angular-template-for-threejs icon indicating copy to clipboard operation
angular-template-for-threejs copied to clipboard
verified publisher icon makimenko

[Snyk] Security upgrade three from 0.131.3 to 0.137.4

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 663/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.4		 Cross-site Scripting (XSS)
SNYK-JS-THREE-2359738		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: three The new version differs by 250 commits.
  • a7b9d8c r137 (bis) (bis) (bis) (bis)
  • 215c40b ShaderLib: Added OPAQUE snippet to meshnormal shader. (#23362)
  • f74163a r137 (bis) (bis) (bis)
  • dfca2bd Material: Remove alphaWrite.
  • 216f045 r137 (bis) (bis)
  • 3d0c8df package.json: only export examples/fonts and examples/jsm
  • 34bbcc4 Update package.json exports paths (#23354)
  • 6ff28b0 r137 (bis)
  • 528193f Remove extension from node exports
  • 9b1fc44 r137
  • fe80a83 s/THREE.Multiply/THREE.MultiplyOperation (#23338)
  • add8fad NodeEditor: add Basic and Points Material (#23339)
  • e02c19a Examples: Updated webgl_loader_ldraw screenshot.
  • 890aea7 Updated examples builds.
  • 665390e Updated builds.
  • ed5e3de Examples: Always use FloatType in GPGPU examples with WebGL 2. (#23337)
  • 3a41724 UVNode: Rename .value to .index (#23335)
  • c77a176 Improve vr haptics example (#23307)
  • 406da8c LDrawLoader: Fix getMainEdgeMaterial() (#23334)
  • 1a1d338 NodeEditor: cleanup (#23332)
  • 1a0abe4 Add missing position entry according to PositionNode (#23310)
  • be80adf NodeEditor: Fixes (#23309)
  • 2202d9c add support for Layers to CSS3DObject/CSS2DRenderer (#23316)
  • ad68e49 Update Box3.html (#23320)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Jan 29 '22 17:01 snyk-bot