[Backport 6.x] Secure json parsing (#1112)

* Safe json parsing

* Updated test

Co-authored-by: Tomas Della Vedova <delvedor@users.noreply.github.com>

lib/Serializer.js

@@ -6,6 +6,7 @@
 
 const { stringify } = require('querystring')
 const debug = require('debug')('elasticsearch')
+const sjson = require('secure-json-parse')
 const { SerializationError, DeserializationError } = require('./errors')
 
 class Serializer {
@@ -22,7 +23,7 @@ class Serializer {
   deserialize (json) {
     debug('Deserializing', json)
     try {
-      var object = JSON.parse(json)
+      var object = sjson.parse(json)
     } catch (err) {
       throw new DeserializationError(err.message)
     }