@vue/typescript-plugin 2.0.19 is a minor update to the language service plugin primarily targeting improvements for Vue developers using TypeScript. Released on May 16, 2024, it follows closely on the heels of version 2.0.18, released the previous day. The core functionality, as a plugin for tsserver or typescript-language-server, remains the same: it enhances the TypeScript language support within your editor for Vue projects, providing features like autocompletion, type checking, and go-to-definition for Vue-specific syntax.
The key difference lies in the updated dependencies. While both versions rely on @vue/shared version 3.4.0 and @volar/typescript version ~2.2.4, version 2.0.19 updates @vue/language-core dependency to version 2.0.19. Version 2.0.18 relies on @vue/language-core version 2.0.18. This potentially includes bug fixes, performance improvements, or new features within the Vue language core that directly benefit type checking and language services for Vue components. For those experiencing any issues with the previous version or seeking the latest refinements in Vue's TypeScript support, upgrading to 2.0.19 is recommended. Developers should examine the changelog for @vue/language-core 2.0.19 for in-depth details on the changes introduced. The relatively small unpacked size of the plugin (around 52KB) suggests minimal overhead to project size.
All the vulnerabilities related to the version 2.0.19 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
