Skip to content

Bump svgo from 3.3.2 to 3.3.3#824

Merged
georgestephanis merged 1 commit intomasterfrom
dependabot/npm_and_yarn/svgo-3.3.3
Mar 18, 2026
Merged

Bump svgo from 3.3.2 to 3.3.3#824
georgestephanis merged 1 commit intomasterfrom
dependabot/npm_and_yarn/svgo-3.3.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 5, 2026
edited
Loading

Bumps svgo from 3.3.2 to 3.3.3.

Release notes

Sourced from svgo's releases.

v3.3.3

What's Changed

Dependencies

  • Migrates from our unsupported fork of sax (@​trysound/sax) to the upstream version of sax (sax).

Bug Fixes

  • No longer throws error when encountering comments in DTD.

Metrics

Before and after of the browser bundle of each respective version:

v3.3.2 v3.3.3 Delta
svgo.browser.js 910.9 kB 912.9 kB ⬆️ 2 kB

Support

SVGO v3 is not officially supported, please consider upgrading to SVGO v4 instead. We've backported this fix as there are security implications, but there is no commitment to do this for more complex changes in future.

Consider reading our Migration Guide from v3 to v4 which should ease the process.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added Dependencies Pull requests that update a dependency file JavaScript Pull requests that update Javascript code labels Mar 5, 2026
@jeffpaul jeffpaul added this to the 0.16.0 milestone Mar 5, 2026
@jeffpaul jeffpaul requested a review from kasparsd March 5, 2026 15:54
@jeffpaul jeffpaul moved this to In review in Two Factor project board Mar 5, 2026
@dependabot
Bump svgo from 3.3.2 to 3.3.3
9d56088 
Bumps [svgo](https://github.com/svg/svgo) from 3.3.2 to 3.3.3.
- [Release notes](https://github.com/svg/svgo/releases)
- [Commits](svg/svgo@v3.3.2...v3.3.3)

---
updated-dependencies:
- dependency-name: svgo
  dependency-version: 3.3.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/svgo-3.3.3 branch from b125d87 to 9d56088 Compare March 18, 2026 01:48
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 18, 2026

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Unlinked Accounts

The following contributors have not linked their GitHub and WordPress.org accounts: @dependabot[bot].

Contributors, please read how to link your accounts to ensure your work is properly credited in WordPress releases.

Core SVN

If you're a Core Committer, use this list when committing to wordpress-develop in SVN:

Props: .

GitHub Merge commits

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Unlinked contributors: dependabot[bot].

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@georgestephanis georgestephanis merged commit 28f759d into master Mar 18, 2026
55 checks passed
@github-project-automation github-project-automation bot moved this from In review to Done in Two Factor project board Mar 18, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/svgo-3.3.3 branch March 18, 2026 01:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kasparsd kasparsd Awaiting requested review from kasparsd

@georgestephanis georgestephanis Awaiting requested review from georgestephanis

Assignees

No one assigned

Labels

Dependencies Pull requests that update a dependency file JavaScript Pull requests that update Javascript code

Projects

Two Factor project board
Status: Done

Milestone

0.16.0

Development

Successfully merging this pull request may close these issues.

2 participants

@georgestephanis @jeffpaul