← Back to Skills Marketplace
bovinphang

Dependency Upgrade

by Bovin Phang · GitHub ↗ · v2.5.0 · MIT-0
cross-platform ✓ Security Clean
35
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install fec-dependency-upgrade
Description
Use when planning, implementing, or reviewing frontend dependency upgrades, package migrations, lockfile changes, major framework version bumps, CVE remediat...
README (SKILL.md)

依赖升级

适用于前端依赖升级、漏洞修复、大版本迁移和 lockfile 风险评审。需要具体流程和检查清单时加载 references/dependency-upgrade-workflow.md

Purpose

用来源驱动和小批验证的方式升级依赖,降低破坏性变更、供应链风险和 CI 回归。

Procedure

  1. 建立事实基线:读取 package manager、lockfile、Node 版本、workspace 范围、CI 命令和当前验证状态。
  2. 分类升级目标:安全修复、补丁升级、小版本升级、大版本迁移、框架迁移、构建工具迁移或依赖清理。
  3. 查证来源:对版本敏感的库读取官方 release notes、migration guide、peer dependency、Node/browser 支持和弃用项。
  4. 拆小批次:安全补丁可集中处理;大版本、构建工具、框架和测试工具必须单独批次验证。
  5. 处理兼容边界:检查 ESM/CJS、TypeScript 类型、CSS 处理、SSR/RSC、插件 API、peer dependency 和 polyfill 变化。
  6. 运行验证矩阵:至少覆盖 install、typecheck、unit/component tests、build;关键应用补 E2E、Storybook 或手工冒烟。
  7. 同步文档:记录升级原因、版本、破坏性变更、迁移命令、回滚方式和仍需人工验证的路径。

Constraints

  • 不在缺少来源和验证的情况下进行大版本连跳。
  • 不为了消除 audit 警告盲目升级运行时关键包;先判断可利用路径和修复影响。
  • 不手工编辑 lockfile 规避依赖冲突。
  • 不把依赖升级和无关重构混在一个批次。
  • 不移除 peer dependency 或构建插件,除非有证据证明没有被运行时、子包或 CI 使用。

Expected Output

输出升级清单、风险分类、来源依据、批次策略、修改范围、验证命令、失败处理和回滚建议。完成后 lockfile 与 package 清单一致,关键验证通过,破坏性变更有记录。

Usage Guidance
Install this if you want an agent to help plan or perform frontend dependency upgrades. Review proposed package and lockfile changes carefully, especially for major version migrations or CVE-driven updates, and run the suggested verification commands before accepting changes.
Capability Assessment
Purpose & Capability
The skill's stated purpose is frontend dependency upgrade planning, package migration, lockfile review, CVE remediation, and CI verification; its instructions directly support that purpose.
Instruction Scope
The trigger wording is broad within dependency-upgrade work, but the runtime guidance is scoped to package, lockfile, compatibility, verification, and rollback decisions rather than unrelated system access.
Install Mechanism
The package contains Markdown guidance, JSON metadata, and a reference checklist; no executable scripts, install hooks, obfuscated payloads, or automatic setup behavior were present.
Credentials
It expects reading package manager state, lockfiles, Node/workspace details, official release notes, and CI commands, which is proportionate for dependency upgrade work.
Persistence & Privilege
Dependency upgrades may persist changes to package manifests and lockfiles, but that is the disclosed core workflow and remains user-directed; no background persistence or privilege escalation is declared.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install fec-dependency-upgrade
  3. After installation, invoke the skill by name or use /fec-dependency-upgrade
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.5.0
- Added comprehensive Chinese and English process documentation for frontend dependency upgrades, risk assessment, and workflow. - Detailed step-by-step upgrade procedure, including verification, batch strategies, and compatibility checks. - Defined constraints to prevent risky or unsafe upgrade practices. - Listed clear expected output for all upgrade tasks. - Included usage guidance for scenarios like CVE remediation, framework migrations, and lockfile changes.
Metadata
Slug fec-dependency-upgrade
Version 2.5.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Dependency Upgrade?

Use when planning, implementing, or reviewing frontend dependency upgrades, package migrations, lockfile changes, major framework version bumps, CVE remediat... It is an AI Agent Skill for Claude Code / OpenClaw, with 35 downloads so far.

How do I install Dependency Upgrade?

Run "/install fec-dependency-upgrade" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Dependency Upgrade free?

Yes, Dependency Upgrade is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Dependency Upgrade support?

Dependency Upgrade is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Dependency Upgrade?

It is built and maintained by Bovin Phang (@bovinphang); the current version is v2.5.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments