azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-27 09:51:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: WIP pre-implement cycle 14 baseline

Browse Source 
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-06-26 16:13:37 +03:00
parent 50d4a76be3
commit 80ef5608f1
33 changed files with 619 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_docs/05_security/dependency_scan_cycle13.md
+36
View File
@@ -0,0 +1,36 @@
# Dependency Scan (Cycle 13)
**Date**: 2026-06-26
**Mode**: Delta scan
**Scope**: Cycle-13 delta over cycle-10 baseline. Surface = AZ-1126 (`DateTimeOffset` migration — no package manifest changes).
**Method**: `dotnet list SatelliteProvider.sln package --vulnerable`.
## Cycle-13 Package Manifest Diff
| csproj | Cycle 10 baseline | Cycle 13 change |
|--------|-------------------|-----------------|
| All csproj | unchanged | **+0** packages added or bumped |
## Vulnerable Package Scan (2026-06-26)
| Project | Finding | Severity | Notes |
|---------|---------|----------|-------|
| `SatelliteProvider.Api` | none | — | Production runtime — clean |
| `SatelliteProvider.Common` | none | — | `UtcOffsetRequiredDateTimeOffsetConverter` is in-repo code |
| `SatelliteProvider.IntegrationTests` | transitive JWT 7.0.3 | Moderate | GHSA-59j7-ghrg-fj52 — test-runtime only (pre-existing) |
| `SatelliteProvider.TestSupport` | `System.IdentityModel.Tokens.Jwt` 7.0.3 | Moderate | test-runtime only — pre-existing |
## Cycle-13 Findings
**No new dependency CVEs.** AZ-1126 is a code-only DTO/converter change.
## Carry-overs
- **D-AZ795-1** (Low): FluentValidation 12.0.0 → 12.1.1 — still open
- **D2-cy4** (Medium, test-runtime): JWT test packages — still open
## Verdict
**PASS** (cycle-13 delta) — zero new CVEs.
Cumulative: **PASS_WITH_WARNINGS** — D2-cy4 + D-AZ795-1 carry-overs unchanged.