Skip to content

chore: Bump svgo#4334

Merged
mxschll merged 3 commits intomainfrom
dependabot/npm_and_yarn/multi-f581b94821
Mar 5, 2026
Merged

chore: Bump svgo#4334
mxschll merged 3 commits intomainfrom
dependabot/npm_and_yarn/multi-f581b94821

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 5, 2026

Bumps svgo to 4.0.1 and updates ancestor dependency . These dependencies need to be updated together.

Updates svgo from 4.0.0 to 4.0.1

Release notes

Sourced from svgo's releases.

v4.0.1

What's Changed

Dependencies

  • Sets minimum version of sax (XML parser) to v1.5.0, which improves built-in guards against entity expansion.

Bug Fixes

Performance

Other Changes

  • Plugins no longer include if they are enabled or disabled by default, as this was written inconsistently. The --show-plugins argument appends the presets a plugin is in to the end of the line. By @​viralcodex in svg/svgo#2174
  • Plugin/preset types to enforce the name start with preset- if it is a preset (collection of plugins). By @​SethFalco in svg/svgo#2178

Metrics

Before and after of the browser bundle of each respective version:

v4.0.0 v4.0.1 Delta
svgo.browser.js 780.2 kB 781.5 kB ⬆️ 1.3 kB
Commits
  • e691f5f Merge commit from fork
  • b1d9f1a chore(deps): bump actions/upload-artifact from 6 to 7 (#2202)
  • d724af1 chore(deps): bump actions/checkout from 5 to 6 (#2195)
  • 4114b32 chore(deps): bump actions/upload-artifact from 4 to 6 (#2196)
  • c06d8f6 chore: upgrade js-yaml and glob (#2191)
  • 26e86e5 fix: remove unused <use> elements when deleting empty symbols (#2051)
  • 50c326b perf: optimiztions to reduce regression test runtime (#2135)
  • 1f33cbe ci: separate regression tests and write delta report (#2190)
  • 79a2167 ci: save test reports to artifacts (#2189)
  • 0ae52a0 chore(deps): bump actions/setup-node from 5 to 6 (#2187)
  • Additional commits viewable in compare view

Updates svgo from 2.8.0 to 2.8.2

Release notes

Sourced from svgo's releases.

v4.0.1

What's Changed

Dependencies

  • Sets minimum version of sax (XML parser) to v1.5.0, which improves built-in guards against entity expansion.

Bug Fixes

Performance

Other Changes

  • Plugins no longer include if they are enabled or disabled by default, as this was written inconsistently. The --show-plugins argument appends the presets a plugin is in to the end of the line. By @​viralcodex in svg/svgo#2174
  • Plugin/preset types to enforce the name start with preset- if it is a preset (collection of plugins). By @​SethFalco in svg/svgo#2178

Metrics

Before and after of the browser bundle of each respective version:

v4.0.0 v4.0.1 Delta
svgo.browser.js 780.2 kB 781.5 kB ⬆️ 1.3 kB
Commits
  • e691f5f Merge commit from fork
  • b1d9f1a chore(deps): bump actions/upload-artifact from 6 to 7 (#2202)
  • d724af1 chore(deps): bump actions/checkout from 5 to 6 (#2195)
  • 4114b32 chore(deps): bump actions/upload-artifact from 4 to 6 (#2196)
  • c06d8f6 chore: upgrade js-yaml and glob (#2191)
  • 26e86e5 fix: remove unused <use> elements when deleting empty symbols (#2051)
  • 50c326b perf: optimiztions to reduce regression test runtime (#2135)
  • 1f33cbe ci: separate regression tests and write delta report (#2190)
  • 79a2167 ci: save test reports to artifacts (#2189)
  • 0ae52a0 chore(deps): bump actions/setup-node from 5 to 6 (#2187)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore: Bump svgo
efde57a 
Bumps [svgo](https://github.com/svg/svgo) to 4.0.1 and updates ancestor dependency . These dependencies need to be updated together.


Updates `svgo` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/svg/svgo/releases)
- [Commits](svg/svgo@v4.0.0...v4.0.1)

Updates `svgo` from 2.8.0 to 2.8.2
- [Release notes](https://github.com/svg/svgo/releases)
- [Commits](svg/svgo@v4.0.0...v4.0.1)

---
updated-dependencies:
- dependency-name: svgo
  dependency-version: 4.0.1
  dependency-type: indirect
- dependency-name: svgo
  dependency-version: 2.8.2
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 5, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 5, 2026 00:17
@dependabot dependabot bot requested review from jperals and removed request for a team March 5, 2026 00:17
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 5, 2026
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 5, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.43%. Comparing base (52a4127) to head (3193715).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #4334   +/-   ##
=======================================
  Coverage   97.43%   97.43%           
=======================================
  Files         897      897           
  Lines       26350    26350           
  Branches     9517     9516    -1     
=======================================
  Hits        25675    25675           
- Misses        632      669   +37     
+ Partials       43        6   -37

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@jperals jperals requested review from a team, amanabiy and cansuaa and removed request for a team, cansuaa and jperals March 5, 2026 09:09
@mxschll mxschll enabled auto-merge March 5, 2026 16:55
@mxschll mxschll added this pull request to the merge queue Mar 5, 2026
Merged via the queue into main with commit b8108b4 Mar 5, 2026
49 checks passed
@mxschll mxschll deleted the dependabot/npm_and_yarn/multi-f581b94821 branch March 5, 2026 18:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amanabiy amanabiy amanabiy approved these changes

+1 more reviewer

@Who-is-PS Who-is-PS Who-is-PS approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@amanabiy @Who-is-PS @jperals @mxschll