Skip to content

[Snyk] Upgrade: aframe, nuxt, vuetify #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade: aframe, nuxt, vuetify #44

wants to merge 1 commit into from

Conversation

@peterclemenko
Copy link
Owner

@peterclemenko peterclemenko commented Sep 10, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

aframe
from 0.8.2 to 0.9.2 | 3 versions ahead of your current version | 5 years ago
on 2019-05-07
nuxt
from 1.4.0 to 1.4.5 | 4 versions ahead of your current version | 6 years ago
on 2018-11-27
vuetify
from 1.0.18 to 1.5.24 | 111 versions ahead of your current version | 5 years ago
on 2020-03-03

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Cross-site Scripting (XSS)
SNYK-JS-VUETIFY-474604		 550 No Known Exploit
medium severity Cross-site Scripting (XSS)
npm:vue:20180802		 550 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 550 Proof of Concept
Release notes
Package name: aframe
  • 0.9.2 - 2019-05-07

    Follow-up fix to 0.9.1 for fixing vrdisplayactivate and link traversal flow.

    Fixes

    • Move vrdisplayactivate handler back earlier to fix auto entering VR in many cases (#4155).
    • Fix vrdisplayactivate and link traversal due to last build having outdated version our three.js fork.
    • Fix Entity.destroy not catching if entity is not attached to scenegraph (#4140).
    • Fix exiting fullscreen on Chrome m71+ (#4136).
    • Fix URL bar not hiding in iOS Safari in fullscreen (#4146).
    • Fix wrong sized canvas in iOS VR by preventing multiple requestPresent calls if already presenting (#4148).
  • 0.9.1 - 2019-04-18

    Follow-up fixes and improvements to 0.9.0.

    Released Hot Module Replacement loader for A-Frame: https://github.com/supermedium/aframe-super-hot-loader

    Major Changes

    • Detaching entity from scene will preserve component data. Add
      Entity.destroy() method to clear components and return their memory to the
      pool (#4121).
    • Use controller index to determine left / right controllers which may impact
      cases like Vive Trackers. Will look to make this more robust soon (#4013).

    Deprecations

    • Deprecate utils.device.isOculusGo in favor of utils.device.isMobileVR (#4032).

    Fixes

    • Updated documentation guides for 0.9.0.
    • Fix text antialiasing from distance (#4039).
    • Improve vrdisplayactivate path for more robust navigation (#4093, 3c2f68e).
    • Clean up object requested from pool by component to prevent pollution of old keys from other schemas (#4016).
    • Fix initial camera position, rotation, scale potentially not getting applied (#4020).
    • Fix utils.coordinates.stringify for zeroed vectors (#4017).
    • Handle if both WebVR and both WebXR APIs are available (#4022).
    • Handle null device from WebXR (#4030).
    • Catch navigator.xr.requestDevice error (#4035).
    • Fix animation for custom vec3 properties (#4051).
    • Fix sound onEnded not setting isPlaying to false (#4061, #4097, #4101).
    • Fix new materials not getting applied to obj-model recursively (#4062).
    • Fix boolean values in .flushToDOM (#4069).
    • Hide navigation buttons on Android (#4090).
    • Fix Chrome gamepads by checking getGamepads on every tick for Chrome (#4116).

    Enhancements

    • Add Component.events API to define event handlers that are automatically attached and detached depending on entity lifecycle (#4114).
    • Improve animation error message when passing invalid animation.property (#4122).
    • Have Entity.remove detach entity to match HTML element behavior (#4082).
    • Migrate hand-controls model to glTF (#3932).
    • Add shadow.enabled property to shadow system (#4040).
    • Add renderer.alpha property to renderer system (#4040).
    • Add AFRAME.coreComponents for a list of the core components (#4064).

    Performance

    • Use a fork of anime.js that has memory improvements from Kevin (#4028).
  • 0.9.0 - 2019-02-08

    Performance improvements, WebXR support, Inspector updates!

    We continued to battle test A-Frame to produce native-like VR experiences and
    continue to add large performance gains. We have also introduced initial WebXR
    support! Although the spec is heavily in flux and yet to have feature parity
    with WebVR 1.1, we had A-Frame get a head start to help test it out and smooth
    out the changes.

