Vue Template Compiler version 2.2.1 represents a minor update over the preceding 2.2.0, both versions functioning as template compilers specifically designed for Vue 2.0. Key functionalities remain consistent, providing developers with the necessary tools to transform Vue templates into render functions. The core dependencies, 'he' for HTML entity encoding and 'de-indent' for removing unnecessary indentation from code, remain unchanged between these two versions, indicating that the fundamental parsing and code formatting capabilities are stable and reliable.
The most noticeable difference lies in the release date, with version 2.2.1 being published slightly later than 2.2.0. This suggests that version 2.2.1 likely includes bug fixes, performance improvements, or minor adjustments addressing issues identified in the initial 2.2.0 release. For developers utilizing Vue Template Compiler, upgrading to version 2.2.1 is generally recommended to benefit from these potential enhancements, ensuring a smoother development experience and potentially more optimized template compilation. While the changes may not be groundbreaking, staying current with minor version updates contributes to a more robust and reliable application. Both versions are licensed under MIT, offering flexibility in usage, and are maintained within the Vue.js GitHub repository.
All the vulnerabilities related to the version 2.2.1 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
