Vue Template Compiler versions 2.5.13 and 2.5.12 represent incremental updates to the core template compilation tool for Vue.js 2.0. Both versions share the same fundamental dependencies, relying on he for HTML entity encoding/decoding and de-indent for removing unnecessary indentation from strings, suggesting a focus on maintaining stable core functionality. They are licensed under the MIT license and maintained by Evan You.
The key distinction between these releases lies in their timing. Version 2.5.13 was released within a few hours of version 2.5.12. This possibly indicates a bug fix or minor enhancement addressing a specific issue discovered shortly after the 2.5.12 release. Developers employing vue-template-compiler directly in their build processes, perhaps within custom tooling or pre-compilation steps, should consider upgrading to the newer v2.5.13 to ensure they're benefiting from the latest refinements and potential bug fixes. Due to the proximity of the releases, significant API changes or feature additions are unlikely. Therefore, the impact on existing workflows should be minimal. Using the latest version always provides the most stable and well-tested compilation environment for Vue.js templates. For developers integrating with Vue.js ecosystem, such as building custom CLI plugins or advanced webpack configurations, staying current with patch releases like this is generally a recommended practice.
All the vulnerabilities related to the version 2.5.13 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
