[Snyk] Security upgrade socket.io from 4.5.0 to 4.6.0

[jupe]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Uncaught Exception
[SNYK-JS-ENGINEIO-5496331](https://snyk.io/vuln/SNYK-JS-ENGINEIO-5496331) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: socket.io

The new version differs by 43 commits.

• a2e5d1f chore(release): 4.6.0
• d8143cc refactor: do not persist session if connection state recovery if disabled
• b2dd7cf chore: bump engine.io to version 6.4.0
• 3734b74 revert: feat: expose current offset to allow deduplication
• 8aa9499 feat: add description to the disconnecting and disconnect events (#4622)
• 4e64123 feat: expose current offset to allow deduplication
• 115a981 refactor: do not include the pid by default
• 0c0eb00 fix: add timeout method to remote socket (#4558)
• f8640d9 refactor: export DisconnectReason type
• 93d446a refactor: add charset when serving the bundle files
• 184f3cf feat: add promise-based acknowledgements
• 5d9220b feat: add the ability to clean up empty child namespaces (#4602)
• 1298839 test: add test with onAnyOutgoing() and binary attachments
• 6c27b8b test: add test with socket.disconnect(true)
• f3ada7d fix(typings): properly type emits with timeout
• a21ad88 docs(changelog): add note about maxHttpBufferSize default value (#4596)
• 54d5ee0 feat: implement connection state recovery
• da2b542 perf: precompute the WebSocket frames when broadcasting
• b7d54db docs: add Rust client implementation (#4592)
• d4a9b2c refactor(typings): add types for io.engine (#4591)
• 547c541 chore: add security policy
• 3b7ced7 chore(release): 4.5.4
• c00bb95 chore: bump engine.io to version 6.2.1
• 57e5f25 chore: bump socket.io-parser to version 4.2.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/jupe/project/89137d2b-8d19-4840-b8f3-d0a8d93b8f9e?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/jupe/project/89137d2b-8d19-4840-b8f3-d0a8d93b8f9e?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"a16f1ea0-01a3-45f5-89dc-e779853b2b79","prPublicId":"a16f1ea0-01a3-45f5-89dc-e779853b2b79","dependencies":[{"name":"socket.io","from":"4.5.0","to":"4.6.0"}],"packageManager":"npm","projectPublicId":"89137d2b-8d19-4840-b8f3-d0a8d93b8f9e","projectUrl":"https://app.snyk.io/org/jupe/project/89137d2b-8d19-4840-b8f3-d0a8d93b8f9e?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ENGINEIO-5496331"],"upgrade":["SNYK-JS-ENGINEIO-5496331"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[661],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)