[x3d-public] Patched X3DJSONLD — security vulnerability in three.is
John Carlson
yottzumm at gmail.com
Thu Jan 27 12:46:00 PST 2022
I have run one successful build of X3DJSONLD and submitted changes.
I will do a web test against localhost, and then deploy to coderextreme.net.
I am trying to improve my JSON to Python converter presently.
John
On Thu, Jan 27, 2022 at 10:23 AM John Carlson <yottzumm at gmail.com> wrote:
> The package-lock.json in X3DJSONLD referred to three.js 0.136.0 which had
> a security vulnerability in it. Dependabot did an automated pull request
> and updated the dependency to 0.137.0.
>
> Be sure to upgrade all the versions of three.js that are public facing.
> I will be working on a new production version of X3DJSONLD for the
> coderextreme.net site today.
>
> I am fairly sure the X3D JSON validator does not use three.js, but browse
> safely today, there may be lots of 3D sites being patched!
>
> Thanks!
>
> John
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20220127/f4442417/attachment.html>
More information about the x3d-public
mailing list