Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade svgo from 3.2.0 to 3.3.2 #14

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Latteflo
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade svgo from 3.2.0 to 3.3.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 3 versions ahead of your current version.

  • The recommended version was released on 2 months ago.

Release notes
Package name: svgo
  • 3.3.2 - 2024-05-09

    Notice

    An update on what happened with v3.3.0 and v3.3.1. While we have retained CJS support, the migration to ESM has changed the acceptable ways to import SVGO, in ways that users depended on before. This effectively made SVGO v3 a breaking change.

    Rather than resolve or workaround these differences, we've opted to release SVGO v3.3.2, which is effectively a revert to v3.2.0, and deprecate versions v3.3.0 and v3.3.1. We'll then proceed to work on releasing v4 which will document the breaking changes, and feature further breaking changes that were slated for v4, like disabling removeViewBox by default.

    Before the v4.0.0 release, I'll put more focus on testing and use release candidates, just to make the release go smoothly! 👍🏽

    Sorry for the headache, and thanks for your patience.

  • 3.3.1 - 2024-05-08

    Notice

    SVGO v3.3.0, which was meant to migrate to ESM without breaking CJS support, unfortunately broke CJS projects. There was a mistake with exports, so the loadConfig function wasn't available in the CJS bundle and lead to issues for many users.

    Thanks to everyone who raised the issue, and to @ nuintun who submitted a pull request to resolve it so quickly.

    I apologize for letting that breaking change through, and will aim to do better. Namely, by adding more tests to cover our exports, and any other public interface in general for each distribution of SVGO, so this doesn't happen again.

    SVGO v3.3.1 should resolve the issue for CJS projects, but if you encounter anything else, do let us know by opening an issue on GitHub.

  • 3.3.0 - 2024-05-08

    Deprecated

    This release introduced breaking changes, which have been reverted in v3.3.2. The bug fixes will be reintroduced in v4.0.0.

    What's Changed

    ESM

    SVGO is now a dual package, serving for both Common JS and ESM usage. We believe there shouldn't be any problems, especially as SVGO as largely stateless, but feel free to open an issue if you encounter problems with this.

    To be explicit, this is not a breaking change, and SVGO should continue to work in Common JS projects!

    Thanks to @ jdufresne for doing the bulk of the work.

    Default Behavior

    • convertColors, now converts all references to colors excluding references to IDs to lowercase. This can be disabled by setting convertCase to false.

    Bug Fixes

    • cleanupIds, treat both URI encoded and non-URI encoded IDs as the same. By @ liuweifeng in #1982
    • collapseGroups, check styles as well as attributes. By @ johnkenny54 in #1952
    • collapseGroups, move attributes atomically. By @ johnkenny54 in #1930
    • convertPathData, fix q control point when item is removed. By @ KTibow in #1927
    • convertPathData, preserve vertex for markers only paths. By @ SethFalco in #1967
    • mergePaths, don't merge paths if attributes/styles depend on the node's bounding box. By @ johnkenny54 in #1964
    • moveElemsAttrsToGroups, no longer moves the transforms if group has the filter attribute. By @ johnkenny54 in #1933
    • prefixIds, fixed issue where some IDs were not prefixed when style tag contained XML comments. By @ john-neptune in #1942
    • removeHiddenElems, don't remove node if child element has a referenced ID. By @ johnkenny54 in #1925
    • removeHiddenElems, treat path[opacity=0] as a non-rendering node. By @ johnkenny54 in #1948
    • removeUselessDefs, don't remove node if child element has an ID. By @ johnkenny54 in #1923
    • When stringifying path data, include a space before numbers represented in scientific notation. By @ johnkenny54 in #1961
    • No longer crashes when the output (-o argument) ends with a trailing slash to a location that didn't exist. By @ SethFalco in #1954

    SVG Optimization

    • convertColors, introduce parameter to convert colors to common casing (lowercase/uppercase). By @ JayLeininger in #1692
    • removeDeprecatedAttrs, new plugin that is disabled by default to remove SVG attributes that are deprecated. By @ jdufresne in #1869

    Metrics

    Before and after using vectors from various sources, with the default preset of each respective version:

    SVG Original v3.2.0 v3.3.0 Delta
    Arch Linux Logo 9.529 KiB 4.115 KiB 4.097 KiB ⬇️ 0.018 KiB
    Blobs 50.45 KiB 42.623 KiB 42.609 KiB ⬇️ 0.014 KiB
    Isometric Madness 869.034 KiB 540.582 KiB 540.073 KiB ⬇️ 0.509 KiB
    tldr-pages Banner 2.071 KiB 1.07 KiB 1.07 KiB
    Wikipedia Logo 161.551 KiB 111.668 KiB 111.668 KiB

    Before and after of the browser bundle of each respective version:

    v3.2.0 v3.3.0 Delta
    svgo.browser.js 910.9 kB 753.0 kB ⬇️ 157.9 kB
  • 3.2.0 - 2024-01-02

    What's Changed

    Bug Fixes

    SVG Optimization

    • convertPathData, improves closing paths and how we determine if to use absolute or relative commands. By @ KTibow in #1867
    • convertPathData, round arc or convert to lines based on the sagitta, can be disabled by setting smartArcRounding to false. By @ KTibow in #1873
    • convertPathData, convert cubic Bézier curves to quadratic Bézier curves where possible, can be disabled by setting convertToQ to false. By @ KTibow in #1889

    Performance

    Metrics

    Before and after using vectors from various sources, with the default preset of each respective version:

    SVG Original v3.1.0 v3.2.0 Delta
    Arch Linux Logo 9.529 KiB 4.162 KiB 4.115 KiB ⬇️ 0.047 KiB
    Blobs 50.45 KiB 42.949 KiB 42.623 KiB ⬇️ 0.326 KiB
    Isometric Madness 869.034 KiB 550.153 KiB 540.582 KiB ⬇️ 9.571 KiB
    tldr-pages Banner 2.071 KiB 1.07 KiB 1.07 KiB
    Wikipedia Logo 161.551 KiB 116 KiB 111.668 KiB ⬇️ 4.332 KiB

    Before and after of the browser bundle of each respective version:

    v3.1.0 v3.2.0 Delta
    svgo.browser.js 660.9 kB 910.9 kB ⬆️ 250 kB
from svgo GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade svgo from 3.2.0 to 3.3.2.

See this package in npm:
svgo

See this project in Snyk:
https://app.snyk.io/org/latteflo/project/6b10f61b-c5a4-4a3d-88e2-943f606a6b20?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

vercel bot commented Jul 18, 2024

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
florentina-simion-portfolio ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 18, 2024 11:27am

Copy link

netlify bot commented Jul 18, 2024

Deploy Preview for florentina-simion-portfolio ready!

Name Link
🔨 Latest commit f5a75ac
🔍 Latest deploy log https://app.netlify.com/sites/florentina-simion-portfolio/deploys/6698f8d9e038650008c95272
😎 Deploy Preview https://deploy-preview-14--florentina-simion-portfolio.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants