From 7be16cc7d58e4420f25d12e28835c23601b9f15e Mon Sep 17 00:00:00 2001 From: zemion Date: Thu, 9 Jul 2026 14:06:25 +0200 Subject: [PATCH] Sync Repo-docs-DEPENDENCY-AUDITS from project files --- Repo-docs-DEPENDENCY-AUDITS.-.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/Repo-docs-DEPENDENCY-AUDITS.-.md b/Repo-docs-DEPENDENCY-AUDITS.-.md index a0b85dc..a879bd9 100644 --- a/Repo-docs-DEPENDENCY-AUDITS.-.md +++ b/Repo-docs-DEPENDENCY-AUDITS.-.md @@ -1,4 +1,4 @@ - + > Mirrored from `/mnt/DATA/git/govoplan-core/docs/DEPENDENCY_AUDITS.md`. > Origin: `repository`. @@ -29,9 +29,22 @@ bash scripts/check-dependency-audits.sh The script runs: +- `scripts/check-dependency-hygiene.sh` for pip resolver consistency, stale + legacy editable package metadata, deprecated framework constants, and the + Starlette `TestClient` deprecation smoke when test dependencies are present - `python -m pip_audit --progress-spinner off` - `npm audit --omit=dev` in `webui` +For fast local checks without vulnerability metadata lookups, run: + +```bash +cd /mnt/DATA/git/govoplan-core +CHECK_TESTCLIENT_DEPRECATIONS=1 bash scripts/check-dependency-hygiene.sh +``` + +This is also part of `scripts/check-focused.sh`, so resolver drift and +deprecation regressions fail close to the code change that introduced them. + Override tool paths when testing from a disposable environment: ```bash