Vue Template Compiler version 2.2.3 represents a minor update over its predecessor, version 2.2.2, in the Vue.js ecosystem. Both versions share the same core functionality as template compilers designed for Vue 2.0, enabling developers to transform Vue templates into render functions. The dependencies remain consistent, relying on "he" for HTML entity encoding/decoding and "de-indent" for removing unnecessary indentation from multiline strings, ensuring proper template parsing. The license remains MIT, offering flexibility for use in various projects. Evan You continues to be credited as the author, maintaining continuity in the package's development.
The key differentiator lies in the release date. Version 2.2.3 was released on March 13, 2017, signifying a newer build compared to version 2.2.2, released on March 9, 2017. While the package manifests suggests the changes are minimal, this update likely incorporates bug fixes and subtle improvements rather than major feature additions. For developers, opting for version 2.2.3 is generally advisable to leverage the latest refinements that address potential issues present in the earlier 2.2.2 release, promoting a smoother and more reliable Vue.js development experience. Upgrading ensures they benefit from any recent optimizations made to the template compilation process.
All the vulnerabilities related to the version 2.2.3 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
