Merge pull request #205 from GSA/fix/cve-2026-2391-qs

fix(security): upgrade express to 4.22.1 and pin qs to 6.14.2

Author: collinschreyer-dev

package-lock.json

@@ -34,7 +34,7 @@
     "clone-deep": "^4.0.1",
     "cors": "^2.8.5",
     "cron": "^1.8.2",
-    "express": "^4.21.1",
+    "express": "^4.22.1",
     "express-session": "^1.18.1",
     "express-winston": "^3.4.0",
     "flatted": "^3.3.1",
@@ -49,6 +49,7 @@
     "openid-client": "^5.7.0",
     "pg": "^8.12.0",
     "pg-hstore": "^2.3.4",
+    "qs": "6.14.2",
     "sequelize": "^6.37.3",
     "sequelize-cli": "^6.6.1",
     "umzug": "^2.3.0",