Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps-dev): bump svgo from 0.7.2 to 2.3.1 #1093

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot-preview[bot]
Copy link

Bumps svgo from 0.7.2 to 2.3.1.

Release notes

Sourced from svgo's releases.

v2.3.1

Fixed vulnerability in css-select dependency (svg/svgo#1485)

Thanks to @​ericcornelissen

v2.3.0

Hey, everybody! We have a big release here.

  • The new plugin is added for merging style elements into one. See #1381

Before:

<svg>
  <style media="print">
    .st0{ fill:red; padding-top: 1em; padding-right: 1em; padding-bottom: 1em; padding-left: 1em; }
  </style>
  <style>
    .test { background: red; }
  </style>
</svg>

After:

<svg>
  <style>
    @media print{
      .st0{ fill:red; padding-top: 1em; padding-right: 1em; padding-bottom: 1em; padding-left: 1em; }
    }
    .test { background: red; }
  </style>
</svg>
  • CLI got new --exclude flag which uses regexps to exclude some files from --folder. See #1409
svgo --folder=svgs --exclude "invalid-icon" "bad-.+"
  • Internal AST is migrated to XAST. This spec makes maintaining plugins easier and may be used as interop with other tools like SVGR.

  • The new visitor plugin type combines features of "full", "perItem" and "perItemReverse" plugins without loosing simplicity. Eventually only visitor api will be supported. See #1454

Also small fixes

... (truncated)

Changelog

Sourced from svgo's changelog.

[ > ] 1.3.2 / 30.10.2019

  • Fixed TypeError: Cannot set property 'multipassCount' of undefined

[ > ] 1.3.1 / 29.10.2019

  • Updated CSSO version to 4.0.2 fixing the issue with empty semicolons ";;" in styles (thanks to @​strarsis and @​lahmatiy).
  • prefixIds plugin now runs only once with --multipass option (by @​strarsis).
  • cleanupIDs plugin is prevented from producing a preserved ID, including one which matches a preserved prefix, when minifying (by @​thomsj).

[ > ] 1.3.0 / 14.07.2019

  • Custom plugins now can be loaded from external js through path plugin param.
  • New plugin convertEllipseToCircle to convert ellipse with equal radius measures to circle (by @​tigt).
  • New plugin sortDefsChildren for improved compression (by @​davidleston).
  • SVGO now removes unnecessary spaces after arcto path command flags.
  • removeDimensions plugin now adds viewBox if it's missing (by @​adipascu).
  • Fixed removeUnusedNS not counting attributes in <svg> tag itself.
  • Fixed an issue with incorrect processing multiple images (by @​cyberalien).
  • Fixed an error with incorrect converting multiple segmented curve to an arc.
  • Fixed an error with matrix decomposition in convertTransform due to rounding error leading to illegal value.
  • Added force option for mergePaths plugin (by @​goyney).
  • Added options to prefixIds plugin for selectively prefixing IDs and/or classes (by @​strarsis).
  • Exported config function (by @​1000ch).

[ > ] 1.2.2 / 16.04.2019

  • Update js-yaml for Code Injection warning (by @​kaungst).

[ > ] 1.2.1 / 04.04.2019

Some goodness from pull-requests.

  • Bump up js-yaml version to fix DoS vulnerability (by @​eugestarr).

[ > ] 1.2.0 / 24.02.2019

Some goodness from pull-requests.

  • Fixed extra blank lines when processing many files (by @​panczarny).
  • Added --recursive option to process folders recursevely with option -f (by @​dartess).
  • Added removeAttributesBySelector plugin to remove elements matching a css selector (by @​bmease).
  • Added removeOffCanvasPaths plugin to remove elements outside of the viewbox (by @​JoshyPHP).
  • removeAttrs plugin: added preserveCurrentColor color (by @​roblevintennis) and 3rd optional filter for a value (by @​Herman-Freund).
  • Added reusePaths plugin to replace duplicated elements with link (by @​jhowcrof).
  • Added support of comma-separated plugins list in --disable and --enable options (by @​jmwebservices).
  • Added option to preserve IDs based on prefix in cleanupIDs plugin (by @​bkotzz).
  • Replaced colors dependency with chalk (by @​xPaw).

[ > ] 1.1.1 / 17.09.2018

  • Fixed crash in SVGO.optimize() when ‘info’ is absent.
  • Removed extra space after cleanupListOfValues plugin.

[ > ] 1.1.0 / 16.09.2018

  • Fixed collapseGroups plugin removing property with a child having inherit value.
  • version attribute value is not more being rounded.
  • Fixed jsAPI clone method with respect to the introduced CSS classes.
  • Fixed scaling strokes with vector-effect="non-scaling-stroke" (by @​alexjlockwood).

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by trysound, a new releaser for svgo since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants