dependabot-pr-handler
Dependabot PR Handler Skill
Automated skill for reviewing, validating, and safely merging Dependabot pull requests in the Fusion Framework monorepo.
Dependencies: This skill uses:
pnpm-dependency-analysisskill for impact assessment and blast radius calculationnpm-researchskill for changelog, security, and breaking changes analysis
Operating Modes
Default to Full mode unless the user explicitly chooses Audit-only or Validate.
- Audit-only: Research + build/test/lint locally. Comments optional. No post/push/merge.
- Validate: Install + build + test + lint. Prepare comments. All actions gated by consent.
- Full: End-to-end with required comments, consent-gated push/merge.
Templates
More from equinor/fusion-framework
pnpm-dependency-analysis
Analyze package usage, resolved versions, direct/transitive dependencies, workspace interdependencies, and blast radius in pnpm monorepos. Perfect for Dependabot PR triage, upgrades, security reviews, and version conflict debugging.
34make-skill-template
Create new Agent Skills for GitHub Copilot from prompts or by duplicating this template. Use when asked to "create a skill", "make a new skill", "scaffold a skill", or when building specialized AI capabilities with bundled resources. Generates SKILL.md files with proper frontmatter, directory structure, and optional scripts/references/assets folders.
30npm-research
Research npm packages for changelog, security advisories, and breaking changes. Provides structured analysis for dependency upgrades, vulnerability assessment, and impact evaluation.
29rebase
Guide for rebasing feature branches onto main in the Fusion Framework monorepo, including handling pnpm-lock.yaml conflicts
28fusion-dependency-review
Review dependency PRs with structured research, existing-PR-discussion capture, multi-lens analysis (security, code quality, impact), and a repeatable verdict template. USE FOR: dependency update PRs, Renovate/Dependabot PRs, library upgrade reviews, "review this dependency PR", "should we merge this update". DO NOT USE FOR: feature PRs, application code reviews, dependency automation/bot configuration, or unattended merge without confirmation.
4fusion-discover-skills
Discovers relevant Fusion skills through Fusion MCP first, falls back to GitHub-backed catalog inspection when needed, returns concise matches with purpose and next-step guidance, and handles install, update, or remove intent without guesswork. USE FOR: finding a skill for a task, asking what to install, checking update or remove guidance, discovering available Fusion skills. DO NOT USE FOR: creating new skills, performing the task itself, or inventing results when discovery signals are unavailable.
2