تشغيل أي مهارة في Manus بنقرة واحدة

dependency-upgrade

Systematically upgrade project dependencies. Use for Composer, npm, bun, pnpm, yarn, lockfile updates, security updates, Laravel/PHP upgrades, React/JavaScript upgrades, framework bumps, package modernization, or dependency cleanup.

تشغيل في Manus

النجوم٠

التفرعات٠

آخر تحديث٨ يونيو ٢٠٢٦ في ١٥:٣٤

المصدر

MuhammedAlkhudiry

MuhammedAlkhudiry/my-setup

فتح مستودع GitHub عرض مستودعات المنشئ

أمر التثبيت

تنزيل

تشغيل في Manus

مستكشف الملفات

5 ملفات

SKILL.md

readonly

name	dependency-upgrade
description	Systematically upgrade project dependencies. Use for Composer, npm, bun, pnpm, yarn, lockfile updates, security updates, Laravel/PHP upgrades, React/JavaScript upgrades, framework bumps, package modernization, or dependency cleanup.

Dependency Upgrade

Upgrade dependencies with proven coverage, controlled risk, and a clear per-package report.

Workflow

Define the target set: all dependencies, direct dependencies, security-only, framework/runtime, dev tooling, named packages, or another explicit scope.
Inventory manifests, lockfiles, package managers, workspace boundaries, runtime versions, scripts, checks, and related source/test surfaces before changing versions.
Load only the relevant references: references/php-composer.md, references/laravel.md, references/javascript.md, and references/react.md.
Research current official release notes, changelogs, upgrade guides, or advisories for direct dependencies with meaningful behavior changes, especially major upgrades.
Classify each dependency by risk: low-risk tooling, leaf package, transitive/security-only, runtime/framework package, or cross-cutting application package.
Upgrade in small batches with the project's existing package manager and lockfile flow.
Apply small compatibility fixes directly, including renamed imports, option changes, config updates, simple callsite changes, type fixes, and related test updates.
Skip and ask for approval before broad migrations, architecture changes, many-file API rewrites, unclear behavior changes, native rebuilds, or test-suite rewrites.
Run the relevant checks after each risky batch and at the end.
Re-check the inventory so every in-scope dependency is upgraded, intentionally skipped, or still blocked with a reason.

Unused Packages

Search manifests, imports, config, scripts, service providers, tests, build tooling, and runtime integration before calling a package unused.
Remove clearly unused packages with the package manager, update the lockfile, and verify affected checks.
Ask approval before removing packages with unclear dynamic, framework, plugin, or production-only usage.
Report removed, kept, and unclear unused-package candidates with evidence.

Patching

Do not patch dependencies, vendor files, installed dependency directories, generated package output, or lockfile internals as a permanent fix.
Use temporary patches only to diagnose or unblock verification, then remove them before finishing.
Ask approval before keeping temporary patches or adding permanent patches, forks, aliases, Composer patches, patch-package, or monkey patches.
If an upgrade needs a permanent patch to work, skip it and report the approval request with cleaner alternatives.

Report

Create a durable report file before changing versions. Keep it outside source control unless the user asks for a repo doc, share its path early, and update it after each dependency or batch. On resume, read the report before continuing. Final answers must link the report and include the latest status; never substitute a summary for the report. Create an entry for every in-scope dependency, including packages that were not upgraded.

Each dependency entry includes:

Package, ecosystem, old version, new version, upgrade reason, and scan marker: 🩹 patch, ✨ minor, or 🚨 major.
Direct dependency entry, or transitive dependency grouped under its parent package or advisory.
Links used: changelog, release notes, upgrade guide, advisory, docs, or relevant PR/issue.
Notable changes/features explained in plain language, including practical impact, behavior changes, removals, security notes, and why the user should care.
Code/config/test changes made, including touched files when useful.
Checks run and result for that dependency or batch.
Patch status: none, temporary removed, temporary kept with approval, or permanent approved.
Status: upgraded, skipped pending approval, blocked, or unchanged with reason.

