Dependency Upgrades
Software development skill, available on Zeplik
Dependency Upgrades is a ready-to-run software development skill on Zeplik. Not for database schema migrations (use database-migration). Ask in plain language and Zeplik applies the skill's method for you inside the conversation, on whichever AI model you prefer.
The Dependency Upgrades skill loads automatically when your request matches it, or you can invoke it directly by typing /dependency-upgrade in any chat. It works with attachments, connectors, and any model that supports the task, so you get the same expert method every time without setting anything up.
What the Dependency Upgrades skill can do
- Analyze npm outdated and audit output to plan safe upgrades
- Order multi-package upgrades into staged, testable phases
- Generate codemod commands to automate breaking-change fixes
- Produce a rollback plan using lockfile commits per upgrade step
Try these prompts on Zeplik
Pick a prompt to open it in the Zeplik app. If you are not signed in yet, your prompt is waiting for you the moment you do.
How the Dependency Upgrades skill works
/dependency-upgrade
Manage major dependency version upgrades with compatibility analysis, staged rollout, and comprehensive testing. The user pastes their package.json, lockfile excerpt, npm outdated/npm audit output, or error messages; deliver an ordered upgrade plan, compatibility notes, codemod commands, and a rollback path as chat artifacts. For upgrading database schemas, use database-migration.
When to Use
- Upgrading major framework versions
- Updating security-vulnerable dependencies
- Modernizing legacy dependencies
- Resolving dependency conflicts
- Planning incremental upgrade paths
- Automating dependency updates
Semantic Versioning Review
MAJOR.MINOR.PATCH (e.g., 2.3.1)
MAJOR: Breaking changes
MINOR: New features, backward compatible
PATCH: Bug fixes, backward compatible
^2.3.1 = >=2.3.1 <3.0.0 (minor updates)
~2.3.1 = >=2.3.1 <2.4.0 (patch updates)
2.3.1 = exact version
Dependency Analysis
# npm
npm outdated
npm audit
npm audit fix
# yarn
yarn outdated
yarn audit
# Check for major updates
npx npm-check-updates
npx npm-check-updates -u # Update package.json
# See why a package is installed
npm ls package-name
yarn why package-name
# Find duplicate packages
npm dedupe
yarn dedupe
Staged Upgrade Strategy
Phase 1: Planning
- Identify current versions (
npm list --depth=0). - Read CHANGELOG.md and MIGRATION.md for each major bump.
- Order the upgrades: toolchain first (TypeScript, build tools), then the framework one major version at a time, then framework-adjacent libraries (router, testing libraries).
Phase 2: Incremental Updates
# Don't upgrade everything at once!
# Step 1: Update TypeScript
npm install typescript@latest
npm run test && npm run build
# Step 2: Update React (one major version at a time)
npm install react@17 react-dom@17
npm run test
# Step 3: Continue with other packages
npm install react-router-dom@6
# And so on...
Phase 3: Validation
- Unit tests pass before and after each step
- Integration tests cover the main user flows
- Visual regression snapshots for UI-affecting bumps
- E2E smoke test on the critical path
- Compatibility assertions (e.g., react and react-dom versions match, no peer dependency warnings in
npm ls)
Breaking Change Handling
Codemods for Automated Fixes
# Run jscodeshift with a transform
npx jscodeshift -t <transform-url> src/
# Example: Rename unsafe lifecycle methods
npx jscodeshift -t https://raw.githubusercontent.com/reactjs/react-codemod/master/transforms/rename-unsafe-lifecycles.js src/
# For TypeScript files
npx jscodeshift -t <transform-url> --parser=tsx src/
# Dry run to preview changes
npx jscodeshift -t <transform-url> --dry src/
For changes without a published codemod, write a small migration script (glob the source tree, apply targeted regex or AST replacements) and deliver it as a chat artifact for the user to review before running.
