Version 2.0.16 of @vue/typescript-plugin represents a subtle but potentially impactful update to the developer tooling for Vue.js projects leveraging TypeScript. Released on May 1, 2024, it builds upon version 2.0.15, which was released just a day prior on April 30, 2024. While the core description remains the same – a plugin designed for tsserver or typescript-language-server to enhance the TypeScript experience within Vue projects – the key difference lies in its dependencies.
Specifically, version 2.0.16 updates @volar/typescript dependency to a more stable ~2.2.0, compared to the previous version's 2.2.0-alpha.12. This shift from an alpha release signals a move towards greater stability and reliability within the plugin's core functionalities related to TypeScript integration. Furthermore, the update includes @vue/language-core to version 2.0.16 from 2.0.15. This dependency manages the core analysis features for the Vue Language Server.
Another difference is the unpacked size increasing from 49296 bytes to 49606 bytes. While seemingly minor, this might imply some internal improvements. Generally, the update is a small change that enhances the TypeScript integration and stability for Vue.js developers using the plugin within their IDEs. Developers should consider upgrading to benefit from these refinements.
All the vulnerabilities related to the version 2.0.16 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
