[Snyk] Security upgrade socket.io from 4.5.0 to 4.5.2

[code08-ind]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: socket.io

The new version differs by 10 commits.

• 8be95b3 chore(release): 4.5.2
• ba497ee fix(uws): prevent the server from crashing after upgrade
• 2803871 ci: add explicit permissions to workflow (#4466)
• 134226e refactor: add missing constraints (#4431)
• 9890b03 chore: bump dependencies
• 713a6b4 chore: bump mocha to version 10.0.0
• 18f3fda fix: prevent the socket from joining a room after disconnection
• 5ab8289 chore(release): 4.5.1
• 30430f0 fix: forward the local flag to the adapter when using fetchSockets()
• 9b43c91 fix(typings): add HTTPS server to accepted types (#4351)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)