Vue Template Compiler version 2.7.8 represents a subtle but potentially important update over its predecessor, version 2.7.7. Both versions serve as vital tools for Vue 2.0 developers, translating Vue templates into render functions understandable by the Vue runtime. Key dependencies like de-indent for code formatting and he for HTML entity encoding remain consistent, ensuring continued compatibility and expected behavior in template handling. The devDependencies section also indicates a continued local dependency to the core vue package in the repository, used for development and testing, keeping the versions aligned.
The primary difference lies in the increased unpackedSize of version 2.7.8, which has grown to 594505 bytes compared to 2.7.7's 592990 bytes. This suggests internal code modifications, bug fixes, or potential performance enhancements, though the specifics aren't detailed in the metadata. Considering the release date difference, with version 2.7.8 released approximately six days after 2.7.7, one might infer the newer release addresses issues discovered in the previous stable build. For Vue 2 developers, upgrading to 2.7.8 is generally recommended to benefit from the potentially improved compilation pipeline. While the change log isn't provided, an increase in size usually suggests bug fixes, minor feature additions, or optimizations of the Vue template-compilation process.
All the vulnerabilities related to the version 2.7.8 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
