Vue Template Compiler versions 2.6.4 and 2.6.3 are template compilers designed for Vue 2.0, crucial for developers building Vue applications. Both versions share the same core dependencies, leveraging he for HTML entity encoding/decoding and de-indent for removing unnecessary indentation from template strings. They are both developed under the MIT license by Evan You and are part of the Vue.js ecosystem, residing in the same GitHub repository.
The primary difference lies in their release dates and unpacked size. Version 2.6.4 was released on February 8, 2019, slightly later than version 2.6.3 which was released on February 6, 2019. The unpacked size of version 2.6.4 is 411168 bytes, a marginal increase compared to 2.6.3's 410918 bytes. This suggests that the newer version likely includes minor bug fixes, performance improvements or very small feature additions.
For Vue developers, these versions enable the compilation of Vue templates into render functions, a fundamental process for creating dynamic and interactive user interfaces. While the dependency on the vue package itself is specified as a local file path (file:../..) in the devDependencies, it highlights the compiler's close relationship with the core Vue library. Therefore, even minor version bumps like this one ensure compatibility and can introduce benefits that developers should consider when managing their project's dependencies. Check the offical change logs for detailed information.
All the vulnerabilities related to the version 2.6.4 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
