Sync Repo-docs-DEPENDENCY-AUDITS from project files
@@ -1,4 +1,4 @@
|
||||
<!-- codex-wiki-sync:156de7e8d78ab8ec0dab3be8 -->
|
||||
<!-- codex-wiki-sync:ae21d8bbf9ec197990927237 -->
|
||||
|
||||
> Mirrored from `/mnt/DATA/git/govoplan-core/docs/DEPENDENCY_AUDITS.md`.
|
||||
> Origin: `repository`.
|
||||
@@ -29,9 +29,22 @@ bash scripts/check-dependency-audits.sh
|
||||
|
||||
The script runs:
|
||||
|
||||
- `scripts/check-dependency-hygiene.sh` for pip resolver consistency, stale
|
||||
legacy editable package metadata, deprecated framework constants, and the
|
||||
Starlette `TestClient` deprecation smoke when test dependencies are present
|
||||
- `python -m pip_audit --progress-spinner off`
|
||||
- `npm audit --omit=dev` in `webui`
|
||||
|
||||
For fast local checks without vulnerability metadata lookups, run:
|
||||
|
||||
```bash
|
||||
cd /mnt/DATA/git/govoplan-core
|
||||
CHECK_TESTCLIENT_DEPRECATIONS=1 bash scripts/check-dependency-hygiene.sh
|
||||
```
|
||||
|
||||
This is also part of `scripts/check-focused.sh`, so resolver drift and
|
||||
deprecation regressions fail close to the code change that introduced them.
|
||||
|
||||
Override tool paths when testing from a disposable environment:
|
||||
|
||||
```bash
|
||||
|
||||
Reference in New Issue
Block a user