There has been a new security vulnerablity found in url-parse version below 1.5.6. Please see here for more details

Sockjs-client is the using 1.5.3 version at the moment.

Please update the url-parse library to version > 1.5.6 (latest)