Vue Template Compiler versions 2.6.5 and 2.6.4 are essential tools for developers working with Vue.js 2.0, serving as template compilers that translate Vue templates into render functions, enabling efficient and dynamic UI rendering. Comparing the two versions, the most notable difference lies in their release dates. Version 2.6.5 was released on February 11, 2019, while version 2.6.4 was released on February 8, 2019, approximately three days earlier.
Both versions share identical dependencies, relying on "he" for HTML entity encoding/decoding and "de-indent" for removing unnecessary indentation from code. Both also share the same "devDependencies" listing vue as "file:../.." which means the dependency should exist in the folder immediately above. They maintain the same file count and identical unpacked sizes which suggests that the changes between these two are minimal, likely bug fixes or minor improvements that don't significantly alter the core functionality or overall package dimensions.
Because of the close releases, it is unlikely there are any API changes or large feature updates between the two, however, upgrading from 2.6.4 to 2.6.5 is likely good practice in order to obtain the latest fixes and optimizations. Developers utilizing Vue should ensure their "vue-template-compiler" version aligns with their Vue.js core version to avoid compatibility issues during the compilation process. Upgrading can be done within npm or yarn by using a standard update command.
All the vulnerabilities related to the version 2.6.5 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
