re-update package-lock.json to v2 and run audit fix before merge in testing

Package-lock.json has been accidently reverted to v1 by a merge request.

When all v6 requests are merged, re run npm install to update to v2 and run npm audit fix (only quill vulnerabilities should remain)