    Major Changes

    • Bump to three.js r101 on a branch with a few extra patches for WebXR support (f9f314).
    • WebXR support (#3875).
    • Remove <a-animation> in favor of new animation component (#3678).
    • Remove collada-model component (#3866).
    • Add renderer.colorManagement property (disabled by default) to accurately match colors against modeling tools, but may changes in scene colors when flipped on. renderer.gammaFactor will be set to 2.2. Call scene.renderer.systems.applyColorCorrection on THREE.Colors and THREE.Textures to normalize changes (#3757).
    • Have raycasters only intersect against objects defined via .setObject3D. raycaster.objects should be specified (e.g., objects: [data-raycastable] or objects: .raycastable) because raycasting is expensive. raycaster.recursive property removed (#3980) but will default to be recursive only under objects defined via .setObject3D (#3652).
    • Add renderer component (#3757).
    • antialias attribute moved to renderer.antialias.
    • Raycaster events such as raycaster-intersected no longer directly contain intersection data. Use .getIntersection function supplied in event detail or el.components.raycaster.getIntersection(el) to retrieve intersection data. Done to reduce garbage (a87e3b).
    • Disable link portal appearance by default (link.visualAspectEnabled), link component defaults to purely to listening to an event to trigger navigation (#3743).

    Fixes

    • Frame-independent easing for wasd-controls to prevent judders during framedrops (#3830).
    • Enable matrix auto updates for tracked-controls to fix children of camera and controllers not following parent (#3867).
    • Fix removing mixins not removing components (#3982).
    • Fix timing issues with mixins on still-initializing entities (#3859).
    • setPoseTarget to underlying object3D to fix issues with entities as child of camera (#3820).
    • Don't disable matrixAutoUpdate for tracked-controls outside VR (643fdc).
    • Render spectator view after VR submit frame (#3577).
    • Fix mouse cursor events not being re-enabled on resume (#3904).
    • Allow components to write to camera Z rotation when look-controls enabled (9a78a)
    • Clear raycaster intersections when toggling disabled (#3594).
    • Postpone renderer until scene is appended to DOM (#3574).
    • Fix canvas textures (b47f20).
    • Fix faces and vertices numbers on stats panel (#3573).
    • Fix magic window mode on Chrome (aaa3bf).
    • Fix audio asset preloading (2a899c).
    • Fix raycaster flatten to only include objects part of el.object3DMap versus arbitrary children (8809e7).
    • Fix canvas getting squished on orientation change on mobile (64ed3d).
    • Update position, rotation, scale components when calling .setAttribute on them (#3738).
    • Update canvas bounds for mouse cursor on renderer resize (a4cf08).
    • Fix controller reconnecting on Oculus Go and GearVR (dc8662).
    • Fix playing sound on event with sound.on (#3844).
    • Fix Chrome WebView (#3852).
    • Fix raycaster not grabbing all entities when raycaster.objects is not set. But you should always set it (#3840).
    • Fix WebVR polyfill buffer scale override (#3863).
    • Fix text when used with other geometry types (#3909).
    • Fix daydream-controls trigger not working with cursor by default (#3916).
    • Fix accessing Inspector in pointer lock mode (#3947).
    • Fix mouse cursor not emitting click when fuse is set (#4000).
    • Fix screenshots (#3998).
    • Fix camera offset getting applied when entering 2D fullscreen (#3902).

    Enhancements

    • Add oculus-go-controls, thanks Oculus! (cbbe75)
    • Add vive-focus-controls (#3876).
    • Add loading-screen component (#3760).
    • Add ?inspector={selector} and Entity.inspect() to automatically launch Inspector and focus on entity (#3894).
    • Add renderer.highRefreshRate to enable 72hz mode on Oculus Browser (#3967).
    • Add tracked-controls.autoHide property to configure whether controllers automatically hide when connected or disconnected (#3912).
    • Enable multiple raycasters on an entity (fc18cd).
    • Support custom enter VR buttons through vr-mode-ui (#3606).
    • Add material.blending property (#3543).
    • Add light.shadowRadius property (21b38).
    • Add ability to cap canvas size to pixel value (92b2f9).
    • Reduce npm bundle (53f58f).
    • Allow double underscores in component IDs (e.g., animation__foo__bar) (030023).
    • Add renderer.logarithmicDepthBuffer option (d210a2).
    • Add look-controls.reverseTouchDrag property (#3761).
    • Switch to jsdelivr with rawgit going away.
    • Support preprocessing of sound in sound.playSound() (2b2819).
    • Consolidate fullscreen styles under single CSS class (html.a-fullscreen) (#3828).
    • Emit displayconnected event when headset connected (#3918).
    • Enable antialias by default on Oculus Go (#3942).
    • Update to webvr-polyfill v0.10.10 (#3993).

