Update fast-xml-parser to remove xml2js vulnerability

[MikeTschudi]

xml2js is vulnerable to prototype pollution

It appears to only be used by fast-xml-parser, currently at 3.21.0 in @esri/hub-common. The latest version (4.2.0) does not use xml2js.

[brollison]

@dbouwman can you create a 0_TECH issue in the dc/hub repo in Devtopia so that we can monitor priority of resolution. Once you have an issue, please link cross-link the issues if possible.

[brollison]

I've created a 0_TECH issue in the dc/hub repo for refinement and prioritization of this vulnerability.
https://devtopia.esri.com/dc/hub/issues/10767

[tomwayson]

we should have closed this issue when closing the PR w/ this resolution

[tomwayson]

re-opening as per #1025 (comment)