Vue Template Compiler version 2.3.1 is a minor patch release following version 2.3.0, both designed as template compilers for Vue 2.0. Examining the provided data, the core functionality and dependencies - he for HTML entity encoding and de-indent for removing unnecessary indentation - remain consistent between the two versions. This suggests that the update from 2.3.0 to 2.3.1 likely addresses bug fixes or minor improvements rather than introducing substantial new features. The key difference lies in the release date: version 2.3.0 was released on April 27, 2017, while 2.3.1 followed shortly after on May 2, 2017.
For developers using the library, sticking to the latest patch version (2.3.1) is generally recommended. While the changes may not be immediately apparent from the metadata alone, patch releases often include crucial fixes for stability and performance. Given the short timeframe between releases, it's probable that version 2.3.1 resolves issues discovered soon after the original 2.3.0 release. If you're encountering unexplained behavior or edge cases with version 2.3.0, upgrading to 2.3.1 is a sensible first step to rule out known bugs. As both versions share the same core dependencies and author (Evan You), integration and usage patterns are expected to be identical.
All the vulnerabilities related to the version 2.3.1 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
