Upgrade to latest version of socket.io due to security vulnerability

[lachieh]

There are 4 main things that had to change to support the upgrade to the latest version of socket.io

1. Socket.io@3+ uses TypeScript@4: This was a simple upgrade since there's not a lot that uses TS in this project.
2. Removal of io.set(): This was deprecated in v2 and removed in v3. It was being used to set the heartbeat timeout, but that setting was also removed in v3 because engine.io reversed the mechanism.
3. Adjustment of CORS configuration: CORS changed to being off by default, which required switching the callback for the configuration into the new format
4. Fix property collision: socket.io@3 renamed the connected property of the server to sockets, which is the name chosen internally in browserSync to attach the namespaced socket back to the server instance. This fix probably needs further refactoring, but for the browserSync use case, it works fine.

Fixes #1847
Fixes #1850
Fixes #1892
Fixes #1925
Fixes #1926
Fixes #1933

[abbyblachman]

is there any update on when this will be fixed?

[lachieh]

It's fixed, I'm just waiting on someone from the team to review/approve/merge

[shakyShane]

Thank you so much @lachieh, this is great :)

[shakyShane]

@lachieh this actually breaks connections between server/clients - it's 100% my issue here for not enabling the integration tests in CI, which I'm resolving now

[lachieh]

@shakyShane thanks for merging! Is there anything I can help with?

[shakyShane]

@lachieh sorry for the delay - this is fixed in 2.27.8

I went ahead and bumped socket.io-client to latest also.

[lachieh]

Awesome, thanks so much for the work!