[Snyk] Fix for 38 vulnerabilities

[MarcelRaschke]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	No	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	No	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	715/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-NODESASS-535497	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-NODESASS-542662	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-STYLELINT-1585622	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-STYLELINT-460283	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ava

The new version differs by 250 commits.

• 9bc615e 4.0.0
• f09742f Clean up documentation in preparation for AVA 4
• 0187779 Dependency updates
• 29024af Test compatibility with TypeScript 4.5
• 8df118b Use AVA 4 for the self-hosted tests
• bedd1d0 Remove dependency on `equal-length`
• d4ec097 Improve wording in TypeScript recipe
• b3a1b72 Mention experimental specifier resolution in TypeScript recipe
• 77623a5 Handle path sources
• 5cdeb9d 4.0.0-rc.1
• 88e7680 Final ESM tweaks
• 60b7cf8 Align shared worker protocol identifier with provider protocols
• ad521af Graduate shared workers to be non-experimental
• 0edfd00 Skip flaky tests in CI
• c4f6723 Use thread IDs
• af30e73 Remove dead code and obsolete TODOs
• 6ed3ad1 Reduce XO exceptions
• 5a48893 Update XO and fix problems
• a7737cd Update dependencies
• dc405ef Fix Mongoose recipe
• c214512 Find ava.config.* files outside of project directory
• 44aebd9 Exclude more files from code coverage
• def2885 Improve handling of temporary file changes in watch mode
• 1a62f15 Switch to .xo-config.cjs

See the full diff

Package name: copy-webpack-plugin

The new version differs by 78 commits.

• 650d44d chore(release): 5.1.2
• a42d63f fix(security): update `serialize-javascript` (rotation and offset of interactables picked up from spawners is not preserved Hubs-Foundation/hubs#521)
• 96e2315 chore(release): 5.1.1
• 3b79595 fix: allow to setup empty array (Adjusting cursor distance when holding an interactable is reversed on Oculus GO Hubs-Foundation/hubs#425)
• 5df649c chore(release): 5.1.0
• c936416 refactor: tests (Perf: Don't use aframe Line component in cursor-controller Hubs-Foundation/hubs#421)
• 08a4d7f docs: fix
• 8b13bc3 refactor: improve schema
• d155dd0 docs: update ignore instructions (Running mozilla hubs build on AWS Cloud 9 Hubs-Foundation/hubs#410)
• 45780be docs: example for placeholders in `to` (Warn users when uBlock Origin's WebRTC option is enabled Hubs-Foundation/hubs#420)
• 452539a feat: validate options (Guide for installing HUBS locally Hubs-Foundation/hubs#419)
• 4826e56 fix: better to determine when glob is used
• 51c3680 docs: issue 408 (Bump A-Frame to recent master Hubs-Foundation/hubs#418)
• f6f72a7 chore(deps): update
• 0675847 chore(release): 5.0.5
• 9146c2a docs: fix typo (explicitly switch between dynamic and static body types Hubs-Foundation/hubs#401)
• 3103940 refactor: minor code refactor (Feature/debug mode Hubs-Foundation/hubs#399)
• c546871 perf: improvement for webpack@5 (Need a way to include cube map reflections for any and all models that are using PBR shader. Hubs-Foundation/hubs#406)
• 5db376b chore(deps): update (Add hubs.local as valid domain for webpack dev server Hubs-Foundation/hubs#409)
• 806eb41 docs: fix broken fragment links (Clicking the middle of the screen while looking down clicks the in-world hud Hubs-Foundation/hubs#398)
• 6158483 chore(release): 5.0.4
• cd0e9f5 docs: clarify plugin description (fix TypeError: Cannot read property enableMicrophone of undefined error (fixes #394) Hubs-Foundation/hubs#395)
• f848140 test: refactor (TypeError: Cannot read property 'enableMicrophone' of undefined error (in src/components/mute-mic.js) Hubs-Foundation/hubs#394)
• ff0c736 refactor: tests (Send to device follow-ups Hubs-Foundation/hubs#393)

