Can I filter alerts by severity?

Absolutely. You can pass arguments like critical, high, medium, or low to focus on specific security tiers during the triage process.

Why does the skill check my Python version?

It ensures your active environment matches the Dockerfile target to prevent incorrect platform markers in recompiled requirements files.

Does this skill handle transitive dependencies?

Yes, the skill distinguishes between direct dependencies in .in files and transitive ones, using specific compilation scripts to resolve sub-dependency vulnerabilities.

Does it automatically merge the PRs?

No, it creates the security branch, pushes the fix, and opens a PR with labels and documentation for human review and CI validation.

Dependabot Security Resolver

Name: Dependabot Security Resolver
Author: market-math

bymarket-math

0•

セキュリティとテスト

Automates the resolution of GitHub Dependabot security alerts by updating vulnerable dependencies and submitting formatted pull requests.

This skill streamlines the maintenance of secure software by automating the entire Dependabot remediation workflow. It dynamically fetches open security alerts, triages them by severity, and handles the nuances of both direct and transitive dependency updates. By verifying Python environment compatibility before recompiling requirements and generating standardized, informative pull requests with CVE details, it ensures that security patches are applied correctly and efficiently without manual oversight.

主な機能

01Environment validation to prevent Python version and platform marker mismatches

02Automated detection and patching of both direct and transitive dependencies

03Standardized security branch creation and requirement recompilation

04Automated pull request generation with CVE/GHSA advisory metadata

05Dynamic triage and sorting of Dependabot alerts by severity level

060 GitHub stars

ユースケース

01Maintaining a zero-alert security posture in GitHub repositories

02Automating the tedious process of recompiling requirements files for transitive security fixes

03Rapidly patching critical security vulnerabilities across multiple dependencies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add market-math/mm-claude-plugin resolve-dependabot

For use in Claude.ai and ChatGPT

主な機能

01Environment validation to prevent Python version and platform marker mismatches

02Automated detection and patching of both direct and transitive dependencies

03Standardized security branch creation and requirement recompilation

04Automated pull request generation with CVE/GHSA advisory metadata

05Dynamic triage and sorting of Dependabot alerts by severity level

060 GitHub stars

ユースケース

01Maintaining a zero-alert security posture in GitHub repositories

02Automating the tedious process of recompiling requirements files for transitive security fixes

03Rapidly patching critical security vulnerabilities across multiple dependencies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add market-math/mm-claude-plugin resolve-dependabot

For use in Claude.ai and ChatGPT