From 6da263e39c2b0b2705bf26782bbb7d17b57be5f8 Mon Sep 17 00:00:00 2001
From: Jamie Linskell <james.linskell@aspentech.com>
Date: Thu, 31 Jul 2025 14:06:20 +0100
Subject: [PATCH] #146 Fixed high priority vulnerability found in Linkify
 dependency - Upgraded linkify - Installed linkify-html and linkify-react
 (linkifyjs/html and linkifyjs/react have been split) - Changed options to new
 interface - Upgrade @types/linkify - Updated tests (target and class were
 removed from linkify elements)"

---
 package.json                             |  6 ++-
 src/Component/__tests__/Console.spec.tsx |  4 +-
 src/Component/devtools-parser/index.ts   |  2 +-
 src/Component/message-parsers/Error.tsx  |  2 +-
 src/Component/message-parsers/Object.tsx |  6 +--
 src/definitions/Component.d.ts           |  6 +--
 yarn.lock                                | 54 ++++++++----------------
 7 files changed, 32 insertions(+), 48 deletions(-)

diff --git a/package.json b/package.json
index 8aa3fdd..e4610af 100644
--- a/package.json
+++ b/package.json
@@ -18,14 +18,16 @@
     "@emotion/core": "^10.0.10",
     "@emotion/styled": "^10.0.12",
     "emotion-theming": "^10.0.10",
-    "linkifyjs": "^2.1.6",
+    "linkify-html": "^4.3.2",
+    "linkify-react": "^4.3.2",
+    "linkifyjs": "^4.3.2",
     "react-inline-center": "1.0.1",
     "react-inspector": "^5.1.0"
   },
   "devDependencies": {
     "@types/enzyme": "^3.1.9",
     "@types/jest": "^22.2.3",
-    "@types/linkifyjs": "2.1.3",
+    "@types/linkifyjs": "2.1.7",
     "@types/react": "^16.9.50",
     "@types/react-dom": "^16.9.8",
     "@vitejs/plugin-react": "^4.2.1",
diff --git a/src/Component/__tests__/Console.spec.tsx b/src/Component/__tests__/Console.spec.tsx
index c20d04e..1664f58 100644
--- a/src/Component/__tests__/Console.spec.tsx
+++ b/src/Component/__tests__/Console.spec.tsx
@@ -123,7 +123,7 @@ it('linkify object', () => {
   )
 
   expect(result.html()).toContain(
-    '<a href="https://example.com" class="linkified" target="_blank">https://example.com</a>'
+    '<a href="https://example.com">https://example.com</a>'
   )
 })
 
@@ -144,7 +144,7 @@ it('linkify object and pass options', () => {
   )
 
   expect(result.html()).toContain(
-    '<a href="https://example.com" class="linkified" target="_blank" rel="nofollow">https://example.com</a>'
+    '<a href="https://example.com" rel="nofollow">https://example.com</a>'
   )
 })
 
diff --git a/src/Component/devtools-parser/index.ts b/src/Component/devtools-parser/index.ts
index 0bd3496..c9910ba 100644
--- a/src/Component/devtools-parser/index.ts
+++ b/src/Component/devtools-parser/index.ts
@@ -1,4 +1,4 @@
-import Linkify from 'linkifyjs/html'
+import Linkify from 'linkify-html'
 import formatMessageString from './format-message'
 
 /**
diff --git a/src/Component/message-parsers/Error.tsx b/src/Component/message-parsers/Error.tsx
index 2a66b29..3d6a1b0 100644
--- a/src/Component/message-parsers/Error.tsx
+++ b/src/Component/message-parsers/Error.tsx
@@ -1,5 +1,5 @@
 import * as React from 'react'
-import Linkify from 'linkifyjs/react'
+import Linkify from 'linkify-react'
 
 function splitMessage(message: string): string {
   const breakIndex = message.indexOf('\n')
diff --git a/src/Component/message-parsers/Object.tsx b/src/Component/message-parsers/Object.tsx
index 9faa1f9..85ee7a5 100644
--- a/src/Component/message-parsers/Object.tsx
+++ b/src/Component/message-parsers/Object.tsx
@@ -3,8 +3,8 @@ import { Theme } from '../../definitions/Component'
 import { withTheme } from 'emotion-theming'
 import { Root } from '../react-inspector/elements'
 
