i18n: new crowdin translations (#2164)

Co-authored-by: Crowdin Bot <support+bot@crowdin.com>

Co-authored-by: bjohansebas <103585995+bjohansebas@users.noreply.github.com>
Co-authored-by: carlosstenzel <3890516+carlosstenzel@users.noreply.github.com>

fr/resources/contributing.md

@@ -297,42 +297,67 @@ visibility or maintainer input.
 
 ## Security Policies and Procedures
 
-<!-- SRC: expressjs/express SECURITY.md -->
+<!-- SRC: expressjs/.github SECURITY.md -->
 
 This document outlines security procedures and general policies for the Express
 project.
 
-- [Reporting a Bug](#reporting-a-bug)
+- [Reporting a Bug or Security Vulnerability](#reporting-a-bug-or-security-vulnerability)
 - [Disclosure Policy](#disclosure-policy)
 - [Comments on this Policy](#comments-on-this-policy)
+- [The Express Threat Model](#the-express-threat-model)
 
-### Reporting a Bug
+### Reporting a Bug or Security Vulnerability
 
-The Express team and community take all security bugs in Express seriously.
-Thank you for improving the security of Express. We appreciate your efforts and
-responsible disclosure and will make every effort to acknowledge your
-contributions.
+> [!IMPORTANT]
+> Before reporting a vulnerability, please review the [Express Threat Model](#the-express-threat-model) to check if the issue falls within Express's security scope.
 
-Report security bugs by emailing `express-security@lists.openjsf.org`.
+The Express team and community take all security vulnerabilities seriously.
+Thank you for improving the security of Express and related projects.
+We appreciate your efforts in responsible disclosure and will make every effort
+to acknowledge your contributions.
 
-To ensure the timely response to your report, please ensure that the entirety
-of the report is contained within the email body and not solely behind a web
-link or an attachment.
+A [Security triage team member](https://github.com/expressjs/security-wg#security-triage-team-expressjssecurity-triage)
+or [the repo captain](https://github.com/expressjs/discussions/blob/master/docs/contributing/captains_and_committers.md)
+will acknowledge your report as soon as possible.
+These timelines may extend when our triage
+volunteers are away on holiday, particularly at the end of the year.
 
-The lead maintainer will acknowledge your email within 48 hours, and will send a
-more detailed response within 48 hours indicating the next steps in handling
-your report. After the initial reply to your report, the security team will
+After the initial reply to your report, the security team will
 endeavor to keep you informed of the progress towards a fix and full
 announcement, and may ask for additional information or guidance.
 
-Report security bugs in third-party modules to the person or team maintaining
-the module.
+> [!NOTE]  
+> You can find more information about our process in [this guide](https://github.com/expressjs/security-wg/blob/main/docs/incident_response_plan.md)
 
-### Pre-release Versions
+#### Reporting Security Bugs via GitHub Security Advisory (Preferred)
 
-Alpha and Beta releases are unstable and **not suitable for production use**.
-Vulnerabilities found in pre-releases should be reported according to the [Reporting a Bug](#reporting-a-bug) section.
-Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release.
+The preferred way to report security vulnerabilities is through
+[GitHub Security Advisories](https://github.com/advisories).
+This allows us to collaborate on a fix while maintaining the
+confidentiality of the report.
+
+To report a vulnerability
+([docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)):
+
+1. Visit the **Security** tab of the affected repository on GitHub.
+2. Click **Report a vulnerability** and follow the provided steps.
+
+This process applies to any repositories within the Express ecosystem.
+If you are unsure whether a repository falls under this policy,
+feel free to reach out via email.
+
+#### Reporting via Email
+
+If you prefer, you can also report security issues by emailing `express-security@lists.openjsf.org`.
+
+To ensure a timely response, please include all relevant details directly in the email body rather than linking to external sources or attaching files.
+
+The lead maintainer will acknowledge your email within 48 hours and provide an initial response outlining the next steps. The security team will keep you updated on the progress and may request additional details.
+
+#### Third-Party Modules
+
+If the security issue pertains to a third-party module that is not directly maintained within the Express ecosystem, please report it to the maintainers of that module.
 
 ### Disclosure Policy
 
@@ -345,15 +370,19 @@ involving the following steps:
 - Prepare fixes for all releases still under maintenance. These fixes will be
   released as fast as possible to npm.
 
-### The Express Threat Model
-
-We are currently working on a new version of the security model, the most updated version can be found [here](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md)
-
 ### Comments on this Policy
 
 If you have suggestions on how this process could be improved please submit a
 pull request.
 
+### The Express Threat Model
+
+The Express threat model defines the boundaries of what the framework considers its security responsibility. It establishes which elements are trusted (such as the developer, the runtime environment, and application code) versus untrusted (such as data from network connections). Issues arising from trusted elements are considered out of scope, while Express is responsible for safely handling untrusted data.
+
+Many commonly reported concerns fall outside Express's security scope and are the responsibility of the application developer. Such as prototype pollution from unsanitized user input, misconfigured static file serving, or issues in third-party dependencies.
+
+For complete details, see the [Express Threat Model](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md).
+
 ----
 
 # Contributing to Expressjs.com {#expressjs-website-contributing}