Update Express

[Brian-McBride]

https://github.com/firebase/firebase-functions/blob/9a5b23f855f96cfd69e37480b63636cfbe3e39f9/package.json#L169-L171

Express is updated, for some reason the @types is current in this lib, but the actual express is a couple of versions behind.

Can we get this bumped up? Using Firebase is causing a lot of dependency conflicts with other packages that are keeping up.

[google-oss-bot]

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

[adrian-meditect]

There is currently a vulnerability in this express version caused by a dependency on qs. Please, upgrade asap 🙏 .

Here are the dependency trail details in yarn.lock format:

express@^4.17.1:
  version "4.17.2"
  resolved "https://registry.yarnpkg.com/express/-/express-4.17.2.tgz#c18369f265297319beed4e5558753cc8c1364cb3"
  integrity sha512-oxlxJxcQlYwqPWKVJJtvQiwHgosH/LrLSPA+H4UxpyvSS6jC5aH+5MoHFM+KABgTOt0APue4w66Ha8jCUo9QGg==
  dependencies:
    accepts "~1.3.7"
    array-flatten "1.1.1"
    body-parser "1.19.1"
    content-disposition "0.5.4"
    content-type "~1.0.4"
    cookie "0.4.1"
    cookie-signature "1.0.6"
    debug "2.6.9"
    depd "~1.1.2"
    encodeurl "~1.0.2"
    escape-html "~1.0.3"
    etag "~1.8.1"
    finalhandler "~1.1.2"
    fresh "0.5.2"
    merge-descriptors "1.0.1"
    methods "~1.1.2"
    on-finished "~2.3.0"
    parseurl "~1.3.3"
    path-to-regexp "0.1.7"
    proxy-addr "~2.0.7"
    qs "6.9.6"
    range-parser "~1.2.1"
    safe-buffer "5.2.1"
    send "0.17.2"
    serve-static "1.14.2"
    setprototypeof "1.2.0"
    statuses "~1.5.0"
    type-is "~1.6.18"
    utils-merge "1.0.1"
    vary "~1.1.2"

[IchordeDionysos]

It would also be nice to update @types/express to the latest version 4.17.21 :) https://github.com/firebase/firebase-functions/blob/master/package.json#L198

/cc @inlined