Skip to content

chore(deps): update dependency svgo to v4.0.2#6390

Merged
thomhurst merged 1 commit into
mainfrom
renovate/svgo-4.x
Jul 11, 2026
Merged

chore(deps): update dependency svgo to v4.0.2#6390
thomhurst merged 1 commit into
mainfrom
renovate/svgo-4.x

Conversation

@thomhurst

Copy link
Copy Markdown
Owner

This PR contains the following updates:

Package Type Update Change
svgo (source) resolutions patch 4.0.14.0.2

Release Notes

svg/svgo (svgo)

v4.0.2

Compare Source

What's Changed

Security
Bug Fixes
Performance
Other Changes

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@thomhurst thomhurst added dependencies Pull requests that update a dependency file PATCH renovate-bot labels Jul 11, 2026
@thomhurst
thomhurst enabled auto-merge (squash) July 11, 2026 18:51
@codacy-production

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@claude claude Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This is a trivial Renovate-generated dependency bump: svgo 4.0.1 → 4.0.2 in docs/package.json and the corresponding docs/yarn.lock entry. It's a devDependency used for SVG optimization in the docs build only — no application/engine code is touched.

Changes verified:

  • docs/package.json: svgo pinned version bumped 4.0.1 → 4.0.2.
  • docs/yarn.lock: resolved version, tarball URL, and integrity hash updated consistently; the svgo@^3.0.2, svgo@^3.2.0 range aliases remain correctly merged with the exact svgo@4.0.2 entry.

Upstream changes in 4.0.2 (per release notes): a security fix in removeScripts (case-insensitive JS URI removal, namespace-aware <script> handling), several bug fixes in convertColors/convertPathData/arc radius parsing, and a mergePaths perf improvement. All backward-compatible patch-level fixes.

Assessment: No architectural or design concerns — this is a mechanical, low-risk lockfile/version update scoped to the docs site's build tooling, with no source code changes to review. Safe to merge (automerge is already enabled per the PR description).

@thomhurst
thomhurst merged commit 3411086 into main Jul 11, 2026
15 checks passed
@thomhurst
thomhurst deleted the renovate/svgo-4.x branch July 11, 2026 19:15
This was referenced Jul 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file PATCH renovate-bot

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants