[Snyk] Upgrade three from 0.180.0 to 0.181.0

[umaarov]

Snyk has created this PR to upgrade three from 0.180.0 to 0.181.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.

• The recommended version was released 24 days ago.

Release notes

Package name: three

• 0.181.0 - 2025-10-31
• 0.180.0 - 2025-09-03

from three GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/three	0.181.0	🟢 6.8	Details Check Score Reason Code-Review 🟢 3 Found 9/27 approved changesets -- score normalized to 3 Maintained 🟢 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 5 binaries present in source code SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 10 all dependencies are pinned

Scanned Files

• package-lock.json

[deepsource-io]

Here's the code health analysis summary for commits 70acee5..1779f71. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
PHP	✅ Success		View Check ↗
JavaScript	✅ Success		View Check ↗
Shell	✅ Success		View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud