Vue Template Compiler version 2.5.22 is a minor patch release in the 2.5.x series of the template compiler specifically designed for Vue 2.0. Building upon its predecessor, version 2.5.21, this iteration maintains core functionality, providing developers with the tools necessary to pre-compile Vue templates into render functions, optimizing performance in Vue applications.
Examining the metadata, the primary changes appear to be internal improvements and bug fixes, potentially addressing edge cases or enhancing stability. Developers migrating from 2.5.21 will likely experience seamless integration, as the core API and functionality remain consistent. The key difference lies in the unpacked size of the distribution, with 2.5.22 being slightly larger (366097 bytes) than 2.5.21 (365457 bytes), suggesting minor additions.
The dependencies remain consistent, relying on 'he' for HTML entity encoding/decoding and 'de-indent' for code indentation handling. The release date also stands out: 2.5.22 was released on January 11, 2019, while 2.5.21 was released on December 11, 2018. This version mainly offered updated stability and refined performance. If you are managing an already existing project, upgrading ensures that you are leveraging the latest refinements. For new Vue 2.0 projects, starting with 2.5.22 offers a solid foundation for template compilation.
All the vulnerabilities related to the version 2.5.22 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
