chore(deps): bump svgo from 2.8.0 to 4.0.1

[dependabot]

Bumps svgo from 2.8.0 to 4.0.1.

Release notes

Sourced from svgo's releases.

v4.0.1

What's Changed

Dependencies

• Sets minimum version of sax (XML parser) to v1.5.0, which improves built-in guards against entity expansion.

Bug Fixes

• removeEmptyContainers, removed leftover <use> elements referencing an empty container that were removed. By @​johnkenny54 in svg/svgo#2051
• removeUnknownsAndDefaults, don't remove attributes if they're referenced in attribute selectors (CSS). By @​SethFalco in svg/svgo#2144

Performance

• convertPathData, refactor to reduce redundant equality checks. By @​Lorfdail in svg/svgo#1764 and svg/svgo#2135
• removeHiddenElems, compute styles lazily. By @​Lorfdail in svg/svgo#1764 and svg/svgo#2135

Other Changes

• Plugins no longer include if they are enabled or disabled by default, as this was written inconsistently. The --show-plugins argument appends the presets a plugin is in to the end of the line. By @​viralcodex in svg/svgo#2174
• Plugin/preset types to enforce the name start with preset- if it is a preset (collection of plugins). By @​SethFalco in svg/svgo#2178

Metrics

Before and after of the browser bundle of each respective version:

	v4.0.0	v4.0.1	Delta
svgo.browser.js	780.2 kB	781.5 kB	⬆️ 1.3 kB

v4.0.0

Illustration by Vukory

It's been just over a year since our first release candidate, but I believe we can now release SVGO v4.0.0 with confidence! Thank you to all contributors who tested our RC builds and reported issues back up, this really smoothed out the process.

We actually wanted to do the release sooner, but it was a challenge to find the right time to publish a major release, since that means setting time aside to support users through migrations, helping downstream projects migrate, being available to fix or document things that users found to have an unexpected impact by this release, etc. I appreciate everyone's patience, and now that this is done, we can hopefully increase the pace of development again and tackle that backlog of old bugs. ^-^'

Breaking Changes

Please refer to the Migration Guide from v3 to v4 for a more concise version! This section is more verbose as it delves into the motivation of changes too.

Dropped Support for Node.js v14

Node.js v14 is no longer supported by the Node.js team, including security support, since 30 April 2023. Node.js v16 is no longer supported either, but as some are still using it, we'll save dropping support for Node.js v16 for the next major release.

... (truncated)

Commits

• e691f5f Merge commit from fork
• b1d9f1a chore(deps): bump actions/upload-artifact from 6 to 7 (#2202)
• d724af1 chore(deps): bump actions/checkout from 5 to 6 (#2195)
• 4114b32 chore(deps): bump actions/upload-artifact from 4 to 6 (#2196)
• c06d8f6 chore: upgrade js-yaml and glob (#2191)
• 26e86e5 fix: remove unused <use> elements when deleting empty symbols (#2051)
• 50c326b perf: optimiztions to reduce regression test runtime (#2135)
• 1f33cbe ci: separate regression tests and write delta report (#2190)
• 79a2167 ci: save test reports to artifacts (#2189)
• 0ae52a0 chore(deps): bump actions/setup-node from 5 to 6 (#2187)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by sethiii, a new releaser for svgo since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: 📦 dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

This pull request seems to be inactive and will be automatically closed in a few days if it remains without any activity.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.