Unpushed commits (local main ahead of origin/main)#43
Conversation
There was a problem hiding this comment.
Pull request overview
This PR syncs a set of local commits to the repository, focusing on repository hygiene and automation updates (docs/policies, dependency automation, and small test/style cleanups).
Changes:
- Add repository policy docs (
SECURITY.md,CONTRIBUTING.md) - Expand Dependabot configuration (daily checks, grouping, ignore major updates; add npm/composer ecosystems) and update related GitHub Actions
- Minor maintenance updates (test import cleanup; ignore
auth.json)
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
tests/ImageFieldTest.php |
Simplifies references via use imports for readability. |
SECURITY.md |
Adds a security disclosure policy and contact channel. |
CONTRIBUTING.md |
Adds contributor guidelines and contribution requirements. |
.gitignore |
Ignores auth.json to prevent credential leakage. |
.github/workflows/dependency-review.yml |
Updates the checkout action version for the dependency review workflow. |
.github/workflows/dependabot-auto-merge.yml |
Bumps dependabot/fetch-metadata action version. |
.github/dependabot.yml |
Expands Dependabot coverage (actions/npm/composer), grouping, and update filtering. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](https://pear.php.net/package/PHP_CodeSniffer). | ||
|
|
||
| - **Add tests!** - Your patch won't be accepted if it doesn't have tests. |
There was a problem hiding this comment.
The contributing guide references PSR-2, but this repo already standardizes formatting via Laravel Pint (composer format / vendor/bin/pint, and the CI workflow uses aglipanci/laravel-pint-action). Updating this section to reflect the actual formatter/standard will prevent contributors from following the wrong style guide.
| @@ -0,0 +1,3 @@ | |||
| # Security Policy | |||
|
|
|||
| If you discover any security related issues, please email [email protected] instead of using the issue tracker. | |||
There was a problem hiding this comment.
Minor wording: "security related" is typically hyphenated as "security-related" in this context.
| If you discover any security related issues, please email [email protected] instead of using the issue tracker. | |
| If you discover any security-related issues, please email [email protected] instead of using the issue tracker. |
Local main was 5 commit(s) ahead of origin/main. Opened from update-opensource-active.sh for review.