Svelte v3.54.0 referenced in source triggered vulnerability alert from security team

[typeof-robc]

This might be a nothing burger, but the presence of the string Svelte v3.54.0 in the comments and variable names like SvelteComponent were flagged during a security audit. We are not using Svelte, we are using React. I feel that this is a false positive but wanted to share just in case someone else has the same experience.

The security team says -

we identified that Svelte v3.54.0 is being used in the application, which has known vulnerabilities.
Both the Svelte component (shepherd-button.svelte) and a React dependency (react-shepherd) are being used at the same time

Thank you,

[RobbieTheWagner]

Thanks @typeof-robc, we are working on updating to svelte 5, but hitting some issues.