From a637b31eeb7953561d47e36a97e11faf2cd96aa0 Mon Sep 17 00:00:00 2001
From: Mike Dalessio <mike.dalessio@gmail.com>
Date: Tue, 18 Oct 2022 20:36:00 -0400
Subject: [PATCH] doc: add ruby-advisory-db to the release checklist

[skip ci]
---
 CONTRIBUTING.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index ca2995a4cb2..f2e2fbcba2a 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -370,7 +370,10 @@ A quick checklist:
 - [ ] run `scripts/build-gems` and make sure it completes and all the tests pass
 - [ ] `for g in gems/*.gem ; do gem push $g ; done`
 - [ ] create a release at https://github.com/sparklemotion/nokogiri/releases and provide sha2 checksums
-- [ ] if security-related, email ruby-security-ann@googlegroups.com and ruby-talk@ruby-lang.org
+- if security-related,
+  - [ ] publish a GHSA
+  - [ ] email ruby-security-ann@googlegroups.com and ruby-talk@ruby-lang.org
+  - [ ] submit a PR to https://github.com/rubysec/ruby-advisory-db
 - [ ] update nokogiri.org
 - [ ] bump `lib/nokogiri/version/constant.rb` to a prerelease version like `v1.14.0.dev`