Vue Template Compiler version 2.1.4 is a minor update to the core template compilation tool for Vue 2.0, building upon the foundation laid by version 2.1.3. Both versions serve the crucial role of transforming Vue templates into render functions that the Vue runtime can efficiently execute to update the DOM.
The changes between 2.1.3 and 2.1.4 are incremental, suggesting bug fixes, performance improvements, or minor feature tweaks rather than substantial overhauls. Developers relying on vue-template-compiler for build processes, especially those incorporating pre-compilation steps, should consider upgrading to the latest point release to benefit from any enhancements.
A key aspect of both versions is their shared dependencies on libraries like he for HTML entity encoding/decoding and de-indent for removing unnecessary indentation from template strings. These dependencies highlight the concern for accuracy of the compilation process and proper parsing of templates, even when the templates are defined with indentation. Both versions are released under the MIT license with Evan You as the author. Both depend on same transitive dependencies versions. Ultimately, the decision to upgrade from 2.1.3 to 2.1.4 hinges on specific project requirements and a careful assessment of the changelog (although there are no changelog provided) for any fixes or features relevant to the developer's workflow.
All the vulnerabilities related to the version 2.1.4 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
