SKILL PROCESS

Dependabot Remediation

Plan and execute backend and frontend Dependabot remediation with wave-based sequencing, resolver validation, and post-merge closure checks.

Overview

Plan and execute backend and frontend Dependabot remediation with wave-based sequencing, resolver validation, and post-merge closure checks.

This skill ships inside the Dependabot Remediation plugin and can be installed through the Claude Code marketplace or directly in Codex from its skill path.

Parent Surface

Parent docs: Dependabot Remediation

Related wrapper commands from the parent plugin:

/dependabot-remediation:backend/dependabot-remediation:frontend

When to Use This Skill

Use this skill when a repository has open Dependabot security alerts and you need a deterministic remediation flow with clear evidence and rollback paths.

Use it for:

and separate.

Python backend remediation waves (for example uv + pyproject.toml repos).
JavaScript/TypeScript frontend remediation waves (npm, yarn, or pnpm).
Mixed remediation periods where backend and frontend flows must stay explicit and separate.

Modes

backend |release>:
triage: Review/create dependabot.yml, then build backend alert inventory and wave plan.
execute-wave : Execute one backend wave with strict gates.
release: Validate closure and prepare backend remediation release summary.
frontend :
triage: Review/create dependabot.yml, then build frontend PR/alert triage matrix.
execute: Execute frontend close/recreate/merge/manual flow.
release: Create frontend release summary for remediation changes.

Shared Invariants

Severity tags:

[BLOCKING] cannot proceed safely
[SHOULD_FIX] high-value correction before merge
[NIT] optional improvement

Shared Baseline

Before backend or frontend execution:

If GitHub auth is missing or token lacks alert permissions, stop with [BLOCKING].

bash

git status -sb
git branch --show-current
gh auth status

Resources

Declared allowed tools:

BashReadEditWriteGlobGrep

References

backend-github-dependabot-cli.md
backend-wave-plan-template.md
dependabot-yml-minimal-template.md
dependabot-yml-review-checklist.md
dependency-review-ci-policy-template.md
frontend-manual-remediation-playbook.md
frontend-release-pr-template.md
frontend-triage-matrix.md

Installation

Switch between Claude Code and Codex, then copy the install command for the runtime you use.

claude plugin marketplace add DiversioTeam/agent-skills-marketplace
claude plugin install dependabot-remediation@diversiotech

CODEX_HOME="${CODEX_HOME:-$HOME/.codex}"
python3 "$CODEX_HOME/skills/.system/skill-installer/scripts/install-skill-from-github.py" \
  --repo DiversioTeam/agent-skills-marketplace \
  --path plugins/dependabot-remediation/skills/dependabot-remediation

Invocation:

/dependabot-remediation:backend
/dependabot-remediation:frontend

name: dependabot-remediation