Advisories for Npm/Sockjs package

Incorrect handling of Upgrade header with the value of websocket leads in crashing of containers hosting sockjs apps.

SockJS's function htmlfile in lib/transport/htmlfile.js is vulnerable to Reflected XSS via the /htmlfile endpoint through the c callback parameter.