chore(deps): update dependency svelte to v3.49.0 [security]

This MR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
svelte (source)	3.24.1 -> 3.49.0

---

Svelte vulnerable to XSS when using objects during server-side rendering

CVE-2022-25875 / GHSA-wv8q-r932-8hc7 / SNYK-JS-SVELTE-2931080

More information

Details

The package svelte before 3.49.0 is vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side Rendering). Exploiting this vulnerability is possible via objects with a custom toString() function.

Severity

• CVSS Score: 6.1 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/MR:N/UI:R/S:C/C:L/I:L/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-25875
• https://github.com/sveltejs/svelte/pull/7530#​23issuecomment-1158575990
• https://github.com/sveltejs/svelte/commit/f8605d6acbf66976da9b4547f76e90e163899907
• https://github.com/sveltejs/svelte
• https://snyk.io/vuln/SNYK-JS-SVELTE-2931080

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

⚠ Release Notes retrieval for this MR were skipped because no github.com credentials were available. If you are self-hosted, please see this instruction.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.