Dependency Upgrade Skill
Plan and execute safe dependency upgrades with breaking change analysis.
Trigger Conditions
- •CVE advisory for a dependency (Critical or High)
- •Dependency is >2 major versions behind
- •User invokes with "upgrade dependency" or "CVE remediation"
Input Contract
- •Required: Dependency to upgrade (name, current version)
- •Required: Target version or "latest"
- •Optional: CVE reference, breaking change tolerance
Output Contract
- •Upgrade plan with breaking change analysis
- •Migration steps for API changes
- •Test plan for verifying the upgrade
- •Rollback procedure
Tool Permissions
- •Read: Lock files, dependency tree, changelogs, CVE databases
- •Write: Lock files, migration scripts
- •Execute: Package manager commands
Execution Steps
- •Identify current version and target version
- •Review changelog for breaking changes between versions
- •Search codebase for affected call sites
- •Create migration plan for breaking changes
- •Update dependency and lock file
- •Run test suite; identify failures
- •Document rollback procedure
Success Criteria
- •All breaking changes identified with migration steps
- •Test suite passes after upgrade
- •Lock file updated and committed
- •No new CVEs introduced
Escalation Rules
- •Escalate if upgrade requires >1 day of migration work
- •Escalate if CVE has active exploitation in the wild
- •Escalate if upgrade has cascading transitive dependency effects
Example Invocations
Input: "Upgrade React from v17 to v18"
Output: Breaking changes: 3 (automatic batching behavior change, new root API, Suspense SSR changes). 12 call sites affected. Migration plan: Phase 1 (createRoot migration, 8 files), Phase 2 (remove ReactDOM.render, test), Phase 3 (opt-in to concurrent features). Estimated effort: 4 hours.