OpenSkillIndex← back to search
claude-codeautomation

Claude-skill-registry dependency-upgrader

Upgrade dependencies for Java/Kotlin (Gradle/Maven) and TypeScript/Node projects with minimal risk: plan the bump, apply changes incrementally, run tests/builds, and document breaking changes. Use when the user asks to bump deps, update frameworks, or address CVEs.

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/dependency-upgrader" ~/.claude/skills/majiayu000-claude-skill-registry-dependency-upgrader && rm -rf "$T"
manifest: skills/data/dependency-upgrader/SKILL.md
tags
#dependency-management#gradle#maven#typescript#node#automation
source content

Dependency upgrader

Goal

Safely upgrade dependencies with minimal, reviewable diffs and clear verification.

Inputs to ask for (if missing)

  • Which ecosystem: Gradle/Maven, Node/TypeScript, or both.
  • Scope: one dependency, a set (e.g., Spring Boot), or "everything".
  • Constraints: patch/minor only vs allow majors; time budget; CI requirements.
  • Motivation: CVE fix, feature need, or routine maintenance.
  • Can the agent use web search to confirm latest versions and read migration notes? (If not, rely on registry lookups.)

Workflow (checklist)

  1. Detect the project type and package manager
    • Node: 
      package.json
      + lock file (
      pnpm-lock.yaml
      , 
      package-lock.json
      , 
      yarn.lock
      , 
      bun.lock
      ).
    • Gradle: 
      gradlew
      , 
      build.gradle(.kts)
      , 
      settings.gradle(.kts)
      , 
      gradle/libs.versions.toml
      .
    • Maven: 
      pom.xml
      .
    • If the required package manager or build tool is missing (npm/pnpm/yarn/bun, Gradle, Maven), tell the user and ask whether to install it or proceed with a manual edit-only upgrade.
  2. Establish a baseline
    • Record current versions (dependency file + lock files).
    • Run the smallest reliable test/build command the repo uses (then expand if needed).
  3. Plan the upgrade
    • Prefer the smallest bump that solves the problem.
    • Choose target versions using up-to-date sources:
      • Use web search (if available) to confirm latest stable versions and skim official release notes/migration guides.
      • Cross-check with the registry/source of truth (npm registry, Maven Central, Gradle Plugin Portal).
    • Group by risk:
      • low: patches/minors, leaf deps
      • medium: build tools/plugins
      • high: framework majors (Spring Boot), runtime bumps (Java/Node)
    • For majors: skim upstream migration notes and list expected breakpoints before editing.
  4. Apply upgrades incrementally
    • Update one group at a time; keep diffs focused.
    • After each group: run tests/build and fix breakages immediately.
    • Use the playbooks in 
      references/
      for ecosystem-specific commands.
  5. Validate and document
    • Run the repo's "CI equivalent" commands (tests + build).
    • Document:
      • what changed (versions)
      • why (CVE, compatibility, feature)
      • notable migrations or breaking changes
      • any follow-ups (deprecations, future majors)

Deliverable

Provide:

  • The list of version bumps (old -> new).
  • The commands run and their result (tests/build).
  • Any breaking changes and required code/config migrations.