A comprehensive collection of Claude Code plugins for version upgrades and security vulnerability management with proper analysis, testing, and documentation.
This plugin repository provides tools to safely manage software dependencies and versions following best practices including:
- Smart Version Selection: Automatically determines the best target version based on LTS status, support timelines, and project context
- Security Vulnerability Management: Identifies and updates dependencies with known CVEs across multiple languages
- Comprehensive Analysis: Evaluates upgrades and security risks by checking EOL dates, vulnerabilities, and compatibility
- Complete Documentation: Creates detailed documentation files tracking all decisions and actions
- Full Testing: Runs builds and tests to verify changes work correctly
- Git Integration: Creates feature branches, commits, and pull requests with detailed descriptions
Upgrades programming language versions (Java, Node.js, Python, Go, Rust, etc.)
Manually invoke the upgrade process:
/upgrade-language Java 17 to 21
/upgrade-language Node.js 16
/upgrade-language Python 3.9 to 3.11 for issue #42Claude can autonomously use this skill when:
- You mention upgrading a language version
- EOL warnings are detected
- Security vulnerabilities in current version are found
- Build or dependency issues suggest a version upgrade might help
Upgrades Spring Boot framework versions using OpenRewrite for automated code migration, with comprehensive validation and testing.
Key Feature: Uses OpenRewrite recipes to automatically apply Spring Boot migrations including:
- POM version updates
- Package namespace migrations (javax.* → jakarta.*)
- Deprecated API replacements
- Configuration property updates
- Dependency version updates
Manually invoke the Spring Boot upgrade process:
/upgrade-springboot 3.6.0
/upgrade-springboot 3.5.8 for issue #42Claude can autonomously use this skill when:
- You mention upgrading Spring Boot
- You need to upgrade to a specific Spring Boot version
- Spring Boot EOL warnings are detected
- Dependencies require a newer Spring Boot version
Identifies and updates dependencies with known security vulnerabilities across multiple programming languages and package managers.
Key Feature: Multi-language security vulnerability management supporting:
- Java (Maven, Gradle)
- JavaScript/TypeScript (npm, yarn, pnpm)
- Python (pip, poetry, pipenv)
- Go, Ruby, Rust, .NET, PHP
Manually invoke the vulnerability update process:
/update-vulnerable-dependencies
/update-vulnerable-dependencies for issue #42
/update-vulnerable-dependencies --severity=critical,highClaude can autonomously use this skill when:
- Security vulnerabilities are detected in dependencies
- You mention updating vulnerable dependencies
- CVE warnings appear in builds
- You need to perform security updates
Automatically locates and updates:
- Build Configuration:
pom.xml,package.json,go.mod,pyproject.toml, etc. - CI/CD Workflows: GitHub Actions, GitLab CI, CircleCI configurations
- Docker Images: Base image versions in Dockerfiles
- Documentation: README and other docs
- Version Managers:
.tool-versions,.nvmrc,.python-version, etc.
Uses OpenRewrite to automatically handle:
- POM Configuration: Spring Boot parent version in
pom.xml - Package Migrations: javax.* → jakarta.* (for 2.x → 3.x upgrades)
- Dependencies: Spring ecosystem dependencies (spring-data, springdoc, etc.)
- Configuration: Application properties and YAML files
- Deprecated APIs: Updates code using deprecated Spring Boot APIs
- Code Transformations: Applies Spring Boot migration patterns
- Tests: Fixes test compatibility issues
- Documentation: Creates comprehensive
UPGRADE_SPRING_EXPLANATION.mdwith OpenRewrite results
Automatically handles security vulnerability management:
- Vulnerability Scanning: Runs security scanners for all detected package managers
- CVE Analysis: Identifies CVEs with CVSS scores and severity levels
- Dependency Updates: Updates vulnerable packages across all languages
- Testing & Verification: Runs tests and re-scans to confirm fixes
- Documentation: Creates comprehensive
VULNERABILITY_REPORT.mdwith:- Detailed CVE information
- Severity classification (Critical, High, Medium, Low)
- Before/after vulnerability comparison
- Update strategy and prioritization
- Test results and verification
# Clone or download this plugin repository
git clone <your-repo-url> tlm-plugin-repo
# Install the plugins in Claude Code
cd tlm-plugin-repo
claude plugin install .This will install all three plugins: upgrade-language, upgrade-springboot, and update-vulnerable-dependencies.
claude plugin install <github-url>All three plugins will be available as slash commands and skills after installation.
