dependency-updatelisted

# Dependency Update ## Purpose Dependencies drift. Without periodic updates, projects accumulate security debt and miss compatibility windows. This skill surveys available updates, classifies them by risk, and applies the safe ones. Replaces the v0.1-retired `maintenance` agent. ## Scope Operates on the project's dependency manifests (`go.mod`, `package.json`, `pubspec.yaml`, `requirements.txt`, etc.). With no flag, surveys all detected ecosystems; `--ecosystem` narrows; `--security-only` filters to advisory-flagged updates. NOT in scope: major-version migrations. A `1.x → 2.x` move is a project, not a dependency-update — surface it and stop. ## Automated pass 1. Detect ecosystems by manifest presence. 2. For each ecosystem: - Run the ecosystem's update-survey command (`go list -u -m all`, `npm outdated`, `flutter pub outdated`, `pip list --outdated`). - Cross-reference against security advisories (`govulncheck`, `npm audit`, `flutter pub deps --json` + advisory database, `pip-audit`). 3. Classify each update: - **Patch** (1.2.3 → 1.2.4) — usually safe; auto-apply. - **Minor** (1.2 → 1.3) — usually safe but read changelog. Apply after review. - **Major** (1.x → 2.x) — explicit migration; out of scope, surface. - **Security advisory** — apply ASAP regardless of semver level, but verify the fix is in the version being applied. 4. For patch updates, apply via the ecosystem's tooling (`go get -u=patch`, `npm update`, `flutter p