From c4eae25d6dd9469435c6d9c56d89649e6342573c Mon Sep 17 00:00:00 2001
From: Rachael Rose Renk <91027132+rachaelrenk@users.noreply.github.com>
Date: Mon, 14 Aug 2023 14:28:33 -0600
Subject: [PATCH] [Improvement] Update release note guidelines to include
 packages security guidance (#40479)

Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
Co-authored-by: Vanessa <vgrl@github.com>
---
 content/contributing/writing-for-github-docs/style-guide.md | 6 ++++++
 contributing/content-style-guide.md                         | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/content/contributing/writing-for-github-docs/style-guide.md b/content/contributing/writing-for-github-docs/style-guide.md
index f4126747a3..33cd21207b 100644
--- a/content/contributing/writing-for-github-docs/style-guide.md
+++ b/content/contributing/writing-for-github-docs/style-guide.md
@@ -754,6 +754,12 @@ A release note for a security fix answers the following questions.
 
 - > **MEDIUM**: An attacker could embed dangerous links in the instance's web UI because pull request preview links did not properly sanitize URLs. This vulnerability was reported via the [{% data variables.product.company_short %} Bug Bounty program](https://bounty.github.com).
 
+#### Base image and package updates
+
+We also include base image and dependent package updates in the "Security fixes" section, since these updates often address security issues. We consolidate all of these updates in the following note.
+
+> Packages have been updated to the latest security versions.
+
 ### Bug fixes
 
 A release note for a bug fix describes a correction to an undesired or otherwise unexpected behavior. Generally, notes for bug fixes are only part of patch releases.
diff --git a/contributing/content-style-guide.md b/contributing/content-style-guide.md
index caecfdc967..7b0aa6f381 100644
--- a/contributing/content-style-guide.md
+++ b/contributing/content-style-guide.md
@@ -693,6 +693,12 @@ A release note for a security fix answers the following questions.
 
 - > **MEDIUM**: An attacker could embed dangerous links in the instance's web UI because pull request preview links did not properly sanitize URLs. This vulnerability was reported via the [GitHub Bug Bounty program](https://bounty.github.com).
 
+#### Base image and package updates
+
+We also include base image and dependent package updates in the "Security fixes" section, since these updates often address security issues. We consolidate all of these updates in the following note.
+
+> Packages have been updated to the latest security versions.
+
 ### Bug fixes
 
 A release note for a bug fix describes a correction to an undesired or otherwise unexpected behavior. Generally, notes for bug fixes are only part of patch releases.