    Performance

    • Large refactor of core component update path, reducing memory allocation and using object pooling (#3772).
    • Skip buildData if updating component directly. 2x speed boost on .setAttribute (#3835).
    • Remove spamming navigator.getGamepad calls in tracked-controls (#3816).
    • Optimize coordinates / vector utilities (#3908).
    • Remove object allocation in .setAttribute(component, propertyName, value) (#3812).
    • Simplify text shader hacks and make text alpha look prettier (#3557).
    • Remove garbage and bubbling from tracked-controls (#3589).
    • Remove redundant matrix world update in raycaster (ae7eba).
    • Replace Oculus OBJ model with a glTF one (#3539).
    • Optimize coordinate parse (bf66ba).
    • Simply wasd-controls tick (#3763).
    • Optimize text component (#3768).
    • Remove memory allocations in material code (#3789).
    • Remove garbage in sound component (2b2819).
    • Improve grabbing class cursor performance in 2D look-controls (#3790).
    • Remove unused and redundant mixin observers (#3831).
    • Add warning to developers to specify raycaster.objects (#3839).
    • Cache asset property type regex (#3854).

    Inspector

    Kevin spent some time getting the Inspector into ship shape.

    Major Changes

    • Introducing the A-Frame Watcher to sync updates of entities with IDs from Inspector to HTML files.
    • Remove HTML exporter.
    • Remove old A-Frame Registry code.
    • Remove broken Uploadcare uploader.
    • Remove motion capture tools.

    Enhancements

    • Orthographic cameras.
    • Improve raycasting to picking entities.
    • Syntax highlighting of entities.
    • Highlight and describe entities on viewport bar when hovering.
    • Added ?inspector={selector} to automatically launch Inspector and focus on entity.
    • Show bounding box of selected entities.
    • Show with icon what entities contain text in scenegraph.
    • Sort component properties alphabetically.
    • Display class names on entity panel.
    • Only show camera and light helpers when respective entity is selected.
    • Improve position when focusing on entity.
    • Polish components panel.
    • Center editor controls to the scene camera position.
    • Support arrow keys for number widgets.
    • .glb export.
    • Add o shortcut to toggle transform widget.
    • Add esc shortcut to unselect entity.
    • Refactor most everything (modularize, data flow, Stylus, Prettier).
    • Tweak grid colors.
    • Bigger checkboxes.
    • Fix color picker in components panel.
    • Fix display of mixins.

    Performance

    • Don't load 50 images when opening the Inspector.
    • Optimize and fix helpers for position, rotation, scale.
    • Speed up scene graph search.
    • Remove global mutation observer.
  • 0.8.2 - 2018-04-15

    Bump 0.8.2 dist

from aframe GitHub release notes
Package name: nuxt
  • 1.4.5 - 2018-11-27

    Thanks to @ clarkdo and @ ederchrono for this fix ❤️

    🔧 Fixes

    • fix(vue-router): router Expected "0" to be defined (22679cb) (#4394)
  • 1.4.4 - 2018-10-19

    Patches

    • Backport --no-generate option to nuxt build with SPA mode (PR #4127)
  • 1.4.2 - 2018-08-01
  • 1.4.1 - 2018-06-06
  • 1.4.0 - 2018-03-01
from nuxt GitHub release notes
Package name: vuetify
  • 1.5.24 - 2020-03-03