See the full diff

Package name: css-loader

The new version differs by 71 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (Add optional GA tracking telemetry Hubs-Foundation/hubs#860)
• e7525c9 test: nested url (Add proper content type for HLS Hubs-Foundation/hubs#859)
• 7259faa test: css hacks (Re-send entry event on rejoin Hubs-Foundation/hubs#858)
• 5e6034c feat: allow to filter import at-rules (Update hover menu properly if it loads late Hubs-Foundation/hubs#857)
• 5e702e7 feat: allow filtering urls (Remove old video-seek buttons from freeze menu Hubs-Foundation/hubs#856)
• 9642aa5 test: css stuff (WIP Delay loading until hover Hubs-Foundation/hubs#855)
• 3338656 fix: reduce number of require for url (Tweaks to rotation button / mode Hubs-Foundation/hubs#854)
• 533abbe test: issue 636 (Fix ui materials Hubs-Foundation/hubs#853)
• 08c551c refactor: better warning on invalid url resolution (Handle failed pins due to invalid token Hubs-Foundation/hubs#852)
• b0aa159 test: issue Fix up media loading a lot Hubs-Foundation/hubs#589 (Drop cursor on vive Hubs-Foundation/hubs#851)
• f599c70 fix: broken unucode characters (Clear credentials and create anonymous hubs if your token is invalid Hubs-Foundation/hubs#850)
• 1e551f3 test: issue 286 (Room permissions, settings and improved entry flow Hubs-Foundation/hubs#849)
• 419d27b docs: improve readme (Don't whitelist CORS-blocked domains in dev Hubs-Foundation/hubs#848)
• d94a698 refactor: webpack-default (Support MultiMaterials in loaded glTF models Hubs-Foundation/hubs#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (Refresh expired invite link Hubs-Foundation/hubs#845)
• 8a6ea10 refactor: postcss plugins (Add deadzone to oculus touch joysticks Hubs-Foundation/hubs#844)
• fdcf687 fix: url resolving logic (Room permissions, settings and improved entry flow Hubs-Foundation/hubs#843)
• 889dc7f feat: allow to disable css modules and disable their by default (Rotate and align objects easily Hubs-Foundation/hubs#842)
• ee2d253 test: importLoaders option (Authorize hub mutation commands Hubs-Foundation/hubs#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (Fix scaling of spawned objects Hubs-Foundation/hubs#840)
• fe94ebc test: icss reserved keywords (Fix spawn point rotation Hubs-Foundation/hubs#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (Video Controls Overlay Hubs-Foundation/hubs#838)

See the full diff

Package name: html-loader

The new version differs by 55 commits.

• d7cccfa chore(release): 1.0.0
• 3c9a1d8 refactor: `attributes` option (Disable zoom on mobile  Hubs-Foundation/hubs#265)
• 8c73761 feat: `preprocessor` option (Show mailing list signup with ?list_signup=true Hubs-Foundation/hubs#263)
• f2ce5b1 feat: improve errors
• 9923244 chore(deps): update (Fix the check to see if the pose is the same as last time. Hubs-Foundation/hubs#260)
• 9835bde feat: supports `link:href` attribute for css (Add block buttons to the avatars during freeze mode. Hubs-Foundation/hubs#258)
• 7af2eff refactor: improve schema (Handle touch/mouse events on mobile better Hubs-Foundation/hubs#257)
• 98412f9 docs: `filter` sources (create new Chrome Origin-Trial tokens for production origin Hubs-Foundation/hubs#256)
• ff0f44c feat: implement the `filter` option for filtering some of sources (add redirects for hub → hubs (naming can be confusing, hard to remember) Hubs-Foundation/hubs#255)
• 1c24662 refactor: move the `root` option under the `attributes` option (Remove action_primary actions from vive triggers. Hubs-Foundation/hubs#254)
• 888b8fe docs: add footnote for `-attributes` (Remove the use of setTimeout from the touchStart handler in cursor-controller. Hubs-Foundation/hubs#252)
• 3d2907e refactor: remove the `interpolate` option
• bd979e2 refactor: remove the `interpolate` option
• fcba4ec fix: handle only valid srcset tags (support non-English languages (l10n localisation, i18n internationalisation) Hubs-Foundation/hubs#253)
• 9e5ce56 perf: improve source parse (Cursor lock when dragging camera Hubs-Foundation/hubs#251)
• c9c8dad refactor: improve source parse (Client crashes when spawning ducks too fast Hubs-Foundation/hubs#250)
• 079d623 fix: respect `#hash` in sources
• a17df49 fix: reduce `import`/`require` count
• d0b0150 fix: adding quotes when necessary for unquoted sources (Fix nipple js error when pointer events are canceled. Hubs-Foundation/hubs#247)
• e3727ab test: minifier
• 0bbe29c feat: migrate on `htmlparse2`
• b7af031 fix: escape `\u2028` and `\u2029` characters (Character controller introduces noise in scale Hubs-Foundation/hubs#244)
• 24b0427 fix: parser tags and attributes according spec (Feature/ui pass for hubs Hubs-Foundation/hubs#243)
• 3df909d feat: support `script:src` attributes

