STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cli/.github
History
Kynan Ware 73d65ed701 Document dependency CVE policy in SECURITY.md 
Clarify that a dependency having a CVE does not mean gh has a
vulnerability. We use govulncheck for reachability analysis and
ask reporters to demonstrate impact before we act on dependency CVE
reports.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-08 11:28:30 -06:00
..
ISSUE_TEMPLATE Remove auto-labels from issue templates 2026-03-19 19:36:11 -04:00
workflows Merge pull request #12951 from cli/dependabot/github_actions/azure/login-3.0.0 2026-03-26 14:09:45 +01:00
CODE-OF-CONDUCT.md Add first draft of CODE-OF-CONDUCT.md 2019-12-19 12:40:03 -08:00
CODEOWNERS update ownership of pkg/cmd/release/shared/ 2025-07-17 21:07:35 -04:00
CONTRIBUTING.md Update Go version requirement to 1.26+ 2026-03-07 10:10:01 -07:00
dependabot.yml Consume dependabot minor versions for go modules 2025-07-03 12:14:44 +02:00
licenses.tmpl Bundle licenses at release time (#12625) 2026-02-18 17:59:27 +01:00
PULL_REQUEST_TEMPLATE.md Rework our pull request template (#3584) 2021-05-11 17:08:28 +02:00
SECURITY.md Document dependency CVE policy in SECURITY.md 2026-04-08 11:28:30 -06:00