@vue/typescript-plugin version 2.0.14 introduces incremental improvements over the previous stable version 2.0.13. Both versions serve as essential plugins for enhancing TypeScript support within Vue.js development environments, designed to integrate seamlessly with tsserver or typescript-language-server. These plugins ensure developers benefit from features like enhanced code completion, accurate type checking, and improved refactoring capabilities within their Vue projects.
The primary difference lies in the updated dependencies. Version 2.0.14 upgrades @volar/typescript from version 2.2.0-alpha.8 to 2.2.0-alpha.10, and @vue/language-core from 2.0.13 to 2.0.14. While both versions rely on @vue/shared version ^3.4.0, these subdependency updates indicate refinements and potential bug fixes within the core language tooling. Developers should see improved stability and potentially new features introduced by @volar/typescript. Furthermore the unpacked size has been reduced slightly, from 49612 to 49135, suggesting some optimization efforts.
Developers considering an upgrade should note the release date difference; 2.0.14 was released a week and a half after 2.0.13, suggesting accumulated fixes since the older version. These updates contribute to a more robust and efficient development experience for Vue.js projects leveraging TypeScript. Before upgrading, developers should review the @volar/typescript changelog for any breaking changes or new features introduced in the alpha releases.
All the vulnerabilities related to the version 2.0.14 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