المزيد من هذا المستودع

نفس المستودع

bug-learning

MuhammedAlkhudiry/my-setup

Use after fixing or investigating a hard-earned bug that took significant debugging, crossed multiple files or systems, had misleading symptoms, or revealed durable system behavior worth preserving in docs/knowledge/learnings.

2026-06-080

project-knowledge

MuhammedAlkhudiry/my-setup

Use when answering questions about a project feature, documenting existing functionality, investigating product behavior, or maintaining docs/knowledge feature packs, glossary terms, aliases, key files, and feature history.

2026-06-080

workshop

MuhammedAlkhudiry/my-setup

Stress-test and challenge ideas before building. Use when the user wants to think through code architecture, UX/UI, or product direction before implementation.

2026-06-080

product-strategy

MuhammedAlkhudiry/my-setup

Find high-leverage product opportunities. Use when the user wants product strategy, asks what would make something 10x better, or wants to decide what to build next.

2026-06-080

check-and-fix

MuhammedAlkhudiry/my-setup

Run project checks from repo-root `CHECKLIST.md` and fix task-related failures, including skipped tests. Use when the user asks to run checks, lint and fix, or verify code quality.

2026-06-080

planning

MuhammedAlkhudiry/my-setup

Create, review, refine, or execute conversational plans before implementation. Use when the user asks for a plan, implementation plan, roadmap, task breakdown, sequence, scope, phases, or multi-step work. For uncertain architecture, product, UX, or pre-implementation direction, apply the workshop skill first.

2026-06-080

Dependency Upgrade

Upgrade dependencies with proven coverage, controlled risk, and a clear per-package report.

Workflow

Define the target set: all dependencies, direct dependencies, security-only, framework/runtime, dev tooling, named packages, or another explicit scope.

Inventory manifests, lockfiles, package managers, workspace boundaries, runtime versions, scripts, checks, and related source/test surfaces before changing versions.

Load only the relevant references: references/php-composer.md, references/laravel.md, references/javascript.md, and references/react.md.

Research current official release notes, changelogs, upgrade guides, or advisories for direct dependencies with meaningful behavior changes, especially major upgrades.

Classify each dependency by risk: low-risk tooling, leaf package, transitive/security-only, runtime/framework package, or cross-cutting application package.

Upgrade in small batches with the project's existing package manager and lockfile flow.

Apply small compatibility fixes directly, including renamed imports, option changes, config updates, simple callsite changes, type fixes, and related test updates.

Skip and ask for approval before broad migrations, architecture changes, many-file API rewrites, unclear behavior changes, native rebuilds, or test-suite rewrites.

Run the relevant checks after each risky batch and at the end.

Re-check the inventory so every in-scope dependency is upgraded, intentionally skipped, or still blocked with a reason.

Unused Packages

Search manifests, imports, config, scripts, service providers, tests, build tooling, and runtime integration before calling a package unused.

Remove clearly unused packages with the package manager, update the lockfile, and verify affected checks.

Ask approval before removing packages with unclear dynamic, framework, plugin, or production-only usage.

Report removed, kept, and unclear unused-package candidates with evidence.

Patching

Do not patch dependencies, vendor files, installed dependency directories, generated package output, or lockfile internals as a permanent fix.

Use temporary patches only to diagnose or unblock verification, then remove them before finishing.

Ask approval before keeping temporary patches or adding permanent patches, forks, aliases, Composer patches, patch-package, or monkey patches.

If an upgrade needs a permanent patch to work, skip it and report the approval request with cleaner alternatives.

Report

Each dependency entry includes:

Package, ecosystem, old version, new version, upgrade reason, and scan marker: 🩹 patch, ✨ minor, or 🚨 major.

Direct dependency entry, or transitive dependency grouped under its parent package or advisory.

Links used: changelog, release notes, upgrade guide, advisory, docs, or relevant PR/issue.

Notable changes/features explained in plain language, including practical impact, behavior changes, removals, security notes, and why the user should care.

Code/config/test changes made, including touched files when useful.

Checks run and result for that dependency or batch.

Patch status: none, temporary removed, temporary kept with approval, or permanent approved.

Status: upgraded, skipped pending approval, blocked, or unchanged with reason.