-import Linkify from 'linkifyjs/react'
-import type { Options } from 'linkifyjs'
+import Linkify from 'linkify-react'
+import type { Opts } from 'linkifyjs'
 import { Message } from '../../definitions/Component'
 import Inspector from '../react-inspector'
 
@@ -12,7 +12,7 @@ interface Props {
   log: Message
   quoted: boolean
   theme?: Theme
-  linkifyOptions?: Options
+  linkifyOptions?: Opts
 }
 
 class ObjectTree extends React.PureComponent<Props, any> {
diff --git a/src/definitions/Component.d.ts b/src/definitions/Component.d.ts
index ac69fd9..af4d197 100644
--- a/src/definitions/Component.d.ts
+++ b/src/definitions/Component.d.ts
@@ -1,7 +1,7 @@
 import { Payload } from './Payload'
 import { Styles } from './Styles'
 import { Methods } from './Methods'
-import type { Options } from 'linkifyjs'
+import type { Opts } from 'linkifyjs'
 import { ComponentOverrides } from './ComponentOverrides'
 
 export type Variants = 'light' | 'dark'
@@ -28,12 +28,12 @@ export interface Props {
   searchKeywords?: string
   logFilter?: Function
   logGrouping?: Boolean
-  linkifyOptions?: Options
+  linkifyOptions?: Opts
   components?: ComponentOverrides
 }
 
 export interface MessageProps {
   log: Message
-  linkifyOptions?: Options
+  linkifyOptions?: Opts
   components?: ComponentOverrides
 }
diff --git a/yarn.lock b/yarn.lock
index d6803d5..d595e41 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -595,10 +595,10 @@
   resolved "https://registry.yarnpkg.com/@types/jest/-/jest-22.2.3.tgz#0157c0316dc3722c43a7b71de3fdf3acbccef10d"
   integrity sha512-e74sM9W/4qqWB6D4TWV9FQk0WoHtX1X4FJpbjxucMSVJHtFjbQOH3H6yp+xno4br0AKG0wz/kPtaN599GUOvAg==
 
-"@types/linkifyjs@2.1.3":
-  version "2.1.3"
-  resolved "https://registry.yarnpkg.com/@types/linkifyjs/-/linkifyjs-2.1.3.tgz#80195c3c88c5e75d9f660e3046ce4a42be2c2fa4"
-  integrity sha512-V3Xt9wgaOvDPXcpOy3dC8qXCxy3cs0Lr/Hqgd9Bi6m3sf/vpbpTtfmVR0LJklrqYEjaAmc7e3Xh/INT2rCAKjQ==
+"@types/linkifyjs@2.1.7":
+  version "2.1.7"
+  resolved "https://registry.yarnpkg.com/@types/linkifyjs/-/linkifyjs-2.1.7.tgz#000b1630ff7a3776f98c8e53ba98b8ad7d92efc4"
+  integrity sha512-+SIYXs1lajyD7t/2+V9GLfdFlc/6Nr2tr65kjA2F5oOzBlPH+NiPqySJDHzREoGcL91Au9Qef8M5JdZiRXsaJw==
   dependencies:
     "@types/react" "*"
 
@@ -3244,11 +3244,6 @@ jest@^22.4.3:
     import-local "^1.0.0"
     jest-cli "^22.4.3"
 
-jquery@^3.3.1:
-  version "3.3.1"
-  resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.3.1.tgz#958ce29e81c9790f31be7792df5d4d95fc57fbca"
-  integrity sha512-Ubldcmxp5np52/ENotGxlLe6aGMvmF4R8S6tZjsP6Knsaxd/xp3Zrh50cG93lR6nPXyUFwzN3ZSOQI0wRJNdGg==
-
 "js-tokens@^3.0.0 || ^4.0.0", js-tokens@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499"
@@ -3427,14 +3422,20 @@ levn@~0.3.0:
     prelude-ls "~1.1.2"
     type-check "~0.3.2"
 
