From 00b8d0c0720406e5003bf193b8046ee9d11ee1df Mon Sep 17 00:00:00 2001 From: syuilo <4439005+syuilo@users.noreply.github.com> Date: Sun, 17 Nov 2024 17:32:28 +0900 Subject: [PATCH] Update CONTRIBUTING.md --- CONTRIBUTING.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f8af6b3df0a4..fcce19405b61 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -101,6 +101,20 @@ Be willing to comment on the good points and not just the things you want fixed - Are there any omissions or gaps? - Does it check for anomalies? +## Security Advisory +### For reporter +Thank you for your reporting! + +If you can also create a patch to fix the vulnerability, please create a PR on the private fork. + +> ![note] +> There is a GitHub bug that prevents merging if a PR not following the develop branch of upstream, so please follow the develop branch. + +### For misskey-dev member +修正PRがdevelopに追従されていないとマージできないので、マージできなかったら +> Could you merge or rebase onto upstream develop branch? +などと伝える。 + ## Deploy The `/deploy` command by issue comment can be used to deploy the contents of a PR to the preview environment. ```