Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade svgo from 3.2.0 to 3.3.2 #5

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade svgo from 3.2.0 to 3.3.2 #5

wants to merge 1 commit into from

Conversation

dougmendes
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade svgo from 3.2.0 to 3.3.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 3 versions ahead of your current version.

  • The recommended version was released on 22 days ago.

Release notes
Package name: svgo
  • 3.3.2 - 2024-05-09

    Notice

    An update on what happened with v3.3.0 and v3.3.1. While we have retained CJS support, the migration to EMS has changed the acceptable ways to import SVGO, in ways that users depended on before. This effectively made SVGO v3 a breaking change.

    Rather than resolve or workaround these differences, we've opted to release SVGO v3.3.2, which is effectively a revert to v3.2.0, and deprecate versions v3.3.0 and v3.3.1. We'll then proceed to work on releasing v4 which will document the breaking changes, and feature further breaking changes that were slated for v4, like disabling removeViewBox by default.

    Before the v4.0.0 release, I'll put more focus on testing and use release candidates, just to help make the release go smoothly! 👍🏽

    Sorry for the headache, and thanks for your patience.

  • 3.3.1 - 2024-05-08

    Notice

    SVGO v3.3.0, which was meant to migrate to ESM without breaking CJS support, unfortunately broke CJS projects. There was a mistake with exports, so the loadConfig function wasn't available in the CJS bundle and lead to issues for many users.

    Thanks to everyone who raised the issue, and to @ nuintun who submitted a pull request to resolve it so quickly.

    I apologize for letting that breaking change through, and will aim to do better. Namely, by adding more tests to cover our exports, and any other public interface in general for each distribution of SVGO, so this doesn't happen again.

    SVGO v3.3.1 should resolve the issue for CJS projects, but if you encounter anything else, do let us know by opening an issue on GitHub.

  • 3.3.0 - 2024-05-08

    Deprecated

    This release introduced breaking changes, which have been reverted in v3.3.2. The bug fixes will be reintroduced in v4.0.0.

    What's Changed

    ESM

    SVGO is now a dual package, serving for both Common JS and ESM usage. We believe there shouldn't be any problems, especially as SVGO as largely stateless, but feel free to open an issue if you encounter problems with this.

    To be explicit, this is not a breaking change, and SVGO should continue to work in Common JS projects!

    Thanks to @ jdufresne for doing the bulk of the work.

    Default Behavior

    • convertColors, now converts all references to colors excluding references to IDs to lowercase. This can be disabled by setting convertCase to false.

    Bug Fixes

    • cleanupIds, treat both URI encoded and non-URI encoded IDs as the same. By @ liuweifeng in #1982
    • collapseGroups, check styles as well as attributes. By @ johnkenny54 in #1952
    • collapseGroups, move attributes atomically. By @ johnkenny54 in #1930
    • convertPathData, fix q control point when item is removed. By @ KTibow in #1927
    • convertPathData, preserve vertex for markers only paths. By @ SethFalco in #1967
    • mergePaths, don't merge paths if attributes/styles depend depend on the nodes bounding box. By @ johnkenny54 in #1964
    • moveElemsAttrsToGroups, no longer moves the transforms if group has the filter attribute. By @ johnkenny54 in #1933
    • prefixIds, fixed issue where some IDs were not prefixed when style tag contained XML comments. By @ john-neptune in #1942
    • removeHiddenElems, don't remove node if child element has a referenced ID. By @ johnkenny54 in #1925
    • removeHiddenElems, treat path[opacity=0] as a non-rendering node. By @ johnkenny54 in #1948
    • removeUselessDefs, don't remove node if child element has an ID. By @ johnkenny54 in #1923
    • When stringifying path data, include a space before numbers represented in scientific notation. By @ johnkenny54 in #1961
    • No longer crashes when the output (-o argument) ends with a trailing slash to a location that didn't exist. By @ SethFalco in #1954

    SVG Optimization

    • convertColors, introduce parameter to convert colors to common casing (lowercase/uppercase). By @ JayLeininger in #1692
    • removeDeprecatedAttrs, new plugin that is disabled by default to remove SVG attributes that are deprecated. By @ jdufresne in #1869

    Metrics

    Before and after using vectors from various sources, with the default preset of each respective version:

    SVG Original v3.2.0 v3.3.0 Delta
    Arch Linux Logo 9.529 KiB 4.115 KiB 4.097 KiB ⬇️ 0.018 KiB
    Blobs 50.45 KiB 42.623 KiB 42.609 KiB ⬇️ 0.014 KiB
    Isometric Madness 869.034 KiB 540.582 KiB 540.073 KiB ⬇️ 0.509 KiB
    tldr-pages Banner 2.071 KiB 1.07 KiB 1.07 KiB
    Wikipedia Logo 161.551 KiB 111.668 KiB 111.668 KiB

    Before and after of the browser bundle of each respective version:

    v3.2.0 v3.3.0 Delta
    svgo.browser.js 910.9 kB 753.0 kB ⬇️ 157.9 kB
  • 3.2.0 - 2024-01-02

    What's Changed

    Bug Fixes

    SVG Optimization

    • convertPathData, improves closing paths and how we determine if to use absolute or relative commands. By @ KTibow in #1867
    • convertPathData, round arc or convert to lines based on the sagitta, can be disabled by setting smartArcRounding to false. By @ KTibow in #1873
    • convertPathData, convert cubic Bézier curves to quadratic Bézier curves where possible, can be disabled by setting convertToQ to false. By @ KTibow in #1889

    Performance

    Metrics

    Before and after using vectors from various sources, with the default preset of each respective version:

    SVG Original v3.1.0 v3.2.0 Delta
    Arch Linux Logo 9.529 KiB 4.162 KiB 4.115 KiB ⬇️ 0.047 KiB
    Blobs 50.45 KiB 42.949 KiB 42.623 KiB ⬇️ 0.326 KiB
    Isometric Madness 869.034 KiB 550.153 KiB 540.582 KiB ⬇️ 9.571 KiB
    tldr-pages Banner 2.071 KiB 1.07 KiB 1.07 KiB
    Wikipedia Logo 161.551 KiB 116 KiB 111.668 KiB ⬇️ 4.332 KiB

    Before and after of the browser bundle of each respective version:

    v3.1.0 v3.2.0 Delta
    svgo.browser.js 660.9 kB 910.9 kB ⬆️ 250 kB
from svgo GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade svgo from 3.2.0 to 3.3.2
e0e7cc7 
Snyk has created this PR to upgrade svgo from 3.2.0 to 3.3.2.

See this package in npm:
svgo

See this project in Snyk:
https://app.snyk.io/org/dougmendes/project/0c5e460a-42f2-4c7c-a595-90eb390a7160?utm_source=github&utm_medium=referral&page=upgrade-pr
@vercel Vercel
Copy link

vercel bot commented May 31, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
grocify ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 31, 2024 6:46am

@coderabbitai coderabbitai
Copy link

coderabbitai bot commented May 31, 2024

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dougmendes @snyk-bot