Skip to content

chore(llm): Add skill for fixing security vulnerabilities#19178

Merged
chargome merged 5 commits intodevelopfrom
cg/llm-sec-fix
Feb 5, 2026
Merged

chore(llm): Add skill for fixing security vulnerabilities#19178
chargome merged 5 commits intodevelopfrom
cg/llm-sec-fix

Conversation

@chargome
Copy link
Member

@chargome chargome commented Feb 5, 2026

Adds /fix-security-vulnerability skill that analyzes Dependabot alerts and proposes fixes.

  • Fetches alert details via gh api
  • Uses yarn why to trace dependency origin
  • Identifies version-specific test packages that shouldn't be bumped (e.g., nextjs-13)
  • For transitive deps, recommends bumping the parent package rather than using resolutions
  • Presents analysis and waits for approval before making changes
  • Runs dedupe-deps:fix and dedupe-deps:check after updates
  • Never auto-commits

@chargome chargome self-assigned this Feb 5, 2026
JPeer264
JPeer264 reviewed Feb 5, 2026
View reviewed changes
Copy link
Member

@JPeer264 JPeer264 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks amazing. Theoretically dependabot should already update these (I think we had a bad setup, as our dependabot updates got ignored most of the time).

@chargome chargome merged commit b458a81 into develop Feb 5, 2026
30 checks passed
@chargome chargome deleted the cg/llm-sec-fix branch February 5, 2026 11:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JPeer264 JPeer264 JPeer264 approved these changes

Assignees

@chargome chargome

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chargome @JPeer264