Enabled WebRTC.

audit.txt

@@ -0,0 +1,343 @@
+# npm audit report
+
+braces  <=2.3.2
+Severity: high
+Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
+Depends on vulnerable versions of snapdragon
+fix available via `npm audit fix`
+node_modules/braces
+node_modules/readdirp/node_modules/braces
+  micromatch  0.2.0 - 3.1.10
+  Depends on vulnerable versions of braces
+  Depends on vulnerable versions of parse-glob
+  Depends on vulnerable versions of snapdragon
+  node_modules/micromatch
+  node_modules/readdirp/node_modules/micromatch
+    anymatch  1.2.0 - 1.3.2
+    Depends on vulnerable versions of micromatch
+    node_modules/anymatch
+      chokidar  1.0.0-rc1 - 2.1.8
+      Depends on vulnerable versions of anymatch
+      Depends on vulnerable versions of glob-parent
+      node_modules/chokidar
+        babel-cli  *
+        Depends on vulnerable versions of chokidar
+        node_modules/babel-cli
+          minify-js  *
+          Depends on vulnerable versions of babel-cli
+          Depends on vulnerable versions of utils-igor
+          node_modules/dir_cache/node_modules/minify-js
+          node_modules/minify-js
+          node_modules/utils-igor/node_modules/minify-js
+            dir_cache  >=1.0.2
+            Depends on vulnerable versions of minify-js
+            node_modules/dir_cache
+            utils-igor  >=2.0.0
+            Depends on vulnerable versions of minify-js
+            node_modules/dir_cache/node_modules/minify-js/node_modules/utils-igor
+            node_modules/utils-igor
+    readdirp  2.2.0 - 2.2.1
+    Depends on vulnerable versions of micromatch
+    node_modules/readdirp
+
+deep-extend  <0.5.1
+Severity: critical
+Prototype Pollution in deep-extend - https://github.com/advisories/GHSA-hr2v-3952-633q
+fix available via `npm audit fix`
+node_modules/deep-extend
+  column-layout  >=1.3.0
+  Depends on vulnerable versions of command-line-args
+  Depends on vulnerable versions of deep-extend
+  node_modules/column-layout
+    command-line-usage  2.0.0 - 3.0.8
+    Depends on vulnerable versions of column-layout
+    Depends on vulnerable versions of table-layout
+    node_modules/column-layout/node_modules/command-line-usage
+    node_modules/command-line-usage
+    node_modules/jsdoc-parse/node_modules/command-line-usage
+      cli-commands  <=0.1.0
+      Depends on vulnerable versions of command-line-usage
+      node_modules/cli-commands
+        usage-stats  0.8.0 - 0.8.6
+        Depends on vulnerable versions of cli-commands
+        node_modules/usage-stats
+          app-usage-stats  0.4.0 - 0.5.0
+          Depends on vulnerable versions of usage-stats
+          node_modules/app-usage-stats
+            jsdoc2md-stats  1.0.6 - 2.0.0
+            Depends on vulnerable versions of app-usage-stats
+            node_modules/jsdoc2md-stats
+      command-line-args  2.1.0 - 2.1.6
+      Depends on vulnerable versions of command-line-usage
+      node_modules/column-layout/node_modules/command-line-args
+      node_modules/jsdoc-parse/node_modules/command-line-args
+        jsdoc-parse  0.2.5 - 2.0.0
+        Depends on vulnerable versions of command-line-args
+        Depends on vulnerable versions of file-set
+        Depends on vulnerable versions of jsdoc-api
+        node_modules/jsdoc-parse
+          jsdoc-to-markdown  0.6.0 - 0.6.4 || 1.3.1 - 2.0.0-alpha.23
+          Depends on vulnerable versions of command-line-usage
+          Depends on vulnerable versions of dmd
+          Depends on vulnerable versions of jsdoc-parse
+          node_modules/jsdoc-to-markdown
+            grunt-jsdoc-to-markdown  0.5.0 - 0.5.1 || 1.2.0 - 1.2.1
+            Depends on vulnerable versions of jsdoc-to-markdown
+            node_modules/grunt-jsdoc-to-markdown
+      command-line-tool  0.3.0 - 0.6.4
+      Depends on vulnerable versions of command-line-usage
