Vue Template Compiler versions 2.7.13 and 2.7.12 represent incremental updates to a crucial tool for Vue 2.0 developers. Both versions serve as template compilers, translating Vue templates into render functions understandable by the Vue runtime. They share core dependencies like "de-indent" for code formatting and "he" for HTML entity encoding, ensuring consistent template processing. The development dependencies also remain the same, pointing to a local Vue core for testing. Both are MIT licensed and maintained by Evan You.
The primary difference lies in the release date and the unpacked size of the package. Version 2.7.13 was released on October 14, 2022, while 2.7.12 was released two days earlier, on October 12, 2022. The unpacked size also differs slightly, with 2.7.13 being marginally larger by approximately 100 bytes. This suggests that version 2.7.13 includes minor bug fixes, performance tweaks, or very subtle improvements within the compiler. For developers, upgrading from 2.7.12 to 2.7.13 is likely a low-risk approach to incorporate the latest refinements. Given that both versions compile Vue 2.0 templates, the upgrade decision should be based on a desire to stay current with the most recent fixes and optimizations. If no specific issues are encountered with 2.7.12, the update is not critical but recommended for best practice.
All the vulnerabilities related to the version 2.7.13 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
