Vue Template Compiler, a crucial tool for developers working with Vue 2.0, plays a pivotal role in transforming Vue templates into render functions understandable by the browser. Comparing versions 2.6.13 and 2.6.12 reveals subtle yet important changes impacting developers. Both versions share core dependencies like he for HTML entity encoding and de-indent for code formatting, ensuring consistent template handling. Their development dependencies also remain the same, pointing to a continued focus on internal Vue project structure. The license remains MIT, offering developers freedom in using and modifying the library.
However, a notable difference lies in the dist object. Version 2.6.13 has an unpackedSize of 415894 bytes, slightly larger than version 2.6.12's 415330 bytes. This suggests internal improvements, bug fixes, or potentially new features that contribute to the incremental size increase. A significant change resides in the releaseDate. Version 2.6.13 was released on June 1, 2021, while version 2.6.12 dates back to August 20, 2020. This ten-month gap indicates a period of development, testing, and refinement. Upgrading to the newer version, 2.6.13, is generally recommended for access to the latest optimizations, bug fixes, and potentially enhanced compatibility with newer Vue ecosystem tools and libraries. Always examine the official Vue changelog for specifics on introduced changes.
All the vulnerabilities related to the version 2.6.13 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
