Skip to content

Bump svgo from 3.3.2 to 3.3.3#8734

Merged
FreeTubeBot merged 1 commit intodevelopmentfrom
dependabot/npm_and_yarn/svgo-3.3.3
Mar 5, 2026
Merged

Bump svgo from 3.3.2 to 3.3.3#8734
FreeTubeBot merged 1 commit intodevelopmentfrom
dependabot/npm_and_yarn/svgo-3.3.3

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 5, 2026

Bumps svgo from 3.3.2 to 3.3.3.

Release notes

Sourced from svgo's releases.

v3.3.3

What's Changed

Dependencies

  • Migrates from our unsupported fork of sax (@​trysound/sax) to the upstream version of sax (sax).

Bug Fixes

  • No longer throws error when encountering comments in DTD.

Metrics

Before and after of the browser bundle of each respective version:

v3.3.2 v3.3.3 Delta
svgo.browser.js 910.9 kB 912.9 kB ⬆️ 2 kB

Support

SVGO v3 is not officially supported, please consider upgrading to SVGO v4 instead. We've backported this fix as there are security implications, but there is no commitment to do this for more complex changes in future.

Consider reading our Migration Guide from v3 to v4 which should ease the process.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump svgo from 3.3.2 to 3.3.3
7e49afa 
Bumps [svgo](https://github.com/svg/svgo) from 3.3.2 to 3.3.3.
- [Release notes](https://github.com/svg/svgo/releases)
- [Commits](svg/svgo@v3.3.2...v3.3.3)

---
updated-dependencies:
- dependency-name: svgo
  dependency-version: 3.3.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added PR: dependencies Pull requests that update a dependency file PR: waiting for review For PRs that are complete, tested, and ready for review labels Mar 5, 2026
@FreeTubeBot FreeTubeBot enabled auto-merge (squash) March 5, 2026 00:15
@FreeTubeBot FreeTubeBot merged commit 6717fc4 into development Mar 5, 2026
7 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/svgo-3.3.3 branch March 5, 2026 08:13
@github-actions github-actions bot removed the PR: waiting for review For PRs that are complete, tested, and ready for review label Mar 5, 2026
PikachuEXE added a commit to PikachuEXE/FreeTube that referenced this pull request Mar 5, 2026
@PikachuEXE
Merge branch 'force-player-workaround' into custom-builds/dragdrop
59f83a6 
* force-player-workaround:
  force player to use 9f4cc5e4
  Bump tar from 7.5.9 to 7.5.10 (FreeTubeApp#8735)
  Bump immutable from 5.0.2 to 5.1.5 (FreeTubeApp#8733)
  Bump svgo from 3.3.2 to 3.3.3 (FreeTubeApp#8734)
  Translated using Weblate (Spanish)
  Translated using Weblate (Swedish)
  Bump webpack from 5.105.2 to 5.105.3 (FreeTubeApp#8722)
  Translated using Weblate (Basque)
  Bump stylelint from 17.3.0 to 17.4.0 in the stylelint group (FreeTubeApp#8718)
  Bump shaka-player from 4.16.18 to 4.16.19 (FreeTubeApp#8719)
  Bump github/codeql-action from 4.32.3 to 4.32.4 (FreeTubeApp#8716)
  Bump actions/upload-artifact from 6.0.0 to 7.0.0 (FreeTubeApp#8715)
  Bump electron from 40.6.0 to 40.6.1 (FreeTubeApp#8720)
  Bump vue from 3.5.28 to 3.5.29 (FreeTubeApp#8721)
  Translated using Weblate (Basque)
  Translated using Weblate (Basque)
Pillowytuba pushed a commit to Pillowytuba/FreeTube that referenced this pull request Mar 19, 2026
@dependabot @Pillowytuba
Bump svgo from 3.3.2 to 3.3.3 (FreeTubeApp#8734)
70d3a54 
Bumps [svgo](https://github.com/svg/svgo) from 3.3.2 to 3.3.3.
- [Release notes](https://github.com/svg/svgo/releases)
- [Commits](svg/svgo@v3.3.2...v3.3.3)

---
updated-dependencies:
- dependency-name: svgo
  dependency-version: 3.3.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PikachuEXE PikachuEXE PikachuEXE approved these changes

@absidue absidue absidue approved these changes

@efb4f5ff-1298-471a-8973-3d47447115dc efb4f5ff-1298-471a-8973-3d47447115dc efb4f5ff-1298-471a-8973-3d47447115dc approved these changes

Assignees

No one assigned

Labels

PR: dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@PikachuEXE @absidue @efb4f5ff-1298-471a-8973-3d47447115dc @FreeTubeBot