Vue Template Compiler version 2.7.14 is a patch release over version 2.7.13, both serving as the template compiler for Vue 2.0. Primarily designed for pre-compiling Vue templates into render functions, this package minimizes runtime compilation costs, leading to performance enhancements in Vue.js applications.
The core functionalities, dependencies on de-indent for code formatting and he for HTML entity encoding, and the development dependency on the core vue package remain consistent between versions. Key differences lie in the dist section and release dates. Version 2.7.14, released on November 9, 2022, has a slightly larger unpacked size of 582798 bytes compared to version 2.7.13's 581996 bytes, released on October 14, 2022, indicating minor changes, optimisations, or bug fixes.
For developers, the vue-template-compiler is essential for build processes involving single-file components or in scenarios where runtime compilation is undesirable. While the differences may appear minimal between these two version, upgrading to 2.7.14 is recommended to capitalize any potential performance improvements, bug fixes, or stability enhancements incorporated in the latest iteration. Both version have 7 files in the package. Developers should consult the Vue.js changelog or commit history for a detailed breakdown of the specific changes implemented in version 2.7.14.
All the vulnerabilities related to the version 2.7.14 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