See the full diff

Package name: html-webpack-plugin

The new version differs by 139 commits.

• eb73905 chore(release): 4.0.0
• 42a6d4a Add typing for getHooks
• a1a37cf Release html-webpack-plugin 4.0.0-beta.14
• 97f9fb9 fix: load script files before style files files in defer script loading mode
• e97ce17 Release html-webpack-plugin 4.0.0-beta.13
• e448b5d Release html-webpack-plugin 4.0.0-beta.12
• de315eb feat: Add defer script loading
• 7df269f feat: Provide a verbose error message if html minification failed
• 1d66e53 feat: merge templateParameters with default template parameters
• dfb98e7 Fix typo in template option docts
• 096a760 Fix broken links in examples
• a195c34 docs: Update template-option documentation
• 40b410e docs: Update example for template parameters
• bf017f3 chore: Release 4.0.0-beta.11
• 2549557 test: Don't use minification for speed measurement
• de22fc2 test: Adjust measurment for node 6 on travis
• 24bf1b5 fix: Update references to html-minifier
• f4eafdc chore: Release 4.0.0-beta.10
• a2ad30a refactor: Use getAssetPath instead of calling the hook directly
• 2595a79 chore: Release 4.0.0-beta.9
• c66766c feat: Add support for minifying inline ES6 inside html templates
• 655cbcd Fix README typo
• 6de319b update lodash dependency for prototype polution vulnerability
• 35a1541 Properly encode file names emitted as part of URLs.

See the full diff

Package name: htmlhint

The new version differs by 171 commits.

• 9796b67 chore(release): 0.16.2 [skip ci]
• 98e45b9 fix: clenaup non-functional typos (Fix issues detecting VR input devices Hubs-Foundation/hubs#727)
• 081db96 chore(deps-dev): bump @ types/xml from 1.0.5 to 1.0.6 (Don't do meaningless stuff with empty media components Hubs-Foundation/hubs#740)
• fad78d8 chore(deps): bump async from 3.2.0 to 3.2.2 (Sign In and Persistence Ownership Hubs-Foundation/hubs#739)
• 63d367e refactor: move eslint config to type overrides (Camera focus and tracking Hubs-Foundation/hubs#725)
• 77e9a6c chore(dependabot): correct quoting for prettier (Responsive CSS for Hubs Landing Page Hubs-Foundation/hubs#735)
• e95cd82 chore: run lint once for CI (Fix blur issue Hubs-Foundation/hubs#726)
• 88d3670 chore(build): add Dependabot for website packages (Optimize cors Hubs-Foundation/hubs#721)
• 4f85a1a chore(build): remove redundant matrix (Stub out basic input system Hubs-Foundation/hubs#720)
• 3c25de8 style: run prettier during lint (Animation menu buttons Hubs-Foundation/hubs#724)
• 26b4e44 chore(build): use caching in setup-node (Chat commands for fly mode & avatar size Hubs-Foundation/hubs#723)
• 5b52a27 chore(build): run matrix on current node releases (React dialog fixup Hubs-Foundation/hubs#719)
• 4de808c fix changelog duplication (Fixed checkbox styling Hubs-Foundation/hubs#717)
• ec2da2c chore(release): 0.16.1 [skip ci]
• 4d702d8 fix: tagname-specialchars description (Feature/tweet buttons Hubs-Foundation/hubs#714)
• e027f30 Fix `How To Use` link. (Feature/vr presence count Hubs-Foundation/hubs#715)
• f1030e3 chore(deps): bump y18n from 4.0.0 to 4.0.3 in /website (Feature/surprise me Hubs-Foundation/hubs#713)
• cdba1b3 chore(deps): bump lodash from 4.17.15 to 4.17.21 in /website (Feature/spoke landing Hubs-Foundation/hubs#712)
• 2561560 chore(deps): bump ssri from 6.0.1 to 6.0.2 in /website (Add fly mode Hubs-Foundation/hubs#711)
• d8a28ea chore(deps): bump dns-packet from 1.3.1 to 1.3.4 in /website (Add visual indicator to bubble toggling and invading Hubs-Foundation/hubs#710)
• 37a4d2b chore(deps): bump color-string from 1.5.3 to 1.6.0 in /website (Feature/fly Hubs-Foundation/hubs#706)
• 593ac56 chore(deps): bump url-parse from 1.4.7 to 1.5.3 in /website (Feature/custom environments Hubs-Foundation/hubs#703)
• 9f09a72 chore(deps): bump postcss from 7.0.30 to 7.0.39 in /website (Search and insert google blocks assets. Hubs-Foundation/hubs#708)
• d30a1e7 chore(deps): bump ws from 6.2.1 to 6.2.2 in /website (Feature/gltf animation Hubs-Foundation/hubs#707)

