Bump OSSF score above 9.0 ⬆️

[JamieSlome]

@rvema contributed the OSSF Scorecard to the repository in #676. If possible, it would be great to drive the score about 9.0 to ensure we excel at meeting OSSF's security standards👍

### Tasks
- [ ] Identify the gaps in policy as calculated by the [scorecard](https://scorecard.dev/viewer/?uri=github.com/finos/git-proxy)
- [ ] Make adjustments to repository settings and codebase to bump score up

[JamieSlome]

@rvema - pinned dependencies is one of them. Do you want to take this task on?

[rvema]

@rvema - pinned dependencies is one of them. Do you want to take this task on?

For sure, let me take a look and work on it

[coderhs]

@JamieSlome I would like to try working on this issue for hactoberfest.

Should we send one PR per item being addressed. Like I saw here (https://scorecard.dev/viewer/?uri=github.com/finos/git-proxy) there is a vulnerability that can be fixed by upgrading the page body-parser to 1.20.3 should that be a single a PR.

[JamieSlome]

@coderhs - sure, thank you for volunteering 👍

Are we able to do in a single PR?

[coderhs]

Perhaps we can do per action item as reported. Referring to the list here: https://scorecard.dev/viewer/?uri=github.com/finos/git-proxy

I am not sure if we can go above 9, but with each PR we should be getting closer.

[coderhs]

@JamieSlome I have to step back from this, i thought it would be a small thing to do but it seems some of the concerns are with express.js itself that I don't think me without more experience in the project should be upgrading them. Kindly unassing this from me so someone else can pick it up.

I could send a PR for the body-parser that i upgraded if needed.

[laukik-target]

@JamieSlome Please assign it to me. I will take this up.

[JamieSlome]

@laukik-target - all yours ❤️