Vue-tsc version 2.0.26 represents a minor update over version 2.0.24, primarily focusing on internal dependency adjustments. The core functionality of the vue-tsc package likely remains the same, serving as the Vue CLI's TypeScript compiler, crucial for type checking and compiling Vue single-file components.
A significant difference lies in the updated dependencies. Notably, @volar/typescript has been updated from ~2.4.0-alpha.2 to ~2.4.0-alpha.15. This suggests a substantial shift in the underlying TypeScript language service integration. While the alpha status indicates potential instability, developers may find improved language support, bug fixes, or performance enhancements within the newer Volar version. The @vue/language-core dependency has also been updated to version 2.0.26 from 2.0.24, which implies bug fixes and core feature enhancements for the Vue language support.
Developers using vue-tsc should examine the changelogs for @volar/typescript version 2.4.0-alpha.15 (compared to 2.4.0-alpha.2) and @vue/language-core version 2.0.26 (compared to 2.0.24) to understand the exact changes introduced. Given the peer dependency on typescript >=5.0.0, both versions rely on modern TypeScript features. The update introduces minimal changes to file size and unpacking requirements, with fileCount remaining 6, and unpacked size moving from 5179 to 5180. The release date for vue-tsc-2.0.26 is 2024-07-04T12:45:26.073Z a few days after vue-tsc-2.0.24 that has 2024-06-30T07:26:48.468Z as release date.
All the vulnerabilities related to the version 2.0.26 of the package
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.
