Install yarn/npm dependencies before running Retire.js, remove Heroku BP
Install yarn/npm dependencies before running retire.js, otherwise vulnerabilities can't be found. This is similar to https://gitlab.com/gitlab-org/security-products/analyzers/retire.js/blob/v2.2.1/analyze.go#L51
Also, remove Heroku Buildpacks and align with analyzers/retire.js implementation.