Merge branch 'devel' into minifier_js_update

History.md

@@ -1,4 +1,4 @@
-## v2.2.1, UNRELEASED
+## v2.3.0, UNRELEASED
 
 #### Independent Releases
 
@@ -10,6 +10,16 @@
 
 * Released `mongo-id@1.0.8` removing unused dependency `id-map`.
 
+* Released `dev-error-overlay@0.1.1` fixing sometimes page content being on top of error overlay
+
+* Released `id-map@1.1.1` removing unused dependencies and modernizing the code
+
+* `http@1.4.4`
+  - Used the new deprecation package flag instead of loud console warning.
+  
+* `socket-stream-client@0.3.3`
+  - Update `faye-websocket` dependency to v0.11.4. 
+
 ## v2.2, 2021-04-15
 
 #### Highlights
@@ -392,7 +402,7 @@ N/A
   4.2.1 to 4.2.5.
   [PR #11020](https://github.com/meteor/meteor/pull/11020)
 
-* The `url` package now provides an isomorphic implentation of the [WHATWG `url()`
+* The `url` package now provides an isomorphic implementation of the [WHATWG `url()`
   API](https://url.spec.whatwg.org/).
   While remaining backwards compatible, you can now also import `URL` and `URLSearchParams` from `meteor/url`.
   These will work for both modern and legacy browsers as well as node.
@@ -3251,7 +3261,7 @@ N/A
   fibers unless the `METEOR_DISABLE_FS_FIBERS` environment variable is
   explicitly set to a falsy value. For larger apps, this change results in
   significant build performance improvements due to the creation of fewer
-  fibers and the avoidance of unnecessary asyncronous delays.
+  fibers and the avoidance of unnecessary asynchronous delays.
   https://github.com/meteor/meteor/pull/7975/commits/ca4baed90ae0675e55c93976411d4ed91f12dd63
 
 * Running Meteor as `root` is still discouraged, and results in a fatal
@@ -3658,7 +3668,7 @@ N/A
 * `App.appendToConfig` allows adding custom tags to config.xml.
   [#7307](https://github.com/meteor/meteor/pull/7307)
 
-* When using `ROOT_URL` with a path, relative CSS URLs are rewriten
+* When using `ROOT_URL` with a path, relative CSS URLs are rewritten
   accordingly. [#5837](https://github.com/meteor/meteor/issues/5837)
 
 * Fixed bugs:
@@ -3777,7 +3787,7 @@ N/A
 
 * Adds `defineMutationMethods` option (default: true) to `new Mongo.Collection` to override default behavior that sets up mutation methods (/collection/[insert|update...]) [PR #5778](https://github.com/meteor/meteor/pull/5778)
 
-* Allow overridding the default warehouse url by specifying `METEOR_WAREHOUSE_URLBASE` [PR #7054](https://github.com/meteor/meteor/pull/7054)
+* Allow overriding the default warehouse url by specifying `METEOR_WAREHOUSE_URLBASE` [PR #7054](https://github.com/meteor/meteor/pull/7054)
 
 * Allow `_id` in `$setOnInsert` in Minimongo: https://github.com/meteor/meteor/pull/7066
 
@@ -3794,7 +3804,7 @@ N/A
 * PhantomJS is no longer included in the Meteor dev bundle (#6905). If you
   previously relied on PhantomJS for local testing, the `spiderable`
   package, Velocity tests, or testing Meteor from a checkout, you should
-  now install PhantomJS yourself, by running the following commmand:
+  now install PhantomJS yourself, by running the following command:
   `meteor npm install -g phantomjs-prebuilt`
 
 * The `babel-compiler` package now looks for `.babelrc` files and
@@ -4296,7 +4306,7 @@ a shorter list of breaking changes you should be aware of when upgrading.
 * `meteor-platform` has been deprecated in favor of the smaller `meteor-base`,
   with apps listing their other dependencies explicitly.  The v1.2 upgrader
   will rewrite `meteor-platform` in existing apps.  `meteor-base` puts fewer
-  symbols in the global namepsace, so it's no longer true that all apps
+  symbols in the global namespace, so it's no longer true that all apps
   have symbols like `Random` and `EJSON` in the global namespace.
 
