deps-upgrade

Installation
SKILL.md

Dependencies are inherited code. Upgrades are inherited risk. Patch in batch, minor in batch with a smoke test, major one-at-a-time with a CHANGELOG read.

When to Apply / NOT

Apply: CVE remediation; major upstream release; compatibility forcing function; quarterly hygiene cadence; pre-release lockfile audit; deprecation warnings accumulating.

NOT apply: active feature branch with high churn; pre-release freeze window; mid-incident; API-break-driven refactor.

Anti-patterns

  • Big-bang upgrade: bumping every dep at once.
  • Skipping the lockfile: floating ranges create non-reproducible builds.
  • Ignoring the CHANGELOG: major bumps without reading upstream notes.
  • Suppressing deprecations: --warning-as-error=off defers cost.
  • Bypassing audit signals: npm audit fix --force without reading.
  • No smoke test on minor: minor versions can introduce behavior shifts.
  • Forgetting transitives: surface deps look fine; transitive CVE remains.
  • Mixing concerns in one commit: upgrade + refactor + feature — atomize per <git> policy.
Installs
1
GitHub Stars
14
First Seen
Jun 4, 2026
deps-upgrade — outlinedriven/odin-codex-plugin