What if a dependency update requires code changes?

Review the diffs (1A) for that dependency and implement the necessary API/config/behavior changes before running verification gates.

What should I do about transitive, truly blocked dependencies?

Do not force updates. Report them and handle according to policy; concentrate on updatable deps first and re-evaluate with your team.

elixir-dependency-updater

npx machina-cli add skill tylercannon/agent-skills/elixir-dependency-updater --openclaw

Files (1)

SKILL.md

4.6 KB

Update Elixir Dependencies (Strict Checklist)

This skill is intentionally written as a no-skip checklist. Agents must follow it exactly.

Non-negotiables (DO NOT SKIP)

You may update all dependencies marked "Update possible" in a single batch.
Any dependency that is blocked only by the project's mix.exs version constraint is NOT truly blocked. It must be moved into the update batch by changing the constraint.
Review diffs individually for each dependency being updated (even in a batch).
After updating dependencies, run the verification gates:
- mix compile --warnings-as-errors (must pass for both dev and test environments)
- mix format --check-formatted
- mix test
If any gate fails: STOP, fix, re-run the failing gate(s) until green, then continue.
Never "force" blocked updates caused by transitive constraints. Report them instead.

Step 0: Identify candidates

Run:

mix hex.outdated

Separate dependencies into two groups initially:

Update possible: dependencies where Latest > Current and status shows "Update possible"
Update not possible: dependencies showing "Update not possible"

Then, for each dependency in Update not possible, you MUST determine whether it is blocked by:

the project's own mix.exs constraint (fixable), or
transitive constraints (not fixable without larger coordination)

Do this classification with:

mix hex.outdated dep

Re-classify Update not possible dependencies into:

Constraint-only blocked (treat as updatable): output indicates it is blocked by the project's version constraint in mix.exs
Transitively blocked (truly blocked): output indicates other deps/constraints prevent the update

Step 1: Batch update all updatable dependencies

The batch list is:

all Update possible deps, plus
all Constraint-only blocked (treat as updatable) deps

1A) Review diffs for each dependency (required, do this BEFORE updating)

For each dependency dep in the batch list:

Record current_version and latest_version from mix hex.outdated.
Try: mix hex.package diff dep current_version..latest_version
If the diff command fails, you must still assess changes by reviewing:
- Hex package page release notes/changelog (or repository releases)
While reviewing, specifically look for:
- API changes (renames, arity changes, removed functions)
- config changes (new required keys, renamed keys, default changes)
- behavior changes (error/exception changes, validation changes, callback changes)
Note any breaking changes that will require code/config updates.

1B) Update all constraints in mix.exs

Edit mix.exs and update each dependency's version constraint to allow its latest_version (prefer pinning to the shown latest if feasible).
This MUST include any deps previously reported as blocked only by the project's mix.exs constraint.

1C) Fetch and lock

Run mix deps.get once to update the lock file for all dependencies.

1D) Apply required code changes

Make code/config changes needed for each updated dependency based on the diffs reviewed in step 1A.

1E) Verification gates (MUST be green before continuing)

Run in order:

mix compile --warnings-as-errors (dev environment)
MIX_ENV=test mix compile --warnings-as-errors (test environment)
mix format --check-formatted
mix test

If any step fails: STOP, fix the cause, then re-run from the failing step onward until all steps are green.

Step 2: Handle blocked dependencies

For any dependency classified as Transitively blocked (truly blocked):

Do not force. Report:
- dependency name + latest version
- which dependency is blocking it
- the exact conflicting version requirement/constraint

Step 3: Final confirmation and report

Run:

mix hex.outdated (confirm expected updates/blocks)

Then output a short report:

Updated
- dep: current → latest (breaking: yes/no, notes if yes)
Code changes
- File-level bullets of what changed and why
Blocked
- dep: blocked by blocker (constraint summary)
Verification
- mix compile --warnings-as-errors (dev): pass/fail
- MIX_ENV=test mix compile --warnings-as-errors (test): pass/fail
- mix check: pass/fail
- mix test: pass/fail

Source

git clone https://github.com/tylercannon/agent-skills/blob/main/skills/elixir-dependency-updater/SKILL.mdView on GitHub

Overview

This skill applies a no-skip checklist to update Elixir project dependencies, including handling breaking changes and adjusting mix.exs constraints. It covers identifying candidates with mix hex.outdated, batching updates, reviewing diffs, applying code changes, and validating with compile and test gates.

How This Skill Works

Identify update candidates using mix hex.outdated, separating Update possible from Update not possible. Batch update all Update possible plus constraint-only blocked deps, review diffs for each dependency, update mix.exs constraints, fetch/lock with mix deps.get, apply necessary code changes, and run verification gates in order: mix compile --warnings-as-errors, MIX_ENV=test mix compile --warnings-as-errors, mix format --check-formatted, and mix test. If any gate fails, stop and fix before continuing; transitive blocks are reported rather than forced.

When to Use It

When you want to update dependencies in an Elixir project, including breaking-change handling.
When you need to run mix hex.outdated to identify updatable dependencies.
When you plan a batch update that includes dependencies blocked only by mix.exs constraints.
When you must review diffs for each dependency before updating to catch API/config/behavior changes.
When you require verification gates (compile, test, and formatting) to pass before finishing.

Quick Start

Step 1: Run mix hex.outdated and classify dependencies as Update possible or Update not possible.
Step 2: Batch update all Update possible plus constraint-only blocked deps, then update mix.exs constraints and run mix deps.get.
Step 3: Review diffs for each dep, apply necessary code changes, and run the verification gates: mix compile --warnings-as-errors; MIX_ENV=test mix compile --warnings-as-errors; mix format --check-formatted; mix test.

Best Practices

Run mix hex.outdated to categorize dependencies into Update possible and Update not possible.
Batch update all Update possible deps plus constraint-only blocked deps in a single pass.
For each dep in the batch, run mix hex.package diff current_version..latest_version to review changes.
Update all relevant mix.exs constraints to allow the latest versions and then fetch/lock.
Always run the verification gates in order and stop if any fail; do not force blocked updates.

Example Use Cases

A Phoenix app updates multiple dependencies at once after a minor Hex release, ensuring code changes align with diffs.
An Elixir service encounters breaking changes in a dependency; after reviewing diffs, the code is updated accordingly and tests are green.
A project has a dependency blocked only by the mix.exs constraint; the constraint is loosened to the latest version and updated in batch.
Continuous integration runs all gates (compile, test, format) after updating deps to ensure a clean state.
A release notes review identifies breaking changes; the team updates code paths or configs in step 1A before merging.

Frequently Asked Questions

Add this skill to your agents