chore(deps): update dependency @sveltejs/adapter-vercel to v6 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@sveltejs/adapter-vercel (source)	^5.4.7 → ^6.3.2

GitHub Vulnerability Alerts

CVE-2026-27118

Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental Static Regeneration (ISR) is accessible on all routes, allowing an attacker to cause sensitive user-specific responses to be cached and served to other users.

Successful exploitation requires a victim to visit an attacker-controlled link while authenticated.

Existing deployments are protected by Vercel's WAF, but users should upgrade as soon as possible.

---

Release Notes

sveltejs/kit (@​sveltejs/adapter-vercel)

v6.3.2

Compare Source

Patch Changes

• fix: 404 for immutable assets that don't match static files (c67da8a)

• Updated dependencies [3e607b3, 62991c8, f47c01b]:

  • @​sveltejs/kit@​2.52.2

v6.3.1

Compare Source

Patch Changes

• feat: show remote function calls under the /_app/remote route in observability (#​15098)

• fix: prevent isr routes from handling remote function calls (#​15098)

• Updated dependencies [46c1ebd, 2dd74c8, 8871b54]:

  • @​sveltejs/kit@​2.50.1

v6.3.0

Compare Source

Minor Changes

• chore: mark RequestContext as deprecated and refer to @vercel/functions (#​14725)

Patch Changes

• Updated dependencies [e67613c, a5c313e, 06de550]:
  • @​sveltejs/kit@​2.49.3

v6.2.0

Compare Source

Minor Changes

• feat: Node 24 support (#​14982)

v6.1.2

Compare Source

Patch Changes

• chore(deps): upgrade to @vercel/nft version 1.0.0 to reduce dependencies (#​14950)

• Updated dependencies [0889a2a, 2ff3951, 5b30755]:

  • @​sveltejs/kit@​2.48.7

v6.1.1

Compare Source

Patch Changes

• chore: improve runtime config parsing (#​14838)

• Updated dependencies [cd72d94, 53b1b73, 2ccc638]:

  • @​sveltejs/kit@​2.48.3

v6.1.0

Compare Source

Minor Changes

• feat: Add experimental support for Bun runtime (#​14817)

Patch Changes

• Updated dependencies [102aecf]:
  • @​sveltejs/kit@​2.48.1

v6.0.0

Compare Source

Major Changes

• breaking: remove Node polyfills (and by extension support for Node 18) (#​14732)

Minor Changes

• feat: parse isr.expiration, allowing it to be a string (#​14691)

Patch Changes

• Updated dependencies [9c933a2, dedda71]:
  • @​sveltejs/kit@​2.47.0

v5.10.3

Compare Source

Patch Changes

• chore: update "homepage" field in package.json (#​14579)

v5.10.2

Compare Source

Patch Changes

• fix: ensure read works in an edge function that has deployment protection. Protection bypass automation must be enabled (#​14147)

• Updated dependencies [c8f7ac3, 107f767]:

  • @​sveltejs/kit@​2.33.1

v5.10.1

Compare Source

Patch Changes

• chore: deprecate runtime config (#​14253)

v5.10.0

Compare Source

Minor Changes

• feat: use web standard fetch export (#​14251)

Patch Changes

• Updated dependencies [1d04a77, 5db4cd4]:
  • @​sveltejs/kit@​2.32.0

v5.9.1

Compare Source

Patch Changes

• fix: avoid erroring on builder properties that only exist on the latest version of SvelteKit (#​14233)

• Updated dependencies [f2db41c]:

  • @​sveltejs/kit@​2.31.1

v5.9.0

Compare Source

Minor Changes

• feat: add instrumentation.server.ts for tracing and observability setup (#​13899)

Patch Changes

• Updated dependencies [f635678, f635678]:
  • @​sveltejs/kit@​2.31.0

v5.8.2

Compare Source

Patch Changes

• chore: add .git to the end of package.json repository url (#​14134)

• Updated dependencies [c968aef]:

  • @​sveltejs/kit@​2.27.3

v5.8.1

Compare Source

Patch Changes

• chore(deps): update dependency @​vercel/nft to ^0.30.0 (#​14033)

v5.8.0

Compare Source

Minor Changes

• feat: add support for read imported from $app/server in edge functions (#​13859)

Patch Changes

• Updated dependencies [e5ce8bb, cf88369]:
  • @​sveltejs/kit@​2.25.0

v5.7.2

Compare Source

Patch Changes

• chore(deps): upgrade to esbuild 0.25.4 (#​13770)

v5.7.1

Compare Source

Patch Changes

• chore(deps): upgrade esbuild to 0.25.2 (#​13716)

