martinpe36
commented
3 years ago I see the version of css-nano was bumped in this PR https://github.com/Anidetrix/rollup-plugin-styles/pull/171, but the package version wasn't bumped so a new package wasn't created. Have created a PR to fix this.
There is an indirect vulnerability for this package for cssnano, which needs to be bumped to use the latest version 5.0.0
More details on the vulnerability here - https://snyk.io/test/npm/rollup-plugin-styles/3.14.1