+      node_modules/command-line-tool
+        dmd  0.3.23 - 2.0.1
+        Depends on vulnerable versions of command-line-tool
+        Depends on vulnerable versions of ddata
+        Depends on vulnerable versions of stream-handlebars
+        node_modules/dmd
+  table-layout  <=0.4.0
+  Depends on vulnerable versions of deep-extend
+  node_modules/table-layout
+
+glob-parent  <5.1.2
+Severity: high
+Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
+fix available via `npm audit fix`
+node_modules/glob-parent
+  chokidar  1.0.0-rc1 - 2.1.8
+  Depends on vulnerable versions of anymatch
+  Depends on vulnerable versions of glob-parent
+  node_modules/chokidar
+    babel-cli  *
+    Depends on vulnerable versions of chokidar
+    node_modules/babel-cli
+      minify-js  *
+      Depends on vulnerable versions of babel-cli
+      Depends on vulnerable versions of utils-igor
+      node_modules/dir_cache/node_modules/minify-js
+      node_modules/minify-js
+      node_modules/utils-igor/node_modules/minify-js
+        dir_cache  >=1.0.2
+        Depends on vulnerable versions of minify-js
+        node_modules/dir_cache
+        utils-igor  >=2.0.0
+        Depends on vulnerable versions of minify-js
+        node_modules/dir_cache/node_modules/minify-js/node_modules/utils-igor
+        node_modules/utils-igor
+  glob-base  *
+  Depends on vulnerable versions of glob-parent
+  node_modules/glob-base
+    parse-glob  >=2.1.0
+    Depends on vulnerable versions of glob-base
+    node_modules/parse-glob
+      micromatch  0.2.0 - 3.1.10
+      Depends on vulnerable versions of braces
+      Depends on vulnerable versions of parse-glob
+      Depends on vulnerable versions of snapdragon
+      node_modules/micromatch
+      node_modules/readdirp/node_modules/micromatch
+        anymatch  1.2.0 - 1.3.2
+        Depends on vulnerable versions of micromatch
+        node_modules/anymatch
+        readdirp  2.2.0 - 2.2.1
+        Depends on vulnerable versions of micromatch
+        node_modules/readdirp
+
+handlebars  <=4.7.6
+Severity: critical
+Remote code execution in handlebars when compiling templates - https://github.com/advisories/GHSA-f2jv-r9rf-7988
+Prototype Pollution in handlebars - https://github.com/advisories/GHSA-w457-6q6x-cgp9
+Cross-Site Scripting in handlebars - https://github.com/advisories/GHSA-9prh-257w-9277
+Depends on vulnerable versions of optimist
+fix available via `npm audit fix`
+node_modules/ddata/node_modules/handlebars
+node_modules/stream-handlebars/node_modules/handlebars
+  ddata  >=0.1.18
+  Depends on vulnerable versions of handlebars
+  node_modules/ddata
+    dmd  0.3.23 - 2.0.1
+    Depends on vulnerable versions of command-line-tool
+    Depends on vulnerable versions of ddata
+    Depends on vulnerable versions of stream-handlebars
+    node_modules/dmd
+      jsdoc-to-markdown  0.6.0 - 0.6.4 || 1.3.1 - 2.0.0-alpha.23
+      Depends on vulnerable versions of command-line-usage
+      Depends on vulnerable versions of dmd
+      Depends on vulnerable versions of jsdoc-parse
+      node_modules/jsdoc-to-markdown
+        grunt-jsdoc-to-markdown  0.5.0 - 0.5.1 || 1.2.0 - 1.2.1
+        Depends on vulnerable versions of jsdoc-to-markdown
+        node_modules/grunt-jsdoc-to-markdown
+  stream-handlebars  <=0.1.6
+  Depends on vulnerable versions of handlebars
+  node_modules/stream-handlebars
+
+minimatch  <3.0.2
+Severity: high
+Regular Expression Denial of Service in minimatch - https://github.com/advisories/GHSA-hxm2-r34f-qmc5
+fix available via `npm audit fix`
+node_modules/jsdoc-parse/node_modules/minimatch
+  glob  3.0.0 - 5.0.14
+  Depends on vulnerable versions of minimatch
+  node_modules/jsdoc-parse/node_modules/glob
+    file-set  <=0.2.8
+    Depends on vulnerable versions of glob
+    node_modules/jsdoc-parse/node_modules/file-set
+      jsdoc-parse  0.2.5 - 2.0.0
+      Depends on vulnerable versions of command-line-args
+      Depends on vulnerable versions of file-set
+      Depends on vulnerable versions of jsdoc-api
+      node_modules/jsdoc-parse
+        jsdoc-to-markdown  0.6.0 - 0.6.4 || 1.3.1 - 2.0.0-alpha.23
+        Depends on vulnerable versions of command-line-usage
+        Depends on vulnerable versions of dmd
+        Depends on vulnerable versions of jsdoc-parse
+        node_modules/jsdoc-to-markdown
+          grunt-jsdoc-to-markdown  0.5.0 - 0.5.1 || 1.2.0 - 1.2.1
+          Depends on vulnerable versions of jsdoc-to-markdown
+          node_modules/grunt-jsdoc-to-markdown
+
+minimist  <0.2.1
+Severity: moderate
+Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
+fix available via `npm audit fix`
+node_modules/optimist/node_modules/minimist
+  optimist  >=0.6.0
+  Depends on vulnerable versions of minimist
+  node_modules/optimist
+    handlebars  <=4.7.6
+    Depends on vulnerable versions of optimist
+    node_modules/ddata/node_modules/handlebars
+    node_modules/stream-handlebars/node_modules/handlebars
+      ddata  >=0.1.18
+      Depends on vulnerable versions of handlebars
+      node_modules/ddata
+        dmd  0.3.23 - 2.0.1
+        Depends on vulnerable versions of command-line-tool
+        Depends on vulnerable versions of ddata
+        Depends on vulnerable versions of stream-handlebars
+        node_modules/dmd
+          jsdoc-to-markdown  0.6.0 - 0.6.4 || 1.3.1 - 2.0.0-alpha.23
+          Depends on vulnerable versions of command-line-usage
+          Depends on vulnerable versions of dmd
+          Depends on vulnerable versions of jsdoc-parse
+          node_modules/jsdoc-to-markdown
+            grunt-jsdoc-to-markdown  0.5.0 - 0.5.1 || 1.2.0 - 1.2.1
+            Depends on vulnerable versions of jsdoc-to-markdown
+            node_modules/grunt-jsdoc-to-markdown
+      stream-handlebars  <=0.1.6
+      Depends on vulnerable versions of handlebars
+      node_modules/stream-handlebars
+    node-windows  >=0.1.5
+    Depends on vulnerable versions of optimist
+    node_modules/node-windows
+
+nedb  *
+Severity: high
+Prototype Pollution - https://github.com/advisories/GHSA-339j-hqgx-qrrx
+Depends on vulnerable versions of binary-search-tree
+Depends on vulnerable versions of underscore
+No fix available
+node_modules/nedb
+
+set-value  <4.0.1
+Severity: high
+Prototype Pollution in set-value - https://github.com/advisories/GHSA-4jqc-8m5r-9rpr
+fix available via `npm audit fix`
+node_modules/set-value
+  cache-base  >=0.7.0
+  Depends on vulnerable versions of set-value
+  Depends on vulnerable versions of union-value
+  node_modules/cache-base
+    base  >=0.7.0
+    Depends on vulnerable versions of cache-base
+    node_modules/base
+      snapdragon  0.6.0 - 0.10.1
+      Depends on vulnerable versions of base
+      node_modules/snapdragon
+        braces  <=2.3.2
+        Depends on vulnerable versions of snapdragon
+        node_modules/braces
+        node_modules/readdirp/node_modules/braces
+          micromatch  0.2.0 - 3.1.10
+          Depends on vulnerable versions of braces
+          Depends on vulnerable versions of parse-glob
+          Depends on vulnerable versions of snapdragon
+          node_modules/micromatch
+          node_modules/readdirp/node_modules/micromatch
+            anymatch  1.2.0 - 1.3.2
+            Depends on vulnerable versions of micromatch
+            node_modules/anymatch
+              chokidar  1.0.0-rc1 - 2.1.8
+              Depends on vulnerable versions of anymatch
+              Depends on vulnerable versions of glob-parent
+              node_modules/chokidar
+                babel-cli  *
+                Depends on vulnerable versions of chokidar
+                node_modules/babel-cli
+                  minify-js  *
+                  Depends on vulnerable versions of babel-cli
