Security patch
Per 2026-05-24 OSV-Scanner audit: 59 vulnerabilities cleared (2 CRITICAL, 23 HIGH, 35 MOD, 5 LOW) → 0.
Top fixes:
- next 15.3.5 → 16.2.6 (10 vulns incl. CRITICAL GHSA-9qr9-h5gf-34mp)
- axios 1.10 → 1.16.1 (6 HIGH)
- form-data → CRITICAL GHSA-fjxv-7rqg-78g4 fixed via npm overrides
- express 4 → 5 in server (removes vulnerable path-to-regexp 0.1.x)
- React/types/typescript/contentful-management all bumped to latest
See PR #3 for the full diff and rationale.