deps-upgrade_skill

This skill upgrades dependencies with breaking change detection, migration planning, and test first verification to protect project stability.
  • Shell

0

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill vdustr/vp-claude-code-marketplace --skill deps-upgrade

  • SKILL.md10.5 KB

Overview

This skill upgrades project dependencies with breaking-change detection, test-first verification, and migration planning. It inspects lockfiles, monorepo layouts, CI and repo conventions, and produces a safe, auditable upgrade plan before making changes. Execution can handle single-package bumps, bulk scans, and bot PRs (Dependabot, Renovate). The workflow emphasizes codemod detection, /tmp verification, and a confidence-indexed migration plan.

How this skill works

It detects the package manager and workspace structure, identifies the upgrade target (user request, bot PR, or outdated scan), and classifies the update risk (lockfile-only, minor, major). It aggregates docs, changelogs, release notes, and code analysis to produce a breaking-changes report and detects related packages and peer deps to co-upgrade. The skill verifies migrations in an isolated /tmp environment or via a three-pass subagent review, then applies changes, runs installs, resolves peer conflicts, and enforces repo conventions before final verification.

When to use it

  • When asked to upgrade dependencies, bump packages, or update a specific package to a version
  • When reviewing or handling Dependabot, Renovate, or GitHub Actions bot PRs
  • When responding to security alerts, CVE notices, or vulnerability patches
  • When checking for outdated dependencies or scanning for available updates
  • When a major version bump may include breaking API changes and needs migration planning

Best practices

  • Check for official codemods and migration scripts before writing custom transforms
  • Run test-first verification in an isolated /tmp workspace when feasible
  • Detect and include related packages and peer dependencies in the plan
  • Follow repository conventions: changesets, conventional commits, CI hooks
  • Always present a confidence-indexed migration plan and get user approval before executing

Example use cases

  • Bump react to v19 while detecting and migrating deprecated APIs and ensuring react-dom compatibility
  • Auto-resolve a Dependabot PR by applying codemods, running tests, and pushing fixes to the PR branch
  • Run a bulk scan to list outdated packages and generate a prioritized upgrade plan with impact estimates
  • Handle a security alert: identify the vulnerable package, verify upgrade in /tmp, and produce a remediation PR
  • Co-upgrade scoped packages and @types packages in a monorepo while preserving workspace references

FAQ

The skill reports progress, shows transformed files, attempts up to three verification iterations, and then presents a failure analysis with remediation options for user decision.

How are peer dependency conflicts handled?

It lists options in priority order: upgrade the conflicting package, abort if no compatible version exists, or use legacy-peer-deps as a last resort with explicit warnings.

Will this change my project files before I approve?

No—changes are planned and verified in /tmp or on a PR branch. The skill always requests user confirmation before making repository changes.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational