review-dependencies

# Review Dependencies Detect package managers and discover outdated or vulnerable dependencies. Analysis only. Does not upgrade. ## Step 1: Detect Package Managers Identify which package managers are in use by searching for config files: | Config file | Package manager | Lockfile | Ecosystem | |---|---|---|---| | `package.json` | npm / yarn / pnpm | `package-lock.json` / `yarn.lock` / `pnpm-lock.yaml` | Node.js | | `Package.swift`, `*.xcodeproj` | Swift Package Manager | `Package.resolved` | Swift | | `pyproject.toml`, `requirements.txt`, `setup.py` | pip / poetry / uv | `poetry.lock`, `uv.lock` | Python | | `Cargo.toml` | cargo | `Cargo.lock` | Rust | | `go.mod` | Go modules | `go.sum` | Go | | `Gemfile` | Bundler | `Gemfile.lock` | Ruby | | `pom.xml` | Maven | — | Java | | `build.gradle`, `build.gradle.kts` | Gradle | `gradle.lockfile` | Java/Kotlin | Swift dependencies can live in `Package.swift` or be configured directly in the Xcode project file (`.xcodeproj`/`.xcworkspace`). For Xcode-managed dependencies, inspect the project's package references. Detection steps: 1. Search for config files in the project root and subdirectories (exclude vendored directories) 2. If a lockfile exists, use the corresponding package manager variant (e.g., `yarn.lock` → yarn, `pnpm-lock.yaml` → pnpm) 3. If **multiple instances of the same package manager** found (e.g., monorepo with several `package.json` files): use `AskUserQuestion` to let the user choose which to review (multiSele...