Update sockjs as it presents a vulnerability or allow for it to update

[rjherrera]

• Operating System: N/A
• Node Version: N/A
• NPM Version: N/A
• webpack Version: N/A
• webpack-dev-server Version: 3.11.0
• Browser: N/A

• This is a bug
• This is a modification request
• This is a dependency update request

There is a vulnerability in sockjs and webpack-dev-server 3.11.0 uses it as a dependency as shown in the package.json#L62. The thing is, it's included with an explicit version (no caret or anything), and therefore it is locked to that specific version, not allowing for patch updates.

As sockjs presents a vulnerability in one of its dependencies, this is a problem affecting webpack-dev-server. The issue has been addressed in sockjs/sockjs-node#275, so I think either allowing for patch updates with ^0.3.20 or explicitly updating to 0.3.21 would address this issue.

Thanks! I'd be glad to submit a pull request if this is the correct approach!

[alexander-akait]

Fixed, release will be in near future

[rjherrera]

awesome, thank you!