Agent skill
dependency-upgrader
Upgrade dependencies for Java/Kotlin (Gradle/Maven) and TypeScript/Node projects with minimal risk: plan the bump, apply changes incrementally, run tests/builds, and document breaking changes. Use when the user asks to bump deps, update frameworks, or address CVEs.
Install this agent skill to your Project
npx add-skill https://github.com/jMerta/codex-skills/tree/main/dependency-upgrader
SKILL.md
Dependency upgrader
Goal
Safely upgrade dependencies with minimal, reviewable diffs and clear verification.
Inputs to ask for (if missing)
- Which ecosystem: Gradle/Maven, Node/TypeScript, or both.
- Scope: one dependency, a set (e.g., Spring Boot), or "everything".
- Constraints: patch/minor only vs allow majors; time budget; CI requirements.
- Motivation: CVE fix, feature need, or routine maintenance.
- Can the agent use web search to confirm latest versions and read migration notes? (If not, rely on registry lookups.)
Workflow (checklist)
- Detect the project type and package manager
- Node:
package.json+ lock file (pnpm-lock.yaml,package-lock.json,yarn.lock,bun.lock). - Gradle:
gradlew,build.gradle(.kts),settings.gradle(.kts),gradle/libs.versions.toml. - Maven:
pom.xml. - If the required package manager or build tool is missing (npm/pnpm/yarn/bun, Gradle, Maven), tell the user and ask whether to install it or proceed with a manual edit-only upgrade.
- Node:
- Establish a baseline
- Record current versions (dependency file + lock files).
- Run the smallest reliable test/build command the repo uses (then expand if needed).
- Plan the upgrade
- Prefer the smallest bump that solves the problem.
- Choose target versions using up-to-date sources:
- Use web search (if available) to confirm latest stable versions and skim official release notes/migration guides.
- Cross-check with the registry/source of truth (npm registry, Maven Central, Gradle Plugin Portal).
- Group by risk:
- low: patches/minors, leaf deps
- medium: build tools/plugins
- high: framework majors (Spring Boot), runtime bumps (Java/Node)
- For majors: skim upstream migration notes and list expected breakpoints before editing.
- Apply upgrades incrementally
- Update one group at a time; keep diffs focused.
- After each group: run tests/build and fix breakages immediately.
- Use the playbooks in
references/for ecosystem-specific commands.
- Validate and document
- Run the repo's "CI equivalent" commands (tests + build).
- Document:
- what changed (versions)
- why (CVE, compatibility, feature)
- notable migrations or breaking changes
- any follow-ups (deprecations, future majors)
Deliverable
Provide:
- The list of version bumps (old -> new).
- The commands run and their result (tests/build).
- Any breaking changes and required code/config migrations.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
vps-checkup
SSH into an Ubuntu VPS (Docker) for a read-only health/security/update report (UFW + fail2ban) and propose fixes; apply updates/restarts only with explicit confirmation. Use when the user wants a read-only VPS health/security check.
ci-fix
Fix GitHub Actions CI failures using GitHub CLI (gh): inspect runs/logs, identify root cause, patch workflows/code, rerun jobs, and summarize verification. Use when GitHub Actions CI is failing or needs diagnosis.
plan-work
Plan work before coding: do repo research, analyze options/risks, and ask clarifying questions before proposing an implementation plan. Use when the user asks for a plan, design/approach, scope breakdown, or implementation steps.
coding-guidelines-gen
Generate nested AGENTS.md coding guidelines per module (monorepo-aware), detect languages/tooling, ask architecture preferences, and set up missing formatters/linters (Spotless for JVM). Use when the user wants module-scoped AGENTS.md coding guidelines or to set up missing formatters/linters.
ui-ux-pro-max
Use when designing, building, or refining frontend UI/UX: layouts, components, visual systems, typography, color, and UX patterns for websites, landing pages, dashboards, and product interfaces. Provides searchable styles, palettes, font pairings, charts, and stack best practices (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind).
regex-builder
Build, test, and explain regular expressions against sample text or files using CLI tools (rg, python) and specific regex flavors. Use when asked to craft, debug, or validate regexes or search patterns.
Didn't find tool you were looking for?