Vue Template Compiler version 2.6.7 introduces a modest update over its predecessor, version 2.6.6, primarily focusing on internal improvements. Both versions share the same core dependencies, relying on "he" for HTML entity encoding/decoding and "de-indent" for code formatting. They are designed to work specifically with Vue 2.0, as indicated by the description and the dev dependency pointing to a local Vue installation. Developers familiar with the 2.6.6 version will feel right at home with 2.6.7, as there are no breaking API changes or new features advertised in the provided data.
The key distinction lies in the dist object, where the unpacked size has increased slightly from 412226 bytes in 2.6.6 to 414134 bytes in 2.6.7. This suggests that the update likely incorporates bug fixes, performance tweaks, or micro-optimizations within the compiler's code. The release date also highlights that version 2.6.7 was published roughly a week after 2.6.6, indicating a relatively quick turnaround, possibly in response to discovered issues or targeted enhancements. While the changes might be subtle, developers are encouraged to upgrade to the latest version for the most stable and optimized experience. Essentially, upgrading from 2.6.6 to 2.6.7 offers developers a potentially more refined and reliable experience with the Vue Template Compiler.
All the vulnerabilities related to the version 2.6.7 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
