AgentSkillsCN

Dependency Upgrade

制定并执行安全的依赖升级方案,同时开展破坏性变更分析。

SKILL.md
--- frontmatter
name: Dependency Upgrade
description: Plan and execute safe dependency upgrades with breaking change analysis
category: development
version: 1.0.0
triggers:
  - cve-alert
  - major-version-behind
  - deprecation-notice
globs: "**/requirements*.txt,**/package.json,**/go.mod"

Dependency Upgrade Skill

Plan and execute safe dependency upgrades with breaking change analysis.

Trigger Conditions

  • CVE advisory for a dependency (Critical or High)
  • Dependency is >2 major versions behind
  • User invokes with "upgrade dependency" or "CVE remediation"

Input Contract

  • Required: Dependency to upgrade (name, current version)
  • Required: Target version or "latest"
  • Optional: CVE reference, breaking change tolerance

Output Contract

  • Upgrade plan with breaking change analysis
  • Migration steps for API changes
  • Test plan for verifying the upgrade
  • Rollback procedure

Tool Permissions

  • Read: Lock files, dependency tree, changelogs, CVE databases
  • Write: Lock files, migration scripts
  • Execute: Package manager commands

Execution Steps

  1. Identify current version and target version
  2. Review changelog for breaking changes between versions
  3. Search codebase for affected call sites
  4. Create migration plan for breaking changes
  5. Update dependency and lock file
  6. Run test suite; identify failures
  7. Document rollback procedure

Success Criteria

  • All breaking changes identified with migration steps
  • Test suite passes after upgrade
  • Lock file updated and committed
  • No new CVEs introduced

Escalation Rules

  • Escalate if upgrade requires >1 day of migration work
  • Escalate if CVE has active exploitation in the wild
  • Escalate if upgrade has cascading transitive dependency effects

Example Invocations

Input: "Upgrade React from v17 to v18"

Output: Breaking changes: 3 (automatic batching behavior change, new root API, Suspense SSR changes). 12 call sites affected. Migration plan: Phase 1 (createRoot migration, 8 files), Phase 2 (remove ReactDOM.render, test), Phase 3 (opt-in to concurrent features). Estimated effort: 4 hours.