Managing dependency health is a regular part of engineering work — from auditing third-party libraries to resolving transitive vulnerabilities. This exercise practises the natural English collocations used in dependency review meetings, pull request comments, and security reports.
0 / 5 completed
1 / 5
Before the release, we need to ___ all third-party dependencies for known vulnerabilities.
Audit dependencies is the standard collocation in security and health review contexts — it implies a systematic, formal examination. 'Scan' is also used but refers more to automated tooling; 'audit' covers both manual and automated review with accountability.
2 / 5
The team agreed to ___ outdated packages as part of the quarterly dependency review.
Upgrade packages is the correct collocation when moving to a new major or minor version. 'Update' is also common but more general; 'patch' specifically refers to security fixes; 'refresh' is informal and not standard in technical documentation.
3 / 5
We need to ___ a dependency on an unmaintained library before it becomes a risk.
Flag a dependency is the natural collocation in dependency health discussions — it means drawing attention to a risk item for action. 'Mark' and 'tag' are more labelling actions; 'note' is informal and doesn't imply urgency.
4 / 5
The security team wants us to ___ any transitive dependencies that pull in vulnerable versions.
Resolve transitive dependencies is the technical collocation — it means determining and potentially replacing the full dependency tree. 'Fix' and 'address' can work but are less precise; 'handle' is too informal for a technical review discussion.
5 / 5
Let's ___ a report of all dependencies that are more than two major versions behind.
Generate a report is the standard collocation in tooling and review contexts — dependency management tools generate reports automatically. 'Produce' is formal but less idiomatic; 'create' implies manual effort; 'run a report' is also common but 'generate' is the most precise.