DiscordSign up
SKILLS.SH

dependency-upgrade

Manage major dependency version upgrades with compatibility analysis, staged rollout, and comprehensive testing. Provides semantic versioning review, dependency auditing tools, and compatibility matrix validation across framework versions Includes staged upgrade strategies with phase-based planning, incremental updates, and validation workflows to minimize breaking changes Covers breaking change identification, automated codemods for API migrations, and custom migration scripts for large codebases Offers comprehensive testing approaches including unit, integration, visual regression, and E2E test strategies Supports automated dependency management via Renovate and Dependabot configurations, with rollback procedures and workspace upgrade patterns

INSTALLATION
npx skills add https://github.com/wshobson/agents --skill dependency-upgrade
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

Dependency Upgrade

Master major dependency version upgrades, compatibility analysis, staged upgrade strategies, and comprehensive testing approaches.

When to Use This Skill

  • Upgrading major framework versions
  • Updating security-vulnerable dependencies
  • Modernizing legacy dependencies
  • Resolving dependency conflicts
  • Planning incremental upgrade paths
  • Testing compatibility matrices
  • Automating dependency updates

Semantic Versioning Review

MAJOR.MINOR.PATCH (e.g., 2.3.1)

MAJOR: Breaking changes

MINOR: New features, backward compatible

PATCH: Bug fixes, backward compatible

^2.3.1 = >=2.3.1 <3.0.0 (minor updates)

~2.3.1 = >=2.3.1 <2.4.0 (patch updates)

2.3.1 = exact version

## Dependency Analysis

### Audit Dependencies

npm

npm outdated

npm audit

npm audit fix

yarn

yarn outdated

yarn audit

Check for major updates

npx npm-check-updates

npx npm-check-updates -u # Update package.json


### Analyze Dependency Tree

See why a package is installed

npm ls package-name

yarn why package-name

Find duplicate packages

npm dedupe

yarn dedupe

Visualize dependencies

npx madge --image graph.png src/


## Compatibility Matrix

// compatibility-matrix.js

const compatibilityMatrix = {

react: {

"16.x": {

"react-dom": "^16.0.0",

"react-router-dom": "^5.0.0",

"@testing-library/react": "^11.0.0",

},

"17.x": {

"react-dom": "^17.0.0",

"react-router-dom": "^5.0.0 || ^6.0.0",

"@testing-library/react": "^12.0.0",

},

"18.x": {

"react-dom": "^18.0.0",

"react-router-dom": "^6.0.0",

"@testing-library/react": "^13.0.0",

},

},

};

function checkCompatibility(packages) {

// Validate package versions against matrix

}


## Staged Upgrade Strategy

### Phase 1: Planning

1. Identify current versions

npm list --depth=0

2. Check for breaking changes

Read CHANGELOG.md and MIGRATION.md

3. Create upgrade plan

echo "Upgrade order:

  1. TypeScript
  1. React
  1. React Router
  1. Testing libraries
  1. Build tools" > UPGRADE_PLAN.md
    2. 
### Phase 2: Incremental Updates

Don't upgrade everything at once!

Step 1: Update TypeScript

npm install typescript@latest

Test

npm run test

npm run build

Step 2: Update React (one major version at a time)

npm install react@17 react-dom@17

Test again

npm run test

Step 3: Continue with other packages

npm install react-router-dom@6

And so on...


### Phase 3: Validation

// tests/compatibility.test.js

describe("Dependency Compatibility", () => {

it("should have compatible React versions", () => {

const reactVersion = require("react/package.json").version;

const reactDomVersion = require("react-dom/package.json").version;

expect(reactVersion).toBe(reactDomVersion);

});

it("should not have peer dependency warnings", () => {

// Run npm ls and check for warnings

});

});


## Breaking Change Handling

### Identifying Breaking Changes

Check the changelog directly

curl https://raw.githubusercontent.com/facebook/react/master/CHANGELOG.md


### Codemod for Automated Fixes

Run jscodeshift with transform URL

npx jscodeshift -t <transform-url> <path>

Example: Rename unsafe lifecycle methods

npx jscodeshift -t https://raw.githubusercontent.com/reactjs/react-codemod/master/transforms/rename-unsafe-lifecycles.js src/

For TypeScript files

npx jscodeshift -t https://raw.githubusercontent.com/reactjs/react-codemod/master/transforms/rename-unsafe-lifecycles.js --parser=tsx src/

Dry run to preview changes

npx jscodeshift -t https://raw.githubusercontent.com/reactjs/react-codemod/master/transforms/rename-unsafe-lifecycles.js --dry src/


### Custom Migration Script

// migration-script.js

const fs = require("fs");

const glob = require("glob");

glob("src/*/.tsx", (err, files) => {

files.forEach((file) => {

let content = fs.readFileSync(file, "utf8");

// Replace old API with new API

content = content.replace(

/componentWillMount/g,

"UNSAFE_componentWillMount",

);

// Update imports

content = content.replace(

/import { Component } from 'react'/g,

"import React, { Component } from 'react'",

);

fs.writeFileSync(file, content);

});

});


