Skip to content

chore(deps-dev): bump svgo in /#23

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-3a862b9407
Open

chore(deps-dev): bump svgo in /#23
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-3a862b9407

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps svgo in / from 3.2.0 to 4.0.1.

Updates svgo from 3.2.0 to 4.0.1

Release notes

Sourced from svgo's releases.

v4.0.1

What's Changed

Dependencies

  • Sets minimum version of sax (XML parser) to v1.5.0, which improves built-in guards against entity expansion.

Bug Fixes

Performance

Other Changes

  • Plugins no longer include if they are enabled or disabled by default, as this was written inconsistently. The --show-plugins argument appends the presets a plugin is in to the end of the line. By @​viralcodex in svg/svgo#2174
  • Plugin/preset types to enforce the name start with preset- if it is a preset (collection of plugins). By @​SethFalco in svg/svgo#2178

Metrics

Before and after of the browser bundle of each respective version:

v4.0.0 v4.0.1 Delta
svgo.browser.js 780.2 kB 781.5 kB ⬆️ 1.3 kB

v4.0.0

Banner celebrating the release of SVGO v4.0.0. Includes the SVGO mascot drawing on a chalkboard with the changes in default plugins. For example, removeViewBox was moved from default plugins to available plugins.

Illustration by Vukory

It's been just over a year since our first release candidate, but I believe we can now release SVGO v4.0.0 with confidence! Thank you to all contributors who tested our RC builds and reported issues back up, this really smoothed out the process.

We actually wanted to do the release sooner, but it was a challenge to find the right time to publish a major release, since that means setting time aside to support users through migrations, helping downstream projects migrate, being available to fix or document things that users found to have an unexpected impact by this release, etc. I appreciate everyone's patience, and now that this is done, we can hopefully increase the pace of development again and tackle that backlog of old bugs. ^-^'

Breaking Changes

Please refer to the Migration Guide from v3 to v4 for a more concise version! This section is more verbose as it delves into the motivation of changes too.

Dropped Support for Node.js v14

Node.js v14 is no longer supported by the Node.js team, including security support, since 30 April 2023. Node.js v16 is no longer supported either, but as some are still using it, we'll save dropping support for Node.js v16 for the next major release.

... (truncated)

Commits
  • e691f5f Merge commit from fork
  • b1d9f1a chore(deps): bump actions/upload-artifact from 6 to 7 (#2202)
  • d724af1 chore(deps): bump actions/checkout from 5 to 6 (#2195)
  • 4114b32 chore(deps): bump actions/upload-artifact from 4 to 6 (#2196)
  • c06d8f6 chore: upgrade js-yaml and glob (#2191)
  • 26e86e5 fix: remove unused <use> elements when deleting empty symbols (#2051)
  • 50c326b perf: optimiztions to reduce regression test runtime (#2135)
  • 1f33cbe ci: separate regression tests and write delta report (#2190)
  • 79a2167 ci: save test reports to artifacts (#2189)
  • 0ae52a0 chore(deps): bump actions/setup-node from 5 to 6 (#2187)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps-dev): bump svgo in /
5c1c749 
Bumps [svgo](https://github.com/svg/svgo) in `/` from 3.2.0 to 4.0.1.


Updates `svgo` from 3.2.0 to 4.0.1
- [Release notes](https://github.com/svg/svgo/releases)
- [Commits](svg/svgo@v3.2.0...v4.0.1)

---
updated-dependencies:
- dependency-name: svgo
  dependency-version: 4.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 1, 2026
@rustydb
Copy link
Copy Markdown
Owner

rustydb commented Apr 1, 2026

@dependabot recreate

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 1, 2026

Sorry, the 'unknown' group has been removed from your config so we do not know how to rebase this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rustydb