Vue-tsc has released version 2.0.19, a minor update from the previous stable version 2.0.18. Both versions are designed to be installed as a development dependency using npm i vue-tsc -D and leverage semver "^7.5.4" to handle versioning for its dependencies and share the same structure regarding file count (6) and unpacked size (4904). At its core, vue-tsc utilizes @volar/typescript version "~2.2.4" and declares typescript as a peer dependency, ensuring compatibility with existing TypeScript setups. Any TypeScript version may be compatible, so it is important to keep it updated or specify a compatible version if there are any issues. The main change lies in the updated @vue/language-core dependency, moving from version 2.0.18 to 2.0.19. As vue-tsc is a command-line interface to type-check Vue components, this update likely includes bug fixes, performance improvements, or new features related to Vue language support and template type checking. Developers should consider upgrading to version 2.0.19 to benefit from these enhancements in Vue language core. The new version was released on May 16, 2024, a day after version 2.0.18, suggesting a quick follow-up release, possibly to address an immediate issue or incorporate a small but important improvement. To stay on the compatible versions of the dependency tree, keeping vue-tsc updated is recommended.
All the vulnerabilities related to the version 2.0.19 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
