Agent-Skills.md

Agent Skills: Dependency Update Manager

Check for outdated packages and create update PRs

UncategorizedID: IHKREDDY/agent-skills-ts/dependency-update

Repository

IHKREDDY/agent-skills-ts
IHKREDDY

Install this agent skill to your local

pnpm dlx add-skill https://github.com/IHKREDDY/agent-skills-ts/tree/HEAD/skills/dependency-update

Skill Files

Browse the full folder contents for dependency-update.

Download Skill

Loading file tree…

skills/dependency-update/SKILL.md

Skill Metadata

Name
dependency-update
Description
Check for outdated packages and create update PRs

Dependency Update Manager

Analyzes project dependencies, identifies outdated or vulnerable packages, and creates organized PRs to update them safely.

🎯 Use Case Demo

Scenario: Monthly Dependency Maintenance

Before (Manual Process):

Developer spends Friday afternoon on dependency updates:

  1. Run dotnet list package --outdated - copy results somewhere
  2. Research each package: breaking changes? security fixes?
  3. Update one by one, hoping nothing breaks
  4. Run tests, find something broke
  5. Debug for 2 hours
  6. Give up on some updates, leave for "later"

Time: 4-6 hours, often incomplete

After (With This Skill):

Developer: "Check for dependency updates and create PRs"

Agent Response:

πŸ“¦ DEPENDENCY UPDATE REPORT
═══════════════════════════════════════════════════════════════

πŸ” Scanned: FlightBookingAPI.csproj
πŸ“… Report Date: December 20, 2024

═══════════════════════════════════════════════════════════════
🚨 SECURITY UPDATES (Critical - Update Immediately)
═══════════════════════════════════════════════════════════════

| Package | Current | Latest | Severity | CVE |
|---------|---------|--------|----------|-----|
| System.Text.Json | 7.0.2 | 7.0.4 | HIGH | CVE-2024-1234 |
| Microsoft.Data.SqlClient | 5.1.0 | 5.1.4 | MEDIUM | CVE-2024-5678 |

βœ… Created PR #241: "🚨 Security: Update packages with known vulnerabilities"
   β†’ https://github.com/org/flight-booking/pull/241
   β†’ Labels: security, dependencies, critical

═══════════════════════════════════════════════════════════════
⬆️ MINOR/PATCH UPDATES (Safe to Update)
═══════════════════════════════════════════════════════════════

| Package | Current | Latest | Type | Notes |
|---------|---------|--------|------|-------|
| Swashbuckle.AspNetCore | 6.5.0 | 6.6.2 | Minor | New features |
| FluentValidation | 11.8.0 | 11.9.0 | Minor | Bug fixes |
| Serilog | 3.1.0 | 3.1.1 | Patch | Performance |
| xunit | 2.6.1 | 2.6.4 | Patch | Bug fixes |

βœ… Created PR #242: "chore(deps): Update minor/patch dependencies"
   β†’ https://github.com/org/flight-booking/pull/242
   β†’ Labels: dependencies, minor

═══════════════════════════════════════════════════════════════
⚠️ MAJOR UPDATES (Review Required)
═══════════════════════════════════════════════════════════════

| Package | Current | Latest | Breaking Changes |
|---------|---------|--------|------------------|
| AutoMapper | 12.0.1 | 13.0.0 | Yes - Profile changes |
| MediatR | 11.1.0 | 12.2.0 | Yes - New registration |

πŸ“ Created Issue #243: "Evaluate major dependency updates"
   β†’ https://github.com/org/flight-booking/issues/243
   β†’ Contains migration guides and breaking change analysis

═══════════════════════════════════════════════════════════════
βœ… UP TO DATE (No Action Needed)
═══════════════════════════════════════════════════════════════

Microsoft.AspNetCore.* packages - Latest
Microsoft.EntityFrameworkCore - 8.0.0 (Latest)

═══════════════════════════════════════════════════════════════
πŸ“Š SUMMARY
═══════════════════════════════════════════════════════════════

Total packages: 24
Up to date: 18 (75%)
Security updates: 2 (PR #241 ready)
Minor updates: 4 (PR #242 ready)
Major updates: 2 (Issue #243 for review)

═══════════════════════════════════════════════════════════════

Time Saved: 5 hours β†’ 10 minutes (30x faster, more thorough)

Agent Instructions

When this skill is activated:

  1. Scan Dependencies:

    • For .NET: dotnet list package --outdated
    • For Node.js: npm outdated or yarn outdated
    • For Python: pip list --outdated
    • Parse all project files for dependencies

  2. Check Security Advisories:

    • Query GitHub Advisory Database
    • Check NVD (National Vulnerability Database)
    • Identify CVEs affecting current versions

  3. Categorize Updates:

    • Security: Any package with known CVE
    • Patch: x.y.Z changes (bug fixes)
    • Minor: x.Y.z changes (new features, backward compatible)
    • Major: X.y.z changes (breaking changes)

  4. Research Breaking Changes:

    • For major updates, fetch release notes
    • Identify breaking changes and migration steps
    • Assess impact on codebase

  5. Create Appropriate PRs:

    • Security updates: Single PR, urgent labels
    • Minor/Patch: Combined PR, low priority
    • Major: Create issue with analysis, not PR

  6. Include Context:

    • Link to changelogs in PR description
    • Note any code changes needed
    • Add testing recommendations

Example Prompts

  • "Check for dependency updates"
  • "Are there any security vulnerabilities in our packages?"
  • "Update all minor dependencies"
  • "Create a dependency update report"
  • "What packages need updating?"

Supported Package Managers

| Platform | Package Manager | Security Check | |----------|-----------------|----------------| | .NET | NuGet | βœ… GitHub Advisory | | Node.js | npm/yarn/pnpm | βœ… npm audit | | Python | pip/poetry | βœ… safety check | | Java | Maven/Gradle | βœ… OWASP check |

Benefits

| Metric | Before | After | Improvement | |--------|--------|-------|-------------| | Update time | 5 hours | 10 min | 30x faster | | Security coverage | Reactive | Proactive | Prevent breaches | | Update frequency | Quarterly | Weekly | Always current | | Breaking changes | Surprise | Documented | No surprises |