From 77cc1d6ffa83dcf291b2a2ddb4889549c23d154c Mon Sep 17 00:00:00 2001
From: George Xu <33054982+georgexu99@users.noreply.github.com>
Date: Tue, 25 Jul 2023 02:58:16 -0700
Subject: [PATCH] chore: add dependencies upgrade policy to readme (#39163)

* chore: add dependencies upgrade policy to readme

as per wg-releases july 19 meeting

https://docs.google.com/document/d/1XWdD4uAu9m8Gcpiw1j5fLwwZ_hU4rce9JyTpuKU6uM8/edit?pli=1

* Update CONTRIBUTING.md

Co-authored-by: David Sanders <dsanders11@ucsbalum.com>

---------

Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
Co-authored-by: David Sanders <dsanders11@ucsbalum.com>
---
 CONTRIBUTING.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 54706ec8dce9a..882dcfb9d5365 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -60,6 +60,10 @@ dependencies, and tools contained in the `electron/electron` repository.
   * [Step 11: Landing](https://electronjs.org/docs/development/pull-requests#step-11-landing)
   * [Continuous Integration Testing](https://electronjs.org/docs/development/pull-requests#continuous-integration-testing)
 
+### Dependencies Upgrades Policy
+
+Dependencies in Electron's `package.json` or `yarn.lock` files should only be altered by maintainers. For security reasons, we will not accept PRs that alter our `package.json` or `yarn.lock` files. We invite contributors to make requests updating these files in our issue tracker. If the change is significantly complicated, draft PRs are welcome, with the understanding that these PRs will be closed in favor of a duplicate PR submitted by an Electron maintainer.
+
 ## Style Guides
 
 See [Coding Style](https://electronjs.org/docs/development/coding-style) for information about which standards Electron adheres to in different parts of its codebase.