@vue/typescript-plugin facilitates seamless TypeScript integration within Vue.js development environments, enhancing code completion, type checking, and overall developer experience in tools like VS Code with the Volar extension. Comparing versions 2.0.16 and 2.0.17, several key improvements emerge. The update from version 2.0.16 to 2.0.17 includes dependency upgrades. Significantly, @volar/typescript jumps from version ~2.2.0 to ~2.2.2, potentially incorporating bug fixes, performance improvements, or new features within Volar's TypeScript support that enhance the user experience. The @vue/language-core dependency also sees an increment from 2.0.16 to 2.0.17, with possible optimization in core Vue language tooling which brings more reliable analysis of Vue code. The package size also sees a slight increase (unpackedSize from 49606 to 52538), hinting towards added functionalities or more extensive code coverage. Developers should upgrade to version 2.0.17 to benefit from the latest enhancements and bug fixes within the Volar and Vue language core ecosystems, improving code quality and development efficiency. The more recent release date of 2.0.17 further suggests that it incorporates the most up-to-date solutions and improvements.
All the vulnerabilities related to the version 2.0.17 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
