chore(deps): partial upgrade to linkifyjs

[alizard0]

Hey, I just made a Pull Request!

fixes: https://github.com/redhat-developer/rhdh-plugins/security/dependabot/3791

partial fix due to:

╰─❯ npm ls linkifyjs                                                                                                                                                 ─╯
@internal/extensions@1.0.0 /Users/alizardo/Documents/engineering/github/rhdh-plugins/workspaces/extensions
├─┬ @red-hat-developer-hub/backstage-plugin-extensions@0.14.5 -> ./plugins/extensions
│ ├─┬ @backstage/core-compat-api@0.2.8
│ │ └─┬ @backstage/frontend-plugin-api@0.7.0
│ │   └─┬ @backstage/core-components@0.14.10
│ │     ├─┬ linkify-react@4.1.3
│ │     │ └── linkifyjs@4.1.3 deduped
│ │     └── linkifyjs@4.1.3
│ └─┬ @backstage/core-components@0.18.8
│   ├─┬ linkify-react@4.3.2
│   │ └── linkifyjs@4.3.2 deduped
│   └── linkifyjs@4.3.2
└─┬ app-legacy@0.0.0 -> ./packages/app-legacy
  └─┬ @backstage-community/plugin-rbac@1.45.0
    └─┬ @backstage/core-components@0.17.5
      └── linkifyjs@4.3.2 deduped

✔️ Checklist

• A changeset describing the change and affected packages. (more info)
• Added or Updated documentation
• Tests for new functionality and regression tests for bug fixes
• Screenshots attached (for UI changes)

[rhdh-qodo-merge]

Review Summary by Qodo

Upgrade linkifyjs dependency to address security vulnerability CVE-2025-8101

✨ Enhancement

Walkthroughs

Description

• Partial upgrade of linkifyjs dependency to address security vulnerability CVE-2025-8101
• Resolves dependency version conflicts where different packages require different versions of
  linkifyjs (4.1.3 vs 4.3.2)
• Upgrade addresses the most critical dependency tree conflicts while maintaining compatibility with
  existing package constraints

Diagram

flowchart LR
  A["linkifyjs<br/>4.1.3"] -->|"upgrade"| B["linkifyjs<br/>4.3.2"]
  C["@backstage/core-components"] -->|"uses"| B
  D["linkify-react"] -->|"uses"| B
  E["@backstage-community/plugin-rbac"] -->|"uses"| B

Loading

File Changes

[rhdh-qodo-merge]

Code Review by Qodo

No Changes in PR

Qodo reviewed your PR and found no changes in the code

ⓘ The new review experience is currently in Beta. Learn more

[rhdh-qodo-merge]

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: Workspace extensions, Verify step

Failed stage: Verify lockfile duplicates [❌]

Failed test name: ""

Failure summary: The action failed during Yarn's post-install validation because dependency constraints/peer dependencies are not satisfied, and the workflow treats the resulting yarn.lock drift as an error. - prettier is pinned to 3.7.4, but @spotify/prettier-config (and others) require prettier@^2.0.0 (log line 151). - The workspace package @redhat-developer/rhdh-plugins@workspace:. is missing the peer dependency @typescript-eslint/parser, which is required by @spotify/eslint-plugin (log line 152). - Yarn reports incorrectly met peer dependencies (YN0086) (log lines 153-154). - The job then detects that running yarn --cwd workspaces/extensions dedupe would change yarn.lock (* yarn.lock changes.), and exits with code 1 (log lines 211-214), causing the action to fail.

