Affected versions of this package are vulnerable to XML Entity Expansion (Billion Laughs) when parsing of custom XML entities in DOCTYPE. An attacker can cause the application to consume excessive memory by submitting malicious SVG files containing recursive entity references.
Workaround
For version 4.0.0, upgrading the sax dependency to 1.5.0 recursively (yarn -R) mitigates this vulnerability.
Remediation
Upgrade svgo to version 2.8.1, 3.3.3, 4.0.1 or higher.