Update Dependencies (#390)
Co-authored-by: Norwin Roosen <git@nroo.de> Co-authored-by: Norwin <git@nroo.de> Reviewed-on: https://gitea.com/gitea/tea/pulls/390 Reviewed-by: 6543 <6543@obermui.de> Reviewed-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Norwin <noerw@noreply.gitea.io> Co-committed-by: Norwin <noerw@noreply.gitea.io>
This commit is contained in:
Norwin
1
vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md
generated
vendored
1
vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md
generated
vendored
@@ -9,6 +9,7 @@ Third-party patches are essential for keeping bluemonday secure and offering the
|
||||
## Guidelines
|
||||
|
||||
1. Do not vendor dependencies. As a security package, were we to vendor dependencies the projects that then vendor bluemonday may not receive the latest security updates to the dependencies. By not vendoring dependencies the project that implements bluemonday will vendor the latest version of any dependent packages. Vendoring is a project problem, not a package problem. bluemonday will be tested against the latest version of dependencies periodically and during any PR/merge.
|
||||
2. I do not care about spelling mistakes or whitespace and I do not believe that you should either. PRs therefore must be functional in their nature or be substantial and impactful if documentation or examples.
|
||||
|
||||
## Submitting an Issue
|
||||
|
||||
|
||||
Reference in New Issue
Block a user