Update SVGO requested

[rogiervanhetschip]

Judging by https://github.com/kamsar/Dianoga/blob/3.0/src/Dianoga/Dianoga%20Tools/SVGO/node_modules/svgo/package.json , Dianoga's SVGO is on version 0.6.2, which uses js-yaml < 3.13.1 (affected by vulnerability WS-2019-0063) and lodash < 4.17.12 (affected by vulnerabilities CVE-2019-10744 and CVE-2018-16487).

By now, SVGO 1.3.2 has been released, which should use versions of js-yaml and lodash not affected by these vulnerabilities. Any chance of an upgrade to the newest SVGO?

Thanks in advance!

[markgibbons25]

Hi @rogiervanhetschip can you try the new release? https://github.com/kamsar/Dianoga/releases/tag/5.0.0-beta.1

[rogiervanhetschip]

Hi! OK, we'll try it tomorrow and let you know.

[markgibbons25]

How'd it go? Looking for feedback on this process to get SVGO in painlessly

[rogiervanhetschip]

No feedback yet, I'm afraid: I tried to get this working on Tuesday, but Dianoga does not seem to resize images, even without SVGO. Getting back to you as soon as possible, but have to find the time as this is not on our current sprint.

[markgibbons25]

Changed to use https://github.com/twardoch/svgop