Jeden Skill in Manus ausführen
mit einem Klick

Jeden Skill in Manus mit einem Klick ausführen

upgrade-dependency

Plans safe dependency upgrades via researched paths and risk gates. Use when upgrading a package/module, remediating a vulnerable dependency, reviewing breaking changes, or creating an upgrade issue/PR.

In Manus ausführen

Überblick

Installationsbefehl

npx skills add https://github.com/malinskibeniamin/skills --skill upgrade-dependency

Kopieren Sie diesen Befehl und fügen Sie ihn in Claude Code ein, um den Skill zu installieren

Quelle

malinskibeniamin/skills

Sterne3

Forks1

Aktualisiert2. Juni 2026 um 10:44

Datei-Explorer

2 Dateien

SKILL.md

readonly

name	upgrade-dependency
description	Plans safe dependency upgrades via researched paths and risk gates. Use when upgrading a package/module, remediating a vulnerable dependency, reviewing breaking changes, or creating an upgrade issue/PR.

Upgrade Dependency

Goal: dependency current -> target/latest stable. Path first. Safe -> apply. Risky -> report + issue + stop.

Input: $ARGUMENTS = package/module, repo/manifest path, target version, natural language.

Flow

Scope: detect package.json, bun.lock, yarn.lock, go.mod, go.sum, workspaces. Map target/direct/transitive/parents/dependents/peers/plugins/adapters/runtime entrypoints. Ask only if ambiguous.
Path: per installed -> target hop, inspect tags, changelog/notes, migration/codemod docs, blogs. Verify SemVer behavior; classify patch/minor/major. Non-SemVer/weak notes -> score volume, cadence, diff, API churn, effort, blast. Include moving peers/plugins/adapters. Check Snyk/GHSA/OSV/Socket/vendor/CVE. Pick latest stable, not blind latest; use supported patterns. Write docs/dependency-upgrades/<package>-<from>-to-<target>.md via REFERENCE.md.
Gate: safe = patch/minor + high SemVer confidence + clear changelog + peers OK + low security uncertainty. Risky = major/non-SemVer/missing changelog/unclear migration/high effort/blast/peer risk/security uncertainty. Plan-only -> report/issue only. Snyk/vuln -> apply safe remediation, issue risky. Risky major needs report/issue before user approval. Many dependencies -> subagents one report each; main merges gates; apply only independent safe paths.
Apply: supply-chain preflight = release age 7-30d, disable scripts or review trustedDependencies, block git/tarball/raw URL, Socket/npq if present, lockfile review, clean/frozen install. Incremental; one commit per major; batch patch/minor only low risk.

JS/Bun: bun update <pkg>@<version> -> bun install -> bun install --yarn when yarn.lock exists/Snyk needs it -> bun run lint:fix -> bun run type:check -> bun test.

Go: go get -u <module>@<version> -> go mod tidy -> go build ./... -> go test ./... -> go vet ./....

Update related packages. Never hand-edit lockfiles/go.sum.

Security: preserve exploitability/reachability. Prefer direct/top-level bump -> parent bump -> override/resolution/replace. Never run advisory code. Document fixed versions/advisory ids/reachable symbols/residual risk.
Output: risky -> GitHub issue; safe -> PR. Use REFERENCE.md / REFERENCE.md.

Examples

react latest: build hop report; patch/minor safe -> apply; major/migration risk -> issue.
go.opentelemetry.io/otel@<version>: research hops; go get path; run build/test/vet.
Snyk alert: preserve advisory/reachability; prefer direct bump before override.

Rules

Path before edits. Changelog mandatory for major/non-SemVer. Record risk. Escalate before deferring reachable security fix. JS/Go first-class; same gate elsewhere.

Mehr aus diesem Repository

gleiches Repository

aip

malinskibeniamin/skills

Designs resource-oriented protobuf APIs using Google AIP rules plus proven control-plane/public API patterns. Use when adding or changing a resource message, standard-method RPC, name versus {resource}_id choice, parent wiring, CRUD/LRO shape, pagination, filtering, FieldMask, etag, or singleton resources.

2026-06-023

prime

malinskibeniamin/skills

Builds repo startup brief. Use when start/resume, post-compaction, new chat, or /prime.

