Update dependency socket.io-parser to 3.3.3 [SECURITY]

This PR contains the following updates:

Package	Change
socket.io-parser	`3.3.2` -> `3.3.3`

GitHub Vulnerability Alerts

CVE-2022-2421

Due to improper type validation in the socket.io-parser library (which is used by the socket.io and socket.io-client packages to encode and decode Socket.IO packets), it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.

Example:

const decoder = new Decoder();

decoder.on(\"decoded\", (packet) => {
 console.log(packet.data); // prints [ 'hello', [Function: splice] ]
 })

decoder.add('51-[\"hello\",{\"_placeholder\":true,\"num\":\"splice\"}]');
decoder.add(Buffer.from(\"world\"));

This bubbles up in the socket.io package:

io.on(\"connection\", (socket) => {
 socket.on(\"hello\", (val) => {
 // here, \"val\" could be a reference instead of what the user expected
 });
 });

At first sight, the potential impact seems rather limited, but please upgrade to a safe version as soon as possible.

This should be fixed by:

https://github.com/socketio/socket.io-parser/commit/b5d0cb7dc56a0601a09b056beaeeb0e43b160050, included in socket.io-parser@4.2.1
https://github.com/socketio/socket.io-parser/commit/b559f050ee02bd90bd853b9823f8de7fa94a80d4, included in socket.io-parser@4.0.5

Dependency analysis for the `socket.io` package

`socket.io` version	`socket.io-parser` version	Covered?
`4.5.2...latest`	`~4.2.0` (ref)	Yes :heavy_check_mark:
`4.1.3...4.5.1`	`~4.0.4` (ref)	Yes :heavy_check_mark:
`3.0.5...4.1.2`	`~4.0.3` (ref)	Yes :heavy_check_mark:
`3.0.0...3.0.4`	`~4.0.1` (ref)	Yes :heavy_check_mark:

Dependency analysis for the `socket.io-client` package

`socket.io-client` version	`socket.io-parser` version	Covered?
`4.5.0...latest`	`~4.2.0` (ref)	Yes :heavy_check_mark:
`4.3.0...4.4.1`	`~4.1.1` (ref)	No, but the impact is very limited
`3.1.0...4.2.0`	`~4.0.4` (ref)	Yes :heavy_check_mark:
`3.0.5`	`~4.0.3` (ref)	Yes :heavy_check_mark:
`3.0.0...3.0.4`	`~4.0.1` (ref)	Yes :heavy_check_mark:

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

cashapp / misk-web