dependency-upgrade

# Dependency Upgrade Manage dependency upgrades with supply chain security, compatibility analysis, staged rollout, and comprehensive testing across all major package managers. ## When to Use This Skill - Upgrading major framework or library versions - Configuring supply chain attack prevention (cooldown, script blocking, lockfile hardening) - Setting up secure package manager configuration - Resolving dependency conflicts or peer dependency issues - Planning incremental upgrade paths with testing - Automating dependency updates with Renovate, Dependabot, or Snyk - Auditing dependencies for vulnerabilities - Setting up CI/CD dependency security workflows ## Two Modes of Operation **Interactive** — Walk through setup questions to generate tailored config. Use for fresh setup. **Default** — Apply recommended defaults immediately: 7-day cooldown, block all scripts, frozen-lockfile, lockfile-lint, Dependabot with cooldown. Customization optional. ## Interactive Setup Flow When the user wants tailored configuration, walk through these decisions. Skip this section entirely if using default mode. ### Tier 1: Required Decisions Always ask these 3 questions before generating any config: **1. Package Manager** "Which package manager does this project use?" | Answer | Generates | |--------|-----------| | npm | `.npmrc` | | Bun | `bunfig.toml` | | pnpm | `pnpm-workspace.yaml` | | Yarn | `.yarnrc.yml` | | Deno | `deno.json` config | **2. Cooldown Period** "How many days sho...