Describe the bug

This package is pinned to "three": "^0.154.0", which constrains the version number to 'any release forward-compatible with 0.154.0'. However, semantic version numbers with major version 0 have no forward-compatible releases. Therefore, depending on "^0.154.0" has the effect of pinning reagraph to the exact version 154.

Steps to Reproduce the Bug or Issue

Installing this package.json:

{
  "name": "reagraph-three-test",
  "version": "1.0.0",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "description": "",
  "dependencies": {
    "reagraph": "^4.19.3"
  }
}

Has the effect of installing multiple versions of three; one for reagraph and one for everything else:

$ find . -name 'package.json' | grep 'three/package.json' | grep -v '@types' | xargs grep 'version'
./node_modules/reagraph/node_modules/three/package.json:  "version": "0.154.0",
./node_modules/three/package.json:  "version": "0.169.0",
./node_modules/@react-spring/three/package.json:  "version": "9.6.1",

When used in a bundler, we then get the following warning in the browser console:

WARNING: Multiple instances of Three.js being imported.

Expected behavior

ThreeJS actually predates SemVer and seems to have ported their mononumeric versioning scheme into SemVer's minor version field. Since the package is over ten years old with thousands of contributors, it should be treated as somewhat forward-stable.

Other packages that depend on three have tended to use the >= version specifier rather than the ^ specifier to get around this issue.

Screenshots or Videos

No response

Platform

• Reagraph Version: [e.g. 1.0.0]
• OS: [e.g. macOS, Windows, Linux]
• Browser: [e.g. Chrome, Safari, Firefox]
• NodeJS version: ...

Your Example Website or App

No response

Additional context

No response