search

Samsung / qaboard

Experiment tracker: organize, visualize, compare and share runs. Removes toil from algorithm/performance R&D and tuning.
https://samsung.github.io/qaboard
Apache License 2.0
54 stars 14 forks source link

[Snyk] Security upgrade three from 0.106.2 to 0.137.4 #48

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 663/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.4		 Cross-site Scripting (XSS)
SNYK-JS-THREE-2359738		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: three The new version differs by 250 commits.
  • a7b9d8c r137 (bis) (bis) (bis) (bis)
  • 215c40b ShaderLib: Added OPAQUE snippet to meshnormal shader. (#23362)
  • f74163a r137 (bis) (bis) (bis)
  • dfca2bd Material: Remove alphaWrite.
  • 216f045 r137 (bis) (bis)
  • 3d0c8df package.json: only export examples/fonts and examples/jsm
  • 34bbcc4 Update package.json exports paths (#23354)
  • 6ff28b0 r137 (bis)
  • 528193f Remove extension from node exports
  • 9b1fc44 r137
  • fe80a83 s/THREE.Multiply/THREE.MultiplyOperation (#23338)
  • add8fad NodeEditor: add Basic and Points Material (#23339)
  • e02c19a Examples: Updated webgl_loader_ldraw screenshot.
  • 890aea7 Updated examples builds.
  • 665390e Updated builds.
  • ed5e3de Examples: Always use FloatType in GPGPU examples with WebGL 2. (#23337)
  • 3a41724 UVNode: Rename .value to .index (#23335)
  • c77a176 Improve vr haptics example (#23307)
  • 406da8c LDrawLoader: Fix getMainEdgeMaterial() (#23334)
  • 1a1d338 NodeEditor: cleanup (#23332)
  • 1a0abe4 Add missing position entry according to PositionNode (#23310)
  • be80adf NodeEditor: Fixes (#23309)
  • 2202d9c add support for Layers to CSS3DObject/CSS2DRenderer (#23316)
  • ad68e49 Update Box3.html (#23320)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic