Sync Repo-docs-DEPENDENCY-AUDITS from project files

2026-07-09 14:06:25 +02:00
parent fe405234ea
commit 7be16cc7d5

@@ -1,4 +1,4 @@
<!-- codex-wiki-sync:156de7e8d78ab8ec0dab3be8 -->
<!-- codex-wiki-sync:ae21d8bbf9ec197990927237 -->
> Mirrored from `/mnt/DATA/git/govoplan-core/docs/DEPENDENCY_AUDITS.md`.
> Origin: `repository`.
@@ -29,9 +29,22 @@ bash scripts/check-dependency-audits.sh
The script runs:
- `scripts/check-dependency-hygiene.sh` for pip resolver consistency, stale
legacy editable package metadata, deprecated framework constants, and the
Starlette `TestClient` deprecation smoke when test dependencies are present
- `python -m pip_audit --progress-spinner off`
- `npm audit --omit=dev` in `webui`
For fast local checks without vulnerability metadata lookups, run:
```bash
cd /mnt/DATA/git/govoplan-core
CHECK_TESTCLIENT_DEPRECATIONS=1 bash scripts/check-dependency-hygiene.sh
```
This is also part of `scripts/check-focused.sh`, so resolver drift and
deprecation regressions fail close to the code change that introduced them.
Override tool paths when testing from a disposable environment:
```bash