[Security] Bump socket.io-parser from 3.2.0 to 4.0.4

[dependabot-preview]

Bumps socket.io-parser from 3.2.0 to 4.0.4. This update includes security fixes.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Resource exhaustion in socket.io-parser The socket.io-parser npm package before versions 3.3.2 and 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.

Affected versions: < 3.3.2

Sourced from The GitHub Security Advisory Database.

Resource exhaustion in socket.io-parser socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.

Affected versions: < 3.4.1

Release notes

Sourced from socket.io-parser's releases.

4.0.4

Bug Fixes

• allow integers as event names (1c220dd)

Links

• Diff: socketio/socket.io-parser@4.0.3...4.0.4

4.0.3

Links

• Diff: socketio/socket.io-parser@4.0.2...4.0.3

4.0.2

Bug Fixes

• move @​types/component-emitter to dependencies (#99) (4efa005)

Links

• Diff: socketio/socket.io-parser@4.0.1...4.0.2

4.0.1

Features

• move binary detection back to the parser (285e7cd)
• add support for a payload in a CONNECT packet (78f9fc2)

Bug Fixes

• do not catch encoding errors (aeae87c)
• throw upon invalid payload format (c327acb)

BREAKING CHANGES

• the encode method is now synchronous (28d4f03)

Links

• Diff: socketio/socket.io-parser@3.4.1...4.0.1

4.0.1-rc3

Links

• Diff: socketio/socket.io-parser@4.0.1-rc2...4.0.1-rc3

4.0.1-rc2

Features

... (truncated)

Changelog

Sourced from socket.io-parser's changelog.

4.0.4 (2021-01-15)

Bug Fixes

• allow integers as event names (1c220dd)

4.0.3 (2021-01-05)

4.0.2 (2020-11-25)

Bug Fixes

• move @​types/component-emitter to dependencies (#99) (4efa005)

4.0.1 (2020-11-05)

Features

• move binary detection back to the parser (285e7cd)
• add support for a payload in a CONNECT packet (78f9fc2)

Bug Fixes

• do not catch encoding errors (aeae87c)
• throw upon invalid payload format (c327acb)

BREAKING CHANGES

• the encode method is now synchronous (28d4f03)

4.0.1-rc3 (2020-10-25)

4.0.1-rc2 (2020-10-15)

Features

• move binary detection back to the parser (285e7cd)

... (truncated)

Commits

• af1b23c chore(release): 4.0.4
• 1c220dd fix: allow integers as event names
• 444520d chore(release): 4.0.3
• b076dbb ci: migrate to GitHub Actions
• 7c380d3 chore: bump debug version
• f2098b0 chore(release): 4.0.2
• 66973a3 chore: cleanup dist folder before compilation
• 4efa005 fix: move @​types/component-emitter to dependencies (#99)
• c044433 docs: add compatibility table
• e339323 chore(release): 4.0.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)