ARS.FLOW
← Back to skills
PR Review & Change RiskMedium ReliabilityModerate-Risk Workflow

Dependency Upgrade Risk Review

Analyzes version-change diffs and provides deterministic risk classification plus test focus guidance for safer upgrades.

Version

0.1.0

Last Updated

Apr 22, 2026

Verification Type

static analysis, manual review required

Downloads

0

Required inputs

  • before_dependencies (json)

    Baseline dependency manifest.

  • after_dependencies (json)

    Updated dependency manifest.

Expected outputs

  • upgrade_risk_report (markdown)

    Risk classification by dependency change.

  • test_focus_plan (markdown)

    Recommended regression test focus for upgrades.

Included checks and assets

  • scripts/dependency_diff_risk.py (script)

    Classifies risk by semantic version delta between manifests.

  • references/risk-matrix.md (reference)

    Dependency upgrade risk matrix and escalation criteria.

  • references/test-focus-template.md (reference)

    Template for targeted regression planning after upgrades.

Failure modes

  • Semver can misrepresent true behavior changes.
  • Transitive dependency shifts may be underreported.
  • Missing changelog context weakens triage quality.

Ideal use cases

  • Major dependency upgrades
  • Batch version refreshes
  • Release-readiness dependency reviews

Example runs

Framework major upgrade review

Validated sample run

Flags major runtime and framework upgrades for high-risk gating.

Input preview

before_package.json + after_package.json

Output preview

High-risk finding with regression test focus plan

Changelog summary

  • 0.1.0 · Apr 22, 2026

    Initial release for dependency upgrade risk classification.

Links

Inspect the source, read authored documentation, or download the published skill bundle.

DownloadSourceDocs