fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106

package.json

@@ -34,7 +34,7 @@
     "csrf": "^3.1.0",
     "dinero.js": "^1.9.1",
     "dotenv": "^16.3.1",
-    "express": "^4.18.2",
+    "express": "^4.20.0",
     "firebase-admin": "^11.11.0",
     "graphql": "^16.8.1",
     "graphql-request": "^6.1.0",