Bump js-yaml and svgo

[dependabot]

Bumps js-yaml to 4.1.0 and updates ancestor dependency svgo. These dependencies need to be updated together.

Updates js-yaml from 3.7.0 to 4.1.0

Changelog

Sourced from js-yaml's changelog.

[4.1.0] - 2021-04-15

Added

• Types are now exported as yaml.types.XXX.
• Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

• Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

• Check migration guide to see details for all breaking changes.
• Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
• Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
• yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
• yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
• !!binary now always mapped to Uint8Array on load.
• Reduced nesting of /lib folder.
• Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
• dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
• Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
• Code snippet created in exceptions now contains multiple lines with line numbers.
• dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
• dump() with skipInvalid=true now serializes invalid items in collections as null.
• Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
• Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

• Added .mjs (es modules) support.
• Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
• Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.
• Added replacer option (similar to option in JSON.stringify), #339.
• Custom Tag can now handle all tags or multiple tags with the same prefix, #385.

Fixed

• Astral characters are no longer encoded by dump(), #587.
• "duplicate mapping key" exception now points at the correct column, #452.
• Extra commas in flow collections (e.g. [foo,,bar]) now throw an exception instead of producing null, #321.
• __proto__ key no longer overrides object prototype, #164.

... (truncated)

Commits

• 2cef47b 4.1.0 released
• 810b149 dist rebuild
• 2b5620e Export built-in types, type override now preserves order
• ab31bba doc: clarify lineWidth dump options (#612)
• ee74ce4 4.0.0 released
• a44bb7c dist rebuild
• aee620a Throw an error if block sequence/mapping indent contains a tab
• f0f205b Fix parsing of invalid block mappings
• e8cf6f6 Fix error with anchor not being assigned to an empty node
• a583097 Shorthand tags with !! whenever possible
• Additional commits viewable in compare view

Updates svgo from 0.7.2 to 2.8.0

Release notes

Sourced from svgo's releases.

v2.8.0

If you enjoy SVGO and would like to support our work, consider sponsoring us directly via our OpenCollective.

Join us in our discord

Features and bug fixes

• added --no-color flag for testing purposes but you may find it useful (svg/svgo#1588)
• handle url() in style attributes properly (svg/svgo#1592)
• removeXMLNS plugin now removes xmlns:xlink attribute (svg/svgo#1508)
• load .cjs configuration only with require to fix segfaults in linux (svg/svgo#1605)

Refactorings

• simplified and covered with types svg stringifier (svg/svgo#1593)
• migrated to visitor api and covered with types removeEmptyAttrs plugin (svg/svgo#1594)
• migrated to visitor api and covered with types inlineStyles plugin (svg/svgo#1601)
• migrated to picocolors (svg/svgo#1606)

DX

I found some users are trying to enable plugins which are not part of default preset, for example

{
  name: 'preset-default',
  params: {
    overrides: {
      cleanupListOfValues: true
    }
  }
}

To fix this I made docs more concrete about plugin (svg/svgo@5165ccb) and introduced a warning when true is specified in overrides (svg/svgo@cb7e9be). Please give us feedback if you still have issues.

Thanks to @​IlyaSkriblovsky, @​devongovett, @​matheus1lva, @​omgovich, @​renatorib and @​TrySound

v2.7.0

If you enjoy SVGO and would like to support our work, consider sponsoring us directly via our OpenCollective.

Join us in our discord

ES Modules support

This release adds support for es modules in svgo.config.js when package.json type field is "module". For projects with mixed cjs and esm svgo.config.mjs and svgo.config.cjs are also supported as fallback.

... (truncated)

Changelog

Sourced from svgo's changelog.

[ > ] 1.3.2 / 30.10.2019

• Fixed TypeError: Cannot set property 'multipassCount' of undefined

[ > ] 1.3.1 / 29.10.2019

• Updated CSSO version to 4.0.2 fixing the issue with empty semicolons ";;" in styles (thanks to @​strarsis and @​lahmatiy).
• prefixIds plugin now runs only once with --multipass option (by @​strarsis).
• cleanupIDs plugin is prevented from producing a preserved ID, including one which matches a preserved prefix, when minifying (by @​thomsj).

[ > ] 1.3.0 / 14.07.2019

• Custom plugins now can be loaded from external js through path plugin param.
• New plugin convertEllipseToCircle to convert ellipse with equal radius measures to circle (by @​tigt).
• New plugin sortDefsChildren for improved compression (by @​davidleston).
• SVGO now removes unnecessary spaces after arcto path command flags.
• removeDimensions plugin now adds viewBox if it's missing (by @​adipascu).
• Fixed removeUnusedNS not counting attributes in <svg> tag itself.
• Fixed an issue with incorrect processing multiple images (by @​cyberalien).
• Fixed an error with incorrect converting multiple segmented curve to an arc.
• Fixed an error with matrix decomposition in convertTransform due to rounding error leading to illegal value.
• Added force option for mergePaths plugin (by @​goyney).
• Added options to prefixIds plugin for selectively prefixing IDs and/or classes (by @​strarsis).
• Exported config function (by @​1000ch).

[ > ] 1.2.2 / 16.04.2019

• Update js-yaml for Code Injection warning (by @​kaungst).

[ > ] 1.2.1 / 04.04.2019

Some goodness from pull-requests.

• Bump up js-yaml version to fix DoS vulnerability (by @​eugestarr).

[ > ] 1.2.0 / 24.02.2019

Some goodness from pull-requests.

• Fixed extra blank lines when processing many files (by @​panczarny).
• Added --recursive option to process folders recursively with option -f (by @​dartess).
• Added removeAttributesBySelector plugin to remove elements matching a css selector (by @​bmease).
• Added removeOffCanvasPaths plugin to remove elements outside of the viewbox (by @​JoshyPHP).
• removeAttrs plugin: added preserveCurrentColor color (by @​roblevintennis) and 3rd optional filter for a value (by @​Herman-Freund).
• Added reusePaths plugin to replace duplicated elements with link (by @​jhowcrof).
• Added support of comma-separated plugins list in --disable and --enable options (by @​jmwebservices).
• Added option to preserve IDs based on prefix in cleanupIDs plugin (by @​bkotzz).
• Replaced colors dependency with chalk (by @​xPaw).

[ > ] 1.1.1 / 17.09.2018

• Fixed crash in SVGO.optimize() when ‘info’ is absent.
• Removed extra space after cleanupListOfValues plugin.

[ > ] 1.1.0 / 16.09.2018

• Fixed collapseGroups plugin removing property with a child having inherit value.
• version attribute value is not more being rounded.
• Fixed jsAPI clone method with respect to the introduced CSS classes.
• Fixed scaling strokes with vector-effect="non-scaling-stroke" (by @​alexjlockwood).

... (truncated)

Commits

• b37d90e 2.8.0
• cb7e9be Add warning about enabling plugins in presets
• 5165ccb Make docs more descriptive
• 72b9722 Refactor inlineStyles (#1601)
• c799503 Load .cjs with require only (#1605)
• 4b4391f Refactor basic cli tests (#1595)
• 2d6deea Remove xmlns:xlink in removeXMLNS plugin (#1508)
• d29cec4 Migrate to picocolors (#1606)
• 4166c32 Migrate to simple yarn cache (#1608)
• 4377ea3 Refactor removeEmptyAttrs (#1594)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by trysound, a new releaser for svgo since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.