fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728

package.json

@@ -26,7 +26,7 @@
     "autoprefixer": "^10.3.4",
     "axios": "^1.6.8",
     "cookie-parser": "^1.4.5",
-    "express": "^4.21.2",
+    "express": "^4.17.1",
     "express-rate-limit": "^5.2.6",
     "hcaptcha": "^0.0.2",
     "helmet": "^4.6.0",
@@ -37,7 +37,7 @@
     "postcss-cli": "^8.3.1",
     "pug": "^3.0.2",
     "tailwind-hamburgers": "^1.1.1",
-    "tailwindcss": "^2.2.15",
+    "tailwindcss": "^4.0.0",
     "winston": "^3.3.3"
   },
   "devDependencies": {