We’ve released patches for 5 vulnerabilities across devalue , svelte , @sveltejs/kit , and @sveltejs/adapter-node . Here’s what you need to know:Upgrade nowIf you’re using any of these packages, upgrade them to their corresponding non-vulnerable versions:devalue : 5.6.2: svelte : 5.46.4: @sveltejs/kit : 2.49.5: @sveltejs/adapter-node : 5.5.1For cross-dependent packages — svelte and @sveltejs/kit depend on devalue — patched versions already include upgraded dependencies. Over the last few weeks, we’ve seen a spate of high profile vulnerabilities affecting popular tools across the web development ecosystem. While they are unfortunate, it has been encouraging to see the community pulling together to keep end users safe. If you think you have discovered a vulnerability in a package maintained by the Svelte team, we urge you to privately report it via the Security tab on the repo in question (or the Svelte repo, if unsure).