Skip to content

chore(deps): update dependency @crowdin/crowdin-api-client to v1.33.2 #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: master
Choose a base branch
from

chore(deps): update dependency @crowdin/crowdin-api-client to v1.33.2

0fe2412
Select commit
Loading
Failed to load commit list.
Open

chore(deps): update dependency @crowdin/crowdin-api-client to v1.33.2 #4

chore(deps): update dependency @crowdin/crowdin-api-client to v1.33.2
0fe2412
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Mar 27, 2026 in 12m 29s

Security Report

You have successfully remediated 5 vulnerabilities, but introduced 9 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-607537-903744

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json

Dependency Hierarchy:

-> file-loader-6.2.0.tgz (Root Library)

   -> schema-utils-3.3.0.tgz

     -> ❌ ajv-6.12.6.tgz (Vulnerable Library)

Critical 9.8 Transitive ajv-6.12.6.tgz file-loader-6.2.0.tgz None
CVE-2026-33895

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json

Dependency Hierarchy:

-> core-2.4.0.tgz (Root Library)

   -> webpack-dev-server-4.15.2.tgz

     -> selfsigned-2.4.1.tgz

       -> ❌ node-forge-1.3.1.tgz (Vulnerable Library)

High 7.5 Transitive node-forge-1.3.1.tgz core-2.4.0.tgz Transitive Upgrade to version node-forge - 1.4.0 or greater None
CVE-2026-33894

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json

Dependency Hierarchy:

-> core-2.4.0.tgz (Root Library)

   -> webpack-dev-server-4.15.2.tgz

     -> selfsigned-2.4.1.tgz

       -> ❌ node-forge-1.3.1.tgz (Vulnerable Library)

High 7.5 Transitive node-forge-1.3.1.tgz core-2.4.0.tgz Transitive Upgrade to version node-forge - 1.4.0 or greater None
CVE-2026-33891

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json

Dependency Hierarchy:

-> core-2.4.0.tgz (Root Library)

   -> webpack-dev-server-4.15.2.tgz

     -> selfsigned-2.4.1.tgz

       -> ❌ node-forge-1.3.1.tgz (Vulnerable Library)

High 7.5 Transitive node-forge-1.3.1.tgz core-2.4.0.tgz Transitive Upgrade to version node-forge - 1.4.0 or greater None
CVE-2026-33671

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json

Dependency Hierarchy:

-> core-2.4.0.tgz (Root Library)

   -> chokidar-3.6.0.tgz

     -> anymatch-3.1.3.tgz

       -> ❌ picomatch-2.3.1.tgz (Vulnerable Library)

High 7.5 Transitive picomatch-2.3.1.tgz core-2.4.0.tgz Transitive Upgrade to version picomatch - 4.0.4 or greater None
CVE-2026-33896

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json

Dependency Hierarchy:

-> core-2.4.0.tgz (Root Library)

   -> webpack-dev-server-4.15.2.tgz

     -> selfsigned-2.4.1.tgz

       -> ❌ node-forge-1.3.1.tgz (Vulnerable Library)

High 7.4 Transitive node-forge-1.3.1.tgz core-2.4.0.tgz Transitive Upgrade to version node-forge - 1.4.0 or greater None
CVE-2026-33750

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json

Dependency Hierarchy:

-> core-2.4.0.tgz (Root Library)

   -> serve-handler-6.1.5.tgz

     -> minimatch-3.1.2.tgz

       -> ❌ brace-expansion-1.1.11.tgz (Vulnerable Library)

Medium 6.5 Transitive brace-expansion-1.1.11.tgz core-2.4.0.tgz Transitive Upgrade to version brace-expansion - 5.0.5 or greater None
CVE-2026-33672

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json

Dependency Hierarchy:

-> core-2.4.0.tgz (Root Library)

   -> chokidar-3.6.0.tgz

     -> anymatch-3.1.3.tgz

       -> ❌ picomatch-2.3.1.tgz (Vulnerable Library)

Medium 5.3 Transitive picomatch-2.3.1.tgz core-2.4.0.tgz Transitive Upgrade to version picomatch - 3.0.2 or greater None
CVE-2026-33532

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json

Dependency Hierarchy:

-> core-2.4.0.tgz (Root Library)

   -> cssnano-5.1.15.tgz

     -> ❌ yaml-1.10.2.tgz (Vulnerable Library)

Medium 4.3 Transitive yaml-1.10.2.tgz core-2.4.0.tgz Transitive Upgrade to version yaml - 2.8.3 or greater None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2026-25639 axios-1.7.2.tgz
CVE-2025-27152 axios-1.7.2.tgz
CVE-2025-7783 form-data-4.0.0.tgz
CVE-2024-39338 axios-1.7.2.tgz
CVE-2025-58754 axios-1.7.2.tgz

Base branch total remaining vulnerabilities: 50
Base branch commit: null


Total libraries scanned: 1270

Scan token: badd771e7bdf4746bbdd54cc104ba1e9

View more details on Dev - Mend for GitHub.com