qaboard icon indicating copy to clipboard operation
qaboard copied to clipboard
verified publisher icon Samsung

[Snyk] Security upgrade three from 0.106.2 to 0.125.0

Open arthur-flam opened this issue 5 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • webapp/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-THREE-1064931		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: three The new version differs by 250 commits.
  • e1037f9 r125
  • 3f03b59 Merge pull request #21158 from Mugen87/dev51
  • b14f0ee Merge pull request #21148 from elalish/variantNormals
  • 535f7fc Examples: Clean up.
  • c5acc71 Merge pull request #21157 from Mugen87/dev51
  • 8242ac0 TS: Add failIfMajorPerformanceCaveat.
  • 72a9ae4 Merge pull request #21155 from donmccurdy/docs-gltfloader-ktx2
  • 41e2f30 GLTFLoader: Remove 'experimental' note on KHR_texture_basisu.
  • 65d597d adding notes
  • d16ca2a Merge pull request #21154 from j13ag0/patch-1
  • 192b4dd Update Vector3.html
  • 16eb3ec Merge pull request #21145 from Mugen87/dev2
  • 3d153ab Merge pull request #21149 from Mugen87/dev51
  • ca306c0 Add version to glslang.
  • f9d120d WebGPURenderer: Refactor glslang import.
  • 5eba37e Added RGBMLoader.
  • 5f1124b fixed GLTF variants normal map scale
  • b15bd85 Merge pull request #21134 from 1993heqiang/local_dev
  • a295496 Merge pull request #21146 from chpatrick/reset-current-depth
  • 58338b6 Merge pull request #21144 from donmccurdy/cleanup-universal-texture-loaders
  • 608216f Reset _currentDepth... in onSessionEnd in WebXRManager.
  • 055ffaf KTX2Loader + BasisTextureLoader: Clean up.
  • e5d85f6 Docs: Modify ‘round’ to ‘orbit’
  • ff5573c Merge pull request #19085 from Mugen87/dev48

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

arthur-flam avatar Jan 30 '21 03:01 arthur-flam