Fix SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering (opea-project#2402)

ZePan110 · web-flow · commit 3648f155d0e1 · 2026-01-22T15:05:10.000+08:00
Signed-off-by: ZePan110 &lt;ze.pan@intel.com&gt;
diff --git a/AudioQnA/ui/svelte/package.json b/AudioQnA/ui/svelte/package.json
@@ -18,7 +18,7 @@
     "@fortawesome/free-solid-svg-icons": "6.2.0",
     "@playwright/test": "^1.45.2",
     "@sveltejs/adapter-auto": "^3.0.0",
-    "@sveltejs/kit": "2.20.6",
+    "@sveltejs/kit": "2.49.5",
     "@sveltejs/vite-plugin-svelte": "^3.0.0",
     "@tailwindcss/typography": "0.5.7",
     "@types/debug": "4.1.7",
diff --git a/ChatQnA/ui/svelte/package.json b/ChatQnA/ui/svelte/package.json
@@ -18,7 +18,7 @@
     "@fortawesome/free-solid-svg-icons": "6.2.0",
     "@playwright/test": "^1.45.2",
     "@sveltejs/adapter-auto": "^3.0.0",
-    "@sveltejs/kit": "2.20.6",
+    "@sveltejs/kit": "2.49.5",
     "@sveltejs/vite-plugin-svelte": "^3.0.0",
     "@tailwindcss/typography": "0.5.7",
     "@types/debug": "4.1.7",
diff --git a/CodeGen/ui/svelte/package.json b/CodeGen/ui/svelte/package.json
@@ -18,7 +18,7 @@
     "@fortawesome/free-solid-svg-icons": "6.2.0",
     "@playwright/test": "^1.45.2",
     "@sveltejs/adapter-auto": "^3.0.0",
-    "@sveltejs/kit": "2.20.6",
+    "@sveltejs/kit": "2.49.5",
     "@sveltejs/vite-plugin-svelte": "^3.0.0",
     "@tailwindcss/typography": "0.5.7",
     "@types/debug": "4.1.7",
diff --git a/CodeTrans/ui/svelte/package.json b/CodeTrans/ui/svelte/package.json
@@ -16,7 +16,7 @@
   "devDependencies": {
     "@playwright/test": "^1.44.1",
     "@sveltejs/adapter-auto": "^3.0.0",
-    "@sveltejs/kit": "2.20.6",
+    "@sveltejs/kit": "2.49.5",
     "@sveltejs/package": "^2.0.0",
     "@sveltejs/vite-plugin-svelte": "^3.0.0",
     "@types/prismjs": "^1.26.3",
diff --git a/DocSum/ui/svelte/package.json b/DocSum/ui/svelte/package.json
@@ -27,7 +27,7 @@
   "devDependencies": {
     "@playwright/test": "^1.44.1",
     "@sveltejs/adapter-auto": "^3.0.0",
-    "@sveltejs/kit": "2.20.6",
+    "@sveltejs/kit": "2.49.5",
     "@sveltejs/package": "^2.0.0",
     "@sveltejs/vite-plugin-svelte": "^3.0.0",
     "autoprefixer": "^10.4.16",
diff --git a/GraphRAG/ui/svelte/package.json b/GraphRAG/ui/svelte/package.json
@@ -18,7 +18,7 @@
     "@fortawesome/free-solid-svg-icons": "6.2.0",
     "@playwright/test": "^1.45.2",
     "@sveltejs/adapter-auto": "^3.0.0",
-    "@sveltejs/kit": "2.20.6",
+    "@sveltejs/kit": "2.49.5",
     "@sveltejs/vite-plugin-svelte": "^3.0.0",
     "@tailwindcss/typography": "0.5.7",
     "@types/debug": "4.1.7",
diff --git a/SearchQnA/ui/svelte/package.json b/SearchQnA/ui/svelte/package.json
@@ -18,7 +18,7 @@
     "@fortawesome/free-solid-svg-icons": "6.2.0",
     "@playwright/test": "^1.45.2",
     "@sveltejs/adapter-auto": "^3.0.0",
-    "@sveltejs/kit": "2.20.6",
+    "@sveltejs/kit": "2.49.5",
     "@sveltejs/vite-plugin-svelte": "^3.0.0",
     "@tailwindcss/typography": "0.5.7",
     "@types/debug": "4.1.7",
diff --git a/Text2Image/ui/svelte/package.json b/Text2Image/ui/svelte/package.json
@@ -18,7 +18,7 @@
     "@fortawesome/free-solid-svg-icons": "6.2.0",
     "@playwright/test": "^1.45.2",
     "@sveltejs/adapter-auto": "^3.0.0",
-    "@sveltejs/kit": "2.20.6",
+    "@sveltejs/kit": "2.49.5",
     "@sveltejs/vite-plugin-svelte": "^3.0.0",
     "@tailwindcss/typography": "0.5.7",
     "@types/debug": "4.1.7",
diff --git a/VisualQnA/ui/svelte/package.json b/VisualQnA/ui/svelte/package.json
@@ -18,7 +18,7 @@
     "@fortawesome/free-solid-svg-icons": "6.2.0",
     "@playwright/test": "^1.45.2",
     "@sveltejs/adapter-auto": "^3.0.0",
-    "@sveltejs/kit": "2.20.6",
+    "@sveltejs/kit": "2.49.5",
     "@sveltejs/vite-plugin-svelte": "^3.0.0",
     "@tailwindcss/typography": "0.5.7",
     "@types/debug": "4.1.7",
