Even if everyone who reviews (dependabot, but not only) PRs here printed a checklist and pinned it on the own wall/cabinet, it won't reliably prevent oversight of THIRD_PARTY_LICENSES.md. I have seen such an overseen physical list myself recently, ask me in person if you're interested in the story.
The only reliable way I see to keep THIRD_PARTY_LICENSES.md up to date (and this will be necessary, see e.g Icinga/icinga2#9675) is a GitHub action which leaves a comment on every newly opened PR here telling devs to check THIRD_PARTY_LICENSES.md. (#110 (comment))
Even if everyone who reviews (dependabot, but not only) PRs here printed a checklist and pinned it on the own wall/cabinet, it won't reliably prevent oversight of THIRD_PARTY_LICENSES.md. I have seen such an overseen physical list myself recently, ask me in person if you're interested in the story.
The only reliable way I see to keep THIRD_PARTY_LICENSES.md up to date (and this will be necessary, see e.g Icinga/icinga2#9675) is a GitHub action which leaves a comment on every newly opened PR here telling devs to check THIRD_PARTY_LICENSES.md. (#110 (comment))