levnikolaevich/ln-823-pip-upgrader
skills-catalog/ln-823-pip-upgrader/SKILL.md
Upgrades Python pip/poetry/pipenv dependencies with breaking change handling. Use when updating Python dependencies.
$ install --global
skillsauthnpx skillsauth add levnikolaevich/claude-code-skills ln-823-pip-upgraderInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 12:50 PM56.5s2 files scanned
SKILL.md
- name:
- ln-823-pip-upgrader
- description:
- Upgrades Python pip/poetry/pipenv dependencies with breaking change handling. Use when updating Python dependencies.
- license:
- MIT
Paths: File paths (
shared/,references/,../ln-*) are relative to skills repo root. If not found at CWD, locate this SKILL.md directory and go up one level for repo root. Ifshared/is missing, fetch files via WebFetch fromhttps://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}.
ln-823-pip-upgrader
Type: L3 Worker Category: 8XX Optimization
Upgrades Python dependencies with automatic breaking change detection.
Overview
| Aspect | Details | |--------|---------| | Input | Project path plus package manager type | | Output | Updated dependency manifests and a machine-readable dependency upgrade summary | | Supports | pip, poetry, pipenv |
Workflow
Phases: Pre-flight -> Detect Manager -> Security Audit -> Check Outdated -> Apply Upgrades -> Verify Installation -> Report
Phase 0: Pre-flight Checks
| Check | Required | Action if Missing |
|-------|----------|-------------------|
| requirements.txt, pyproject.toml, or Pipfile | Yes | Block upgrade |
| Python package manager available | Yes | Block upgrade |
| Virtual environment active | No | Warn user if managed environment is unclear |
| Workspace baseline safe | Yes | In managed runs coordinator already prepared it; in standalone runs protect rollback locally |
Runtime Coordination
Managed runs receive deterministic runId and exact summaryArtifactPath from ln-820.
Standalone runs remain supported; if runtime arguments are omitted, generate a standalone run-scoped artifact before returning.
Phase 1: Detect Manager
| Manager | Indicator Files |
|---------|-----------------|
| pip | requirements.txt |
| poetry | pyproject.toml + poetry.lock |
| pipenv | Pipfile + Pipfile.lock |
Phase 2: Security Audit
| Manager | Command |
|---------|---------|
| pip | pip-audit --json |
| poetry | poetry audit |
| pipenv | pipenv check |
Actions:
| Severity | Action | |----------|--------| | Critical | Block and report | | High | Warn and continue | | Moderate/Low | Log only |
Phase 3: Check Outdated
| Manager | Command |
|---------|---------|
| pip | pip list --outdated --format=json |
| poetry | poetry show --outdated |
| pipenv | pipenv update --outdated |
Phase 4: Apply Upgrades
| Manager | Command |
|---------|---------|
| pip | pip install --upgrade <package> |
| pip (freeze) | pip freeze > requirements.txt |
| poetry | poetry update |
| pipenv | pipenv update |
MCP Tools for Migration Search
| Priority | Tool | When to Use |
|----------|------|-------------|
| 1 | mcp__context7__query-docs | First choice for library docs |
| 2 | mcp__Ref__ref_search_documentation | Official docs and PyPI |
| 3 | WebSearch | Latest info and community fixes |
Use MCP tools whenever a package upgrade crosses a major version or introduces import errors.
Phase 5: Verify Installation
| Check | Command |
|-------|---------|
| Import smoke test | python -c "import <package>" |
| Tests | pytest or python -m pytest |
Common breaking examples:
MANDATORY READ: Load breaking_changes_patterns.md for shared patterns.
| Package | Breaking Version | Key Changes | |---------|------------------|-------------| | pydantic | 1 -> 2 | Compatibility layer required | | sqlalchemy | 1 -> 2 | Query API changes | | fastapi | 0.99 -> 0.100+ | Pydantic v2 alignment |
Phase 6: Report Results
| Field | Description |
|-------|-------------|
| project | Project path |
| packageManager | pip, poetry, or pipenv |
| duration | Total time |
| upgrades[] | Applied upgrades |
| verification | Import/test verdict |
| warnings[] | Non-blocking issues |
| artifact_path | Durable worker report path, if written |
Configuration
Options:
upgradeType: major # major | minor | patch
auditLevel: high
minimumReleaseAge: 14
pythonVersion: "3.12"
useVirtualenv: true
runTests: true
Error Handling
| Error | Cause | Solution | |-------|-------|----------| | ImportError | Breaking API change | Search current migration docs | | Dependency conflict | Version mismatch | Regenerate lock file or rollback offending package |
References
- breaking_changes_patterns.md
- python_venv_handling.md
Runtime Summary Artifact
MANDATORY READ: Load shared/references/coordinator_summary_contract.md
Emit a dependency-worker summary envelope.
Managed mode:
ln-820passes deterministicrunIdand exactsummaryArtifactPath- write the summary to the provided
summaryArtifactPath
Standalone mode:
- omit
runIdandsummaryArtifactPath - write
.hex-skills/runtime-artifacts/runs/{run_id}/dependency-worker/ln-823--{identifier}.json
Monitor (2.1.98+): For install/audit/test commands expected >30s, use Monitor. Fallback: Bash(run_in_background=true).
Definition of Done
- [ ] Package manager detected from project indicators
- [ ] Security audit completed for the selected Python manager
- [ ] Outdated packages identified
- [ ] Breaking changes checked via patterns plus current docs
- [ ] Upgrades applied with manifest and lock updates persisted
- [ ] Import smoke test and required tests succeed
- [ ]
dependency-workersummary artifact written to the managed or standalone path
Version: 1.1.0 Last Updated: 2026-01-10
Related Skills
levnikolaevich/ln-629-runtime-lifecycle-config-auditor
testing
VerifiedTrustedCommunity
Checks runtime lifecycle and config validation: bootstrap, shutdown, probes, cleanup, env sync, and fail-fast startup. Use for runtime readiness.
479SKILL.mdUpdated May 30, 2026
levnikolaevich/ln-628-concurrency-correctness-auditor
testing
VerifiedTrustedCommunity
Checks races, deadlocks, async hazards, TOCTOU, blocking I/O, and shared resource contention. Use when auditing concurrency correctness.
479SKILL.mdUpdated May 30, 2026
levnikolaevich/ln-627-diagnosability-auditor
testing
VerifiedTrustedCommunity
Checks diagnosability through structured logs, metrics, traces, correlation IDs, and useful log levels. Use when auditing incident visibility.
479SKILL.mdUpdated May 30, 2026
levnikolaevich/ln-626-dead-code-pruning-auditor
development
VerifiedTrustedCommunity
Finds code that can be safely deleted: unreachable, unused, obsolete compatibility, and commented-out code. Use when pruning dead code.
479SKILL.mdUpdated May 30, 2026