build(deps): Bump express and supertest to fix qs prototype pollution (#206)

express@4 and supertest@6 both pulled in vulnerable versions of qs
(<6.14.2, GHSA-hrpp-h998-j3pp). express@5 natively requires qs@^6.14.0
which resolves to the patched 6.15.0; supertest@7 drops formidable
entirely so qs is no longer in that dependency chain at all.

Also bumps @types/express (^4→^5) and @types/supertest (^2→^7) to match.
All existing tests pass against the new versions.

Co-authored-by: Claude <noreply@anthropic.com>

Author: oioki

package.json

@@ -25,24 +25,24 @@
     "canvas": "^3.2.0",
     "dotenv": "^8.2.0",
     "echarts": "6.0.0",
-    "express": "4.21.2",
+    "express": "5.2.1",
     "joi": "17.6.0",
     "winston": "3.7.2",
     "yargs": "^16.2.0"
   },
   "devDependencies": {
-    "@types/express": "^4.17.21",
+    "@types/express": "^5.0.6",
     "@types/jest-image-snapshot": "4.3.1",
     "@types/node": "^20.10.6",
-    "@types/supertest": "^2.0.10",
+    "@types/supertest": "^7.2.0",
     "@types/yargs": "^17.0.32",
     "eslint": "^8.56.0",
     "eslint-config-sentry-app": "^1.129.0",
     "jest": "^29.7.0",
     "jest-fetch-mock": "^3.0.3",
     "jest-image-snapshot": "5.1.0",
     "prettier": "2.6.2",
-    "supertest": "6.2.3",
+    "supertest": "7.2.2",
     "ts-jest": "28.0.5",
     "tsc-watch": "5.0.3",
     "typescript": "^5.3.3"