• fix: include the edge-light bundling condition when building edge functions (#​13720)

• Updated dependencies [c51fb554416e0c4a21655c1d79e834f69743d1d5]:

  • @​sveltejs/kit@​2.20.8

v5.7.0

Compare Source

Minor Changes

• feat: create symlink functions for each route, for better observability (#​13679)

Patch Changes

• Updated dependencies [7fd7bcb7142e7d0d2dd64174fa1a94d56a45d643]:
  • @​sveltejs/kit@​2.20.4

v5.6.3

Compare Source

Patch Changes

• chore(deps): upgrade @​vercel/nft to fix glob deprecation warnings (b1e9781a6dff41841d8e1509311d948421956746)

v5.6.2

Compare Source

Patch Changes

• fix: change server-side route resolution endpoint (#​13461)

• Updated dependencies [9612a60a0277aef0ab4723a0e7ed8dd03a7ffb95, 3d88ae33fc14b08a1d48c2cb7315739c8cfcd9fd]:

  • @​sveltejs/kit@​2.17.2

v5.6.1

Compare Source

Patch Changes

• fix: correct edge function path for route resolution endpoint (#​13409)

v5.6.0

Compare Source

Minor Changes

• feat: generate edge function dedicated to server side route resolution when using that option in SvelteKit (#​13379)

Patch Changes

• Updated dependencies [09296d0f19c8d1ff57d699e637bd1beabb69d438, d62ed39a431f0db3db4dd90bf6b17ed2a2a2de79, f30352f874790b9de0bd0eba985a21aef23e158e, 180fa3467e195065c0a25206c6328a908e6952d7, 5906e9708965b848b468d0014999c36272dc8d50, d62ed39a431f0db3db4dd90bf6b17ed2a2a2de79]:
  • @​sveltejs/kit@​2.17.0

v5.5.3

Compare Source

Patch Changes

• fix: include ambient type declarations (#​12088)

• Updated dependencies [d440c68acac67ed64eea4b9bda267e229303db7b, 6774ebc34330b12ae8c0cae08e98b577d819fffb, 777c8ef11f17d2ab48aee0f2347c051663da5826, f451f6c4a3dbbc73dc86667c6ff89ab2f46ca9d2, 34a03ff16af29e917abebb649b31eadfc40a98a0, 1c77e283896058084c1cb5752d9ec207987a585e, 04958cca5905aaeeff367c9e4a5ce6e90fc64779, 9dc5c0e3e01a3c07010e9996688169be68e1dde8, 00e1a7621de554054d068e4525a9e505d1c2e588, 9fcd1e7574197fa6e7ac000a030378d877cb8837, e541a4057a00f5ab6740fb51b7f88f17776da50a, 37f72fbb075b481de8263f62c77125333735f382, b60707ca8e755be95c86490122aa1b792b9bd6be, 699f4405c752261cf46c1ad32e4dbadceaffc75b, e2a4538c48295cde06f64fb8c7f0b333fbf95496, a91ba1f326b6e244503de9a010771d942b461dad]:

  • @​sveltejs/kit@​2.16.0

v5.5.2

Compare Source

Patch Changes

• chore: upgrade @vercel/nft to 0.27.9 (#​13129)

• Updated dependencies [9fc5ff3339e543b956f7ce5eb31267fa73ee332a, 85b57168189fa16fe966434ec50cc19425cab275]:

  • @​sveltejs/kit@​2.10.0

v5.5.1

Compare Source

Patch Changes

• chore: upgrade @​vercel/nft to 0.27.7 (#​13082)

• Updated dependencies [78404dfe1eb346723eefc183278b85f25485b419]:

  • @​sveltejs/kit@​2.9.1

v5.5.0

Compare Source

Minor Changes

• chore: upgrade esbuild to 0.24.0 (#​12270)

Patch Changes

• Updated dependencies [d030f4bb285e70844d09b3f0c87809bae43014b8, 67dd214863cbc5852eb0e8512efbb7bad5358e8a]:
  • @​sveltejs/kit@​2.9.0

v5.4.8

Compare Source

Patch Changes

• chore: support building with Node 22 (#​13043)

• Updated dependencies [570562b74d9e9f295d9b617478088a650f51e96b, 1358cccd52190df3c74bdd8970dbfb06ffc4ec72]:

  • @​sveltejs/kit@​2.8.2

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
promplate-docs	Ready	Preview, Comment	Mar 5, 2026 7:59pm

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.