Update CONTRIBUTING.md, SECURITY.md and remove SUPPORT.md.

[terabytesoftw]

Pull Request

• Breaking change (fix or feature that would cause existing functionality to change)
• Bugfix (non-breaking change that fixes an issue)
• CI/build configuration
• Documentation update
• New feature (non-breaking change that adds functionality)
• Refactoring (no functional changes)

[coderabbitai]

Warning

Rate limit exceeded

@terabytesoftw has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 52 minutes and 3 seconds before requesting another review.

To continue reviewing without waiting, purchase usage credits in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7d474cfa-b998-41d7-afc6-c7f77345b914

📥 Commits

Reviewing files that changed from the base of the PR and between e6a659e and 2a72e2a.

📒 Files selected for processing (1)

• SECURITY.md

📝 Walkthrough

Walkthrough

This PR updates three key repository documentation files. CONTRIBUTING.md bumps the PHP version requirement to 8.3+, updates setup procedures to use composer install/run, and removes a bug reporting section. SECURITY.md clarifies vulnerability reporting with placeholder guidance. SUPPORT.md is deleted entirely.

Changes

Documentation & Guidelines Update

Layer / File(s)	Summary
Development Setup CONTRIBUTING.md	PHP version requirement raised from 8.1+ to 8.3+; repository placeholder changed from <package> to <repository>; setup flow updated to use composer install followed by composer run.
Testing Guidance CONTRIBUTING.md	PHPUnit requirement bumped from 10+ to 12+; test execution now uses composer run instead of composer test; guidance added for running scripts defined in composer.json.
Contribution Sections CONTRIBUTING.md	Bug Reports and Feature Requests section removed entirely.
Security Policy SECURITY.md	Vulnerability reporting example updated to show https://github.com/php-forge/repo-name with explicit replacement guidance; "PHP Forge" capitalized in scope link label.
Support Documentation SUPPORT.md	Entire file contents deleted (Getting Help, Package Documentation, Commercial Support sections removed); file becomes empty.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• php-forge/.github#3: Both PRs modify the same documentation files (CONTRIBUTING.md, SECURITY.md, SUPPORT.md) with overlapping content and structure changes to setup, testing, and security guidance.

Suggested labels

enhancement

Poem

🐰 The docs hop forward, bright and clear,
PHP 8.3 is here!
Old paths removed, new guidance flows,
Repository ready—onwards it goes! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the three main changes: updating CONTRIBUTING.md, updating SECURITY.md, and removing SUPPORT.md, matching the changeset exactly.
Description check	✅ Passed	The description is a standard PR template checklist that marks the change as a bugfix, which relates to the nature of the changes in the pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix_mini_2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@CONTRIBUTING.md`:
- Line 20: Replace the ambiguous example "composer run" in CONTRIBUTING.md with
explicit script invocations so contributors can actually run checks — e.g.,
change "composer run" to "composer run test" (or list multiple examples like
"composer run static" / "composer run ecs" as appropriate) and add a short note
showing how to discover available scripts (e.g., "composer run-script --list" or
"composer run --list") so readers know how to find which script names to use.

In `@SECURITY.md`:
- Around line 9-10: Replace the inconsistent placeholder "repo-name" in
SECURITY.md with the unified placeholder "<repository>" used in CONTRIBUTING.md;
update the example URL and surrounding text so it reads
"https://github.com/php-forge/<repository>" (keeping the angle-bracket
placeholder style) to ensure consistent placeholder formatting across docs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: ae5621e5-9865-407a-92da-3c224c3f8d03

📥 Commits

Reviewing files that changed from the base of the PR and between ad4d734 and e6a659e.

📒 Files selected for processing (3)

• CONTRIBUTING.md
• SECURITY.md
• SUPPORT.md

💤 Files with no reviewable changes (1)

• SUPPORT.md

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: linter / Super Linter

[terabytesoftw]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2a72e2afbd

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Point security reporters at the PHP Forge org

This example URL now sends reporters to yii2-extensions/repository, but the policy scope below is PHP Forge and affected packages live under php-forge. For someone following these steps during a vulnerability report, replacing only repository still leaves them in the wrong organization, so they will not reach the affected repository's Security tab.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Specify a Composer script to run

composer run without a script is not a valid command in a package: I checked Composer 2.9.3 locally and it exits with Missing required argument "script", and the official run-script / run docs say to give it the script name. As written, both this setup command and the repeated Testing example tell contributors to run a command that fails instead of running the repository's quality checks.

Useful? React with 👍 / 👎.