 * New packages: `ecmascript`, `es5-shim`, `ecmascript-collections`, `promise`,
@@ -5542,7 +5552,7 @@ will not be able to use versions of packages that use the new features.
 
 ### Other Changes
 
-* Offically support `Meteor.wrapAsync` (renamed from
+* Officially support `Meteor.wrapAsync` (renamed from
   `Meteor._wrapAsync`). Additionally, `Meteor.wrapAsync` now lets you
   pass an object to bind as `this` in the wrapped call. See
   https://docs.meteor.com/#meteor_wrapasync.
@@ -7824,7 +7834,7 @@ tmeasday, and workmad3.
 * On the client, `Meteor.apply` takes a new `wait` option, which ensures that no
   further method calls are sent to the server until this method is finished; it
   is used for login and logout methods in order to keep the user ID
-  well-defined. You can also specifiy an `onReconnect` handler which is run when
+  well-defined. You can also specify an `onReconnect` handler which is run when
   re-establishing a connection; Meteor Accounts uses this to log back in on
   reconnect.
 

Roadmap.md

@@ -67,7 +67,7 @@ Meteor free deploy is back.
 - Status: shipped in January 2021
 - PRs: https://github.com/meteor/meteor/pull/11117
 
-HMR is avaible since Meteor 2.0
+HMR is available since Meteor 2.0
 
 ### Vue.js
 - Leaders: [Brian Mulhall](https://github.com/BrianMulhall)

SECURITY.md

@@ -0,0 +1,43 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.x.y   | ✅ |
+| 1.12.x   | 🚧 |
+| < 1.11.x   | ❌                |
+
+## Reporting a Vulnerability
+
+Report security bugs to security@meteor.com.
+
+Your report will be acknowledged within 2 work days, and you'll receive a more
+detailed response to your report within 6 work days indicating the next steps in
+handling your submission.
+
+After the initial reply to your report, the security team will endeavor to keep
+you informed of the progress being made towards a fix and full announcement,
+and may ask for additional information or guidance surrounding the reported
+issue.
+
+We don't have any bounty program. 
+
+## Reporting a security bug in a third party module
+
+Security bugs in third party modules should be reported to their respective
+maintainers.
+
+Thank you for improving the security of Meteor and its ecosystem. Your efforts
+and responsible disclosure are greatly appreciated and will be acknowledged.
+
+## Disclosure policy
+
+Here is the security disclosure policy for Meteor
+
+* The security report is received and is assigned a primary handler. This
+  person will coordinate the fix and release process. The problem is confirmed
+  and a list of all affected versions is determined. Code is audited to find
+  any potential similar problems. Fixes are prepared for all releases which are
+  still under maintenance. These fixes are not committed to the public
+  repository but rather held locally pending the announcement.

packages/accounts-base/accounts_common.js

@@ -168,7 +168,7 @@ export class AccountsCommon {
    * @param {Number} options.passwordEnrollTokenExpirationInDays The number of days from when a link to set initial password is sent until token expires and user can't set password with the link anymore. Defaults to 30.
    * @param {Number} options.passwordEnrollTokenExpiration The number of milliseconds from when a link to set initial password is sent until token expires and user can't set password with the link anymore. If `passwordEnrollTokenExpirationInDays` is set, it takes precedent.
    * @param {Boolean} options.ambiguousErrorMessages Return ambiguous error messages from login failures to prevent user enumeration. Defaults to false.
-   * @param {MongoFieldSpecifier} options.defaultFieldSelector To exclude by default large custom fields from `Meteor.user()` and `Meteor.findUserBy...()` functions when called without a field selector, and all `onLogin`, `onLoginFailure` and `onLogout` callbacks.  Example: `Accounts.config({ defaultFieldSelector: { myBigArray: 0 }})`.
+   * @param {MongoFieldSpecifier} options.defaultFieldSelector To exclude by default large custom fields from `Meteor.user()` and `Meteor.findUserBy...()` functions when called without a field selector, and all `onLogin`, `onLoginFailure` and `onLogout` callbacks.  Example: `Accounts.config({ defaultFieldSelector: { myBigArray: 0 }})`. Beware when using this. If, for instance, you do not include `email` when excluding the fields, you can have problems with functions like `forgotPassword` that will break because they won't have the required data available. It's recommend that you always keep the fields `_id`, `username`, and `email`.
    */
   config(options) {
     // We don't want users to accidentally only call Accounts.config on the