-linkifyjs@^2.1.6:
-  version "2.1.6"
-  resolved "https://registry.yarnpkg.com/linkifyjs/-/linkifyjs-2.1.6.tgz#f1cc88a86ff8863196615857fd47eb193c0a26cb"
-  integrity sha512-nA94bEM9rmt7Iu4OEIYSKpW+Dy6fhlBTjk2Bg9bFuxHQYcy+lWq2EleHb0rp/ev8oBO82vLHZctM5YlSR5DTzw==
-  optionalDependencies:
-    jquery "^3.3.1"
-    react "^16.2.0"
-    react-dom "^16.2.0"
+linkify-html@^4.3.2:
+  version "4.3.2"
+  resolved "https://registry.yarnpkg.com/linkify-html/-/linkify-html-4.3.2.tgz#ef84b39828c66170221af1a49a042c7993bd4543"
+  integrity sha512-RozNgrfSFrNQlprJSZIN7lF+ZVPj5Pz8POQcu1PYGAUhL9tKtvtWcOXOmlXjuGGEWHtC6gt6Q2U4+VUq9ELmng==
+
+linkify-react@^4.3.2:
+  version "4.3.2"
+  resolved "https://registry.yarnpkg.com/linkify-react/-/linkify-react-4.3.2.tgz#8d47fb0ad96ab5b38c07bfbebdcbc57794430693"
+  integrity sha512-mi744h1hf+WDsr+paJgSBBgYNLMWNSHyM9V9LVUo03RidNGdw1VpI7Twnt+K3pEh3nIzB4xiiAgZxpd61ItKpQ==
+
+linkifyjs@^4.3.2:
+  version "4.3.2"
+  resolved "https://registry.yarnpkg.com/linkifyjs/-/linkifyjs-4.3.2.tgz#d97eb45419aabf97ceb4b05a7adeb7b8c8ade2b1"
+  integrity sha512-NT1CJtq3hHIreOianA8aSXn6Cw0JzYOuDQbOrSPe7gqFnCpKP++MQe3ODgO3oh2GJFORkAAdqredOa60z63GbA==
 
 load-json-file@^1.0.0:
   version "1.1.0"
@@ -4243,16 +4244,6 @@ react-dom@^16.14.0:
     prop-types "^15.6.2"
     scheduler "^0.19.1"
 
-react-dom@^16.2.0:
-  version "16.13.1"
-  resolved "https://registry.yarnpkg.com/react-dom/-/react-dom-16.13.1.tgz#c1bd37331a0486c078ee54c4740720993b2e0e7f"
-  integrity sha512-81PIMmVLnCNLO/fFOQxdQkvEq/+Hfpv24XNJfpyZhTRfO0QcmQIF/PgCa1zCOj2w1hrn12MFLyaJ/G0+Mxtfag==
-  dependencies:
-    loose-envify "^1.1.0"
-    object-assign "^4.1.1"
-    prop-types "^15.6.2"
-    scheduler "^0.19.1"
-
 react-inline-center@1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/react-inline-center/-/react-inline-center-1.0.1.tgz#66703d8489b6d4a90f5d5cae91a2b7b990eef6c6"
@@ -4306,15 +4297,6 @@ react@^16.14.0:
     object-assign "^4.1.1"
     prop-types "^15.6.2"
 
-react@^16.2.0:
-  version "16.13.1"
-  resolved "https://registry.yarnpkg.com/react/-/react-16.13.1.tgz#2e818822f1a9743122c063d6410d85c1e3afe48e"
-  integrity sha512-YMZQQq32xHLX0bz5Mnibv1/LHb3Sqzngu7xstSM+vrkE5Kzr9xE0yMByK5kMoTK30YVJE61WfbxIFFvfeDKT1w==
-  dependencies:
-    loose-envify "^1.1.0"
-    object-assign "^4.1.1"
-    prop-types "^15.6.2"
-
 read-pkg-up@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/read-pkg-up/-/read-pkg-up-1.0.1.tgz#9d63c13276c065918d57f002a57f40a1b643fb02"