chore(deps): update dependency svgo to v4.0.2#6390
Conversation
Up to standards ✅🟢 Issues
|
There was a problem hiding this comment.
Code Review
This is a trivial Renovate-generated dependency bump: svgo 4.0.1 → 4.0.2 in docs/package.json and the corresponding docs/yarn.lock entry. It's a devDependency used for SVG optimization in the docs build only — no application/engine code is touched.
Changes verified:
docs/package.json:svgopinned version bumped 4.0.1 → 4.0.2.docs/yarn.lock: resolved version, tarball URL, and integrity hash updated consistently; thesvgo@^3.0.2, svgo@^3.2.0range aliases remain correctly merged with the exactsvgo@4.0.2entry.
Upstream changes in 4.0.2 (per release notes): a security fix in removeScripts (case-insensitive JS URI removal, namespace-aware <script> handling), several bug fixes in convertColors/convertPathData/arc radius parsing, and a mergePaths perf improvement. All backward-compatible patch-level fixes.
Assessment: No architectural or design concerns — this is a mechanical, low-risk lockfile/version update scoped to the docs site's build tooling, with no source code changes to review. Safe to merge (automerge is already enabled per the PR description).
This PR contains the following updates:
4.0.1→4.0.2Release Notes
svg/svgo (svgo)
v4.0.2Compare Source
What's Changed
Security
<script>handling namespace aware. By @SethFalcoBug Fixes
tcommands. By @KTibow in #2156Performance
Other Changes
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.