packages/accounts-base/accounts_server.js

@@ -107,7 +107,7 @@ export class AccountsServer extends AccountsCommon {
   // @override of "abstract" non-implementation in accounts_common.js
   userId() {
     // This function only works if called inside a method or a pubication.
-    // Using any of the infomation from Meteor.user() in a method or
+    // Using any of the information from Meteor.user() in a method or
     // publish function will always use the value from when the function first
     // runs. This is likely not what the user expects. The way to make this work
     // in a method or publish function is to do Meteor.find(this.userId).observe
@@ -348,7 +348,7 @@ export class AccountsServer extends AccountsCommon {
     if (!result)
       throw new Error("result is required");
 
-    // XXX A programming error in a login handler can lead to this occuring, and
+    // XXX A programming error in a login handler can lead to this occurring, and
     // then we don't call onLogin or onLoginFailure callbacks. Should
     // tryLoginMethod catch this case and turn it into an error?
     if (!result.userId && !result.error)
@@ -721,7 +721,7 @@ export class AccountsServer extends AccountsCommon {
     this._server.publish("meteor.loginServiceConfiguration", () => {
       const { ServiceConfiguration } = Package['service-configuration'];
       return ServiceConfiguration.configurations.find({}, {fields: {secret: 0}});
-    }, {is_auto: true}); // not techincally autopublish, but stops the warning.
+    }, {is_auto: true}); // not technically autopublish, but stops the warning.
 
     // Use Meteor.startup to give other packages a chance to call
     // setDefaultPublishFields.

packages/accounts-password/password_server.js

@@ -222,7 +222,7 @@ const generateCasePermutationsForString = string => {
     permutations = [].concat(...(permutations.map(prefix => {
       const lowerCaseChar = ch.toLowerCase();
       const upperCaseChar = ch.toUpperCase();
-      // Don't add unneccesary permutations when ch is not a letter
+      // Don't add unnecessary permutations when ch is not a letter
       if (lowerCaseChar === upperCaseChar) {
         return [prefix + ch];
       } else {

packages/accounts-password/password_tests.js

@@ -877,7 +877,7 @@ if (Meteor.isClient) (() => {
     logoutStep,
     function (test, expect) {
       // Test that Meteor.logoutOtherClients logs out a second
-      // authentcated connection while leaving Accounts.connection
+      // authenticated connection while leaving Accounts.connection
       // logged in.
       const secondConn = DDP.connect(Meteor.absoluteUrl());
       let token;

packages/babel-compiler/README.md

@@ -21,7 +21,7 @@ Meteor's Babel support consists of the following core packages:
 The `babel-compiler` package exports the `Babel` symbol, which exposes
 functionality provided by the
 [`meteor-babel`](https://www.npmjs.com/package/meteor-babel) NPM package,
-which is in turn implmented using the
+which is in turn implemented using the
 [`babel-core`](https://www.npmjs.com/package/babel-core) NPM package.
 Note that you can only use the `babel-compiler` package on the server.
 

packages/ddp-client/.npm/package/npm-shrinkwrap.json

@@ -1,10 +1,20 @@
 {
   "lockfileVersion": 1,
   "dependencies": {
-    "lolex": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/lolex/-/lolex-2.3.2.tgz",
-      "integrity": "sha512-A5pN2tkFj7H0dGIAM6MFvHKMJcPnjZsOMvR7ujCjfgW5TbV6H9vb1PgxLtHvjqNZTHsUolz+6/WEO0N1xNx2ng=="
+    "@sinonjs/commons": {
+      "version": "1.8.3",
+      "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.3.tgz",
+      "integrity": "sha512-xkNcLAn/wZaX14RPlwizcKicDk9G3F8m2nU3L7Ukm5zBgTwiT0wsoFAHx9Jq56fJA1z/7uKGtCRu16sOUCLIHQ=="
+    },
+    "@sinonjs/fake-timers": {
+      "version": "7.0.5",
+      "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-7.0.5.tgz",
+      "integrity": "sha512-fUt6b15bjV/VW93UP5opNXJxdwZSbK1EdiwnhN7XrQrcpaOhMJpZ/CjwFpM3THpxwA+YviBUJKSuEqKlCK5alw=="
+    },
+    "type-detect": {
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz",
+      "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g=="
     }
   }
 }

packages/ddp-client/package.js

@@ -5,7 +5,7 @@ Package.describe({
 });
 
 Npm.depends({
-  lolex: '2.3.2'
+  '@sinonjs/fake-timers': '7.0.5'
 });
 
 Package.onUse((api) => {

packages/ddp-client/test/livedata_connection_tests.js

@@ -1,4 +1,4 @@
-import lolex from 'lolex';
+import FakeTimers from '@sinonjs/fake-timers';
 import { DDP } from '../common/namespace.js';
 import { Connection } from '../common/livedata_connection.js';
 
@@ -114,7 +114,7 @@ Tinytest.add('livedata stub - receive data', function(test) {
 Tinytest.add('livedata stub - buffering data', function(test) {
   // Install special setTimeout that allows tick-by-tick control in tests using sinonjs 'lolex'
   // This needs to be before the connection is instantiated.
-  const clock = lolex.install();
+  const clock = FakeTimers.install();
   const tick = timeout => clock.tick(timeout);
 
   const stream = new StubStream();

packages/ddp/DDP.md

@@ -26,7 +26,7 @@ minor revisions of DDP might add extra fields without changing the DDP version;
 the client must therefore silently ignore unknown fields.  However, the client
 must not send extra fields other than those documented in the DDP protocol, in
 case these extra fields have meaning to future servers.  On the server, all
-field changes must be optional/ignorable for compatability with older clients;
+field changes must be optional/ignorable for compatibility with older clients;
 otherwise a new protocol version would be required.
 
 ## Establishing a DDP Connection:

packages/deprecated/http/httpcall_common.js

@@ -1,10 +1,6 @@
 var MAX_LENGTH = 500; // if you change this, also change the appropriate test
 var slice = Array.prototype.slice;
 
-var deprecationMessage = function() {
-  Log.debug('The http package has been deprecated, please migrate to the fetch package and new web standards.');
-};
-
 exports.makeErrorByStatus = function(statusCode, content) {
   var message = "failed [" + statusCode + "]";
 
@@ -56,7 +52,6 @@ var HTTP = exports.HTTP = {};
  * @deprecated
  */
 HTTP.get = function (/* varargs */) {
-  deprecationMessage();
   return HTTP.call.apply(this, ["GET"].concat(slice.call(arguments)));
 };
 
@@ -69,7 +64,6 @@ HTTP.get = function (/* varargs */) {
  * @deprecated
  */
 HTTP.post = function (/* varargs */) {
-  deprecationMessage();
   return HTTP.call.apply(this, ["POST"].concat(slice.call(arguments)));
 };
 
@@ -82,7 +76,6 @@ HTTP.post = function (/* varargs */) {
  * @deprecated
  */
 HTTP.put = function (/* varargs */) {
-  deprecationMessage();
   return HTTP.call.apply(this, ["PUT"].concat(slice.call(arguments)));
 };
 
@@ -95,7 +88,6 @@ HTTP.put = function (/* varargs */) {
  * @deprecated
  */
 HTTP.del = function (/* varargs */) {
-  deprecationMessage();
   return HTTP.call.apply(this, ["DELETE"].concat(slice.call(arguments)));
 };
 
@@ -108,6 +100,5 @@ HTTP.del = function (/* varargs */) {
  * @deprecated
  */
 HTTP.patch = function (/* varargs */) {
-  deprecationMessage();
   return HTTP.call.apply(this, ["PATCH"].concat(slice.call(arguments)));
 };

packages/deprecated/http/package.js

@@ -1,6 +1,7 @@
 Package.describe({
   summary: "Make HTTP calls to remote servers",
-  version: '1.4.3'
+  version: '1.4.4',
+  deprecated: 'Please use fetch'
 });
 
