## Current state - npm audit reports known advisories, including Next.js/postcss class issues - pip-audit has known deferred advisories documented in docs/dependency-audit.md - No dependency upgrades should happen casually ## Required approach 1. Plan dependency upgrade batch separately with full frontend/backend validation 2. Document any accepted deferred advisories with rationale 3. Do not upgrade dependencies in contributor first-PR lanes without approval ## Launch impact - Public launch should not claim dependency advisories are remediated until this issue is completed or explicitly documented as accepted risk
Current state
Required approach
Launch impact