[x3d-public] Patched X3DJSONLD — security vulnerability in three.is
John Carlson
yottzumm at gmail.com
Thu Jan 27 08:23:04 PST 2022
The package-lock.json in X3DJSONLD referred to three.js 0.136.0 which had a
security vulnerability in it. Dependabot did an automated pull request and
updated the dependency to 0.137.0.
Be sure to upgrade all the versions of three.js that are public facing. I
will be working on a new production version of X3DJSONLD for the
coderextreme.net site today.
I am fairly sure the X3D JSON validator does not use three.js, but browse
safely today, there may be lots of 3D sites being patched!
Thanks!
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20220127/531a06f3/attachment.html>
More information about the x3d-public
mailing list