skillZs
LIVE SKILL TAGS
>>> LIVE SKILLS INDEX <<<
* OPEN SOURCE *
NO LOGIN, NO TRACKING
REAL INSTALL DATA
← back to all skills
remotion-dev/remotion557 installs

fix-dependabot

Fix a Dependabot PR by updating all monorepo instances of the dependency, running bun install, and pushing

How do I install this agent skill?

npx skills add https://github.com/remotion-dev/remotion --skill fix-dependabot
view source ↗

Is this agent skill safe to install?

  • Gen Agent Trust Hubpass

    The skill simplifies monorepo dependency management by automating updates after a Dependabot PR. It uses common tools like git and bun to ensure project consistency. The primary security consideration is the ingestion of PR metadata into shell commands, which is handled as a standard part of the developer workflow.

  • Socketpass

    No alerts

  • Snykwarn

    Risk: MEDIUM · 1 issue

What does this agent skill do?

Dependabot PRs only update one package.json and never run bun install, so the bun.lock file is out of date and other packages in the monorepo still reference the old version. This skill fixes both problems.

Steps

  1. Get PR info — Use gh pr view <number> --json headRefName,files,title,body to identify the branch name, which dependency was bumped, and the old/new versions.

  2. Checkout the branch:

git fetch origin <branch>
git checkout <branch>
  1. Update all monorepo instances — Dependabot only touches one package. Search for all other package.json files that reference the same dependency at the old version and update them too:
rg '"<dependency>": "[~^]?<old-version>"' --glob '**/package.json'

Update every match to the new version. Preserve the prefix style (^, ~, or exact) that each package already uses.

  1. Run bun install from the repo root to regenerate bun.lock.

  2. Verify — Run git status to confirm only bun.lock and the expected package.json files were modified. If other unexpected files changed, investigate before proceeding.

  3. Commit and push:

git add -u
git commit -m "Update <dependency> to <version> across all monorepo packages"
git push
  1. Switch back — Return to your previous branch (usually main):
git checkout main

Notes

  • Dependabot says "Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself" — but updating the lockfile and sibling packages is the expected workflow and won't cause issues.
  • If the version bump is a major version (e.g. vite 5 → 6), consider whether the upgrade is appropriate or if it should be ignored. Check for breaking changes.
  • If bun install fails, the dependency version may have conflicts with other packages. In that case, close the PR and comment explaining why.

Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.

<a href="https://skillzs.dev/skills/remotion-dev/remotion/fix-dependabot">View fix-dependabot on skillZs</a>