Vue Template Compiler version 2.6.12 represents an incremental update over version 2.6.11 in the Vue 2.0 ecosystem, essential for developers working with Vue templates. Both versions, sharing the same core dependencies of he for HTML entity encoding and de-indent for code formatting, primarily serve to compile Vue templates into render functions understood by the Vue runtime. A key difference lies in the release date; version 2.6.12 was published in August 2020, a significant time jump from version 2.6.11, which was released in December 2019.
While the stated dependencies remain consistent, developers should note the difference in the unpacked size of the packages, with version 2.6.12 being slightly smaller (415330 bytes versus 415384 bytes). This might indicate minor optimizations or bug fixes that were incorporated. Since both versions have a devDependencies entry pointing to a local Vue instance (file:../..), it emphasizes their close relationship and testing dependencies with the main Vue repository.
For developers deciding which version to use, the newer version (2.6.12) is generally recommended due to the likelihood of bug fixes and potential performance improvements accumulated over the intervening months. Although no specific changes are explicitly listed, staying up-to-date ensures access to the most refined and stable compiler for Vue 2.0 templates. This ensures better compatibility and addresses potential edge cases encountered by the community.
All the vulnerabilities related to the version 2.6.12 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
