I've worked extensively in C# (for the first 15 years of my career, it was my primary language), and built a handful of projects in Go. They're mostly comparable in terms of dependencies. The average C# project I was on-- in the last few years I worked in it-- had roughly the same number of Nuget dependencies as the Go projects I've seen.
Both languages are great in this regard-- you can do a whole lot without 3rd parties.
It’s not much of an issue as long as you document your third party packages and versions.
It’s all going through an SA&A process that will check your c# framework as well as your random package downloaded from the interweb.
(based on the decent amount of audited government work done using tons of third party libraries. Just try doing anything in data science without third party packages)
Pulling third party packages would be instantly flagged and be put under high scrutiny.
Meanwhile with C# and .NET’s ungodly framework size you can just cruise along because it’s made by the creators of the language.