Run yarn audit on Hearth and fix any security issues

[euanmillar]

• Ask Jembi to make us contributors of Hearth.

• Fork Hearth https://github.com/jembi/hearth , run yarn audit on it and upgrade security patches then review solution with Riku / Euan

• Riku and Euan to make a PR on Hearth repo for Ryan to merge in

Dependencies with Critical vulnerabilities:

• fixed broken tests
• tap -> Bumped up from 10.1 to 12.6
• talisman -> Bumped up from 0.21.0 to 1.1.4
• standard -> Bumped up from 8.6.0 to 11.0.0
• fhir -> Used yarn resolutions for lodash and xmlbuilder

Dependencies with High vulnerabilities:

• tap -> Bumped up from 12.6 to 14.10
• mongodb -> Bumped up from 2.2.22 to 3.5.4
• codecov -> Bumped up from 3.6.1 to 3.8.3
• nconf -> Bumped up from 0.10.0 to 0.11.3
• libxmljs -> Already at the latest version that is currently available so need to use yarn resolutions for its dependencies
  • node-pre-gyp -> This package is now deprecated
    • tar -> Added resolution for tar 4.4.19
    • ini

Dependencies with Moderate vulnerabilities:

• snazzy -> Bumped up from 8.0.0 to 9.0.0
• standard -> Bumped up from 11.0.0 to 16.0.4
• tap -> Bumped up from 14.10 to 15.2.3
• urijs -> Bumped up from 1.19.2 to 1.19.10
• jsprim -> Bumped up from 1.4.1 to 1.4.2

Node engine limitation

Previously hearth was limited to using node >= 6.9.0 and < 9.0.0 because using anything newer
would cause the build process to fail. The issue was actually with fhir->libxmljs->nan and using
libxmljs >= 0.18.8 made it possible to remove the engine limitation.

Now it works with node v14.18.1

[euanmillar]

PR opened for Jembi review: jembi/hearth#203