@vue/typescript-plugin v2.0.15 is a minor update to the TypeScript language service plugin for Vue projects, building on version 2.0.14. Both versions support enhanced IDE features like autocompletion, type checking, and go-to-definition within .vue files, crucial for developers leveraging TypeScript in their Vue.js development workflow. A key difference lies in the dependency updates. Version 2.0.15 incorporates @volar/typescript version 2.2.0-alpha.12, whereas the previous version used 2.2.0-alpha.10. This @volar/typescript bump likely includes bug fixes, performance improvements, or new features related to TypeScript language service integration specifically tailored for Vue Single File Components (SFCs). While the core description of the plugin remains the same – targeting accessibility by TypeScript language servers for improved editing experience – developers should consider upgrading to v2.0.15 to benefit from these underlying Volar enhancements. Unpacked size increased slightly from 49135 to 49296, indicating small changes or additions in the newer release. Developers relying on the tightest integration with the Vue language tooling and latest fixes will find the update beneficial; others may find features are substantially the same with the change.
All the vulnerabilities related to the version 2.0.15 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