Automated Dependency Updates
Renovate
// renovate.json
{
"extends": ["config:base"],
"packageRules": [
{
"matchUpdateTypes": ["minor", "patch"],
"automerge": true
},
{
"matchUpdateTypes": ["major"],
"automerge": false,
"labels": ["major-update"]
}
],
"schedule": ["before 3am on Monday"]
}
Dependabot
# .github/dependabot.yml
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 5
reviewers:
- "team-leads"
commit-message:
prefix: "chore"
include: "scope"
Rollback Plan
Always upgrade on a branch. If tests fail after a bump: discard the branch and npm ci from the committed lockfile to restore the previous state. Commit the lockfile with each successful step so any single bump can be reverted independently.
Common Upgrade Patterns
# Lock file management
npm install --package-lock-only # Update lock file only
npm ci # Clean install from lock file
yarn install --frozen-lockfile # CI mode
yarn upgrade-interactive # Interactive upgrades
# Peer dependency resolution
npm install --legacy-peer-deps # Ignore peer deps (last resort)
npm install --force # Override (understand what breaks first)
# Workspace upgrades
npm install --workspaces
npm install package@latest --workspace=packages/app
Usage
/dependency-upgrade $ARGUMENTS
How to use the Dependency Upgrades skill
Sign in to Zeplik
Create a free Zeplik account or sign in. New accounts start with free credits, so you can try the Dependency Upgrades skill right away.
Describe your software development task
Ask in plain language, or type /dependency-upgrade to invoke the skill directly. Zeplik recognizes the Dependency Upgrades skill and applies its method.
Review and refine the result
Zeplik returns a clear, structured answer. Ask follow-ups in the same chat to refine it or take the next step.
Source and credit
- Author
- wshobson
- License
- MIT
Adapted from the open-source wshobson/agents project and tuned to run natively on Zeplik. View source on GitHub.
Frequently asked questions
- What is the Dependency Upgrades skill?
- Dependency Upgrades is a ready-to-run software development skill on Zeplik. Not for database schema migrations (use database-migration). Ask in plain language and Zeplik applies the skill's method for you inside the conversation, on whichever AI model you prefer.
- How do I use Dependency Upgrades on Zeplik?
- Sign in to Zeplik and ask in plain language, or type /dependency-upgrade in any chat to invoke it directly. The skill applies its method and returns a result you can refine in the same conversation.
- Which AI model does the Dependency Upgrades skill use?
- Any model you choose. Zeplik works across every model in one chat, so the Dependency Upgrades skill runs on your preferred model for the task.
- Where does the Dependency Upgrades skill come from?
- The Dependency Upgrades skill is adapted from the open-source wshobson/agents project (MIT) and tuned to run natively on Zeplik. The original source is linked on this page.
- How much does the Dependency Upgrades skill cost?
- Using the skill is free to start. You only spend Zeplik credits when the assistant runs, and new accounts begin with free credits.
Related software development skills
- .NET BackendBuild ASP.NET Core 8+ backends with EF Core: auth, background jobs, production API patterns
- Advanced Git WorkflowsUse for advanced Git surgery: interactive rebase, cherry-pick, bisect, reflog recovery, and history cleanup before merging. Not for parallel worktree workflows (use using-git-worktrees).
- Adversarial Code ReviewHunt for bugs in code the user shares by assuming defects exist and attacking the code through several distinct lenses, then report severity-ranked findings with evidence. Use for "review this", "what could go wrong", "bug hunt", or pre-merge scrutiny of a change. Read-only, it reports problems and does not rewrite the code. Not for style cleanup (use simplify-code) or for writing new code.
- AI Agent FrameworksUse when building multi-agent systems or agent orchestration -- LangChain/LangGraph, agent team design, task coordination, pipelines. Not for authoring a Zeplik skill (use skill-creator).
- Algolia SearchAdd Algolia search: indexing strategies, React InstantSearch, relevance tuning, search-as-you-type
- Android CI/CDAutomate Android CI/CD to Google Play: keystore, GitHub Secrets, multi-stage release workflow for RN, Flutter, native
More on Zeplik
Try Dependency Upgrades on Zeplik
Every model, one chat. Bring the Dependency Upgrades skill into your next conversation and let the assistant do the work.