Vue Template Compiler version 2.5.2 is a minor update to version 2.5.1, both designed to compile Vue 2.0 templates. Examining the metadata, the core functionalities and dependencies -- he (HTML entity encoder/decoder) and de-indent (for removing excessive indentation from strings) -- remain consistent between the two releases. Both versions are licensed under the MIT license, showcasing the project's commitment to open-source principles. The author remains Evan You, the creator of Vue.js, ensuring continuity and expertise. Code for both versions lives in the master Vue.js repository on GitHub.
The primary discernable difference lies in the release date. Version 2.5.2 was published on October 13, 2017, at 20:20:54 UTC, approximately 6 hours after version 2.5.1, which was released on the same day at 14:14:26 UTC. This suggests that 2.5.2 likely addresses minor bug fixes or optimizations discovered shortly after the initial 2.5.1 release. Developers using the vue-template-compiler should consider upgrading to 2.5.2 from 2.5.1 to benefit from these potential improvements, ensuring a more stable and reliable template compilation process within their Vue.js projects, although the exact nature of those improvements are not described in the data and would likely be extremely niche. Package managers like npm or yarn can be used to easily download this library.
All the vulnerabilities related to the version 2.5.2 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
