Security vulnerability: rollup-plugin-size uses vulnerable axios

The devDependency rollup-plugin-size is currently at version 0.2.1, which relies on axios <0.30.0. This version of axios is affected by CVE-2025-27152 (high severity). Please update rollup-plugin-size to version 0.3.0 or higher to remove the vulnerable axios from the dependency tree. This change only affects development tooling and should not introduce breaking changes.

References:
- [CVE-2025-27152](https://github.com/advisories/GHSA-jr5f-v2jv-69x6)
- rollup-plugin-size [changelog](https://www.npmjs.com/package/rollup-plugin-size)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Security vulnerability: rollup-plugin-size uses vulnerable axios #349

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Security vulnerability: rollup-plugin-size uses vulnerable axios #349

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions