dependency-upgrader

Upgrade dependencies for Java/Kotlin (Gradle/Maven) and TypeScript/Node projects with minimal risk: plan the bump, apply changes incrementally, run tests/builds, and document breaking changes. Use when the user asks to bump deps, update frameworks, or address CVEs.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "dependency-upgrader" with this command: npx skills add jmerta/codex-skills/jmerta-codex-skills-dependency-upgrader

Dependency upgrader

Goal

Safely upgrade dependencies with minimal, reviewable diffs and clear verification.

Inputs to ask for (if missing)

  • Which ecosystem: Gradle/Maven, Node/TypeScript, or both.
  • Scope: one dependency, a set (e.g., Spring Boot), or "everything".
  • Constraints: patch/minor only vs allow majors; time budget; CI requirements.
  • Motivation: CVE fix, feature need, or routine maintenance.
  • Can the agent use web search to confirm latest versions and read migration notes? (If not, rely on registry lookups.)

Workflow (checklist)

  1. Detect the project type and package manager
    • Node: package.json + lock file (pnpm-lock.yaml, package-lock.json, yarn.lock, bun.lock).
    • Gradle: gradlew, build.gradle(.kts), settings.gradle(.kts), gradle/libs.versions.toml.
    • Maven: pom.xml.
    • If the required package manager or build tool is missing (npm/pnpm/yarn/bun, Gradle, Maven), tell the user and ask whether to install it or proceed with a manual edit-only upgrade.
  2. Establish a baseline
    • Record current versions (dependency file + lock files).
    • Run the smallest reliable test/build command the repo uses (then expand if needed).
  3. Plan the upgrade
    • Prefer the smallest bump that solves the problem.
    • Choose target versions using up-to-date sources:
      • Use web search (if available) to confirm latest stable versions and skim official release notes/migration guides.
      • Cross-check with the registry/source of truth (npm registry, Maven Central, Gradle Plugin Portal).
    • Group by risk:
      • low: patches/minors, leaf deps
      • medium: build tools/plugins
      • high: framework majors (Spring Boot), runtime bumps (Java/Node)
    • For majors: skim upstream migration notes and list expected breakpoints before editing.
  4. Apply upgrades incrementally
    • Update one group at a time; keep diffs focused.
    • After each group: run tests/build and fix breakages immediately.
    • Use the playbooks in references/ for ecosystem-specific commands.
  5. Validate and document
    • Run the repo's "CI equivalent" commands (tests + build).
    • Document:
      • what changed (versions)
      • why (CVE, compatibility, feature)
      • notable migrations or breaking changes
      • any follow-ups (deprecations, future majors)

Deliverable

Provide:

  • The list of version bumps (old -> new).
  • The commands run and their result (tests/build).
  • Any breaking changes and required code/config migrations.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

vps-checkup

No summary provided by upstream source.

Repository SourceNeeds Review
-43
jmerta
Coding

ui-ux-pro-max

No summary provided by upstream source.

Repository SourceNeeds Review
-39
jmerta
Coding

bug-triage

No summary provided by upstream source.

Repository SourceNeeds Review
-21
jmerta