+                  Depends on vulnerable versions of utils-igor
+                  node_modules/dir_cache/node_modules/minify-js
+                  node_modules/minify-js
+                  node_modules/utils-igor/node_modules/minify-js
+                    dir_cache  >=1.0.2
+                    Depends on vulnerable versions of minify-js
+                    node_modules/dir_cache
+                    utils-igor  >=2.0.0
+                    Depends on vulnerable versions of minify-js
+                    node_modules/dir_cache/node_modules/minify-js/node_modules/utils-igor
+                    node_modules/utils-igor
+            readdirp  2.2.0 - 2.2.1
+            Depends on vulnerable versions of micromatch
+            node_modules/readdirp
+        expand-brackets  1.0.0 - 2.1.4
+        Depends on vulnerable versions of snapdragon
+        node_modules/readdirp/node_modules/expand-brackets
+        extglob  1.0.0 - 2.0.4
+        Depends on vulnerable versions of snapdragon
+        node_modules/readdirp/node_modules/extglob
+        nanomatch  >=0.1.1
+        Depends on vulnerable versions of snapdragon
+        node_modules/nanomatch
+  union-value  *
+  Depends on vulnerable versions of set-value
+  node_modules/union-value
+
+underscore  1.3.2 - 1.12.0
+Severity: high
+Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
+No fix available
+node_modules/jsdoc-75lb/node_modules/underscore
+node_modules/underscore
+  binary-search-tree  *
+  Depends on vulnerable versions of underscore
+  node_modules/binary-search-tree
+    nedb  *
+    Depends on vulnerable versions of binary-search-tree
+    Depends on vulnerable versions of underscore
+    node_modules/nedb
+  jsdoc-75lb  *
+  Depends on vulnerable versions of underscore
+  node_modules/jsdoc-75lb
+    jsdoc-api  0.1.0 - 3.0.0
+    Depends on vulnerable versions of jsdoc-75lb
+    node_modules/jsdoc-api
+      jsdoc-parse  0.2.5 - 2.0.0
+      Depends on vulnerable versions of command-line-args
+      Depends on vulnerable versions of file-set
+      Depends on vulnerable versions of jsdoc-api
+      node_modules/jsdoc-parse
+        jsdoc-to-markdown  0.6.0 - 0.6.4 || 1.3.1 - 2.0.0-alpha.23
+        Depends on vulnerable versions of command-line-usage
+        Depends on vulnerable versions of dmd
+        Depends on vulnerable versions of jsdoc-parse
+        node_modules/jsdoc-to-markdown
+          grunt-jsdoc-to-markdown  0.5.0 - 0.5.1 || 1.2.0 - 1.2.1
+          Depends on vulnerable versions of jsdoc-to-markdown
+          node_modules/grunt-jsdoc-to-markdown
+
+48 vulnerabilities (1 low, 3 moderate, 27 high, 17 critical)
+
+To address issues that do not require attention, run:
+  npm audit fix
+
+Some issues need review, and may require choosing
+a different dependency.

views/default-mobile.handlebars

@@ -1303,7 +1303,7 @@
             QV('managePhoneNumber1', (features & 0x02000000) && (features & 0x04000000));
             QV('managePhoneNumber2', (features & 0x02000000) && !(features & 0x04000000));
 
-            attemptWebRTC = 0; // For now, default WebRTC off unless we set it in the URL.
+            //attemptWebRTC = false; // For now, default WebRTC off unless we set it in the URL.
             if (args.webrtc != null) { attemptWebRTC = (args.webrtc == 1); }
 
             // Session Refresh Timer

views/default.handlebars

@@ -1463,7 +1463,7 @@
             if (!args.locale) { var x = getstore('loctag', 0); if ((x != null) && (x != '*')) { args.locale = x; } }
             debugmode = args.debug;
 
-            attemptWebRTC = 0; // For now, default WebRTC off unless we set it in the URL.
+            //attemptWebRTC = false; // For now, default WebRTC off unless we set it in the URL.
             if (args.webrtc != null) { attemptWebRTC = (args.webrtc == 1); }
 
             QV('p13AutoConnect', debugmode); // Files