Relevant error logs: 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 149: �[94m➤�[39m �[90mYN0000�[39m: ┌ Post-resolution validation 150: ##[group]Post-resolution validation 151: �[93m➤�[39m YN0060: │ �[38;5;173mprettier�[39m is listed by your project with version �[38;5;111m3.7.4�[39m (�[38;5;111mpc2ecd8�[39m), which doesn't satisfy what �[38;5;166m@spotify/�[39m�[38;5;173mprettier-config�[39m and other dependencies request (�[38;5;37m^2.0.0�[39m). 152: �[93m➤�[39m YN0002: │ �[38;5;166m@redhat-developer/�[39m�[38;5;173mrhdh-plugins�[39m�[38;5;111m@�[39m�[38;5;111mworkspace:.�[39m doesn't provide �[38;5;166m@typescript-eslint/�[39m�[38;5;173mparser�[39m (�[38;5;111mp8d7c5c�[39m), requested by �[38;5;166m@spotify/�[39m�[38;5;173meslint-plugin�[39m. 153: �[93m➤�[39m YN0086: │ Some peer dependencies are incorrectly met by your project; run �[38;5;111myarn explain peer-requirements <hash>�[39m for details, where �[38;5;111m<hash>�[39m is the six-letter p-prefixed code. 154: �[93m➤�[39m YN0086: │ Some peer dependencies are incorrectly met by dependencies; run �[38;5;111myarn explain peer-requirements�[39m for details. 155: ##[endgroup] 156: �[94m➤�[39m �[90mYN0000�[39m: └ Completed 157: �[94m➤�[39m �[90mYN0000�[39m: ┌ Fetch step 158: ##[group]Fetch step 159: �[94m➤�[39m YN0013: │ �[38;5;220m1548�[39m packages were added to the project (�[38;5;160m+ 336.33 MiB�[39m). 160: ##[endgroup] 161: �[94m➤�[39m �[90mYN0000�[39m: └ Completed in 7s 251ms 162: �[94m➤�[39m �[90mYN0000�[39m: ┌ Link step 163: ##[group]Link step 164: �[94m➤�[39m YN0007: │ �[38;5;173mesbuild�[39m�[38;5;111m@�[39m�[38;5;111mnpm:0.21.5�[39m must be built because it never has been before or the last one failed 165: �[94m➤�[39m YN0007: │ �[38;5;166m@swc/�[39m�[38;5;173mcore�[39m�[38;5;111m@�[39m�[38;5;111mnpm:1.4.13 [366d3]�[39m must be built because it never has been before or the last one failed 166: �[94m➤�[39m YN0007: │ �[38;5;173mesbuild�[39m�[38;5;111m@�[39m�[38;5;111mnpm:0.23.1�[39m must be built because it never has been before or the last one failed 167: �[94m➤�[39m YN0007: │ �[38;5;173mesbuild�[39m�[38;5;111m@�[39m�[38;5;111mnpm:0.20.2�[39m must be built because it never has been before or the last one failed 168: �[94m➤�[39m YN0007: │ �[38;5;173mcore-js-pure�[39m�[38;5;111m@�[39m�[38;5;111mnpm:3.36.1�[39m must be built because it never has been before or the last one failed 169: �[94m➤�[39m YN0007: │ �[38;5;166m@redhat-developer/�[39m�[38;5;173mrhdh-plugins�[39m�[38;5;111m@�[39m�[38;5;111mworkspace:.�[39m must be built because it never has been before or the last one failed 170: ##[endgroup] ... 199: �[94m➤�[39m YN0000: │ �[38;5;166m@backstage/�[39m�[38;5;173mcore-plugin-api�[39m�[38;5;37m@�[39m�[38;5;37mnpm:^1.12.0�[39m can be deduped from �[38;5;166m@backstage/�[39m�[38;5;173mcore-plugin-api�[39m�[38;5;111m@�[39m�[38;5;111mnpm:1.12.3�[39m to �[38;5;166m@backstage/�[39m�[38;5;173mcore-plugin-api�[39m�[38;5;111m@�[39m�[38;5;111mnpm:1.12.4�[39m 200: �[94m➤�[39m YN0000: │ �[38;5;166m@backstage/�[39m�[38;5;173mcore-plugin-api�[39m�[38;5;37m@�[39m�[38;5;37mnpm:^1.12.1�[39m can be deduped from �[38;5;166m@backstage/�[39m�[38;5;173mcore-plugin-api�[39m�[38;5;111m@�[39m�[38;5;111mnpm:1.12.3�[39m to �[38;5;166m@backstage/�[39m�[38;5;173mcore-plugin-api�[39m�[38;5;111m@�[39m�[38;5;111mnpm:1.12.4�[39m 201: �[94m➤�[39m YN0000: │ �[38;5;166m@backstage/�[39m�[38;5;173mcore-plugin-api�[39m�[38;5;37m@�[39m�[38;5;37mnpm:^1.12.2�[39m can be deduped from �[38;5;166m@backstage/�[39m�[38;5;173mcore-plugin-api�[39m�[38;5;111m@�[39m�[38;5;111mnpm:1.12.3�[39m to �[38;5;166m@backstage/�[39m�[38;5;173mcore-plugin-api�[39m�[38;5;111m@�[39m�[38;5;111mnpm:1.12.4�[39m 202: �[94m➤�[39m YN0000: │ �[38;5;166m@backstage/�[39m�[38;5;173mcore-plugin-api�[39m�[38;5;37m@�[39m�[38;5;37mnpm:^1.12.3�[39m can be deduped from �[38;5;166m@backstage/�[39m�[38;5;173mcore-plugin-api�[39m�[38;5;111m@�[39m�[38;5;111mnpm:1.12.3�[39m to �[38;5;166m@backstage/�[39m�[38;5;173mcore-plugin-api�[39m�[38;5;111m@�[39m�[38;5;111mnpm:1.12.4�[39m 203: �[94m➤�[39m YN0000: │ �[38;5;166m@backstage/�[39m�[38;5;173mcore-plugin-api�[39m�[38;5;37m@�[39m�[38;5;37mnpm:^1.9.3�[39m can be deduped from �[38;5;166m@backstage/�[39m�[38;5;173mcore-plugin-api�[39m�[38;5;111m@�[39m�[38;5;111mnpm:1.12.3�[39m to �[38;5;166m@backstage/�[39m�[38;5;173mcore-plugin-api�[39m�[38;5;111m@�[39m�[38;5;111mnpm:1.12.4�[39m 204: �[94m➤�[39m YN0000: │ �[38;5;166m@backstage/�[39m�[38;5;173mplugin-permission-common�[39m�[38;5;37m@�[39m�[38;5;37mnpm:^0.9.1�[39m can be deduped from �[38;5;166m@backstage/�[39m�[38;5;173mplugin-permission-common�[39m�[38;5;111m@�[39m�[38;5;111mnpm:0.9.6�[39m to �[38;5;166m@backstage/�[39m�[38;5;173mplugin-permission-common�[39m�[38;5;111m@�[39m�[38;5;111mnpm:0.9.7�[39m 205: �[94m➤�[39m YN0000: │ �[38;5;166m@backstage/�[39m�[38;5;173mplugin-permission-common�[39m�[38;5;37m@�[39m�[38;5;37mnpm:^0.9.3�[39m can be deduped from �[38;5;166m@backstage/�[39m�[38;5;173mplugin-permission-common�[39m�[38;5;111m@�[39m�[38;5;111mnpm:0.9.6�[39m to �[38;5;166m@backstage/�[39m�[38;5;173mplugin-permission-common�[39m�[38;5;111m@�[39m�[38;5;111mnpm:0.9.7�[39m 206: �[94m➤�[39m YN0000: │ �[38;5;166m@backstage/�[39m�[38;5;173mplugin-permission-common�[39m�[38;5;37m@�[39m�[38;5;37mnpm:^0.9.6�[39m can be deduped from �[38;5;166m@backstage/�[39m�[38;5;173mplugin-permission-common�[39m�[38;5;111m@�[39m�[38;5;111mnpm:0.9.6�[39m to �[38;5;166m@backstage/�[39m�[38;5;173mplugin-permission-common�[39m�[38;5;111m@�[39m�[38;5;111mnpm:0.9.7�[39m 207: �[94m➤�[39m YN0000: │ �[38;5;166m@backstage/�[39m�[38;5;173mplugin-catalog-react�[39m�[38;5;37m@�[39m�[38;5;37mnpm:^2.0.0�[39m can be deduped from �[38;5;166m@backstage/�[39m�[38;5;173mplugin-catalog-react�[39m�[38;5;111m@�[39m�[38;5;111mnpm:2.0.0�[39m to �[38;5;166m@backstage/�[39m�[38;5;173mplugin-catalog-react�[39m�[38;5;111m@�[39m�[38;5;111mnpm:2.1.0�[39m 208: �[94m➤�[39m YN0000: │ 24 packages can be deduped using the �[38;5;111mhighest�[39m strategy 209: ##[endgroup] 210: �[94m➤�[39m �[90mYN0000�[39m: └ Completed in 0s 339ms 211: * yarn.lock changes. * 212: * * 213: * yarn --cwd workspaces/extensions dedupe * 214: ##[error]Process completed with exit code 1. 215: Post job cleanup.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud