deps: force 3box>...>socket.io-parser>=4.0.5 (CVE-2022-2421)

[legobeat]

yarn audit currently failing on prod/develop.

https://app.circleci.com/pipelines/github/MetaMask/metamask-extension/29636/workflows/60bece98-1128-4951-8184-031e5e3a46c7/jobs/771221/parallel-runs/0/steps/0-103

GHSA-qm95-pgcg-qqfq

Explanation

Not tested. (In particular, the upgrade contains one potentially breaking change: socketio/socket.io-parser@28d4f03).

If this change turns out to be breaking, I see two options to this PR:

1. If confirmed to not affect metamask-extension: Add GHSA-qm95-pgcg-qqfq to .iyarc.
2. Otherwise: Fork https://github.com/3box/3box-js/ with updated ipfs/libp2p/socket.io as appropriate to resolve the (potential) vulnerability

Related: #10608

Manual Testing Steps

Validate that 3box functionality is still intact after applying change.

Pre-Merge Checklist

• PR template is filled out
• IF this PR fixes a bug, a test that would have caught the bug has been added
• PR is linked to the appropriate GitHub issue
• PR has been added to the appropriate release Milestone

+ If there are functional changes:

• Manual testing complete & passed
• "Extension QA Board" label has been applied

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[legobeat]

Just noticed #14571, which seems preferred. leaving this PR open as it was noted that removing the functionality may require further comms and that PR has a bit of conflicts to resolve.

[legobeat]

Obsolete by #14571 🎉