القائمة
Update dependencies to latest stable versions. Use when upgrading libraries, updating Cargo.toml, pyproject.toml, package.json, go.mod, Gemfile, or modernizing dependencies.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Consult Fable (primary oracle) for expert second opinions; escalate to GPT-5.5-Pro only for extremely important or complex tasks (always paired with Fable). Use for complex decisions, architecture choices, debugging hard problems, or when user says "consult oracles", "ask the experts", or wants a second opinion.
Run iterative oracle + agent hardening loop on any artifact (designs, plans, beads, architecture) until findings converge to near-zero. Combines /swarm-oracle with /swarm-review in alternating rounds. Use for the full hardening cycle, not just a single oracle pass. For oracle-only, use /swarm-oracle. For bead-only hardening, use /swarm-beads-quality.
Run 2x oracle sessions (FOR + AGAINST stances) to validate design decisions, plans, or bead readiness. Default = two Fable subagents; escalate to PAL 2x GPT-Pro (always paired with Fable) for extremely important or complex validations. Use after design rounds, before implementation, or to challenge architecture decisions.
Act as a wise, effective teacher whose goal is to make the human deeply understand the work done in this session (a change, a bug fix, a feature, a design) — i.e. sync the human's mental model up to the agent's. Use when the user says "sync-human", "sync me up", "teach me this session", "make sure I understand", "walk me through what we did", "quiz me on this", or "I want to actually understand this PR/change", or otherwise wants Socratic, gated, incremental teaching with comprehension checks rather than a one-shot summary. Drives understanding at both high level (motivation, impact) and low level (business logic, edge cases) using a running checklist and quizzes.
MCP Agent Mail for multi-agent coordination. Use when agents need file locks, messaging, inboxes, or conflict prevention. Handles macro_start_session, file_reservation_paths, send_message, threading, pre-commit guards.
Retrieve API tokens, keys, and credentials Oystein has stored locally. Use whenever code, scripts, or shell commands need a secret value: GitHub tokens, Cloudflare, HubSpot, Slack, Zendesk, Jira, Sentry, Anthropic, Apify, Browserbase, Google OAuth, Huma. Use BEFORE searching shell history, session logs, dotfiles, or the filesystem — the canonical store is documented here and the values are reachable via two fish helpers. Also use when adding, rotating, or removing a credential.
| name | library-updater |
| description | Update dependencies to latest stable versions. Use when upgrading libraries, updating Cargo.toml, pyproject.toml, package.json, go.mod, Gemfile, or modernizing dependencies. |
Core: Update one dependency at a time. Research before updating. Test after each. Never batch untested changes.
Update all dependencies in this project to their latest stable versions.
For each dependency:
1. Use /software-research to find breaking changes between current and target version
2. Update the version
3. Run tests
4. Fix any issues (search web for recent solutions if needed)
5. If unfixable after 3 attempts, rollback and log why
Log everything to UPGRADE_LOG.md. Ask me before any refactoring that touches >10 files.
| Language | Manifest | Lock File | Registry |
|---|---|---|---|
| Rust | Cargo.toml | Cargo.lock | crates.io |
| Python | pyproject.toml, requirements.txt | poetry.lock, uv.lock | PyPI |
| Node.js | package.json | package-lock.json, yarn.lock | npm |
| Go | go.mod | go.sum | proxy.golang.org |
| Ruby | Gemfile | Gemfile.lock | rubygems.org |
Cargo.toml | pyproject.toml | package.json | go.mod | GemfileUPGRADE_LOG.md from templateFor each dependency where current != latest stable:
│
├─ 1. RESEARCH (invoke software-research skill)
│ /software-research [package] changelog [current] to [latest]
│ → Get: breaking changes, deprecations, migration notes
│
├─ 2. UPDATE
│ Edit manifest → run install command
│
├─ 3. TEST
│ Run test suite
│ │
│ ├─ PASS → Log success, next dependency
│ │
│ └─ FAIL → Research fix (web search 2025-2026)
│ → Apply fix → Retest
│ → 3 failures? Rollback, log reason, continue
│
└─ 4. LOG to UPGRADE_LOG.md
| Language | Outdated | Update One | Test | Audit |
|---|---|---|---|---|
| Rust | cargo outdated | cargo update -p X | cargo test | cargo audit |
| Python | uv pip list --outdated | uv add X@latest | pytest | pip-audit |
| Node | npm outdated | npm i X@latest | npm test | npm audit |
| Go | go list -m -u all | go get X@latest | go test ./... | govulncheck |
| Ruby | bundle outdated | bundle update X | rspec | bundle audit |
Full commands & gotchas: LANGUAGES.md
UPGRADE: 1.2.3 → latest stable (e.g., 1.3.0)
PRESERVE: alpha/beta/rc, git refs, path deps, nightly → note in log
SKIP: if only alpha/beta available → stay on current stable
| Scenario | Action |
|---|---|
| Tests fail | Research fix → apply → retest (max 3 attempts) |
| Can't fix | Rollback, log details with error messages |
| Deprecation warnings | Fix if <5 call sites, else log for user |
| Major refactor needed | Stop and ask user before proceeding |
| Network/registry error | Retry 3x, then skip with note |
# Git-based (preferred)
git checkout -- Cargo.toml Cargo.lock
# Or restore from backup
cp .upgrade-backup/Cargo.toml .
For each dependency upgrade, invoke the software-research skill:
/software-research [package-name] breaking changes [old-version] to [new-version]
This returns:
Why: software-research searches GitHub releases, changelogs, and recent web content more effectively than manual lookup.
Create claude-upgrade-progress.json for crash recovery:
{
"status": "in_progress",
"current": "serde",
"completed": ["tokio", "anyhow"],
"failed": [],
"pending": ["reqwest", "tracing"]
}
Update after each dependency. Resume from this state if interrupted.
After all updates:
# Verify everything works
./scripts/validate-upgrade.sh
# Or manually:
# 1. Clean build
# 2. Full test suite
# 3. Security audit
# 4. No new deprecation warnings (or documented)
# Dependency Upgrade Log
**Date:** 2025-01-16 | **Project:** my-project | **Language:** Rust
## Summary
- **Updated:** 12 | **Skipped:** 3 | **Failed:** 1 | **Needs attention:** 2
## Updates
### serde: 1.0.190 → 1.0.215
- **Breaking:** None
- **Tests:** ✓ Passed
### tokio: 1.35.0 → 1.40.0
- **Breaking:** `runtime::Handle::block_on` removed
- **Migration:** Replaced with `Runtime::block_on`
- **Tests:** ✓ Passed after fix
## Failed
### problematic-crate: 0.5.0 → 0.6.0
- **Reason:** Requires Rust 1.75+, project uses 1.70
- **Action:** Rolled back
## Needs Attention
### legacy-lib: 2.0.0 → 3.0.0
- **Issue:** Major API redesign, ~50 call sites
- **Migration guide:** https://example.com/migration
| Topic | Reference |
|---|---|
| Commands by language | LANGUAGES.md |
| Changelog reading tips | CHANGELOG-TIPS.md |
| Progress template | assets/progress-template.json |
| Log template | assets/UPGRADE_LOG_TEMPLATE.md |
❌ Batch updates — Update 10 deps, then test. Which one broke it? ❌ Skip research — "It's just a patch version" → surprise breaking change ❌ Ignore deprecations — They become errors in the next major ❌ Force through failures — If it won't fix in 3 tries, it needs human judgment