fix(deps): update dependency linkifyjs to v4 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
linkifyjs (source)	^3.0.5 -> ^4.3.2

GitHub Vulnerability Alerts

CVE-2025-8101

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2.

---

Release Notes

nfrasser/linkifyjs (linkifyjs)

v4.3.2

Compare Source

• Replace assign helper with Object.assign to avoid prototype pollution

v4.3.1

Compare Source

• Use correct simple-html-tokenizer version for linkify-html

v4.3.0

Compare Source

• HTML comments opened or closed with 3 dashes tokenized correctly
• Restore support for delimiter apostrophes in URLs
• Rename dist file .cjs.js and .es.js extensions to .cjs and .mjs, respectively

v4.2.0

Compare Source

• Correctly sanitize object replacement character by treating as whitespace
• Avoid detecting invalid URLs with numbers around boundaries
• Prevent delimiter apostrophes from being included in URLs
• Correctly interpret \r\n as newline character
• Correctly interpret emoji followed by # sign
• Fix support for domain names with multiple hyphens
• Fix parsing for magnet links

v4.1.4

Compare Source

• Add support for full width middle dot ・ in hashtag plugin
• Development updates for newest Node.js versions

v4.1.3

Compare Source

• Fix HTML entity & symbol double-encoding in linkify-html
• Support for full-width brackets, full-width less-than/greater-than signs and corner bracket as delimiters

v4.1.2

Compare Source

• Ensure linkify.find respects validate option

v4.1.1

Compare Source

• Slightly simpler TLDs encoding/parsing
• Fix jsdoc in linkify-react
• Improved parsing of URLs with symbols
• Ensure function options get called with unformatted href

v4.1.0

Compare Source

• Drop support for Safari 10
• Reduce core bundle file size by ~30%
• Restore support for email address with scheme local part
• Allow hashtags with emojis

v4.0.2

Compare Source

• Fix email address detection with domains containing numbers

v4.0.1

Compare Source

• Restore nl2br option for linkify-html
• Fixed duplicate key warning in linkify-react with multiple children

v4.0.0

Compare Source

BREAKING CHANGES

• Removed deprecated linkifyjs/string, linkifyjs/html, linkifyjs/plugins/*
  packages. Use linkify-string, linkify-html and linkify-plugin-* instead.
• Refactored scanner internals break custom link plugins created with Linkify v3
• Links that begin with mailto: now have type url instead of email
• Drop official IE 11 support

Added

• linkify-plugin-ip plugin for detecting IPv4 and IPv6 addresses
• linkify-plugin-keyword plugin for detecting arbitrary keywords
• linkify.find() function accepts an options argument for output formatting
• New render option to override link rendering
• Second optionalSlashSlash argument for registerCustomProtocol to allow links that don't require // after scheme:
• Link token methods toFormattedString(options), toFormattedHref(options) and toFormattedObject(options) that accept a linkify.Options object
• More granular scanner tokens for improved plugin flexibility
• linkify-react: New as property (alias for tagName)

Fixed

• Improved link detection with mixed languages
• Consistent option availability across interfaces (including truncate)
• linkify-html: Improved HTML entity parsing

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
tiptap-dev-demos	Error			Oct 25, 2025 8:15am

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: a265fe5

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 13 minutes (more than 100, code: "api-deployments-free-per-day").

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 1 hour (more than 100, code: "api-deployments-free-per-day").

Learn More: https://vercel.com/samson-unyinmadu-s-projects?upgradeToPro=build-rate-limit

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 6 minutes (more than 100, code: "api-deployments-free-per-day").

Learn More: https://vercel.com/samson-unyinmadu-s-projects?upgradeToPro=build-rate-limit