EGOIST/rollup-plugin-postcss

Vulnerability on version 4.0.0 related with is-svg

4 years ago

👍

I am using rollup-plugin-postcss on my project and the dependabot found this vuln:

Dependabot cannot update is-svg to a non-vulnerable version
The latest possible version that can be installed is 3.0.0 because of the following conflicting dependency:

[email protected] requires is-svg@^3.0.0 via a transitive dependency on [email protected]
The earliest fixed version is 4.2.2.

View logs or learn more about troubleshooting Dependabot errors.

Are you going to fix that? Please!

egoist / rollup-plugin-postcss

Seamless integration between Rollup and PostCSS.

678

Contributors get 70% of received funds after fees

How does funding with Polar work?

Pay now to fund the work behind this issue.

Get updates on progress being made.

Maintainer is rewarded once the issue is completed.

FAQ

Backer

You're funding impactful open source efforts

Contributor

You want to contribute to this effort

Maintainer

You want to get funding like this too

EGOIST/rollup-plugin-postcss

Vulnerability on version 4.0.0 related with is-svg

How does funding with Polar work?

Backer

Why does "Fund on completion" require GitHub login?

When is the invoice due for "Fund on completion"?

What happens if the issue is never completed?

Do I get any extra benefits by funding?

Do I get progress updates?

Contributor

Do I get a reward?

Is rewards guaranteed?

Maintainer

How can I get funding like this for my open source initiatives?