Skip to content

chore: add SECURITY.md, CONTRIBUTING.md, and Dependabot#76

Open
leno23 wants to merge 1 commit into
dolph:mainfrom
leno23:chore/repo-hygiene-issue-29-v2
Open

chore: add SECURITY.md, CONTRIBUTING.md, and Dependabot#76
leno23 wants to merge 1 commit into
dolph:mainfrom
leno23:chore/repo-hygiene-issue-29-v2

Conversation

@leno23
Copy link
Copy Markdown

@leno23 leno23 commented May 30, 2026

Summary

Fixes #29. Adds contributor/security docs and weekly Dependabot updates for Go modules and GitHub Actions.

Test plan

  • Docs-only change

Made with Cursor

@leno23
chore: add SECURITY.md, CONTRIBUTING.md, and Dependabot
a8ab04f 
Document security reporting, contributor workflow, and enable weekly
dependency updates for Go modules and GitHub Actions.

Fixes dolph#29
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed May 30, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a8ab04fa42

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread CONTRIBUTING.md
## Pull requests

- One logical change per PR; link the issue (`Fixes #N`).
- Run `go test ./...` and `go vet ./...` before pushing.
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Require the documented race test before pushing

For contributors who rely on this checklist before pushing Go changes, this omits the race detector even though the repo instructions and CI require go test -race ./.... That makes the local contribution guide weaker than the enforced development loop, so goroutine-related regressions may only be caught after push or missed by contributors validating locally; please document the race command here.

Useful? React with 👍 / 👎.

Comment thread CONTRIBUTING.md

## Labels

Maintainers use `release:*` labels on PRs that should appear in release notes. If your change is user-visible, mention the desired release note in the PR body.
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Make release labels mandatory in the guide

The checked release workflow defaults a merged PR with no release:* label to release:patch, while the repo instructions require every PR to choose release:skip, release:patch, release:minor, or release:major. Describing these labels as only for PRs that should appear in release notes can lead docs/test PRs to be merged unlabeled and cut unintended patch releases instead of being skipped.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Missing Dependabot, SECURITY.md, CONTRIBUTING.md, CODEOWNERS

1 participant

@leno23