dependency-upgrader

Upgrade dependencies for Java/Kotlin (Gradle/Maven) and TypeScript/Node projects with minimal risk: plan the bump, apply changes incrementally, run tests/builds, and document breaking changes. Use when the user asks to bump deps, update frameworks, or address CVEs.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "dependency-upgrader" with this command: npx skills add nymbo/skills/nymbo-skills-dependency-upgrader

Dependency upgrader

Goal

Safely upgrade dependencies with minimal, reviewable diffs and clear verification.

Inputs to ask for (if missing)

  • Which ecosystem: Gradle/Maven, Node/TypeScript, or both.
  • Scope: one dependency, a set (e.g., Spring Boot), or "everything".
  • Constraints: patch/minor only vs allow majors; time budget; CI requirements.
  • Motivation: CVE fix, feature need, or routine maintenance.
  • Can the agent use web search to confirm latest versions and read migration notes? (If not, rely on registry lookups.)

Workflow (checklist)

  1. Detect the project type and package manager
    • Node: package.json + lock file (pnpm-lock.yaml, package-lock.json, yarn.lock, bun.lock).
    • Gradle: gradlew, build.gradle(.kts), settings.gradle(.kts), gradle/libs.versions.toml.
    • Maven: pom.xml.
  2. Establish a baseline
    • Record current versions (dependency file + lock files).
    • Run the smallest reliable test/build command the repo uses (then expand if needed).
  3. Plan the upgrade
    • Prefer the smallest bump that solves the problem.
    • Choose target versions using up-to-date sources:
      • Use web search (if available) to confirm latest stable versions and skim official release notes/migration guides.
      • Cross-check with the registry/source of truth (npm registry, Maven Central, Gradle Plugin Portal).
    • Group by risk:
      • low: patches/minors, leaf deps
      • medium: build tools/plugins
      • high: framework majors (Spring Boot), runtime bumps (Java/Node)
    • For majors: skim upstream migration notes and list expected breakpoints before editing.
  4. Apply upgrades incrementally
    • Update one group at a time; keep diffs focused.
    • After each group: run tests/build and fix breakages immediately.
    • Use the playbooks in references/ for ecosystem-specific commands.
  5. Validate and document
    • Run the repo's "CI equivalent" commands (tests + build).
    • Document:
      • what changed (versions)
      • why (CVE, compatibility, feature)
      • notable migrations or breaking changes
      • any follow-ups (deprecations, future majors)

Deliverable

Provide:

  • The list of version bumps (old -> new).
  • The commands run and their result (tests/build).
  • Any breaking changes and required code/config migrations.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

music-downloader

No summary provided by upstream source.

Repository SourceNeeds Review
-1.3K
nymbo
General

nano-banana

No summary provided by upstream source.

Repository SourceNeeds Review
-12
nymbo
General

docs-sync

No summary provided by upstream source.

Repository SourceNeeds Review
-11
nymbo