Vue Template Compiler version 2.7.7 is a minor update to the 2.7.x series of the template compiler designed for Vue 2.0. Both versions, 2.7.7 and 2.7.6, share the same core dependencies: de-indent for removing unnecessary indentation and he for HTML entity encoding/decoding. This ensures consistent handling of template formatting and character encoding across both versions. The devDependencies also remain the same, pointing to the local Vue.js project for development purposes, essential for contributors. The licensing, repository details, and author remain consistent, reflecting the ongoing maintenance by Evan You and the Vue.js team.
The key difference lies in the dist section, specifically the unpackedSize. Version 2.7.7 has an unpackedSize of 592990 bytes, a slight increase from version 2.7.6's 592851 bytes. This suggests minor additions or modifications within the compiled code, potentially bug fixes, performance improvements, or small feature enhancements. The releaseDate also indicates that version 2.7.7 was released a day after 2.7.6. While potentially minor, developers should upgrade to the latest stable version, 2.7.7, to benefit from any bug fixes and potential performance tweaks included in the newer version. The update ensures developers are using the most current and potentially optimized iteration of the Vue 2.0 template compiler.
All the vulnerabilities related to the version 2.7.7 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
