getsentry/upgrade-dep
.agents/skills/upgrade-dep/SKILL.md
Upgrade a dependency in the Sentry JavaScript SDK. Use when upgrading packages, bumping versions, or fixing security vulnerabilities via dependency updates.
$ install --global
skillsauthnpx skillsauth add getsentry/sentry-javascript upgrade-depInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 1:22 PM12.9s1 file scanned
SKILL.md
- name:
- upgrade-dep
- description:
- Upgrade a dependency in the Sentry JavaScript SDK. Use when upgrading packages, bumping versions, or fixing security vulnerabilities via dependency updates.
- argument-hint:
- <package-name>
Dependency Upgrade
Only upgrade one package at a time.
Upgrade command
npx yarn-update-dependency@latest [package-name]
If the dependency is not defined in any package.json, run the upgrade from the root workspace (the yarn.lock lives there).
Avoid upgrading top-level dependencies (especially test dependencies) without asking the user first.
Ensure updated package.json files end with a newline.
OpenTelemetry constraint
STOP if upgrading any opentelemetry package would introduce forbidden versions:
2.x.x(e.g.,2.0.0)0.2xx.x(e.g.,0.200.0,0.201.0)
Verify before upgrading:
yarn info <package-name>@<version> dependencies
E2E test dependencies
Do not upgrade the major version of a dependency in dev-packages/e2e-tests/test-applications/* if the test directory name pins a version (e.g., nestjs-8 must stay on NestJS 8).
Post-upgrade verification
yarn install
yarn build:dev
yarn dedupe-deps:fix
yarn fix
yarn circularDepCheck
Useful commands
yarn list --depth=0 # Check dependency tree
yarn why [package-name] # Find why a package is installed
yarn info <pkg> dependencies # Inspect package dependencies
yarn info <pkg> versions # Check available versions
yarn outdated # Check outdated dependencies
yarn audit # Check for security vulnerabilities
Related Skills
getsentry/upgrade-otel
development
VerifiedTrustedCommunity
Upgrade OpenTelemetry instrumentations across the Sentry JavaScript SDK. Use when bumping OTel instrumentation packages to their latest versions.
8,619SKILL.mdUpdated Apr 5, 2026
getsentry/triage-issue
development
VerifiedTrustedCommunity
Triage GitHub issues with codebase research and actionable recommendations
8,619SKILL.mdUpdated Apr 5, 2026
getsentry/skill-scanner
testing
VerifiedTrustedCommunity
Scan agent skills for security issues. Use when asked to "scan a skill", "audit a skill", "review skill security", "check skill for injection", "validate SKILL.md", or assess whether an agent skill is safe to install. Checks for prompt injection, malicious scripts, excessive permissions, secret exposure, and supply chain risks.
8,619SKILL.mdUpdated Apr 5, 2026
getsentry/skill-creator
testing
VerifiedTrustedCommunity
Create new skills, modify and improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, edit, or optimize an existing skill, run evals to test a skill, benchmark skill performance with variance analysis, or optimize a skill's description for better triggering accuracy.
8,619SKILL.mdUpdated Apr 5, 2026