diff options
Diffstat (limited to 'vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md')
| -rw-r--r-- | vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md b/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md index e0e0c815f6..d2b12302f9 100644 --- a/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md +++ b/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md @@ -6,6 +6,10 @@ Third-party patches are essential for keeping bluemonday secure and offering the * Make sure you have a [Github account](https://github.com/signup/free) +## Guidelines + +1. Do not vendor dependencies. As a security package, were we to vendor dependencies the projects that then vendor bluemonday may not receive the latest security updates to the dependencies. By not vendoring dependencies the project that implements bluemonday will vendor the latest version of any dependent packages. Vendoring is a project problem, not a package problem. bluemonday will be tested against the latest version of dependencies periodically and during any PR/merge. + ## Submitting an Issue * Submit a ticket for your issue, assuming one does not already exist |