GitHub

browser[.min].js file inlines axios

Even though contentful says it adds a dependency on axios at some version, it actually inlines the dependency into the browser, causing potentially unsafe versions to end up in your final built assets ...
GitHub

Vulnerabilities CVE-2025-27152 with axios version 1.7.9

One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': mailgun.amd.js (pkg:javascript/[email protected]): CVE ...