[Snyk] Security upgrade socket.io from 4.5.1 to 4.6.0

[koltyakov]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Uncaught Exception
[SNYK-JS-ENGINEIO-5496331](https://snyk.io/vuln/SNYK-JS-ENGINEIO-5496331) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: socket.io

The new version differs by 40 commits.

• a2e5d1f chore(release): 4.6.0
• d8143cc refactor: do not persist session if connection state recovery if disabled
• b2dd7cf chore: bump engine.io to version 6.4.0
• 3734b74 revert: feat: expose current offset to allow deduplication
• 8aa9499 feat: add description to the disconnecting and disconnect events (#4622)
• 4e64123 feat: expose current offset to allow deduplication
• 115a981 refactor: do not include the pid by default
• 0c0eb00 fix: add timeout method to remote socket (#4558)
• f8640d9 refactor: export DisconnectReason type
• 93d446a refactor: add charset when serving the bundle files
• 184f3cf feat: add promise-based acknowledgements
• 5d9220b feat: add the ability to clean up empty child namespaces (#4602)
• 1298839 test: add test with onAnyOutgoing() and binary attachments
• 6c27b8b test: add test with socket.disconnect(true)
• f3ada7d fix(typings): properly type emits with timeout
• a21ad88 docs(changelog): add note about maxHttpBufferSize default value (#4596)
• 54d5ee0 feat: implement connection state recovery
• da2b542 perf: precompute the WebSocket frames when broadcasting
• b7d54db docs: add Rust client implementation (#4592)
• d4a9b2c refactor(typings): add types for io.engine (#4591)
• 547c541 chore: add security policy
• 3b7ced7 chore(release): 4.5.4
• c00bb95 chore: bump engine.io to version 6.2.1
• 57e5f25 chore: bump socket.io-parser to version 4.2.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/koltyakov/project/6440e6d7-3af1-4424-a50f-cc7cc7c7b3c2?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/koltyakov/project/6440e6d7-3af1-4424-a50f-cc7cc7c7b3c2?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"9e667524-294c-4b50-b906-153b62c95a1a","prPublicId":"9e667524-294c-4b50-b906-153b62c95a1a","dependencies":[{"name":"socket.io","from":"4.5.1","to":"4.6.0"}],"packageManager":"npm","projectPublicId":"6440e6d7-3af1-4424-a50f-cc7cc7c7b3c2","projectUrl":"https://app.snyk.io/org/koltyakov/project/6440e6d7-3af1-4424-a50f-cc7cc7c7b3c2?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ENGINEIO-5496331"],"upgrade":["SNYK-JS-ENGINEIO-5496331"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[661],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)