fix(deps): [Security] Bump ws from 7.4.5 to 7.4.6 (#60)

Bumps [ws](https://github.com/websockets/ws) from 7.4.5 to 7.4.6. **This update includes a security fix.**
<details>
<summary>Vulnerabilities fixed</summary>
<p><em>Sourced from <a href="https://github.com/advisories/GHSA-6fc8-4gx4-v693">The GitHub Security Advisory Database</a>.</em></p>
<blockquote>
<p><strong>ReDoS in Sec-Websocket-Protocol header</strong></p>
<h3>Impact</h3>
<p>A specially crafted value of the <code>Sec-Websocket-Protocol</code> header can be used to significantly slow down a ws server.</p>
<h3>Proof of concept</h3>
<pre lang="js"><code>for (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {
  const value = 'b' + ' '.repeat(length) + 'x';
  const start = process.hrtime.bigint();
<p>value.trim().split(/ *, */);</p>
<p>const end = process.hrtime.bigint();</p>
<p>console.log('length = %d, time = %f ns', length, end - start);
}
</code></pre></p>
<h3>Patches</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
<blockquote>
<p>Affected versions: &gt;= 5.0.0 &lt; 7.4.6</p>
</blockquote>
</details>
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p>
<blockquote>
<h2>7.4.6</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed a ReDoS vulnerability (00c425ec).</li>
</ul>
<p>A specially crafted value of the <code>Sec-Websocket-Protocol</code> header could be used
to significantly slow down a ws server.</p>
<pre lang="js"><code>for (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {
  const value = 'b' + ' '.repeat(length) + 'x';
  const start = process.hrtime.bigint();
<p>value.trim().split(/ *, */);</p>
<p>const end = process.hrtime.bigint();</p>
<p>console.log('length = %d, time = %f ns', length, end - start);
}
</code></pre></p>
<p>The vulnerability was responsibly disclosed along with a fix in private by
<a href="https://github.com/robmcl4">Robert McLaughlin</a> from University of California, Santa Barbara.</p>
<p>In vulnerable versions of ws, the issue can be mitigated by reducing the maximum
allowed length of the request headers using the <a href="https://nodejs.org/api/cli.html#cli_max_http_header_size_size"><code>--max-http-header-size=size</code></a>
and/or the <a href="https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener"><code>maxHeaderSize</code></a> options.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/websockets/ws/commit/f5297f7090f6a628832a730187c5b3a06a247f00"><code>f5297f7</code></a> [dist] 7.4.6</li>
<li><a href="https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff"><code>00c425e</code></a> [security] Fix ReDoS vulnerability</li>
<li><a href="https://github.com/websockets/ws/commit/990306d1446faf346c76452409a4c11455690514"><code>990306d</code></a> [lint] Fix prettier error</li>
<li><a href="https://github.com/websockets/ws/commit/32e3a8439b7c8273b44fe1adb5682f529e34d0ba"><code>32e3a84</code></a> [security] Remove reference to Node Security Project</li>
<li><a href="https://github.com/websockets/ws/commit/8c914d18b86a7d1408884d18eeadae0fa41b0bb5"><code>8c914d1</code></a> [minor] Fix nits</li>
<li><a href="https://github.com/websockets/ws/commit/fc7e27d12ad0af90ce05302afc85c292024000b4"><code>fc7e27d</code></a> [ci] Test on node 16</li>
<li><a href="https://github.com/websockets/ws/commit/587c201bfc22c460658ca304d23477fc7ebd2a60"><code>587c201</code></a> [ci] Do not test on node 15</li>
<li>See full diff in <a href="https://github.com/websockets/ws/compare/7.4.5...7.4.6">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=ws&package-manager=npm_and_yarn&previous-version=7.4.5&new-version=7.4.6)](https://dependabot.com/compatibility-score/?dependency-name=ws&package-manager=npm_and_yarn&previous-version=7.4.5&new-version=7.4.6)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the `.dependabot/config.yml` file in this repo:
- Update frequency
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)



</details>

package.json

@@ -30,7 +30,7 @@
     "node": ">=10"
   },
   "dependencies": {
-    "ws": "^7.4.5"
+    "ws": "^7.4.6"
   },
   "peerDependencies": {
     "ws": ">= 7.4.1 < 8"