Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Framework upgrade for vue-froala from Vue 2 to Vue 3 #217

Merged
merged 17 commits into from
Mar 17, 2023
Merged

Framework upgrade for vue-froala from Vue 2 to Vue 3 #217

merged 17 commits into from
Mar 17, 2023

Conversation

AkshayAccolite
Copy link
Contributor

@AkshayAccolite AkshayAccolite commented Feb 21, 2023
edited
Loading

Framework upgrade

@AkshayAccolite
Copy link
Contributor Author

@harasunu-narayan can you please have a look into this PR?

@vivek-accolite-801
Copy link
Contributor

vivek-accolite-801 commented Feb 21, 2023
edited
Loading

Hi @harasunu-narayan

As Vue3 code is not compatible with Vue2 - it needs to be maintained as a separate branch or separate repo.

Please don't not merge this on to forala:RC-v4.1

@AkshayAccolite
Copy link
Contributor Author

AkshayAccolite commented Feb 23, 2023
edited
Loading

Here is the link to the document which include the list of breaking changes that are related to Vue upgrade.
https://docs.google.com/document/d/1qFD58GZSfPdM-63zKk61jjt_XG3pySZw3JitR6QYt2I/edit#heading=h.j47ky62p88rr

@harasunu-narayan
Copy link
Contributor

@AkshayAccolite , @vivek-accolite-801 ,
Kindly update the dependencies to address the vulnerabilities fixed with latest versions. Refer the dependabot PRs.

dependabot bot added 3 commits March 6, 2023 13:31
@dependabot
Bump decode-uri-component from 0.2.0 to 0.2.2
0ac923b 
Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2.
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

---
updated-dependencies:
- dependency-name: decode-uri-component
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump minimist from 1.2.5 to 1.2.8
3b3f864 
Bumps [minimist](https://github.com/minimistjs/minimist) from 1.2.5 to 1.2.8.
- [Release notes](https://github.com/minimistjs/minimist/releases)
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.5...v1.2.8)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump qs from 6.5.2 to 6.5.3
9ea43bc 
Bumps [qs](https://github.com/ljharb/qs) from 6.5.2 to 6.5.3.
- [Release notes](https://github.com/ljharb/qs/releases)
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.5.2...v6.5.3)

---
updated-dependencies:
- dependency-name: qs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@AkshayAccolite
Copy link
Contributor Author

@harasunu-narayan
Here is the link to the dependabot generated PRs in the "vivek-accolite-801/vue-3-support" repository. I believe this is what you hoped for.
https://github.com/vivek-accolite-801/vue-froala-wysiwyg/pulls

@AkshayAccolite
Merge pull request #4 from vivek-accolite-801/dependabot/npm_and_yarn…
0602df4 
…/qs-6.5.3

Bump qs from 6.5.2 to 6.5.3
@AkshayAccolite
Merge pull request froala#5 from vivek-accolite-801/dependabot/npm_an…
9082b02 
…d_yarn/decode-uri-component-0.2.2

Bump decode-uri-component from 0.2.0 to 0.2.2
@AkshayAccolite
Merge pull request froala#6 from vivek-accolite-801/dependabot/npm_an…
9766d84 
…d_yarn/minimist-1.2.8

Bump minimist from 1.2.5 to 1.2.8
@AkshayAccolite
Merge pull request #4 from AkshayAccolite/feature/vue-3-support
b10e203 
Feature/vue 3 support
harasunu-narayan
harasunu-narayan reviewed Mar 10, 2023
View reviewed changes
Copy link
Contributor

@harasunu-narayan harasunu-narayan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AkshayAccolite ,
Kindly recheck the dependencies to address the warnings and vulnerabilities shown below.
image

DeprecationWarning: image

@AkshayAccolite
Copy link
Contributor Author

@harasunu-narayan

  1. Please mention which license do we need to use from the SPDX license list - https://spdx.org/licenses/ to resolve the warning "License should be a valid SPDX license expression".

@AkshayAccolite
Copy link
Contributor Author

@harasunu-narayan
The warnings are fixed.
There are 13 vulnerabilities that can not be fixed due to the following dependencies do not have non vulnerable version.

  1. vue-html-loader - https://snyk.io/advisor/npm-package/vue-html-loader

  2. babel-core - https://snyk.io/advisor/npm-package/babel-core

  3. isparta-loader - https://snyk.io/advisor/npm-package/isparta-loader

  4. isparta - https://snyk.io/advisor/npm-package/isparta

  5. inject-loader - https://snyk.io/advisor/npm-package/inject-loader

  6. babel-register - https://snyk.io/advisor/npm-package/babel-register

  7. html-webpack-plugin : Upon upgrading this plugin to version v4 we get Type error during build process.

@harasunu-narayan
Copy link
Contributor

@AkshayAccolite ,
Could you verify the Readme and update the changes required, if any.

@AkshayAccolite
Copy link
Contributor Author

Hi @harasunu-narayan
I have updated the Readme file with necessary changes.

@harasunu-narayan harasunu-narayan merged commit b0ad74d into froala:RC-v4.1 Mar 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@harasunu-narayan harasunu-narayan harasunu-narayan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AkshayAccolite @vivek-accolite-801 @harasunu-narayan