Execute qualquer Skill no Manus
com um clique

Execute qualquer Skill no Manus com um clique

$pwd:

dependabot-tooling-downgrade

Name: Dependabot Tooling Downgrade
Author: sbroenne

// Use a validated tooling downgrade when Dependabot flags an unpatchable transitive vulnerability in build-only dependencies.

Executar no Manus

$ git log --oneline --stat

stars:172

forks:32

updated:26 de abril de 2026 às 13:34

SKILL.md

readonly

name	dependabot-tooling-downgrade
description	Use a validated tooling downgrade when Dependabot flags an unpatchable transitive vulnerability in build-only dependencies.
domain	dependency-management
confidence	medium
source	earned

Context

Use this when a Dependabot or npm audit failure comes from a dev-only packaging/build tool and the current major line has no viable patched transitive path.

Patterns

Confirm the failing dependency chain from the Dependabot or audit logs before changing anything.
Check whether Dependabot's suggested replacement version actually removes the vulnerable transitive stack.
Prefer a real dependency change over ignoring the alert when the downgraded tool still supports the repo's required workflow.
Validate the exact release command after the change, not just npm install or npm audit.
Keep the fix surgical: update the dependency, refresh the lockfile, and verify the packaging path.

Examples

vscode-extension moved from @vscode/vsce ^3.7.1 to ^2.25.0 after Dependabot showed the 3.x line was stuck on @azure/msal-node -> uuid@^8.3.0; npm audit and npm run package both passed afterward.
2026-04-26 revalidation: even after a repo-wide "upgrade to latest" sweep, @vscode/vsce 3.9.1 still reopened the same vulnerable @azure/identity -> @azure/msal-node -> uuid chain. The correct move was to keep ^2.25.0, refresh the lockfile, and prove npm audit plus npm run package still passed.

Anti-Patterns

Ignoring the alert before proving there is no workable package-level fix.
Assuming the latest version is always the safest path.
Validating only with npm audit while skipping the real release/package command.

related-skills.json

mesmo repositório

excel-cli.md

from "sbroenne/mcp-server-excel"

Excel CLI automation skill for Windows workbooks. Use when a coding agent needs token-efficient, scriptable, or unattended Excel automation via excelcli commands. Best for CI/CD, scheduled jobs, batch processing, PowerShell workflows, and bulk workbook edits. Supports Power Query, DAX, PivotTables, Tables, Ranges, Charts, VBA, Data Models, screenshots, and formatting. Triggers: excelcli, Excel CLI, command line, batch, script, automation, CI/CD, scheduled, PowerShell, unattended, coding agent, workbook processing.

2026-05-27172

excel-mcp.md

from "sbroenne/mcp-server-excel"

Excel MCP Server skill for Windows workbook automation. Use when an assistant needs rich MCP tools to create, inspect, modify, format, or analyze Excel files. Supports Power Query (M), Data Model/DAX, PivotTables, Tables, Ranges, Charts, Slicers, formatting, screenshots, VBA macros, connections, and calculation mode. Triggers: Excel, spreadsheet, workbook, xlsx, xlsm, Power Query, DAX, PivotTable, chart, dashboard, VBA, MCP.

2026-05-21172

skill-name.md

from "sbroenne/mcp-server-excel"

{what this skill teaches agents}

2026-05-13172

skill-name.md

from "sbroenne/mcp-server-excel"

{what this skill teaches agents}

2026-04-29172

plugin-build-smoke-regression.md

from "sbroenne/mcp-server-excel"

Catch packaging-script regressions by asserting the real script exit path and current overlay surface.

2026-04-27172

mcp-schema-enum-regression.md

from "sbroenne/mcp-server-excel"

Keep generated MCP schemas strict-client compatible by avoiding nullable enum signatures.

2026-04-26172

package.json

"author": "sbroenne"

"repository": "sbroenne/mcp-server-excel"

Abrir repositório GitHub Ver repositórios do creator

$ install --global

$ download --local

Executar no Manus

$ useful --forSOC

Desenvolvedores de softwareInformática e Matemática15-1252L4

name	dependabot-tooling-downgrade
description	Use a validated tooling downgrade when Dependabot flags an unpatchable transitive vulnerability in build-only dependencies.
domain	dependency-management
confidence	medium
source	earned

Context

Use this when a Dependabot or npm audit failure comes from a dev-only packaging/build tool and the current major line has no viable patched transitive path.

Patterns

Confirm the failing dependency chain from the Dependabot or audit logs before changing anything.
Check whether Dependabot's suggested replacement version actually removes the vulnerable transitive stack.
Prefer a real dependency change over ignoring the alert when the downgraded tool still supports the repo's required workflow.
Validate the exact release command after the change, not just npm install or npm audit.
Keep the fix surgical: update the dependency, refresh the lockfile, and verify the packaging path.

Examples

vscode-extension moved from @vscode/vsce ^3.7.1 to ^2.25.0 after Dependabot showed the 3.x line was stuck on @azure/msal-node -> uuid@^8.3.0; npm audit and npm run package both passed afterward.
2026-04-26 revalidation: even after a repo-wide "upgrade to latest" sweep, @vscode/vsce 3.9.1 still reopened the same vulnerable @azure/identity -> @azure/msal-node -> uuid chain. The correct move was to keep ^2.25.0, refresh the lockfile, and prove npm audit plus npm run package still passed.

Anti-Patterns

Ignoring the alert before proving there is no workable package-level fix.
Assuming the latest version is always the safest path.
Validating only with npm audit while skipping the real release/package command.

dependabot-tooling-downgrade

Context

Patterns

Examples

Anti-Patterns

Mais deste repositório

Mais deste repositório

Context

Patterns

Examples

Anti-Patterns