fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728

package.json

@@ -26,7 +26,7 @@
     "autoprefixer": "^10.3.4",
     "axios": "^1.6.8",
     "cookie-parser": "^1.4.5",
-    "express": "^4.21.0",
+    "express": "^4.17.1",
     "express-rate-limit": "^5.2.6",
     "hcaptcha": "^0.0.2",
     "helmet": "^4.6.0",
@@ -34,7 +34,7 @@
     "morgan": "^1.10.0",
     "nodemailer": "^6.6.1",
     "npm-watch": "^0.11.0",
-    "postcss-cli": "^8.3.1",
+    "postcss-cli": "^11.0.1",
     "pug": "^3.0.2",
     "tailwind-hamburgers": "^1.1.1",
     "tailwindcss": "^2.2.15",