From 90b61eda9b41af108ed69fc0c43a522a92745047 Mon Sep 17 00:00:00 2001
From: Darcy Clarke <darcy@darcyclarke.me>
Date: Thu, 8 Apr 2021 14:17:06 -0400
Subject: [PATCH] chore: update contributing.md to explicitely outline dep
 updates

PR-URL: https://github.com/npm/cli/pull/3053
Credit: @darcyclarke
Close: #3053
Reviewed-by: @ruyadorno
---
 CONTRIBUTING.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 4116f4e71d057..6821da895b3b5 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -51,6 +51,10 @@ We've set up an automated [benchmark](https://github.com/npm/benchmarks) integra
 
 You can learn more about this tool, including how to run & configure it manually, [here](https://github.com/npm/benchmarks)
 
+## Dependency Updates
+
+It should be noted that our team does not accept third-party dependency updates/PRs. We have a [release process](https://github.com/npm/cli/wiki/Release-Process) that includes checks to ensure dependencies are staying up-to-date & will ship security patches for CVEs as they occur. If you submit a PR trying to update our dependencies we will close it with or without a reference to these contribution guidelines.
+
 ## Reporting Bugs
 
 When submitting a new bug report, please first [search](https://github.com/npm/cli/issues) for an existing or similar report & then use one of our existing [issue templates](https://github.com/npm/cli/issues/new/choose) if you believe you've come across a unique problem. Duplicate issues, or issues that don't use one of our templates may get closed without a response.