 Npm.depends({
@@ -14,8 +15,7 @@ Package.onUse(function (api) {
     // This package intentionally does not depend on ecmascript, so that
     // ecmascript and its dependencies can depend on http without creating
     // package dependency cycles.
-    'modules',
-    'logging' // For deprecation message
+    'modules'
   ]);
 
   api.mainModule('httpcall_client.js', 'client');

packages/dev-error-overlay/client.js

@@ -13,6 +13,7 @@ const styles = `
     box-shadow: inset 0 0 100px #e411111f, 0 0 20px #00000085;
     box-sizing: border-box;
     overflow-y: auto;
+    z-index: 1000000;
   }
 
   .section {

packages/dev-error-overlay/package.js

@@ -1,5 +1,5 @@
 Package.describe({
-  version: '0.1.0',
+  version: '0.1.1',
   summary: 'Show build errors in client when using HMR',
   documentation: 'README.md',
   devOnly: true

packages/es5-shim/README.md

@@ -2,7 +2,7 @@
 [Source code of released version](https://github.com/meteor/meteor/tree/master/packages/es5-shim) | [Source code of development version](https://github.com/meteor/meteor/tree/devel/packages/es5-shim)
 ***
 
-This package improves ECMAScript 5 compliance in all browers, particularly older browsers, and especially Internet Explorer 8 (and earlier).
+This package improves ECMAScript 5 compliance in all browsers, particularly older browsers, and especially Internet Explorer 8 (and earlier).
 
 Like the `ecmascript` package, `es5-shim` is [installed by default](https://github.com/meteor/meteor/blob/22bd755918/tools/static-assets/skel/.meteor/packages#L11) for all new apps. Though it technically can be removed, the expectation is that it will only be removed if the app author wishes to install an equivalent package instead (e.g. something based on [`core-js`](https://github.com/zloirock/core-js)), or wishes to drop support for older browsers altogether.
 

packages/id-map/id-map.js

@@ -1,4 +1,3 @@
-const hasOwn = Object.prototype.hasOwnProperty;
 
 export class IdMap {
   constructor(idStringify, idParse) {
@@ -13,22 +12,22 @@ export class IdMap {
 // set of methods that overlap between the two.)
 
   get(id) {
-    var key = this._idStringify(id);
+    const key = this._idStringify(id);
     return this._map.get(key);
   }
 
   set(id, value) {
-    var key = this._idStringify(id);
+    const key = this._idStringify(id);
     this._map.set(key, value);
   }
 
   remove(id) {
-    var key = this._idStringify(id);
+    const key = this._idStringify(id);
     this._map.delete(key);
   }
 
   has(id) {
-    var key = this._idStringify(id);
+    const key = this._idStringify(id);
     return this._map.has(key);
   }
 
@@ -43,8 +42,8 @@ export class IdMap {
   // Iterates over the items in the map. Return `false` to break the loop.
   forEach(iterator) {
     // don't use _.each, because we can't break out of it.
-    for (const [key, value] of this._map){
-      var breakIfFalse = iterator.call(
+    for (let [key, value] of this._map){
+      const breakIfFalse = iterator.call(
         null,
         value,
         this._idParse(key)
@@ -60,7 +59,7 @@ export class IdMap {
   }
 
   setDefault(id, def) {
-    var key = this._idStringify(id);
+    const key = this._idStringify(id);
     if (this._map.has(key)) {
       return this._map.get(key);
     }
@@ -71,7 +70,7 @@ export class IdMap {
   // Assumes that values are EJSON-cloneable, and that we don't need to clone
   // IDs (ie, that nobody is going to mutate an ObjectId).
   clone() {
-    var clone = new IdMap(this._idStringify, this._idParse);
+    const clone = new IdMap(this._idStringify, this._idParse);
     // copy directly to avoid stringify/parse overhead
     this._map.forEach(function(value, key){
       clone._map.set(key, EJSON.clone(value));

packages/id-map/package.js

@@ -1,6 +1,6 @@
 Package.describe({
   summary: "Dictionary data structure allowing non-string keys",
-  version: '1.1.0'
+  version: '1.1.1'
 });
 
 Package.onUse(function (api) {

packages/logic-solver/README.md

@@ -1050,7 +1050,7 @@ time-consuming operation.
 