    Bug Fixes

  • 1.5.23 - 2020-02-21

    🔧 Bug Fixes

    • VDatatable: remove extra border from expanded row (#10321) (b44ef23), closes #6429
    • VSelect: resolve bug in Safari/Edge/IE with event order disparity (#10620) (49cb28b), closes #10609
    • VSelect: skip items without text in keyboard lookup (333588d), closes #8671
    • VTextField: prevent IE11 error with mask delimiters (977e586), closes #8917
  • 1.5.22 - 2019-12-31
  • 1.5.21 - 2019-11-11
  • 1.5.20 - 2019-10-31
  • 1.5.19 - 2019-10-15
  • 1.5.18 - 2019-08-20
  • 1.5.17 - 2019-08-13
  • 1.5.16 - 2019-06-18
  • 1.5.14 - 2019-04-30
  • 1.5.13 - 2019-04-23
  • 1.5.12 - 2019-04-16
  • 1.5.11 - 2019-04-09
  • 1.5.10 - 2019-04-09
  • 1.5.9 - 2019-04-02
  • 1.5.8 - 2019-03-29
  • 1.5.7 - 2019-03-19
  • 1.5.6 - 2019-03-12
  • 1.5.5 - 2019-03-05
  • 1.5.4 - 2019-02-28
  • 1.5.3 - 2019-02-26
  • 1.5.2 - 2019-02-19
  • 1.5.1 - 2019-02-12
  • 1.5.0 - 2019-02-05
  • 1.5.0-beta.3 - 2019-01-29
  • 1.5.0-beta.2 - 2019-01-24
  • 1.5.0-beta.1.0 - 2019-01-22
  • 1.5.0-beta.1 - 2019-01-22
  • 1.5.0-beta.0 - 2019-01-15
  • 1.5.0-1.5.0-beta.1.0 - 2019-06-18
  • 1.4.8 - 2019-02-05
  • 1.4.7 - 2019-02-05
  • 1.4.6 - 2019-02-04
  • 1.4.5 - 2019-02-04
  • 1.4.4 - 2019-01-29
  • 1.4.3 - 2019-01-22
  • 1.4.2 - 2019-01-15
  • 1.4.1 - 2019-01-08
  • 1.4.0 - 2019-01-01
  • 1.4.0-beta.0 - 2018-12-18
  • 1.4.0-alpha.1 - 2018-12-11
  • 1.4.0-alpha.0 - 2018-12-01
  • 1.3.16 - 2019-01-01
  • 1.3.15 - 2018-12-18
  • 1.3.14 - 2018-12-12
  • 1.3.13 - 2018-12-11
  • 1.3.12 - 2018-12-04
  • 1.3.11 - 2018-11-27
  • 1.3.10 - 2018-11-27
  • 1.3.9 - 2018-11-21
  • 1.3.8 - 2018-11-13
  • 1.3.7 - 2018-11-08
  • 1.3.6 - 2018-11-07
  • 1.3.5 - 2018-10-31
  • 1.3.4 - 2018-10-30
  • 1.3.3 - 2018-10-25
  • 1.3.2 - 2018-10-23
  • 1.3.1 - 2018-10-21
  • 1.3.0 - 2018-10-17
  • 1.3.0-beta.0 - 2018-10-10
  • 1.3.0-alpha.2 - 2018-10-09
  • 1.3.0-alpha.1 - 2018-10-02
  • 1.3.0-alpha.0 - 2018-10-02
  • 1.2.10 - 2018-10-17
  • 1.2.9 - 2018-10-11
  • 1.2.8 - 2018-10-10
  • 1.2.7 - 2018-10-09
  • 1.2.6 - 2018-10-02
  • 1.2.5 - 2018-09-25
  • 1.2.4 - 2018-09-18
  • 1.2.3 - 2018-09-05
  • 1.2.2 - 2018-09-04
  • 1.2.1 - 2018-08-29
  • 1.2.0 - 2018-08-28
  • 1.2.0-beta.3 - 2018-08-22
  • 1.2.0-beta.2 - 2018-08-16
  • 1.2.0-beta.1 - 2018-08-14
  • 1.2.0-beta.0 - 2018-07-31
  • 1.1.17 - 2018-09-28
  • 1.1.16 - 2018-09-05
  • 1.1.15 - 2018-08-28
  • 1.1.14 - 2018-08-22
  • 1.1.13 - 2018-08-16
  • 1.1.12 - 2018-08-14
  • 1.1.11 - 2018-08-13
  • 1.1.10 - 2018-08-08
  • 1.1.9 - 2018-07-31
  • 1.1.8 - 2018-07-23
  • 1.1.7 - 2018-07-19
  • 1.1.6 - 2018-07-18
  • 1.1.5 - 2018-07-17
  • 1.1.4 - 2018-07-10
  • 1.1.3 - 2018-07-09
  • 1.1.2 - 2018-07-09
  • 1.1.1 - 2018-07-01
  • 1.1.0 - 2018-06-29
  • 1.1.0-rc.3 - 2018-06-26
  • 1.1.0-rc.2 - 2018-06-21
  • 1.1.0-rc.1 - 2018-06-19
  • 1.1.0-beta.3 - 2018-06-11
  • 1.1.0-beta.2 - 2018-06-05
  • 1.1.0-beta.1 - 2018-05-30
  • 1.1.0-beta.0 - 2018-05-23
  • 1.1.0-alpha.6 - 2018-05-17
  • 1.1.0-alpha.5 - 2018-05-16
  • 1.1.0-alpha.4 - 2018-05-15
  • 1.1.0-alpha.3 - 2018-05-11
  • 1.1.0-alpha.2 - 2018-05-10
  • 1.1.0-alpha.1 - 2018-05-09
  • 1.1.0-alpha.0 - 2018-05-08
  • 1.0.19 - 2018-06-05
  • 1.0.18 - 2018-05-15
from vuetify GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade multiple dependencies with Snyk
b706846 
Snyk has created this PR to upgrade:
  - aframe from 0.8.2 to 0.9.2.
    See this package in npm: https://www.npmjs.com/package/aframe
  - nuxt from 1.4.0 to 1.4.5.
    See this package in npm: https://www.npmjs.com/package/nuxt
  - vuetify from 1.0.18 to 1.5.24.
    See this package in npm: https://www.npmjs.com/package/vuetify

See this project in Snyk:
https://app.snyk.io/org/peter-clemenko/project/28608ed9-e293-4622-a2d5-ce12dfb919c4?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

3 participants

@peterclemenko @snyk-bot