陌讯skills聚合平台

dependency-upgrader

📁 nymbo/skills 📅 Jan 25, 2026
8
总安装量
8
周安装量
#35670
全站排名
安装命令
npx skills add https://github.com/nymbo/skills --skill dependency-upgrader

Agent 安装分布

codex 5
gemini-cli 4
opencode 4
amp 3
claude-code 3
github-copilot 3

Skill 文档

Dependency upgrader

Goal

Safely upgrade dependencies with minimal, reviewable diffs and clear verification.

Inputs to ask for (if missing)

  • Which ecosystem: Gradle/Maven, Node/TypeScript, or both.
  • Scope: one dependency, a set (e.g., Spring Boot), or “everything”.
  • Constraints: patch/minor only vs allow majors; time budget; CI requirements.
  • Motivation: CVE fix, feature need, or routine maintenance.
  • Can the agent use web search to confirm latest versions and read migration notes? (If not, rely on registry lookups.)

Workflow (checklist)

  1. Detect the project type and package manager
    • Node: package.json + lock file (pnpm-lock.yaml, package-lock.json, yarn.lock, bun.lock).
    • Gradle: gradlew, build.gradle(.kts), settings.gradle(.kts), gradle/libs.versions.toml.
    • Maven: pom.xml.
  2. Establish a baseline
    • Record current versions (dependency file + lock files).
    • Run the smallest reliable test/build command the repo uses (then expand if needed).
  3. Plan the upgrade
    • Prefer the smallest bump that solves the problem.
    • Choose target versions using up-to-date sources:
      • Use web search (if available) to confirm latest stable versions and skim official release notes/migration guides.
      • Cross-check with the registry/source of truth (npm registry, Maven Central, Gradle Plugin Portal).
    • Group by risk:
      • low: patches/minors, leaf deps
      • medium: build tools/plugins
      • high: framework majors (Spring Boot), runtime bumps (Java/Node)
    • For majors: skim upstream migration notes and list expected breakpoints before editing.
  4. Apply upgrades incrementally
    • Update one group at a time; keep diffs focused.
    • After each group: run tests/build and fix breakages immediately.
    • Use the playbooks in references/ for ecosystem-specific commands.
  5. Validate and document
    • Run the repo’s “CI equivalent” commands (tests + build).
    • Document:
      • what changed (versions)
      • why (CVE, compatibility, feature)
      • notable migrations or breaking changes
      • any follow-ups (deprecations, future majors)

Deliverable

Provide:

  • The list of version bumps (old -> new).
  • The commands run and their result (tests/build).
  • Any breaking changes and required code/config migrations.
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。