[Snyk] Upgrade svgo from 1.0.5 to 1.3.2

[almassari]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade svgo from 1.0.5 to 1.3.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 8 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2019-10-30.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary Code Execution SNYK-JS-JSYAML-174129	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JSYAML-173999	619/1000 Why? Has a fix available, CVSS 8.1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: svgo

• 1.3.2 - 2019-10-30
  
  • Fixed TypeError: Cannot set property 'multipassCount' of undefined
• 1.3.1 - 2019-10-29
  
  • Updated CSSO version to 4.0.2 fixing the issue with empty semicolons ";;" in styles (thanks to @ strarsis and @ lahmatiy).
  • prefixIds plugin now runs only once with --multipass option (by @ strarsis).
  • cleanupIDs plugin is prevented from producing a preserved ID, including one which matches a preserved prefix, when minifying (by @ thomsj).
• 1.3.0 - 2019-07-14
  
  • Custom plugins now can be loaded from external js through path plugin param.
  • New plugin convertEllipseToCircle to convert ellipse with equal radius measures to circle (by @ tigt).
  • New plugin sortDefsChildren for improved compression (by @ davidleston).
  • SVGO now removes unnecessary spaces after arcto path command flags.
  • removeDimensions plugin now adds viewBox if it's missing (by @ adipascu).
  • Fixed removeUnusedNS not counting attributes in <svg> tag itself.
  • Fixed an issue with incorrect processing multiple images (by @ cyberalien).
  • Fixed an error with incorrect converting multiple segmented curve to an arc.
  • Fixed an error with matrix decomposition in convertTransform due to rounding error leading to illegal value.
  • Added force option for mergePaths plugin (by @ goyney).
  • Added options to prefixIds plugin for selectively prefixing IDs and/or classes (by @ strarsis).
  • Exported config function (by @ 1000ch).
• 1.2.2 - 2019-04-16
  
  • Update js-yaml for Code Injection warning (by @ kaungst).
• 1.2.1 - 2019-04-04
  

  Some goodness from pull-requests.

  • Bump up js-yaml version to fix DoS vulnerability (by @ eugestarr).
• 1.2.0 - 2019-02-24
  

  Some goodness from pull-requests.

  • Fixed extra blank lines when processing many files (by @ panczarny).
  • Added --recursive option to process folders recursevely with option -f (by @ dartess).
  • Added removeAttributesBySelector plugin to remove elements matching a css selector (by @ bmease).
  • Added removeOffCanvasPaths plugin to remove elements outside of the viewbox (by @ JoshyPHP).
  • removeAttrs plugin: added preserveCurrentColor color (by @ roblevintennis) and 3rd optional filter for a value (by @ Herman-Freund).
  • Added reusePaths plugin to replace duplicated elements with link (by @ jhowcrof).
  • Added support of comma-separated plugins list in --disable and --enable options (by @ jmwebservices).
  • Added option to preserve IDs based on prefix in cleanupIDs plugin (by @ bkotzz).
  • Replaced colors dependency with chalk (by @ xPaw).
• 1.1.1 - 2018-09-17
  
  • Fixed crash in SVGO.optimize() when ‘info’ is absent.
  • Removed extra space after cleanupListOfValues plugin.
• 1.1.0 - 2018-09-16
  
  • Fixed collapseGroups plugin removing property with a child having inherit value.
  • version attribute value is not more being rounded.
  • Fixed jsAPI clone method with respect to the introduced CSS classes.
  • Fixed scaling strokes with vector-effect="non-scaling-stroke" (by @ alexjlockwood).
  • Fixed passing properties from groups in collapseGroups plugin if child have a filter (by @ stristr).
  • Fixed arc path commands parsing without separators after flags, effectively producing a JS error.
  • Fixed viewBox separators parsing.
  • Fixed removeNonInheritableGroupAttrs plugin to work as intended.
  • Fixed removing path segments without length in presence of stroke-linecap.
  • Fixed removeUnknownsAndDefaults plugin removing attributes from elements with id.
  • Fixed converting to large arcs from nearly straight lines curves.
  • Fixed collapseGroups plugin affecting <switch> and its subgroups.
  • Fixed convertTransform plugin converting to rotate() with wrong sign in some case.
  • Fixed cleanupListOfValues plugin not preserving non-numeric values.
  • Fixed !important being passed to attributes in convertStyleToAttrs plugin.
  • Added option keepImportant to convertStyleToAttrs plugin to preserve styles with !important.
  • removeHiddenElems plugin now also removes elements with visibility="hidden" attribute (by @ mikolaj92).
  • Added forceAbsolutePath option to convertPathData plugin to always use absolute coordinates (by @ cool).
  • Added keepRoleAttr for removeUnknownsAndDefaults plugin to preserve role- attributes (by @ himedlooff).
  • Added xmlns order option in sortAttrs plugin (by @ hellatan).
  • Added an option to prefixIds plugin to pass prefix as false or as a function that returns false (by @ vzaidman).
  • prefixIds plugin now adds prefix to every class (by @ vzaidman).
  • Updated and improved docs a bit (multiple authors).
• 1.0.5 - 2018-02-26
  

  Fixed issue with prefixIDs plugin not replacing url() values correctly (by @ harrisjose).

from svgo GitHub release notes

Commit messages

Package name: svgo

• d17c429 v1.3.2
• 99d9c3c Default `info` on SVGO.optimize API
• 58232a3 v1.3.1
• 0e6b0ad Fix 'cleanupIDs' minify bug due to preserved IDs
• 71c7fe7 Add multipassCount to info object passed to the plugins.
• 67be534 Update csso to 4.0.2 (+semicola in styles test) (#1172)
• 11f9c79 Add active column in plugins table to readme
• 9160a41 added node v12 in travis
• 10a302f v1.3.0
• cc9ad33 Add ‘sortDefsChildren’ to default plugins list and readme
• 023013a Use ’force’ option in ‘mergePaths’ only for paths with same attributes
• e1dd31c Fix 180deg ‘convertTransform’
• 8671c4c Fix incorrect prev arc segment angle calculation.
• 27cdeb7 Add a warning about plugin configuration error
• ac34386 Copy plugin params when initializing plugin by name
• d3e9141 Export config function to enable to use
• 5ee68c4 Add options to prefixIds plugin for selectively prefixing IDs and/or classes.
• 3d6d804 lib/config: load custom plugin defined via path in config
• 357de5f lib/config: add setPluginActiveState function
• b533063 Add ‘convertEllipseToCircle‘ plugin to readme
• 7d0c471 Add ‘convertEllipseToCircle‘ to default plugins list
• 8e45fa2 Add ‘ellipseToCircle’ plugin
• 31e6a8c Make removeDimensions add viewBox if it's missing
• b9905aa (Fix docs: document remix configuration gregberge/svgr#800) Add option to the mergePaths plugin, forcing all path attributes to be combined (#1084)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs