Skip to content

chore(deps): bump svgo from 3.3.2 to 3.3.3 in /examples/classic-typescript#11775

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/examples/classic-typescript/svgo-3.3.3
Closed

chore(deps): bump svgo from 3.3.2 to 3.3.3 in /examples/classic-typescript#11775
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/examples/classic-typescript/svgo-3.3.3

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 5, 2026

Bumps svgo from 3.3.2 to 3.3.3.

Release notes

Sourced from svgo's releases.

v3.3.3

What's Changed

Dependencies

  • Migrates from our unsupported fork of sax (@​trysound/sax) to the upstream version of sax (sax).

Bug Fixes

  • No longer throws error when encountering comments in DTD.

Metrics

Before and after of the browser bundle of each respective version:

v3.3.2 v3.3.3 Delta
svgo.browser.js 910.9 kB 912.9 kB ⬆️ 2 kB

Support

SVGO v3 is not officially supported, please consider upgrading to SVGO v4 instead. We've backported this fix as there are security implications, but there is no commitment to do this for more complex changes in future.

Consider reading our Migration Guide from v3 to v4 which should ease the process.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump svgo in /examples/classic-typescript
545bfad 
Bumps [svgo](https://github.com/svg/svgo) from 3.3.2 to 3.3.3.
- [Release notes](https://github.com/svg/svgo/releases)
- [Commits](svg/svgo@v3.3.2...v3.3.3)

---
updated-dependencies:
- dependency-name: svgo
  dependency-version: 3.3.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 5, 2026
@dependabot dependabot bot requested review from Josh-Cena and slorber as code owners March 5, 2026 00:55
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 5, 2026
@meta-cla meta-cla bot added the CLA Signed Signed Facebook CLA label Mar 5, 2026
@socket-security
Copy link

socket-security bot commented Mar 5, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedrimraf@​3.0.210010010050100
Addedeslint@​8.57.18910010050100
Addedpostinstall-postinstall@​2.1.0881006075100
Addedjest-environment-jsdom@​30.2.01001006290100
Addedjest@​30.2.01001006991100
Addedrecma-mdx-displayname@​0.4.1701008779100
Addedescape-string-regexp@​4.0.01001007180100
Addedeslint-config-prettier@​8.10.01001007288100
Addedworkbox-routing@​7.1.0981007486100
Addedworkbox-strategies@​7.1.0981007486100
Addedstrip-ansi@​6.0.11001007487100
Addedescape-html@​1.0.31001007975100
Addednpm-run-all@​4.1.5991009875100
Addedraw-loader@​4.0.2991009975100
Addedeslint-plugin-header@​3.1.110010010075100
Addedlodash@​4.17.23761008786100
Addednetlify-plugin-cache@​1.0.3811007676100
Addedjest-serializer-react-helmet-async@​1.0.21801009377100
Added@​types/​jest@​29.5.141001007781100
Updated@​algolia/​autocomplete-core@​1.19.2 ⏵ 1.19.51001007893 -1100
Addedhusky@​8.0.31001007980100
Addedhtml-tags@​3.3.11001007981100
Addedcombine-promises@​1.2.01001009979100
Addedjest-serializer-ansi-escapes@​4.0.0921009679100
Addedeval@​0.1.81001008780100
Addedstylelint-config-prettier@​9.0.51001008680100
Addedprompts@​2.4.210010010080100
Updatedboxen@​7.1.1 ⏵ 6.2.110010010080100
Addedcross-spawn@​7.0.6991009780100
Addedwebpack-merge@​6.0.110010010080100
Addedp-map@​4.0.01001009681100
Addedjs-yaml@​4.1.19810010081100
Addedcross-env@​7.0.310010010082100
See 46 more rows in the dashboard

View full report

@netlify
Copy link

netlify bot commented Mar 5, 2026

[V2]

Name Link
🔨 Latest commit 545bfad
🔍 Latest deploy log https://app.netlify.com/projects/docusaurus-2/deploys/69a8d46eaddfd30008ec4b74
😎 Deploy Preview https://deploy-preview-11775--docusaurus-2.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions
Copy link

github-actions bot commented Mar 5, 2026

⚡️ Lighthouse report for the deploy preview of this PR

URL Performance Accessibility Best Practices SEO Report
/ 🔴 44 🟢 98 🟢 100 🟢 100 Report
/docs/installation 🟠 52 🟢 97 🟢 100 🟢 100 Report
/docs/category/getting-started 🟠 66 🟢 100 🟢 100 🟠 86 Report
/blog 🟠 66 🟢 96 🟢 100 🟠 86 Report
/blog/preparing-your-site-for-docusaurus-v3 🟠 66 🟢 92 🟢 100 🟢 100 Report
/blog/tags/release 🟠 68 🟢 96 🟢 100 🟠 86 Report
/blog/tags 🟠 70 🟢 100 🟢 100 🟠 86 Report

@slorber slorber closed this Mar 5, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 5, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/examples/classic-typescript/svgo-3.3.3 branch March 5, 2026 12:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@slorber slorber Awaiting requested review from slorber slorber is a code owner

@Josh-Cena Josh-Cena Awaiting requested review from Josh-Cena Josh-Cena is a code owner

Assignees

No one assigned

Labels

CLA Signed Signed Facebook CLA dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@slorber