[PR #835] [MERGED] Bump svgo from 2.3.0 to 2.3.1 #1057

New issue

Closed

opened 2026-03-03 14:41:57 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 14:41:57 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/lipis/flag-icons/pull/835
Author: @dependabot-preview[bot]
Created: 6/28/2021
Status: ✅ Merged
Merged: 6/28/2021
Merged by: @dependabot-preview[bot]

Base: master ← Head: dependabot/npm_and_yarn/svgo-2.3.1

---

📝 Commits (1)

• 68e4af1 Bump svgo from 2.3.0 to 2.3.1

📊 Changes

2 files changed (+35 additions, -23 deletions)

View changed files

📝 package.json (+1 -1)
📝 yarn.lock (+34 -22)

📄 Description

Bumps svgo from 2.3.0 to 2.3.1.

Release notes

Sourced from svgo's releases.

v2.3.1

Fixed vulnerability in css-select dependency (svg/svgo#1485)

Thanks to @​ericcornelissen

Commits

• daf2f88 2.3.1
• 25d0f87 Upgrade css-select from ^3.1.2 to ^4.1.3 (#1485)
• 59876d8 Remove unused artifacts
• 68798eb Mark convertStyleToAttrs as disabled in README (#1472)
• 3d79f57 Convert convertPathData to visitor
• 06110b4 Convert mergePaths to visitor
• 368a67b Convert removeHiddenElems to visitor
• 17aaf36 Cleanup collapseGroups tests
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/lipis/flag-icons/pull/835 **Author:** [@dependabot-preview[bot]](https://github.com/apps/dependabot-preview) **Created:** 6/28/2021 **Status:** ✅ Merged **Merged:** 6/28/2021 **Merged by:** [@dependabot-preview[bot]](https://github.com/apps/dependabot-preview) **Base:** `master` ← **Head:** `dependabot/npm_and_yarn/svgo-2.3.1` --- ### 📝 Commits (1) - [`68e4af1`](https://github.com/lipis/flag-icons/commit/68e4af113de4e182cc0150f68deb6df35ce356f6) Bump svgo from 2.3.0 to 2.3.1 ### 📊 Changes **2 files changed** (+35 additions, -23 deletions) <details> <summary>View changed files</summary> 📝 `package.json` (+1 -1) 📝 `yarn.lock` (+34 -22) </details> ### 📄 Description Bumps [svgo](https://github.com/svg/svgo) from 2.3.0 to 2.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/svg/svgo/releases">svgo's releases</a>.</em></p> <blockquote> <h2>v2.3.1</h2> <p>Fixed vulnerability in css-select dependency (<a href="https://github-redirect.dependabot.com/svg/svgo/pull/1485">svg/svgo#1485</a>)</p> <p>Thanks to <a href="https://github.com/ericcornelissen"><code>@​ericcornelissen</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/svg/svgo/commit/daf2f88ef342a85ea9e0cd19d56bfb367ef8d048"><code>daf2f88</code></a> 2.3.1</li> <li><a href="https://github.com/svg/svgo/commit/25d0f87e3321684f5529831c6b7b105a25f92f4b"><code>25d0f87</code></a> Upgrade css-select from <code>^3.1.2</code> to <code>^4.1.3</code> (<a href="https://github-redirect.dependabot.com/svg/svgo/issues/1485">#1485</a>)</li> <li><a href="https://github.com/svg/svgo/commit/59876d894ba758814a224cffe26566104018130d"><code>59876d8</code></a> Remove unused artifacts</li> <li><a href="https://github.com/svg/svgo/commit/68798ebb6c115b3efab7c2cee0b0e81b96c91312"><code>68798eb</code></a> Mark convertStyleToAttrs as <code>disabled</code> in README (<a href="https://github-redirect.dependabot.com/svg/svgo/issues/1472">#1472</a>)</li> <li><a href="https://github.com/svg/svgo/commit/3d79f57a10d7b3dba4bcd30d0b94e22410626cae"><code>3d79f57</code></a> Convert convertPathData to visitor</li> <li><a href="https://github.com/svg/svgo/commit/06110b4fc058e34cadacbf6eaba080468e892d31"><code>06110b4</code></a> Convert mergePaths to visitor</li> <li><a href="https://github.com/svg/svgo/commit/368a67b70fabcfc0c4e2c30b57ec788081c9e306"><code>368a67b</code></a> Convert removeHiddenElems to visitor</li> <li><a href="https://github.com/svg/svgo/commit/17aaf3617f84667d4fb16e4616b2487c03ae3785"><code>17aaf36</code></a> Cleanup collapseGroups tests</li> <li>See full diff in <a href="https://github.com/svg/svgo/compare/v2.3.0...v2.3.1">compare view</a></li> </ul> </details> <br /> [](https://dependabot.com/compatibility-score/?dependency-name=svgo&package-manager=npm_and_yarn&previous-version=2.3.0&new-version=2.3.1) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) If all status checks pass Dependabot will automatically merge this pull request. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-03 14:41:57 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-03-03 14:42:32 +03:00

[PR #1057] [MERGED] Bump svgo from 2.8.0 to 3.0.2 #1185

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/npm_and_yarn/prettier-3.8.3

dependabot/npm_and_yarn/follow-redirects-1.16.0

dependabot/npm_and_yarn/sass-1.99.0

dependabot/npm_and_yarn/svgo-4.0.1

v7.5.0

v7.4.0

v7.3.2

v7.3.1

v7.3.0

v7.2.4

v7.2.3

v7.2.2

v7.2.1

v7.2.0

v7.1.0

v7.0.3

v7.0.2

v7.0.1

v7.0.0

v6.15.0

v6.14.0

v6.13.2

v6.13.1

v6.13.0

v6.12.0

v6.11.2

v6.11.1

v6.11.0

v6.10.1

v6.10.0

v6.9.5

v6.9.4

v6.9.3

v6.9.2

v6.9.1

v6.9.0

v6.8.0

v6.7.0

v6.6.6

v6.6.5

v6.6.4

v6.6.3

v6.6.2

v6.6.1

v6.6.0

v6.5.1

v6.5.0

v6.4.6

v6.4.5

v6.4.4

v6.4.3

v6.4.2

v6.4.1

v6.4.0

v6.3.0

v6.2.0

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

3.5.0

3.4.6

3.4.5

3.4.4

3.4.3

3.4.2

3.4.1

3.4.0

3.3.0

3.2.1

3.2.0

3.1.0

3.0.0

2.9.0

2.8.0

2.7.0

2.6.0

2.5.0

2.4.0

2.3.1

2.3.0

2.2.0

2.1.0

2.0.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.8.6

0.8.5

0.8.4

0.8.3

0.8.2

0.8.1

v0.8.1

0.8.0

0.7.1

0.7.0

0.6.5

0.6.4

0.6.3

0.6.2

0.6.1

0.6.0

0.5.1

0.5.0

0.4.0

0.3.0

0.2.0

0.1.0

Labels

Clear labels   

3rd-party

  

3rd-party

  

bug

  

code

  

documentation

  

enhancement

  

fixed-in-master

  

flag-request

  

help needed

  

missing-flag

  

missing-flag

  

pull-request

Mirrored from GitHub Pull Request

  

wrong-flag

  

wrong-flag

No labels

3rd-party

3rd-party

bug

code

documentation

enhancement

fixed-in-master

flag-request

help needed

missing-flag

missing-flag

pull-request

wrong-flag

wrong-flag

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/flag-icons#1057

No description provided.