Vue Template Compiler, a crucial tool for Vue 2.0 developers, had a minor version update from 2.7.9 to 2.7.10. Both versions share the same core description: they are template compilers for Vue 2.0. They depend on de-indent and he for code formatting and HTML entity encoding respectively and both versions rely on a local Vue development dependency, indicating a strong tie to the core Vue.js library. Both are MIT licensed, maintained by Evan You, and have source code managed on GitHub under the Vue.js repository.
The key difference lies in their release date and potentially, internal fixes or optimizations. Version 2.7.10 was released on August 23, 2022, subsequent to version 2.7.9 that was released on August 19, 2022. The unpacked size of version 2.7.10 is marginally larger at 594538 bytes compared to version 2.7.9's 594505 bytes, that suggesting minor code changes. Because of the small jump in version number, developers shouldn't expect breaking changes, but it's important to note that 2.7.10 likely includes bug fixes or minor improvements implemented since 2.7.9. Developers using Vue Template Compiler should upgrade to the latest 2.7.10 version to benefit from these potential enhancements and ensure they are using the most stable and up-to-date version of the compiler for their Vue 2.0 projects.
All the vulnerabilities related to the version 2.7.10 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
