Skip to content

Bump svgo and astro-compress#286

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-f30e3d1a20
Open

Bump svgo and astro-compress#286
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-f30e3d1a20

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 8, 2026

Bumps svgo to 4.0.1 and updates ancestor dependency astro-compress. These dependencies need to be updated together.

Updates svgo from 3.3.2 to 4.0.1

Release notes

Sourced from svgo's releases.

v4.0.1

What's Changed

Dependencies

  • Sets minimum version of sax (XML parser) to v1.5.0, which improves built-in guards against entity expansion.

Bug Fixes

Performance

Other Changes

  • Plugins no longer include if they are enabled or disabled by default, as this was written inconsistently. The --show-plugins argument appends the presets a plugin is in to the end of the line. By @​viralcodex in svg/svgo#2174
  • Plugin/preset types to enforce the name start with preset- if it is a preset (collection of plugins). By @​SethFalco in svg/svgo#2178

Metrics

Before and after of the browser bundle of each respective version:

v4.0.0 v4.0.1 Delta
svgo.browser.js 780.2 kB 781.5 kB ⬆️ 1.3 kB

v4.0.0

Banner celebrating the release of SVGO v4.0.0. Includes the SVGO mascot drawing on a chalkboard with the changes in default plugins. For example, removeViewBox was moved from default plugins to available plugins.

Illustration by Vukory

It's been just over a year since our first release candidate, but I believe we can now release SVGO v4.0.0 with confidence! Thank you to all contributors who tested our RC builds and reported issues back up, this really smoothed out the process.

We actually wanted to do the release sooner, but it was a challenge to find the right time to publish a major release, since that means setting time aside to support users through migrations, helping downstream projects migrate, being available to fix or document things that users found to have an unexpected impact by this release, etc. I appreciate everyone's patience, and now that this is done, we can hopefully increase the pace of development again and tackle that backlog of old bugs. ^-^'

Breaking Changes

Please refer to the Migration Guide from v3 to v4 for a more concise version! This section is more verbose as it delves into the motivation of changes too.

Dropped Support for Node.js v14

Node.js v14 is no longer supported by the Node.js team, including security support, since 30 April 2023. Node.js v16 is no longer supported either, but as some are still using it, we'll save dropping support for Node.js v16 for the next major release.

... (truncated)

Commits
  • e691f5f Merge commit from fork
  • b1d9f1a chore(deps): bump actions/upload-artifact from 6 to 7 (#2202)
  • d724af1 chore(deps): bump actions/checkout from 5 to 6 (#2195)
  • 4114b32 chore(deps): bump actions/upload-artifact from 4 to 6 (#2196)
  • c06d8f6 chore: upgrade js-yaml and glob (#2191)
  • 26e86e5 fix: remove unused <use> elements when deleting empty symbols (#2051)
  • 50c326b perf: optimiztions to reduce regression test runtime (#2135)
  • 1f33cbe ci: separate regression tests and write delta report (#2190)
  • 79a2167 ci: save test reports to artifacts (#2189)
  • 0ae52a0 chore(deps): bump actions/setup-node from 5 to 6 (#2187)
  • Additional commits viewable in compare view

Updates astro-compress from 2.2.28 to 2.3.9

Release notes

Sourced from astro-compress's releases.

AstroCompress/v2.3.9

Full Changelog: PlayForm/Compress@Compress/v0.2.1...AstroCompress/v2.3.9

AstroCompress/v2.3.8

What's Changed

Full Changelog: PlayForm/Compress@AstroCompress/v2.3.7...AstroCompress/v2.3.8

AstroCompress/v2.3.7

What's Changed

Full Changelog: PlayForm/Compress@AstroCompress/v2.3.6...AstroCompress/v2.3.7

AstroCompress/v2.3.6

What's Changed

Full Changelog: PlayForm/Compress@AstroCompress/v2.3.5...AstroCompress/v2.3.6

... (truncated)

Changelog

Sourced from astro-compress's changelog.

2.3.9

Change

  • Updated package version from 2.3.8 to 2.3.9.
  • Updated contact email in package.json from Source/Open@PlayForm.LTD to Source/Open@PlayForm.Cloud.
  • Updated URL in package.json from HTTPS://PlayForm.LTD to HTTPS://PlayForm.Cloud.
  • Updated homepage URL in package.json to point to readme overview tab.
  • Updated dependencies in package.json:
    • @playform/pipe from 0.1.3 to 0.1.4.
    • astro from * to 5.16.8.
    • commander from 13.1.0 to 14.0.2.
    • lightningcss from 1.29.3 to 1.30.2.
    • sharp from 0.33.5 to 0.34.5.
    • svgo from 3.3.2 to 4.0.0.
    • terser from 5.39.0 to 5.44.1.
    • @playform/build from 0.2.1 to 0.2.6.
    • browserslist from 4.24.4 to 4.28.1.
  • Removed @ts-expect-error comment in Configuration/ESBuild.ts.
  • Reordered import statements in Source/Function/Image/Writesharp.ts.
  • Reordered import statements in Source/Function/Integration.ts.
  • Enhanced JSON type definition in Source/Interface/Option.ts to support replacer and space options.

2.3.8

Add

  • Support for JSON file compression with automatic parsing and minification
  • JSON compression enabled by default in configuration

2.3.7

Add

  • Add DEPENDENTS.md to .npmignore.

Change

  • Updated package version from 2.3.5 to 2.3.6.
  • Updated contact email in package.json from Source/Open@PlayForm.Cloud to Source/Open@PlayForm.LTD.
  • Updated URL in package.json from HTTPS://PlayForm.Cloud to HTTPS://PlayForm.LTD.
  • Updated dependencies in package.json:
    • @playform/pipe from 0.1.1 to 0.1.2.
    • commander from 12.1.0 to 13.0.0.
    • fast-glob from 3.3.2 to 3.3.3.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for astro-compress since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump svgo and astro-compress
a44bae7 
Bumps [svgo](https://github.com/svg/svgo) to 4.0.1 and updates ancestor dependency [astro-compress](https://github.com/PlayForm/Compress). These dependencies need to be updated together.


Updates `svgo` from 3.3.2 to 4.0.1
- [Release notes](https://github.com/svg/svgo/releases)
- [Commits](svg/svgo@v3.3.2...v4.0.1)

Updates `astro-compress` from 2.2.28 to 2.3.9
- [Release notes](https://github.com/PlayForm/Compress/releases)
- [Changelog](https://github.com/PlayForm/Compress/blob/AstroCompress/v2.3.9/CHANGELOG.md)
- [Commits](PlayForm/Compress@AstroCompress/v2.2.28...AstroCompress/v2.3.9)

---
updated-dependencies:
- dependency-name: svgo
  dependency-version: 4.0.1
  dependency-type: indirect
- dependency-name: astro-compress
  dependency-version: 2.3.9
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants