[Snyk] Upgrade @sveltejs/vite-plugin-svelte from 3.1.1 to 6.2.1

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade @sveltejs/vite-plugin-svelte from 3.1.1 to 6.2.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 34 versions ahead of your current version.

• The recommended version was released a month ago.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727	57	Proof of Concept
	Incorrect Authorization SNYK-JS-VITE-9512410	57	Mature
	Incorrect Authorization SNYK-JS-VITE-9653016	57	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	57	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	57	Proof of Concept
	Directory Traversal SNYK-JS-SUPABASEAUTHJS-10255365	57	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-SVELTEJSKIT-9690586	57	Proof of Concept
	Directory Traversal SNYK-JS-VITE-13644406	57	Proof of Concept
	Information Exposure SNYK-JS-VITE-8023174	57	Proof of Concept
	Origin Validation Error SNYK-JS-VITE-8648411	57	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	57	Proof of Concept
	Prototype Pollution SNYK-JS-DEVALUE-12205530	57	Proof of Concept
	Access Control Bypass SNYK-JS-VITE-9576207	57	Proof of Concept
	Information Exposure SNYK-JS-VITE-9685035	57	Proof of Concept
	Directory Traversal SNYK-JS-VITE-9919777	57	Proof of Concept
	Directory Traversal SNYK-JS-SIRV-12558119	57	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SVELTEJSKIT-8400875	57	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-SVELTEJSKIT-8400876	57	No Known Exploit
	Relative Path Traversal SNYK-JS-VITE-12558116	57	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-VITE-8022916	57	Proof of Concept

Release notes

Package name: @sveltejs/vite-plugin-svelte

• 6.2.1 - 2025-09-24
  

  Patch Changes

  • fix: remove unscopable global styles warning (#1223)

  • Remove automatic configuration for rolldownOptions.optimization.inlineConst because latest version of rolldown-vite has it enabled by default. (#1225)

• 6.2.0 - 2025-09-09
  

  Minor Changes

  • feat(rolldown-vite): enable optimization.inlineConst by default to ensure treeshaking works with esm-env in svelte (#1207)
• 6.1.4 - 2025-09-02
  

  Patch Changes

  • fix: allow preprocess plugin to run twice (#1206)

  • fix(types): update urls to PreprocessorGroup and CompileOptions in type documention (#1203)

  • replace kleur dependency with builtin node:utils styleText (#1210)

• 6.1.3 - 2025-08-19
  

  Patch Changes

  • fix(api): add api.filter and deprecate api.idFilter to avoid confusing filter.id = idFilter.id assignments when used as hybrid filter in other plugins (#1199)
• 6.1.2 - 2025-08-13
  

  Patch Changes

  • fix: ensure compiled css is returned when reloading during dev with ssr (e.g. SvelteKit) (#1194)
• 6.1.1 - 2025-08-08
  

  Patch Changes

  • fix: ensure compiled svelte css is loaded correctly when rebuilding in build --watch (#1189)
• 6.1.0 - 2025-07-15
  

  Minor Changes

  • feat: add support for the new experimental.async option and apply dynamicCompileOptions when compiling Svelte modules (#1176)

  Patch Changes

  • skip comment blocks when reporting compiler errors that might be caused by a preprocessor issue (#1166)

  • increase logLevel to info for "no Svelte config found" message (#1179)

• 6.0.0 - 2025-07-10
• 6.0.0-next.3 - 2025-07-04
• 6.0.0-next.2 - 2025-07-02
• 6.0.0-next.1 - 2025-06-23
• 6.0.0-next.0 - 2025-06-13
• 5.1.1 - 2025-07-11
  

  Patch Changes

  • fix: prevent accidental pollution of svelteconfig.extensions (#1171)
• 5.1.0 - 2025-06-03
• 5.0.3 - 2024-12-18
• 5.0.2 - 2024-12-12
• 5.0.1 - 2024-11-26
  

  Patch Changes

  • docs: update usage instructions in readme and link to docs (#1197)
• 5.0.0 - 2024-11-26
  

  Major Changes

  • drop support for node18 and update exports map to use default export. cjs is supported via require esm in node 20.19+ (#1129)

  • bump vite peer dependency to ^6.3.0 || ^7.0.0 (#1130)

  Patch Changes

  • use vite environment api internally (#1145)

  • remove vite7 beta releases from peerDependency range. (#1151)

  • Updated dependencies [63d1fc6, 47e8a9f, a494b03, 74e701f, 7cd6064, 7cd6064, 7cd6064, b875b0c, fac52a4, bac3e1c, 74e701f, 921ba4e, 59e082e, b875b0c, 7af3cd2, 74e701f, 74e701f]:

    • @ sveltejs/vite-plugin-svelte@6.0.0
• 5.0.0-next.0 - 2024-11-25
• 4.0.4 - 2024-12-18
• 4.0.3 - 2024-12-12
• 4.0.2 - 2024-11-25
• 4.0.1 - 2024-11-15
• 4.0.0 - 2024-10-19
• 4.0.0-next.8 - 2024-10-10
• 4.0.0-next.7 - 2024-09-04
• 4.0.0-next.6 - 2024-08-05
• 4.0.0-next.5 - 2024-07-27
• 4.0.0-next.4 - 2024-07-11
• 4.0.0-next.3 - 2024-05-27
• 4.0.0-next.2 - 2024-05-25
• 4.0.0-next.1 - 2024-05-14
• 4.0.0-next.0 - 2024-05-09
• 3.1.2 - 2024-08-22
• 3.1.1 - 2024-05-29

from @sveltejs/vite-plugin-svelte GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs