chore: add dependencies upgrade policy to readme (#39163)

* chore: add dependencies upgrade policy to readme as per wg-releases july 19 meeting https://docs.google.com/document/d/1XWdD4uAu9m8Gcpiw1j5fLwwZ_hU4rce9JyTpuKU6uM8/edit?pli=1 * Update CONTRIBUTING.md Co-authored-by: David Sanders <dsanders11@ucsbalum.com> --------- Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org> Co-authored-by: David Sanders <dsanders11@ucsbalum.com>
2023-07-25 02:58:16 -07:00 · 2023-07-25 02:58:16 -07:00 · 77cc1d6ffa
commit 77cc1d6ffa
parent e543126957
1 changed files with 4 additions and 0 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -60,6 +60,10 @@ dependencies, and tools contained in the `electron/electron` repository.
  * [Step 11: Landing](https://electronjs.org/docs/development/pull-requests#step-11-landing)
  * [Continuous Integration Testing](https://electronjs.org/docs/development/pull-requests#continuous-integration-testing)

+### Dependencies Upgrades Policy
+
+Dependencies in Electron's `package.json` or `yarn.lock` files should only be altered by maintainers. For security reasons, we will not accept PRs that alter our `package.json` or `yarn.lock` files. We invite contributors to make requests updating these files in our issue tracker. If the change is significantly complicated, draft PRs are welcome, with the understanding that these PRs will be closed in favor of a duplicate PR submitted by an Electron maintainer.
+
 ## Style Guides

 See [Coding Style](https://electronjs.org/docs/development/coding-style) for information about which standards Electron adheres to in different parts of its codebase.