陌讯skills聚合平台

dependency-update

📁 ihkreddy/agent-skills-ts 📅 Today
0
总安装量
1
周安装量
安装命令
npx skills add https://github.com/ihkreddy/agent-skills-ts --skill dependency-update

Agent 安装分布

amp 1
cline 1
opencode 1
cursor 1
continue 1
kimi-cli 1

Skill 文档

Dependency Update Manager

Analyzes project dependencies, identifies outdated or vulnerable packages, and creates organized PRs to update them safely.

🎯 Use Case Demo

Scenario: Monthly Dependency Maintenance

Before (Manual Process):

Developer spends Friday afternoon on dependency updates:

  1. Run dotnet list package --outdated – copy results somewhere
  2. Research each package: breaking changes? security fixes?
  3. Update one by one, hoping nothing breaks
  4. Run tests, find something broke
  5. Debug for 2 hours
  6. Give up on some updates, leave for “later”

Time: 4-6 hours, often incomplete

After (With This Skill):

Developer: “Check for dependency updates and create PRs”

Agent Response:

📦 DEPENDENCY UPDATE REPORT
═══════════════════════════════════════════════════════════════

🔍 Scanned: FlightBookingAPI.csproj
📅 Report Date: December 20, 2024

═══════════════════════════════════════════════════════════════
🚨 SECURITY UPDATES (Critical - Update Immediately)
═══════════════════════════════════════════════════════════════

| Package | Current | Latest | Severity | CVE |
|---------|---------|--------|----------|-----|
| System.Text.Json | 7.0.2 | 7.0.4 | HIGH | CVE-2024-1234 |
| Microsoft.Data.SqlClient | 5.1.0 | 5.1.4 | MEDIUM | CVE-2024-5678 |

✅ Created PR #241: "🚨 Security: Update packages with known vulnerabilities"
   → https://github.com/org/flight-booking/pull/241
   → Labels: security, dependencies, critical

═══════════════════════════════════════════════════════════════
⬆️ MINOR/PATCH UPDATES (Safe to Update)
═══════════════════════════════════════════════════════════════

| Package | Current | Latest | Type | Notes |
|---------|---------|--------|------|-------|
| Swashbuckle.AspNetCore | 6.5.0 | 6.6.2 | Minor | New features |
| FluentValidation | 11.8.0 | 11.9.0 | Minor | Bug fixes |
| Serilog | 3.1.0 | 3.1.1 | Patch | Performance |
| xunit | 2.6.1 | 2.6.4 | Patch | Bug fixes |

✅ Created PR #242: "chore(deps): Update minor/patch dependencies"
   → https://github.com/org/flight-booking/pull/242
   → Labels: dependencies, minor

═══════════════════════════════════════════════════════════════
⚠️ MAJOR UPDATES (Review Required)
═══════════════════════════════════════════════════════════════

| Package | Current | Latest | Breaking Changes |
|---------|---------|--------|------------------|
| AutoMapper | 12.0.1 | 13.0.0 | Yes - Profile changes |
| MediatR | 11.1.0 | 12.2.0 | Yes - New registration |

📝 Created Issue #243: "Evaluate major dependency updates"
   → https://github.com/org/flight-booking/issues/243
   → Contains migration guides and breaking change analysis

═══════════════════════════════════════════════════════════════
✅ UP TO DATE (No Action Needed)
═══════════════════════════════════════════════════════════════

Microsoft.AspNetCore.* packages - Latest
Microsoft.EntityFrameworkCore - 8.0.0 (Latest)

═══════════════════════════════════════════════════════════════
📊 SUMMARY
═══════════════════════════════════════════════════════════════

Total packages: 24
Up to date: 18 (75%)
Security updates: 2 (PR #241 ready)
Minor updates: 4 (PR #242 ready)
Major updates: 2 (Issue #243 for review)

═══════════════════════════════════════════════════════════════

Time Saved: 5 hours → 10 minutes (30x faster, more thorough)

Agent Instructions

When this skill is activated:

  1. Scan Dependencies:

    • For .NET: dotnet list package --outdated
    • For Node.js: npm outdated or yarn outdated
    • For Python: pip list --outdated
    • Parse all project files for dependencies

  2. Check Security Advisories:

    • Query GitHub Advisory Database
    • Check NVD (National Vulnerability Database)
    • Identify CVEs affecting current versions

  3. Categorize Updates:

    • Security: Any package with known CVE
    • Patch: x.y.Z changes (bug fixes)
    • Minor: x.Y.z changes (new features, backward compatible)
    • Major: X.y.z changes (breaking changes)

  4. Research Breaking Changes:

    • For major updates, fetch release notes
    • Identify breaking changes and migration steps
    • Assess impact on codebase

  5. Create Appropriate PRs:

    • Security updates: Single PR, urgent labels
    • Minor/Patch: Combined PR, low priority
    • Major: Create issue with analysis, not PR

  6. Include Context:

    • Link to changelogs in PR description
    • Note any code changes needed
    • Add testing recommendations

Example Prompts

  • “Check for dependency updates”
  • “Are there any security vulnerabilities in our packages?”
  • “Update all minor dependencies”
  • “Create a dependency update report”
  • “What packages need updating?”

Supported Package Managers

Platform Package Manager Security Check
.NET NuGet ✅ GitHub Advisory
Node.js npm/yarn/pnpm ✅ npm audit
Python pip/poetry ✅ safety check
Java Maven/Gradle ✅ OWASP check

Benefits

Metric Before After Improvement
Update time 5 hours 10 min 30x faster
Security coverage Reactive Proactive Prevent breaches
Update frequency Quarterly Weekly Always current
Breaking changes Surprise Documented No surprises
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。