Thoughts on the state of software development and AI

Resolving Dependabot Issues with Claude Code

I created a Claude skill creatively called dependabot which once installed you can invoke like this:

/dependabot

or

/dependabot githubusername repositoryname

It will use the GitHub CLI to retrieve open Dependabot alerts and upgrade the relevant dependencies. If you have multiple GitHub accounts logged in via the CLI it will ask which one it should use if it can't figure it out based on how the skill was invoked or based on the repository settings.

You can find the skill here: https://github.com/wjgilmore/dependabot-skill

To install it globally, open a terminal and go to your home directory, then cd into .claude/skills and clone there. Then restart Claude Code and you should be able to invoke it like any other skill. Here is some example output of it running on one of my projects:

Bash# Verify all previously vulnerable packages are now patched npm Is tar rollup glob minimatch lodash 2>&1)
L
securitybot.dev@ /Users/wigilmore/Software/securitybot.dev
Totailwindoss/vite@4.1.11
r @tailwindcss/oxide@4.1.11
. +9 lines (ctrl+o to expand)
All patched:
- tar: 7.4.3 → 7.5.13 (needed 7.5.11+)
- lodash: 4.17.21 → 4.17.23 (needed 4.17.23)
- glob: 10.4.5 → 10.5.0 (needed 10.5.0)
- minimatch: 9.0.5 → 9.0.9 (needed 9.0.7+)
- rollup: 4.46.0 → 4.60.1 (needed 4.59.0+)
• Bash(npm run build 2>&1)
L > build
> vite build
.. +13 lines (ctrl+o to expand)
Bash(php artisan test 2>&1)
L PASS Tests\Feature\FormScannerSettingsTest
› user can toggle form scanner enabled
• form scanner toggle requires verification
55+ lines (48s • timeout 2m) 28.2KB
ctrl+b to run in background
• Verifying build and tests. (2m 7s • $ 878 tokens)
L v Update direct dependencies (vite, playwright)
« Update transitive dependencies (tar, pollup, glob, minimateh, todash)
• Verify build and tests pass