Dependency Updater
When to Trigger
- •Weekly/scheduled check
- •"Update dependencies"
- •Security vulnerability reported
What to Do
- •Check: npm outdated / yarn outdated / similar; check security advisories (npm audit).
- •Categorize:
- •Safe: Patch updates, no breaking changes; can auto-apply.
- •Requires testing: Minor updates; note changelog and migration.
- •Breaking: Major updates; list impact and affected files; recommend dedicated upgrade.
- •Security: Mark urgent; recommend immediate update and test.
- •Report: Table or list with package, current → target, risk, action.
- •Apply: Only auto-apply after user confirms; run tests after updates.
Suggest locking transitive deps or using overrides only when necessary and documented.