Compare October 24, 2025 11:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants