Skip to content

[Maintenance] Monthly Dependency Audit #77

Description

@iwizsophy

Summary

Maintain a single recurring place to record monthly and pre-release transitive dependency audits.

Scope

  • run dotnet list package --include-transitive
  • review Dependabot PRs
  • review GitHub security advisories and Dependabot alerts
  • create follow-up issues for significant license or security findings
  • use comments on this issue for each monthly audit instead of opening a new issue every month

Goal

Keep dependency-audit history in one tracked issue and ensure transitive dependency, license, and security reviews happen monthly and before each release.

Comment template

## YYYY-MM Dependency Audit

- Checked transitive dependencies with `dotnet list package --include-transitive`
- Reviewed Dependabot PRs
- Reviewed GitHub security advisories / Dependabot alerts
- Findings:
  - none

Related issues:
- none

Metadata

Metadata

Assignees

No one assigned

    Labels

    architectureArchitecture design change

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions