fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-6219989

package.json

@@ -21,13 +21,13 @@
     "app-root-path": "^3.0.0",
     "axios": "^0.21.3",
     "cookie-parser": "^1.4.5",
-    "express": "^4.18.2",
+    "express": "^4.17.1",
     "express-rate-limit": "^5.2.6",
     "hcaptcha": "^0.0.2",
     "helmet": "^4.6.0",
     "http-errors": "^1.8.0",
     "morgan": "^1.10.0",
-    "nodemailer": "^6.6.1",
+    "nodemailer": "^6.9.9",
     "pug": "^3.0.2",
     "tailwind-hamburgers": "^1.1.1",
     "winston": "^3.3.3",