 Finds a Solution that minimizes the value of
 `Logic.weightedSum(formulas, weights)`, and adds a requirement that
-this mininum value is obtained (in the sense of calling
+this minimum value is obtained (in the sense of calling
 `Solver#require` on this Solver).
 
 To determine this minimum value, call

packages/minifier-css/minifier.js

@@ -14,7 +14,7 @@ const CssTools = {
    */
   parseCss(cssText, options = {}) {
     // This function previously used the `css-parse` npm package, which
-    // set the name of the css file being pased using  { source: 'filename' }.
+    // set the name of the css file being parsed using  { source: 'filename' }.
     // If included, we'll convert this to the `postcss` equivalent, to maintain
     // backwards compatibility.
     if (options.source) {

packages/rate-limit/README.md

@@ -46,7 +46,7 @@ called a certain method and restrict them to a certain number of calls per
 user defined time frame. So we generate a unique string key (to be used as
 keys in a counters object) to represent each specific methodName + user
 combination. Since this rule applies to multiple user, we need to concatenate
-the differnet input key names with their values. For example, if we had a rule
+the different input key names with their values. For example, if we had a rule
 with matchers as such:
 
 ```javascript
@@ -71,4 +71,4 @@ every time the intervalTime is passed, at which point we delete the current
 dictionary of counters we store. Every time a rule matches to an input, we
 determine the unique key string and check if it's counters have exceeded the
 allowed amounts, returning an error to the user letting them know that a rate
-limit has been reached.
+limit has been reached.

packages/react-fast-refresh/client-runtime.js

@@ -6,7 +6,7 @@ if (enabled && process.env.NODE_ENV !== 'production' && module.hot) {
   let timeout = null;
   function scheduleRefresh() {
     if (!timeout) {
-      timeout = setTimeout(() => {
+      timeout = setTimeout(function() {
         timeout = null;
         runtime.performReactRefresh();
       }, 0);
@@ -69,11 +69,13 @@ if (enabled && process.env.NODE_ENV !== 'production' && module.hot) {
 
   runtime.injectIntoGlobalHook(window);
 
-  window.$RefreshReg$ = () => { };
-  window.$RefreshSig$ = () => type => type;
+  window.$RefreshReg$ = function() { };
+  window.$RefreshSig$ = function() {
+    return function(type) { return type; };
+  };
 
   module.hot.onRequire({
-    before(module) {
+    before: function(module) {
       if (module.loaded) {
         // The module was already executed
         return;
@@ -83,18 +85,18 @@ if (enabled && process.env.NODE_ENV !== 'production' && module.hot) {
       var prevRefreshSig = window.$RefreshSig$;
 
       window.RefreshRuntime = runtime;
-      window.$RefreshReg$ = (type, _id) => {
+      window.$RefreshReg$ = function(type, _id) {
         const fullId = module.id + ' ' + _id;
         RefreshRuntime.register(type, fullId);
       }
       window.$RefreshSig$ = RefreshRuntime.createSignatureFunctionForTransform;
 
       return {
-        prevRefreshReg,
-        prevRefreshSig
+        prevRefreshReg: prevRefreshReg,
+        prevRefreshSig: prevRefreshSig
       };
     },
-    after(module, beforeData) {
+    after: function(module, beforeData) {
       // TODO: handle modules with errors
       if (!beforeData) {
         return;

packages/react-fast-refresh/package.js

@@ -1,6 +1,6 @@
 Package.describe({
   name: 'react-fast-refresh',
-  version: '0.1.0',
+  version: '0.1.1',
   summary: 'Automatically update React components with HMR',
   documentation: 'README.md',
   devOnly: true

packages/socket-stream-client/.npm/package/npm-shrinkwrap.json

@@ -2,9 +2,9 @@
   "lockfileVersion": 1,
   "dependencies": {
     "faye-websocket": {
-      "version": "0.11.3",
-      "resolved": "https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.3.tgz",
