Skip to content

Update dependency @crowdin/crowdin-api-client to v1.33.2 #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: master
Choose a base branch
from
+636 −130

Update dependency @crowdin/crowdin-api-client to v1.33.2

1c079dc
Select commit
Loading
Failed to load commit list.
Open

Update dependency @crowdin/crowdin-api-client to v1.33.2 #4

Update dependency @crowdin/crowdin-api-client to v1.33.2
1c079dc
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed May 12, 2026 in 8m 37s

Security Report

You have successfully remediated 8 vulnerabilities, but introduced 5 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-941441-362681

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json

Dependency Hierarchy:

-> core-2.4.0.tgz (Root Library)

   -> shelljs-0.8.5.tgz

     -> glob-7.2.3.tgz

       -> ❌ once-1.4.0.tgz (Vulnerable Library)

Critical 9.8 Transitive once-1.4.0.tgz core-2.4.0.tgz None
CVE-2026-41907

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json

Dependency Hierarchy:

-> core-2.4.0.tgz (Root Library)

   -> webpack-dev-server-4.15.2.tgz

     -> sockjs-0.3.24.tgz

       -> ❌ uuid-8.3.2.tgz (Vulnerable Library)

Critical 9.8 Transitive uuid-8.3.2.tgz core-2.4.0.tgz Transitive 14.0.0 None
CVE-2026-44728

Path to dependency file: /website/package.json

Path to vulnerable library: /website/package.json

Dependency Hierarchy:

-> core-2.4.0.tgz (Root Library)

   -> preset-env-7.24.7.tgz

     -> ❌ plugin-transform-modules-systemjs-7.24.7.tgz (Vulnerable Library)

High 8.2 Transitive plugin-transform-modules-systemjs-7.24.7.tgz core-2.4.0.tgz Transitive Upgrade to version @babel/plugin-transform-modules-systemjs - 8.0.0-alpha.13 or greater None
CVE-2026-33813

Path to dependency file: /v2/go.mod

Path to vulnerable library: /home/wss-scanner/go/pkg/mod/cache/download/golang.org/x/image/@v/v0.12.0.mod

Dependency Hierarchy:

-> github.com/leaanthony/winicon-v1.0.0 (Root Library)

   -> ❌ golang.org/x/image-v0.12.0 (Vulnerable Library)

High 7.5 Transitive golang.org/x/image-v0.12.0 github.com/leaanthony/winicon-v1.0.0 Transitive github.com/golang/image - v0.39.0,https://github.com/golang/image.git - v0.39.0,jquery - 3.5.16,jquery - 3.5.16 None
CVE-2026-33813

Path to dependency file: /v2/go.mod

Path to vulnerable library: /home/wss-scanner/go/pkg/mod/cache/download/golang.org/x/image/@v/v0.12.0.mod

Dependency Hierarchy:

-> github.com/tc-hib/winres-v0.2.1 (Root Library)

   -> ❌ golang.org/x/image-v0.12.0 (Vulnerable Library)

High 7.5 Transitive golang.org/x/image-v0.12.0 github.com/tc-hib/winres-v0.2.1 Transitive github.com/golang/image - v0.39.0,https://github.com/golang/image.git - v0.39.0,jquery - 3.5.16,jquery - 3.5.16 None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2026-40175 axios-1.7.2.tgz
CVE-2026-25639 axios-1.7.2.tgz
CVE-2025-27152 axios-1.7.2.tgz
CVE-2025-7783 form-data-4.0.0.tgz
CVE-2024-39338 axios-1.7.2.tgz
CVE-2025-58754 axios-1.7.2.tgz
CVE-2025-62718 axios-1.7.2.tgz
CVE-2026-39865 axios-1.7.2.tgz

Base branch total remaining vulnerabilities: 72
Base branch commit: null


Total libraries scanned: 1271

Scan token: 573cd6940d264d5e88ac0b91bb46f6b4

View more details on Dev - Mend for GitHub.com