Skip to content

add dependency checklist #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rvab merged 15 commits into from
Apr 20, 2026
Merged

add dependency checklist #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
ea80c85
add dependency checklist
rvab Apr 17, 2026
40ee3c7
minor
rvab Apr 17, 2026
7a561fa
minor
rvab Apr 17, 2026
51f7569
minor
rvab Apr 17, 2026
7a24110
minor
rvab Apr 17, 2026
714b70a
testing
rvab Apr 17, 2026
75b16d2
minor
rvab Apr 17, 2026
97a3fc3
minor
rvab Apr 17, 2026
40ff14e
minor
rvab Apr 17, 2026
15c44ca
use master as default brancj
rvab Apr 17, 2026
e68fd86
wip
rvab Apr 17, 2026
2fe481f
minor
rvab Apr 17, 2026
906fc10
add GH token
rvab Apr 17, 2026
8128736
minor
rvab Apr 17, 2026
a7efbc6
add
rvab Apr 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions .github/workflows/dependency-checklist.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
<!--
Checklist template for pr-dependency-checklist.yml. Lives in the org workflows repo
(`{repository_owner}/workflows`); the reusable workflow checks out that repo for this file.
-->
<!-- fyle:dependency-checklist -->
## Dependency / pnpm review checklist

<!-- fyle:dependency-checklist:packages-deps -->
### Dependencies / lockfile (`package.json` or `pnpm-lock.yaml`)
- [ ] This change is either a new dependency, an upgrade, or a removal, and the reason is clear (Required) <!-- required:dependency-change -->
- [ ] If this is a new dependency, it is necessary and was checked to ensure it does not have any known vulnerabilities
- [ ] If this is an upgrade, the upgraded version was checked to ensure it does not have any known vulnerabilities
- [ ] If this is an upgrade, breaking changes were reviewed, especially for major version bumps
- [ ] Dependency security scan for this change has passed, or any reported issues are explicitly documented and approved (Required) <!-- required:dependency-change -->
<!-- /fyle:dependency-checklist:packages-deps -->

<!-- fyle:dependency-checklist:packages-manifest -->
### Scripts, engines, version, or package manager (`package.json`)
- [ ] Changes to scripts, `engines`, `packageManager`, or package `version` were reviewed for CI impact, unsafe commands, runtime behavior, and release impact (Required) <!-- required:manifest-config-change -->
<!-- /fyle:dependency-checklist:packages-manifest -->

<!-- fyle:dependency-checklist:packages-other -->
### Other `package.json` edits
- [ ] Other `package.json` field updates not related to dependencies, scripts, engines, packageManager, or version were reviewed for correctness and impact (Required) <!-- required:other-manifest-change -->
<!-- /fyle:dependency-checklist:packages-other -->

<!-- fyle:dependency-checklist:workspace -->
### If `pnpm-workspace.yaml` changed
- [ ] Any newly added entry in `allowBuilds` was reviewed and is safe (Required) <!-- required:workspace -->
- [ ] Any newly introduced pnpm setting or policy was reviewed and does not weaken security (https://pnpm.io/settings) (Required) <!-- required:workspace -->
<!-- /fyle:dependency-checklist:workspace -->
<!-- /fyle:dependency-checklist -->
Loading
Loading