There is a nested vulnerability from the imported got module. Looks like the package has already been updated in the latest commit by dependabot.

[high] http-cache-semantics: http-cache-semantics vulnerable to Regular Expression Denial of Service (1090532)
  @contentful/node-apps-toolkit>got>cacheable-request>http-cache-semantics 
----------

Can someone release the latest?

Closing as we released a new version on Feb 13