Summary
Maintain a single recurring place to record monthly and pre-release transitive dependency audits.
Scope
- run
dotnet list package --include-transitive
- review Dependabot PRs
- review GitHub security advisories and Dependabot alerts
- create follow-up issues for significant license or security findings
- use comments on this issue for each monthly audit instead of opening a new issue every month
Goal
Keep dependency-audit history in one tracked issue and ensure transitive dependency, license, and security reviews happen monthly and before each release.
Comment template
## YYYY-MM Dependency Audit
- Checked transitive dependencies with `dotnet list package --include-transitive`
- Reviewed Dependabot PRs
- Reviewed GitHub security advisories / Dependabot alerts
- Findings:
- none
Related issues:
- none
Summary
Maintain a single recurring place to record monthly and pre-release transitive dependency audits.
Scope
dotnet list package --include-transitiveGoal
Keep dependency-audit history in one tracked issue and ensure transitive dependency, license, and security reviews happen monthly and before each release.
Comment template