Skill

dependabot-resolve

Resolves Dependabot alerts and PRs: analyzes issues, runs pnpm audit, applies updates, performs typecheck/lint/test/build checks, syncs Playwright Docker images, creates changelog PRs.

pnpm

Github

Docker

security

git-workflow

npx claudepluginhub takazudo/claude-resources

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Execute a comprehensive dependency update workflow:

SKILL.md

Similar Skills

cache-components

139.3k

Guides Next.js Cache Components and Partial Prerendering (PPR): 'use cache' directives, cacheLife(), cacheTag(), revalidateTag() for caching, invalidation, static/dynamic optimization. Auto-activates on cacheComponents: true.

cache-components

mcp-builder

124.2k

Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).

9 files

anthropics-skills-13

Stats

Stars7

Forks0

Last CommitMay 7, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Dependabot Resolution Workflow

Execute a comprehensive dependency update workflow:

Step 1: Analyze Dependabot Issues

Use gh issue list --label "dependencies" --state open --json number,title,url,body to list all open Dependabot issues
For each issue, carefully analyze:
- What dependency is being updated
- What version change is proposed (patch/minor/major)
- Any breaking changes mentioned
- Security vulnerabilities fixed
Determine which updates should be applied based on:
- Security fixes (high priority)
- Patch updates (generally safe)
- Minor updates (review carefully)
- Major updates (review very carefully for breaking changes)

Step 2: Run Security Audit

Run pnpm audit to check for security vulnerabilities
Identify any critical or high-severity issues
Note any recommended updates from the audit

Step 3: Create Update Branch

If there are updates to apply:

Get current date in MMDD format (e.g., "1220" for December 20th)
Get the current branch name to use as base
Create new branch: deps-update-MMDD from the current branch
Switch to the new branch

Step 4: Apply Updates

For each dependency to update:
- Use pnpm update <package-name> or pnpm add <package-name>@<version> as appropriate
- If it's a major version update, check for breaking changes in the changelog first
After all updates, run pnpm install to ensure lockfile is updated

Step 4.5: Handle Related Updates (Package + Infrastructure Sync)

Some packages require coordinated updates across multiple files. Check for these patterns:

Playwright Package + Docker Image

When updating @playwright/test or playwright in package.json:

Check current versions:

package.json: Look for @playwright/test and playwright versions
.github/workflows/*.yml: Search for mcr.microsoft.com/playwright:v Docker image tags

Update Docker image tag to match the npm package version:

# In workflow files using Playwright Docker container
container:
  image: mcr.microsoft.com/playwright:v<NEW_VERSION>-noble

Verify image exists at https://mcr.microsoft.com/v2/playwright/tags/list or check Microsoft's Playwright Docker documentation
Example: If updating @playwright/test from 1.57.0 to 1.58.0:

Update package.json: "@playwright/test": "^1.58.0"
Update workflow: image: mcr.microsoft.com/playwright:v1.58.0-noble

Other Common Pairs to Watch

TypeScript + @types packages: May need coordinated updates
ESLint + plugins: Plugin versions often need to match ESLint major version
Next.js + related packages: next, eslint-config-next, etc.

Step 5: Quality Checks

Run all quality checks in sequence:

Type checking: pnpm typecheck
Linting: pnpm lint (or pnpm lint:fix if auto-fixable)
Formatting: pnpm format (or pnpm format:fix if needed)
Unit tests: pnpm test:unit
Build: pnpm build (to ensure the project builds successfully)
E2E tests: pnpm test:e2e:critical or pnpm test:e2e:full-prod for comprehensive testing

Step 6: Review Results

If all checks pass:
- Proceed to Step 7
If any checks fail:
- Investigate the failure
- Determine if it's a breaking change or test needs updating
- Fix issues or revert problematic updates
- Re-run quality checks

Step 7: Push and Create PR

Once all checks pass:

Stage all changes: git add .
Commit with descriptive message: git commit -m "chore: Update dependencies (MMDD)"
Push to remote: git push -u origin deps-update-MMDD
Create PR using gh pr create with:
- Title: "chore: Update dependencies (MMDD)"
- Body including:
  - List of updated packages and versions
  - Summary of security fixes (if any)
  - Links to Dependabot issues being resolved using list format:
```
- 関連Issue
    - https://github.com/<owner>/<repo>/issues/<issue-1>
    - https://github.com/<owner>/<repo>/issues/<issue-2>
```
  - Note that all quality checks passed
- Use full URLs (not #) so GitHub auto-expands them to show issue titles

Important Notes

Never auto-merge - always create PR for manual review
For major version updates, mention breaking changes in PR description
If updating critical dependencies (Gatsby, React, etc.), note that extra testing may be needed
Close related Dependabot issues after PR is merged
Follow the project's dependency management guidelines from CLAUDE.md

Safety Checks

Never use --force flags
Always run full test suite before pushing
Check for deprecation warnings during build
Verify the build output works correctly (pnpm serve and manual testing if needed)