2026-06-023

snyk-ux-security

malinskibeniamin/skills

Sequential Snyk sweep across UX/frontend + Go backend + Bazel codebases. Paths as args (globs ok) or one pasted Snyk vulnerability. Per path: worktree + branch + subagent, snyk test plus existing-project-only monitor, ecosystem detect (package.json -> bun audit; go.mod -> govulncheck; MODULE.bazel or bazel/repositories.bzl -> Bazel track), exploitability triage first, then direct dep bump, parent dep bump, overrides/resolutions/replace last. Reuse existing Snyk projects/resources only; never create projects/apps/targets during audits. Pin React 18. Regen yarn.lock + bun.lock; go mod tidy; bazel mod deps --lockfile_mode=update. Open PR. Never defers real vulns. Use when user asks for Snyk audit, UX security sweep, frontend/Go/Bazel dep security review, govulncheck sweep, CVE sweep.

2026-06-023

development-lifecycle

malinskibeniamin/skills

Use when doing frontend/React/TypeScript/UI work. Auto-guides phase: understand -> plan -> grill -> implement (TDD) -> /go (4->4b review->5->5b->6). One skill, full lifecycle. Alias: /work.

2026-06-023

malinskibeniamin/skills

Ship what built. Run verify -> self-review -> simplify -> commit-push-pr -> monitor CI -> fix -> done. Use when implementation done, ready to launch.

2026-06-023

resilience-review

malinskibeniamin/skills

Resilience Review checks resilience. Use when edge cases, errors, fallback, async/data, state, or polish matter.

2026-06-023

Quelle

malinskibeniamin

malinskibeniamin/skills

GitHub-Repository öffnen Creator-Repositorys ansehen

Installationsbefehl

Download

In Manus ausführen

Nützlich fürSOC

SoftwareentwicklerInformatik- und Mathematikberufe15-1252L4

name	upgrade-dependency
description	Plans safe dependency upgrades via researched paths and risk gates. Use when upgrading a package/module, remediating a vulnerable dependency, reviewing breaking changes, or creating an upgrade issue/PR.

Upgrade Dependency

Goal: dependency current -> target/latest stable. Path first. Safe -> apply. Risky -> report + issue + stop.

Input: $ARGUMENTS = package/module, repo/manifest path, target version, natural language.

Flow

Scope: detect package.json, bun.lock, yarn.lock, go.mod, go.sum, workspaces. Map target/direct/transitive/parents/dependents/peers/plugins/adapters/runtime entrypoints. Ask only if ambiguous.
Path: per installed -> target hop, inspect tags, changelog/notes, migration/codemod docs, blogs. Verify SemVer behavior; classify patch/minor/major. Non-SemVer/weak notes -> score volume, cadence, diff, API churn, effort, blast. Include moving peers/plugins/adapters. Check Snyk/GHSA/OSV/Socket/vendor/CVE. Pick latest stable, not blind latest; use supported patterns. Write docs/dependency-upgrades/<package>-<from>-to-<target>.md via REFERENCE.md.
Gate: safe = patch/minor + high SemVer confidence + clear changelog + peers OK + low security uncertainty. Risky = major/non-SemVer/missing changelog/unclear migration/high effort/blast/peer risk/security uncertainty. Plan-only -> report/issue only. Snyk/vuln -> apply safe remediation, issue risky. Risky major needs report/issue before user approval. Many dependencies -> subagents one report each; main merges gates; apply only independent safe paths.
Apply: supply-chain preflight = release age 7-30d, disable scripts or review trustedDependencies, block git/tarball/raw URL, Socket/npq if present, lockfile review, clean/frozen install. Incremental; one commit per major; batch patch/minor only low risk.

JS/Bun: bun update <pkg>@<version> -> bun install -> bun install --yarn when yarn.lock exists/Snyk needs it -> bun run lint:fix -> bun run type:check -> bun test.

Go: go get -u <module>@<version> -> go mod tidy -> go build ./... -> go test ./... -> go vet ./....

Update related packages. Never hand-edit lockfiles/go.sum.

Security: preserve exploitability/reachability. Prefer direct/top-level bump -> parent bump -> override/resolution/replace. Never run advisory code. Document fixed versions/advisory ids/reachable symbols/residual risk.
Output: risky -> GitHub issue; safe -> PR. Use REFERENCE.md / REFERENCE.md.

Examples

react latest: build hop report; patch/minor safe -> apply; major/migration risk -> issue.
go.opentelemetry.io/otel@<version>: research hops; go get path; run build/test/vet.
Snyk alert: preserve advisory/reachability; prefer direct bump before override.

Rules

Path before edits. Changelog mandatory for major/non-SemVer. Record risk. Escalate before deferring reachable security fix. JS/Go first-class; same gate elsewhere.