-      "integrity": "sha512-D2y4bovYpzziGgbHYtGCMjlJM36vAl/y+xUyn1C+FVx8szd1E+86KwVw6XvYSzOP8iMpm1X0I4xJD+QtUb36OA=="
+      "version": "0.11.4",
+      "resolved": "https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.4.tgz",
+      "integrity": "sha512-CzbClwlXAuiRQAlUyfqPgvPoNKTckTPGfwZV4ZdAhVcP2lh9KUxJg2b5GkE7XbjKQ3YJnQ9z6D9ntLAlB+tP8g=="
     },
     "http-parser-js": {
       "version": "0.5.3",

packages/socket-stream-client/package.js

@@ -1,12 +1,12 @@
 Package.describe({
   name: "socket-stream-client",
-  version: "0.3.2",
+  version: "0.3.3",
   summary: "Provides the ClientStream abstraction used by ddp-client",
   documentation: "README.md"
 });
 
 Npm.depends({
-  "faye-websocket": "0.11.3",
+  "faye-websocket": "0.11.4",
   "permessage-deflate": "0.1.7"
 });
 

packages/url/legacy.js

@@ -10,5 +10,5 @@ try {
   ].join("\n"));
 }
 
-// backwards compatability
+// backwards compatibility
 require('./modern.js');

packages/url/modern.js

@@ -4,5 +4,5 @@ URLSearchParams = global.URLSearchParams;
 exports.URL = URL;
 exports.URLSearchParams = URLSearchParams;
 
-// backwards compatability
+// backwards compatibility
 Object.assign(URL, require('./bc/url_client'));

packages/url/server.js

@@ -21,5 +21,5 @@ setMinimumBrowserVersions({
   electron: [0, 20],
 }, module.id);
 
-// backwards compatability
-Object.assign(exports.URL, require('./bc/url_server'));
+// backwards compatibility
+Object.assign(exports.URL, require('./bc/url_server'));

packages/url/tests/main.js

@@ -5,5 +5,5 @@ Tinytest.add("url - sanity", function (test) {
   test.equal(typeof URLSearchParams, "function");
 });
 
-// backwards compatability
+// backwards compatibility
 require('../bc/url_tests');

packages/webapp/connect.js

@@ -5,7 +5,7 @@ export function connect(...connectArgs) {
   const originalUse = handlers.use;
 
   // Wrap the handlers.use method so that any provided handler functions
-  // alway run in a Fiber.
+  // always run in a Fiber.
   handlers.use = function use(...useArgs) {
     const { stack } = this;
     const originalLength = stack.length;
@@ -21,7 +21,7 @@ export function connect(...connectArgs) {
       if (originalHandle.length >= 4) {
         // If the original handle had four (or more) parameters, the
         // wrapper must also have four parameters, since connect uses
-        // handle.length to dermine whether to pass the error as the first
+        // handle.length to determine whether to pass the error as the first
         // argument to the handle function.
         entry.handle = function handle(err, req, res, next) {
           return Promise.asyncApply(originalHandle, this, arguments);

packages/webapp/webapp_tests.js

@@ -157,7 +157,7 @@ Tinytest.addAsync(
     };
 
     // It's okay to set this global state because we're not going to yield
-    // before settng it back to what it was originally.
+    // before setting it back to what it was originally.
     WebAppInternals.setInlineScriptsAllowed(true);
 
     {

scripts/doctool.md

@@ -26,7 +26,7 @@ Examples:
  *
 For lines that don't, no big deal.
 
-    Leading whitspace will be preserved here.
+    Leading whitespace will be preserved here.
 
  * We can create a bullet list in here:
  *
@@ -54,4 +54,4 @@ no stripping of `*` characters on any line.
 /// Multiple consecutive lines that start with `///` are
 /// treated together as a single doc comment.
 /** Separate doc comments get separate paragraphs. */
-```
+```

tools/README.md

@@ -126,7 +126,7 @@ variable `SELF_TEST_TOOL_NODE_FLAGS` could be used the same way
 `TOOL_NODE_FLAGS` is used. If you are setting the env variable
 `SELF_TEST_TOOL_NODE_FLAGS` with `TOOL_NODE_FLAGS`, consider specifying a
 custom port, as they could collide trying to listen to the same port.
-To set a custom port, you could set the variable in the followind manner
+To set a custom port, you could set the variable in the following manner
 `SELF_TEST_TOOL_NODE_FLAGS="--debug-brk=5859"` and the debugger will
 listen to the port 5859 and not the default 5858.