## Testing Strategy

### Unit Tests

// Ensure tests pass before and after upgrade

npm run test

// Update test utilities if needed

npm install @testing-library/react@latest


### Integration Tests

// tests/integration/app.test.js

describe("App Integration", () => {

it("should render without crashing", () => {

render(<App />);

});

it("should handle navigation", () => {

const { getByText } = render(<App />);

fireEvent.click(getByText("Navigate"));

expect(screen.getByText("New Page")).toBeInTheDocument();

});

});


### Visual Regression Tests

// visual-regression.test.js

describe("Visual Regression", () => {

it("should match snapshot", () => {

const { container } = render(<App />);

expect(container.firstChild).toMatchSnapshot();

});

});


### E2E Tests

// cypress/e2e/app.cy.js

describe("E2E Tests", () => {

it("should complete user flow", () => {

cy.visit("/");

cy.get('[data-testid="login"]').click();

cy.get('input[name="email"]').type("user@example.com");

cy.get('button[type="submit"]').click();

cy.url().should("include", "/dashboard");

});

});


## Automated Dependency Updates

### Renovate Configuration

// renovate.json

{

"extends": ["config:base"],

"packageRules": [

{

"matchUpdateTypes": ["minor", "patch"],

"automerge": true

},

{

"matchUpdateTypes": ["major"],

"automerge": false,

"labels": ["major-update"]

}

],

"schedule": ["before 3am on Monday"],

"timezone": "America/New_York"

}


### Dependabot Configuration

.github/dependabot.yml

version: 2

updates:

- package-ecosystem: "npm"

directory: "/"

schedule:

interval: "weekly"

open-pull-requests-limit: 5

reviewers:

- "team-leads"

commit-message:

prefix: "chore"

include: "scope"


## Rollback Plan

// rollback.sh

#!/bin/bash

Save current state

git stash

git checkout -b upgrade-branch

Attempt upgrade

npm install package@latest

Run tests

if npm run test; then

echo "Upgrade successful"

git add package.json package-lock.json

git commit -m "chore: upgrade package"

else

echo "Upgrade failed, rolling back"

git checkout main

git branch -D upgrade-branch

npm install # Restore from package-lock.json

fi


## Common Upgrade Patterns

### Lock File Management

npm

npm install --package-lock-only # Update lock file only

npm ci # Clean install from lock file

yarn

yarn install --frozen-lockfile # CI mode

yarn upgrade-interactive # Interactive upgrades


### Peer Dependency Resolution

npm 7+: strict peer dependencies

npm install --legacy-peer-deps # Ignore peer deps

npm 8+: override peer dependencies

npm install --force


### Workspace Upgrades

Update all workspace packages

npm install --workspaces

Update specific workspace

npm install package@latest --workspace=packages/app

BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

find-skills
2/3

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities. Helps identify relevant skills by domain and task when users ask "how do I do X" or "find a skill for X" Integrates with the Skills CLI ( npx skills find , npx skills add ) to search, verify, and install packages from the skills.sh directory Recommends skills based on install count, source reputation, and GitHub stars to ensure quality before suggesting installation Presents skill options with install commands and links to skills.sh for user review and one-click installation

Verified authorvercel-labs
SKILLS.SH
1.5M19.6K
2026-05-22
vercel-react-best-practices
3/3

React and Next.js performance optimization guide with 64 prioritized rules across 8 categories. Organized by impact level, from critical waterfalls and bundle optimization down to advanced patterns, each rule includes incorrect/correct code examples and explanations Covers eight domains: async patterns, bundle size, server-side caching, client-side data fetching, re-render optimization, rendering performance, JavaScript efficiency, and advanced patterns Designed for use during component writing, code review, refactoring, and performance audits on React and Next.js applications Each rule has a prefix code (e.g., async-parallel , bundle-barrel-imports ) for easy reference in automated tooling and documentation

Verified authorvercel-labs
SKILLS.SH
389K26.9K
2026-05-22
azure-validate
2/3

Pre-deployment validation for Azure infrastructure, configuration, and permissions before deployment. Requires .azure/plan.md from a prior azure-prepare run; stops immediately if the plan is missing Executes recipe-specific validation commands (azd provision, bicep build, terraform validate) and records proof in the plan document Performs build verification, configuration checks, and permission validation; blocks deployment if any check fails Only authorized method to set plan status to Validated ; must be followed by azure-deploy skill to execute the actual deployment

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22
appinsights-instrumentation
3/3

Guidance and reference material for instrumenting webapps with Azure Application Insights. Covers SDK setup, telemetry patterns, and configuration for ASP.NET Core and Node.js applications hosted in Azure Distinguishes between this skill (reference and guidance) and azure-prepare (actual implementation); invoke azure-prepare when the user wants to add instrumentation to their project Provides auto-instrumentation guidance for C# ASP.NET Core apps in Azure App Service, plus manual instrumentation paths for creating App Insights resources via Bicep templates or Azure CLI Includes language-specific code modification guides for ASP.NET Core, Node.js, and Python, plus quick references for OpenTelemetry SDKs and exporters

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card