Dependency Updater
Smart dependency management for any language with automatic detection and safe updates.
Quick Start
update my dependencies
The skill auto-detects your project type and handles the rest.
Triggers
| Trigger |
Example |
| Update dependencies |
"update dependencies", "update deps" |
| Check outdated |
"check for outdated packages" |
| Fix dependency issues |
"fix my dependency problems" |
| Security audit |
"audit dependencies for vulnerabilities" |
| Diagnose deps |
"diagnose dependency issues" |
Supported Languages
| Language |
Package File |
Update Tool |
Audit Tool |
| Node.js |
package.json |
taze |
npm audit |
| Python |
requirements.txt, pyproject.toml |
pip-review |
safety, pip-audit |
| Go |
go.mod |
go get -u |
govulncheck |
| Rust |
Cargo.toml |
cargo update |
cargo audit |
| Ruby |
Gemfile |
bundle update |
bundle audit |
| Java |
pom.xml, build.gradle |
mvn versions:* |
mvn dependency:* |
| .NET |
*.csproj |
dotnet outdated |
dotnet list package --vulnerable |
Quick Reference
| Update Type |
Version Change |
Action |
| Fixed |
No ^ or ~ |
Skip (intentionally pinned) |
| PATCH |
x.y.z β x.y.Z |
Auto-apply |
| MINOR |
x.y.z β x.Y.0 |
Auto-apply |
| MAJOR |
x.y.z β X.0.0 |
Prompt user individually |
Workflow
User Request
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Step 1: DETECT PROJECT TYPE β
β β’ Scan for package files (package.json, go.mod...) β
β β’ Identify package manager β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Step 2: CHECK PREREQUISITES β
β β’ Verify required tools are installed β
β β’ Suggest installation if missing β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Step 3: SCAN FOR UPDATES β
β β’ Run language-specific outdated check β
β β’ Categorize: MAJOR / MINOR / PATCH / Fixed β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Step 4: AUTO-APPLY SAFE UPDATES β
β β’ Apply MINOR and PATCH automatically β
β β’ Report what was updated β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Step 5: PROMPT FOR MAJOR UPDATES β
β β’ AskUserQuestion for each MAJOR update β
β β’ Show current β new version β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Step 6: APPLY APPROVED MAJORS β
β β’ Update only approved packages β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Step 7: FINALIZE β
β β’ Run install command β
β β’ Run security audit β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Commands by Language
Node.js (npm/yarn/pnpm)
scripts/check-tool.sh taze "npm install -g taze"
taze
taze minor --write
taze major --write --include pkg1,pkg2
taze -r
npm audit
npm audit fix
Python
pip list --outdated
pip-review --auto
pip install --upgrade package-name
pip-audit
safety check
Go
go list -m -u all
go get -u ./...
go mod tidy
govulncheck ./...
Rust
cargo outdated
cargo update
cargo audit
Ruby
bundle outdated
bundle update
bundle update --conservative gem-name
bundle audit
Java (Maven)
mvn versions:display-dependency-updates
mvn versions:use-latest-releases
mvn dependency:tree
mvn dependency-check:check
.NET
dotnet list package --outdated
dotnet add package PackageName
dotnet list package --vulnerable
Diagnosis Mode
When dependencies are broken, run diagnosis:
Common Issues & Fixes
| Issue |
Symptoms |
Fix |
| Version Conflict |
"Cannot resolve dependency tree" |
Clean install, use overrides/resolutions |
| Peer Dependency |
"Peer dependency not satisfied" |
Install required peer version |
| Security Vuln |
npm audit shows issues |
npm audit fix or manual update |
| Unused Deps |
Bloated bundle |
Run depcheck (Node) or equivalent |
| Duplicate Deps |
Multiple versions installed |
Run npm dedupe or equivalent |
Emergency Fixes
rm -rf node_modules package-lock.json
npm cache clean --force
npm install
rm -rf venv
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
rm go.sum
go mod tidy
Security Audit
Run security checks for any project:
npm audit
npm audit --json | jq '.metadata.vulnerabilities'
pip-audit
safety check
govulncheck ./...
cargo audit
bundle audit
dotnet list package --vulnerable
Severity Response
| Severity |
Action |
| Critical |
Fix immediately |
| High |
Fix within 24h |
| Moderate |
Fix within 1 week |
| Low |
Fix in next release |
Anti-Patterns
| Avoid |
Why |
Instead |
| Update fixed versions |
Intentionally pinned |
Skip them |
| Auto-apply MAJOR |
Breaking changes |
Prompt user |
| Batch MAJOR prompts |
Loses context |
Prompt individually |
| Skip lock file |
Irreproducible builds |
Always commit lock files |
| Ignore security alerts |
Vulnerabilities |
Address by severity |
Verification Checklist
After updates:
The skill auto-detects project type by scanning for package files:
| File Found |
Language |
Package Manager |
package.json |
Node.js |
npm/yarn/pnpm |
requirements.txt |
Python |
pip |
pyproject.toml |
Python |
pip/poetry |
Pipfile |
Python |
pipenv |
go.mod |
Go |
go modules |
Cargo.toml |
Rust |
cargo |
Gemfile |
Ruby |
bundler |
pom.xml |
Java |
Maven |
build.gradle |
Java/Kotlin |
Gradle |
*.csproj |
.NET |
dotnet |
Detection order matters for monorepos:
- Check current directory first
- Then check for workspace/monorepo patterns
- Offer to run recursively if applicable
Prerequisites
npm install -g taze
npx taze
Smart Update Flow
taze
taze minor --write
taze major --write --include approved-pkg1,approved-pkg2
npm install
Auto-Approve List
Some packages have frequent major bumps but are backward-compatible:
| Package |
Reason |
lucide-react |
Icon library, majors are additive |
@types/* |
Type definitions, usually safe |
Semantic Versioning
MAJOR.MINOR.PATCH (e.g., 2.3.1)
MAJOR: Breaking changes - requires code changes
MINOR: New features - backward compatible
PATCH: Bug fixes - backward compatible
Range Specifiers
| Specifier |
Meaning |
Example |
^1.2.3 |
Minor + Patch OK |
>=1.2.3 <2.0.0 |
~1.2.3 |
Patch only |
>=1.2.3 <1.3.0 |
1.2.3 |
Exact (fixed) |
Only 1.2.3 |
>=1.2.3 |
At least |
Any >=1.2.3 |
* |
Any |
Latest (dangerous) |
Recommended Strategy
{
"dependencies": {
"critical-lib": "1.2.3",
"stable-lib": "~1.2.3",
"modern-lib": "^1.2.3"
}
}
Node.js Conflicts
Diagnosis:
npm ls package-name
npm explain package-name
yarn why package-name
Resolution with overrides:
{
"overrides": {
"
