Add experimental /update-deps Claude Code skill

[stevejalim]

Summary

• Adds a new Claude Code skill (/update-deps) that provides a structured, collaborative workflow for auditing and updating dependencies across Python (uv pip-compile), npm, and pre-commit ecosystems
• Includes cross-file version sync checking (ruff, eslint, prettier, stylelint, etc. across package.json, .pre-commit-config.yaml, and requirements/dev.in)
• Tracks denied updates in a persistent denied.md log so future runs can surface previously-rejected bumps with their reasons
• Updates .gitignore to track .claude/skills/ while keeping other .claude/ contents ignored

Details

This is an experimental skill — it won't affect any existing workflows or CI. The skill walks through 8 phases: audit → sync check → changelog research → check denied list → per-dependency approval → execute updates → verify → summary.

Pre-seeded denied.md with known pinned constraints, which we can relax manually:

• sass at 1.91.0 (Go all-in on CSS custom properties for themes, remove Sass variables mozilla/protocol#982)
• pytest at 7.4.4 (TypeError when upgrading to selenium 4.10 pytest-dev/pytest-selenium#315)
• selenium at 4.9.1 (TypeError when upgrading to selenium 4.10 pytest-dev/pytest-selenium#315)

Test plan

• Verify /update-deps loads in Claude Code's / autocomplete
• Run /update-deps sync-check to confirm the sync-check workflow works
• Run /update-deps all to exercise the full audit flow
• Confirm .claude/skills/ files are tracked by git but .claude/settings.local.json etc. are not

[Copilot]

Pull request overview

This PR adds an experimental Claude Code skill (/update-deps) that provides a structured workflow for auditing and updating dependencies across Python (uv/pip-compile), npm, and pre-commit ecosystems. The skill includes cross-file version synchronization checking, changelog research, a persistent denied-updates log, and an 8-phase interactive workflow from audit through summary.

Changes:

• Adds Claude Code skill files in .claude/skills/update-deps/ directory with workflow documentation and initial denied updates list
• Updates .gitignore to track .claude/skills/ while keeping other .claude/ contents ignored

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 3 comments.

File	Description
.gitignore	Modified to track .claude/skills/ directory while keeping other .claude/ contents ignored
.claude/skills/update-deps/denied.md	Adds table of previously denied dependency updates with reasons and dates
.claude/skills/update-deps/SKILL.md	Comprehensive 8-phase workflow documentation for the update-deps skill including audit, sync checking, changelog research, approval, execution, verification, and summary phases

[Copilot]

The SKILL.md file mentions that postcss appears in both package.json and .pre-commit-config.yaml and should be synced. However, there's currently a version mismatch in the repository: package.json has postcss@^8.4.47 while .pre-commit-config.yaml has postcss@8.4.38 in both stylelint hook entries (lines 95 and 106). This existing mismatch should be noted in the Known Constraints section or fixed before this skill is used, as it will be flagged by the sync check.

[Copilot]

Similar to the postcss issue, there's currently a version mismatch for stylelint: package.json has stylelint@^16.26.1 while .pre-commit-config.yaml has stylelint@16.10.0 in both hook entries (lines 92 and 103). This existing mismatch should be noted in the Known Constraints section or fixed before this skill is used, as it will be flagged by the sync check phase.