See the full diff

Package name: node-fetch

The new version differs by 19 commits.

• 1ef4b56 backport of Invite tip covers up entry flow on small height screens Hubs-Foundation/hubs#1449 (Pull request to add Chrome extension for screen sharing Hubs-Foundation/hubs#1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (Perform user actions from presence list Hubs-Foundation/hubs#1310)
• f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (Consider allowing mouse capture for easier turning on desktop Hubs-Foundation/hubs#1352)
• b5417ae fix: import whatwg-url in a way compatible with ESM Node (Fix hand collisions Hubs-Foundation/hubs#1303)
• 18193c5 fix v2.6.3 that did not sending query params (Stuck on "choose device" modal in development Hubs-Foundation/hubs#1301)
• ace7536 fix: properly encode url with unicode characters (UX: Add text + informational to lobby to indicate that you are not in the room yet Hubs-Foundation/hubs#1291)
• 152214c Fix(package.json): Corrected main file path in package.json (networked component tick running after entity is removed Hubs-Foundation/hubs#1274)
• b5e2e41 update version number
• 2358a6c Honor the `size` option after following a redirect and revert data uri support
• 8c197f8 docs: Fix typos and grammatical errors in README.md (Landing page navigation broken in smaller windows Hubs-Foundation/hubs#686)
• 1e99050 fix: Change error message thrown with redirect mode set to error (Allow sharing photos from the chat log Hubs-Foundation/hubs#653)
• 244e6f6 docs: Show backers in README
• 6a5d192 fix: Properly parse meta tag when parameters are reversed (Audio problem in chrome 70.0.3538.77 64-bit OS X Hubs-Foundation/hubs#682)
• 47a24a0 chore: Add opencollective badge
• 7b13662 chore: Add funding link
• 5535c2e fix: Check for global.fetch before binding it (Remove some frame time Hubs-Foundation/hubs#674)
• 1d5778a docs: Add Discord badge
• eb3a572 feat: Data URI support (Add a shader effect when hovering over interactables Hubs-Foundation/hubs#659)
• 086be6f Remove --save option as it isn't required anymore (Camera Tool Hubs-Foundation/hubs#581)

See the full diff

Package name: node-sass

The new version differs by 87 commits.

• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (A room link is not created when using the short format link of a room Hubs-Foundation/hubs#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (Landing page panels Hubs-Foundation/hubs#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (Waypoint link reloads room on first click Hubs-Foundation/hubs#3149)
• e80d4af chore: Drop EOL Node 15 (Not getting the option of "Remix in spoke" or "Edit in Spoke" Hubs-Foundation/hubs#3122)
• d753397 feat: Add Node 17 support (Is there any way to access the code for implementing chat commands? Hubs-Foundation/hubs#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
• bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
• 80d6c00 chore: Windows x86 on GitHub Actions (Is there a way to access the individual elements of a glb in spoke? Hubs-Foundation/hubs#3041)
• 566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (日本語 Add Japanese language option Hubs-Foundation/hubs#3102)
• 7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 (User-Friendly Naming for Objects in Scene? Hubs-Foundation/hubs#3156)
• 2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (Spanish translation Hubs-Foundation/hubs#3161)
• fca5257 build(deps): bump actions/setup-node from 2.3.0 to 2.4.0
• 6200b21 docs: Double word "support" (Media Frames not positioning content correctly when nested under other nodes in Spoke Hubs-Foundation/hubs#3159)
• eaf791a build(deps): bump actions/setup-node from 2.1.5 to 2.3.0
• 16b8d4b build(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3
• c167004 6.0.1
• 911d4db remove mkdirp dep (Language localization: Spanish Hubs-Foundation/hubs#3108)
• 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
• 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
• cfcbb2c chore: Use default Apline version from docker-node (Fix bug where invisible audio nodes initialize at the origin Hubs-Foundation/hubs#3121)
• 886319b chore: Drop Node 10 support
• c908f4f fix: Bump OSX minimum to 10.11

See the full diff

Package name: selfsigned

The new version differs by 34 commits.

• ff1857a v1.10.13
• 030bb0c Merge branch 'mkapra-master'
• 4ed3feb 1.10.13
• bc483b9 Upgrade node-forge to non vulnerable version
• da38146 1.10.12
• dd3a994 update mocha and chai. Remove travis
• c5ac42b fix tests
• b206981 1.10.11
• e68ef96 fix tests and minor change in jsdoc
• 162a255 minor
• e361323 1.10.10
• 567bcd6 improve readme and add jsdocs
• afe6029 1.10.9
• 2aff0d6 fix outdated deps and tests
• b7f2afa 1.10.8
• 08012a7 update package-lock
• 30be7f1 chore: update node-forge dependency (Webpack Refactor Hubs-Foundation/hubs#39)
• 7b3fb86 1.10.7
• 866e4e7 Merge branch 'Dalimil-master'
• 333ac8f revert v bump
• 1c89c97 Update node-forge
• 7bd5876 1.10.6
• 23d4529 Merge pull request Bump minimist, mkdirp and gonzales-pe devcode1981/hubs#30 from rynmsh/master
• 31aa53a Fixed incorrect error variable being passed to async callback function when thrown from generatePem

See the full diff

Package name: shelljs

The new version differs by 24 commits.

• 70668a4 0.8.5
• d919d22 fix(exec): lockdown file permissions (Teleportation sends you to the wrong spot Hubs-Foundation/hubs#1060)
• fcf1651 0.8.4
• a1111ee Silence potentially upcoming circular dependency warning (Set service worker timeout Hubs-Foundation/hubs#973)
• d4d1317 0.8.3
• db317bf Add test case for sed on empty file (Choose new scenes for a room Hubs-Foundation/hubs#904)
• 0d5ecb6 docs(changelog): updated by Nate Fischer [ci skip]
• 6b3c7b1 refactor: don't expose tempdir in common.state (Wiki changes Hubs-Foundation/hubs#903)
• 4bd22e7 chore(ci): fix codecov on travis (Bug/fix up menu box choice and scale Hubs-Foundation/hubs#897)
• 2b3b781 fix: silent exec (Hubs stuck on loading screen in Chrome on Android and Windows if webvr/xr flags are enabled Hubs-Foundation/hubs#892)
• 37acb86 chore(npm): add ci-or-install script (Chat now available on mobile Hubs-Foundation/hubs#896)
• 4e861db chore(appveyor): run entire test matrix (Name tags should be always facing the observer Hubs-Foundation/hubs#886)
• d079515 docs: remove gitter badge (Kick objects by creator Hubs-Foundation/hubs#880)
• 4113a72 grep includes the i flag (Crush some pngs Hubs-Foundation/hubs#876)
• 8dae55f Fix(which): match only executable files (Improve loading with less hitching and more waiting Hubs-Foundation/hubs#874)
• 6d66a1a chore: rename some tests (Use lighter-weight JWT decoding library Hubs-Foundation/hubs#871)
• 131b88f Fix cp from readonly source (Deduplicate three.js from our bundle Hubs-Foundation/hubs#870)
• 1dd437e fix(mocks): fix conflict between mocks and skip (Feature/react admin Hubs-Foundation/hubs#863)
• 72ff790 chore: bump dev dependencies and add package-lock (Kicking should remove entities that the kicked user created, not owned Hubs-Foundation/hubs#864)
• 93bbf68 Prevent require-ing bin/shjs (Don't whitelist CORS-blocked domains in dev Hubs-Foundation/hubs#848)
• aa9d443 chore: output npm version in travis (Clear credentials and create anonymous hubs if your token is invalid Hubs-Foundation/hubs#850)
• 4733a32 chore(appveyor): do not use latest npm (Support MultiMaterials in loaded glTF models Hubs-Foundation/hubs#847)
• dd5551d chore: update shelljs-release version (Don't use BVH for grouped geometries, bump max depth Hubs-Foundation/hubs#846)
• 97a4df8 docs(changelog): updated by Nate Fischer [ci skip]

