Skip to content

Fix/security updates vue3 support #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Fix/security updates vue3 support #15

wants to merge 5 commits into from

Conversation

alii13
Copy link

@alii13 alii13 commented Oct 8, 2025
edited
Loading

Security fixes and Vue 3 support

Summary

This PR addresses critical security vulnerabilities and adds Vue 3 support while maintaining backward compatibility with Vue 2.7+. All dependencies have been modernized and the package is now properly bundled for use in any environment.

Security Fixes

  • ✅ Updated linkifyjs from 2.1.3 to 4.1.3 (addresses multiple security vulnerabilities)
  • ✅ Updated linkify-html to 4.3.2 (separate package in v4.x)
  • ✅ Fixed all dependabot security alerts (0 vulnerabilities remaining)
  • ✅ Resolved ReDoS vulnerability in Vue 2 by supporting Vue 3 and requiring Vue 2.7+ minimum

New Features

  • ✅ Added Vue 3 support
  • ✅ Maintained Vue 2.7+ backward compatibility
  • ✅ Vue is now a peer dependency for better flexibility
  • ✅ Added proper ES module default export
  • ✅ Properly bundled with Webpack - no external dependencies needed at runtime

Updated Dependencies

Production

  • linkifyjs: 2.1.3 → 4.3.2
  • linkify-html: 4.3.2 (new, required by linkifyjs v4.x)
  • Dependencies are now bundled into the output file

Development (all updated to latest stable versions)

  • Babel 6 → Babel 7 with @babel/preset-env
  • Webpack 1.x → 5.x (now used for bundling instead of just Babel)
  • ESLint 3.x → 8.x
  • Karma 1.x → 6.x
  • Mocha 3.x → 10.x
  • Replaced deprecated PhantomJS with ChromeHeadless

Code Changes

  • Updated directive implementation with both Vue 2 and Vue 3 lifecycle hooks (bind/update for Vue 2, mounted/updated for Vue 3)
  • Added proper ES module, CommonJS, AMD, and browser global exports via Webpack UMD build
  • Fixed module resolution issues - linkifyjs is now bundled into the output
  • Updated test suite for Vue 3 compatibility
  • Configured Webpack to properly bundle all dependencies

Build System

  • Switched from Babel-only transpilation to Webpack bundling
  • Created webpack.config.js for UMD build
  • Output is now a single, self-contained bundle
  • Supports all module systems: CommonJS, AMD, ES modules, and browser globals

Documentation

  • Updated README with usage examples for both Vue 2 and Vue 3
  • Added CHANGELOG.md documenting all changes

Testing

  • ✅ Linting passes
  • ✅ Build succeeds with Webpack
  • ✅ No security vulnerabilities (npm audit shows 0 vulnerabilities)
  • ✅ No module resolution errors

Breaking Changes

  • Vue is now a peer dependency (users must install Vue separately)
  • Minimum Vue 2 version is now 2.7.0
  • Package is now self-contained - linkifyjs is bundled (no need to install separately)

Version History

  • v2.0.0: Initial security updates and Vue 3 support
  • v2.0.1: Fixed ES module default export issue
  • v2.0.2: Fixed linkifyjs bundling - resolved "Could not resolve linkifyjs/html" error

Note

This fork is published on npm as vue-linkify-vue3 to avoid conflicts and is actively maintained at https://www.npmjs.com/package/vue-linkify-vue3

Users can install and use it immediately:

npm install vue-linkify-vue3
import linkify from 'vue-linkify-vue3'
app.directive('linkified', linkify)  // Vue 3
// or
Vue.directive('linkified', linkify)  // Vue 2.7+

alii13 added 5 commits October 8, 2025 16:15
@alii13
chore: publish vue-linkify-vue3@2.0.0 with security fixes and Vue 3 s…
153b37a 
…upport

- Updated linkifyjs from ^2.1.3 to ^4.1.3 (fixed security vulnerabilities)
- Added support for both Vue 2.7+ and Vue 3 (moved Vue to peerDependencies)
- Fixed all dependabot security alerts (0 vulnerabilities)
- Modernized build tools:
  * Babel 6 → Babel 7 with @babel/preset-env
  * Webpack 1.x → 5.x
  * ESLint 3.x → 8.x
  * Karma 1.x → 6.x
  * Replaced PhantomJS with ChromeHeadless
- Updated directive implementation for Vue 2/3 compatibility
- Updated tests for Vue 3
- Changed package name to vue-linkify-vue3
- Updated maintainer information
- Added CHANGELOG.md documenting all changes
@alii13
fix: add proper ES module default export (v2.0.1)
d652784 
- Fixed 'No default export found' error
- Added export default for ES modules
- Maintained backward compatibility with CommonJS, AMD, and browser globals
@alii13
fix: bundle linkifyjs dependency with webpack (v2.0.2)
e9fddd3 
- Fixed 'Could not resolve linkifyjs/html' error
- Updated to use linkify-html package (separate in v4.x)
- Configured webpack to bundle linkifyjs into the output
- Users no longer need to manually install linkifyjs
- Reduced from multiple dependencies to self-contained bundle
@alii13
docs: update PR description with v2.0.1 and v2.0.2 fixes
ea90ed9
@alii13
fix: correct repository URLs to alii13/vue-linkify (v2.0.3)
826ea4a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@alii13