mirror of
https://github.com/azaion/satellite-provider.git
synced 2026-06-27 08:31:13 +00:00
Oleksandr Bezdieniezhnykh
b3e5a66799
Closes D-AZ795-1 production dependency carry-over. Co-authored-by: Cursor <cursoragent@cursor.com>
40 lines
1.4 KiB
Markdown
40 lines
1.4 KiB
Markdown
# Dependency Scan (Cycle 15)
|
|
|
|
**Date**: 2026-06-26
|
|
**Mode**: Delta scan
|
|
**Scope**: Cycle-15 delta — AZ-1132 (FluentValidation 12.0.0 → 12.1.1).
|
|
**Method**: `dotnet list SatelliteProvider.sln package --vulnerable`.
|
|
|
|
## Cycle-15 Package Manifest Diff
|
|
|
|
| csproj | Cycle 13 baseline | Cycle 15 change |
|
|
|--------|-------------------|-----------------|
|
|
| `SatelliteProvider.Api` | FluentValidation 12.0.0, FluentValidation.DependencyInjectionExtensions 12.0.0 | **12.1.1** (both) |
|
|
|
|
## Vulnerable Package Scan (2026-06-26)
|
|
|
|
| Project | Finding | Severity | Notes |
|
|
|---------|---------|----------|-------|
|
|
| `SatelliteProvider.Api` | none | — | Production runtime — clean |
|
|
| `SatelliteProvider.Common` | none | — | — |
|
|
| `SatelliteProvider.IntegrationTests` | transitive JWT 7.0.3 | Moderate | GHSA-59j7-ghrg-fj52 — test-runtime only (pre-existing) |
|
|
| `SatelliteProvider.TestSupport` | `System.IdentityModel.Tokens.Jwt` 7.0.3 | Moderate | test-runtime only — pre-existing |
|
|
|
|
## Cycle-15 Findings
|
|
|
|
**No new dependency CVEs.** Patch bump only.
|
|
|
|
## Resolved carry-overs
|
|
|
|
- **D-AZ795-1** (Low): FluentValidation 12.0.0 → 12.1.1 — **RESOLVED** (AZ-1132)
|
|
|
|
## Remaining carry-overs
|
|
|
|
- **D2-cy4** (Medium, test-runtime): JWT test packages — still open
|
|
|
|
## Verdict
|
|
|
|
**PASS** (cycle-15 delta) — D-AZ795-1 closed; zero new CVEs.
|
|
|
|
Cumulative: **PASS_WITH_WARNINGS** — D2-cy4 only.
|