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• 060310c 14.0.0
• ff4a1ef Prepare CHANGELOG
• 8d2f6e1 Bump postcss (Upgrade to Node LTS (16) and Webpack 5 Hubs-Foundation/hubs#5619)
• f552608 Merge pull request Bpt Hubs-Foundation/hubs#5618 from stylelint/dependabot/npm_and_yarn/husky-7.0.4
• 7ed17ad Bump husky from 7.0.2 to 7.0.4
• 4d9f75e Merge pull request remove room code button Hubs-Foundation/hubs#5617 from stylelint/dependabot/npm_and_yarn/jest-27.3.1
• bc9dd0b Bump jest from 27.2.5 to 27.3.1
• 82e2507 Merge pull request Fix darkened video-texture-target Hubs-Foundation/hubs#5604 from stylelint/v14
• 16d259f Update CHANGELOG.md
• 70b1149 Fix false positives for dynamic-range keywords in media-feature-name-no-unknown (Certain textures/extensions hide cursor Hubs-Foundation/hubs#5613)
• 8dca498 Show more info in missing customSyntax warning (Can I deploy a custom client on hubs domain itself? Hubs-Foundation/hubs#5611)
• 2eee0a9 Remove v14 CI triggers (#5610)
• 12f8081 14.0.0-0
• 5dd7ec1 Prepare 14.0.0
• 67313a3 Add support for `extends` in `overrides` config (Mac M1 npm ci build fail after 8ddc1fc7d (Electron related) Hubs-Foundation/hubs#5603)
• b6fd2fc Document no need for postcss-html maintainer (Matching renders in Blender and Hubs Hubs-Foundation/hubs#5602)
• bf28025 Recommend using shared configs (Bump terser from 4.8.0 to 4.8.1 in /admin Hubs-Foundation/hubs#5598)
• 07118d6 Update CHANGELOG.md
• 367142a Change `ignoreFiles` to be extendable (Support full keyboard layout customization Hubs-Foundation/hubs#5596)
• 1b4162f Fix conflicts in dependabot
• 87c5fde Bump picocolors from 0.2.1 to 1.0.0 (Allow to open a single object menu on mobiles Hubs-Foundation/hubs#5601)
• 1f32094 Bump typescript from 4.4.3 to 4.4.4 (video-texture-target is darkened since THREE 141 update Hubs-Foundation/hubs#5599)
• 88b9575 Revise contributors section of README (Force AppLogo refresh when system theme changes Hubs-Foundation/hubs#5585)
• e38da70 Use problem rather than violation in docs and types (Import .js issue in hubs.js Hubs-Foundation/hubs#5592)

See the full diff

Package name: tar

The new version differs by 26 commits.

• df64c4d 5.0.10
• 82eac95 fix: prevent path escape using drive-relative paths
• 1739408 fix: reserve paths properly for unicode, windows
• d56f790 fix: prune dirCache properly for unicode, windows
• 173800d 5.0.9
• 21f3e9b fix: skip extract if linkpath is stripped entirely
• 32027d6 fix: reserve paths case-insensitively
• 8d2a316 5.0.8
• f014516 tests: run (and pass) on windows
• e120d38 fix: refactoring to pass tests on Windows
• ab3e903 fix: normalize paths on Windows systems
• aa5f6db fix: properly prefix hard links
• f07d404 fix(unpack): fix hang on large file on open() fail
• f94049c update deps