Vue Template Compiler versions 2.2.0 and 2.1.10 are both template compilers designed for Vue 2.0, playing a crucial role in transforming Vue templates into render functions that the Vue runtime can understand and execute. Both versions share the same dependencies: he for HTML entity encoding/decoding and de-indent for dedenting strings, which contribute code readability of the generated Javascript. They are both under the permissive MIT license and maintain the same authorship and repository, indicating a stable and consistently maintained project. The core functionality and underlying structure of the compiler appear to remain consistent between these two versions.
The primary difference lies in the version number and release date. Version 2.2.0 was released on February 26, 2017, whereas version 2.1.10 was released on January 17, 2017. This approximately one-month gap suggests that version 2.2.0 likely includes bug fixes, performance improvements, or minor feature enhancements over 2.1.10. While the specific changes aren't detailed in the provided data, developers should generally prefer the newer version (2.2.0) as it typically incorporates the latest improvements. For Vue developers, using the correct version of vue-template-compiler compatible with their Vue runtime is essential to avoid template compilation errors. Checking the Vue release notes alongside the template compiler's version can further clarify the specific updates.
All the vulnerabilities related to the version 2.2.0 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