Invoke the command with your language and versions:
/upgrade-language Java 17 to 21If you don't specify a target version, Claude will analyze and choose the best version:
/upgrade-language Java 17Claude will:
- Check if Java 17 is still supported
- Identify available LTS versions
- Analyze your project context
- Recommend the best target version
- Explain the reasoning
Link the upgrade to a GitHub issue:
/upgrade-language Node.js 16 to 20 for issue #123Invoke the command with the target Spring Boot version:
/upgrade-springboot 3.6.0Claude will prompt you for the target version if not specified:
What Spring Boot version would you like to upgrade to? (e.g., 3.6.0)
> 3.6.0
Link the upgrade to a GitHub issue:
/upgrade-springboot 3.6.0 for issue #123- Detects current Spring Boot version from pom.xml
- Validates target version compatibility
- Determines appropriate OpenRewrite recipe for the upgrade
- Creates comprehensive
UPGRADE_SPRING_EXPLANATION.mddocumentation - Executes OpenRewrite migration recipe to automatically:
- Update Spring Boot parent version
- Migrate package namespaces (javax.* → jakarta.*)
- Replace deprecated APIs
- Update configuration properties
- Update Spring ecosystem dependencies
- Reviews and documents all OpenRewrite changes
- Resolves remaining dependency conflicts manually
- Fixes any remaining configuration issues
- Runs full test suite and fixes failing tests
- Verifies application functionality
- Creates detailed pull request with OpenRewrite results
Invoke the command to scan and update vulnerable dependencies:
/update-vulnerable-dependenciesYou can also specify severity levels:
/update-vulnerable-dependencies --severity=critical,highLink the security update to a GitHub issue:
/update-vulnerable-dependencies for issue #123- Automatically detects all package managers in the project
- Runs appropriate security scanners (OWASP, npm audit, pip-audit, etc.)
- Creates comprehensive
VULNERABILITY_REPORT.mdwith CVE details - Organizes vulnerabilities by severity (Critical, High, Medium, Low)
- Prioritizes updates based on severity and availability of fixes
- Updates vulnerable dependencies across all languages
- Runs full test suite to verify updates
- Re-scans to confirm vulnerabilities are resolved
- Documents before/after comparison
- Creates detailed pull request with security analysis
- Java: Maven (OWASP Dependency-Check), Gradle
- JavaScript/TypeScript: npm audit, yarn audit, pnpm audit
- Python: pip-audit, safety
- Go: govulncheck, nancy
- Ruby: bundler-audit
- Rust: cargo-audit
- .NET: dotnet list package --vulnerable
- PHP: composer audit
The plugin follows a structured 9-step process:
- Evaluate Whether to Upgrade: Analyzes support status, EOL dates, and project requirements
- Choose Target Version: Intelligently selects the best version based on LTS status and stability
- Create Feature Branch: Sets up a properly named git branch
- Locate All Version References: Finds every file that needs updating
- Update All References: Modifies build configs, CI/CD, Docker, and docs
- Build and Test: Verifies everything works with the new version
- Commit Changes: Creates a descriptive commit with co-authorship
- Push and Create PR: Opens a pull request with comprehensive documentation
- Report Results: Provides summary of what was done
The plugin follows a structured 15-step process:
- Input Validation and Version Detection: Prompts for target version and validates compatibility
- Initialize Upgrade Documentation: Creates
UPGRADE_SPRING_EXPLANATION.md - Analyze Release Notes: Identifies breaking changes and determines OpenRewrite recipe
- Run OpenRewrite Migration Recipe: Executes automated code migration
- Update pom.xml Version (if needed): Verifies/updates Spring Boot parent version
- Initial Build and Dependency Resolution: Fixes compilation issues
- Update Dependencies: Updates remaining Spring ecosystem dependencies
- Configuration Updates: Updates remaining configuration properties
- Run Comprehensive Tests: Fixes failing tests after upgrade
- Verify Application Functionality: Tests application startup and endpoints
- Code Quality and Security Checks: Runs static analysis and security scans
- Performance Comparison: Documents performance changes
- Finalize Documentation: Adds executive summary with OpenRewrite results
- Create Pull Request: Pushes changes and creates comprehensive PR
- Post-PR Validation: Updates documentation with PR details
The plugin follows a structured 11-step process:
- Identify Project Type: Detects all package managers in use
- Run Vulnerability Scan: Executes security scanners for each package manager
- Analyze Vulnerabilities: Creates VULNERABILITY_REPORT.md with CVE details
- Prioritize Updates: Categorizes by severity and determines update strategy
- Create Feature Branch: Sets up security update branch
- Update Dependencies: Updates vulnerable packages following priority order
- Run Tests: Executes full test suite and verifies functionality
- Re-scan for Vulnerabilities: Confirms all vulnerabilities are resolved
- Update Documentation: Finalizes VULNERABILITY_REPORT.md with results
- Create Pull Request: Pushes changes and creates comprehensive security PR
- Post-Deployment Monitoring: Documents monitoring requirements
The language upgrade plugin creates and maintains an UPGRADE_EXPLANATION.md file that documents:
- Decision rationale: Why this version was chosen
- Support timeline analysis: Current and target version support status
- All actions taken: Every file modified and why
- Build and test results: Detailed output from verification steps
- Issues encountered: Problems found and how they were resolved
The Spring Boot upgrade plugin creates a comprehensive UPGRADE_SPRING_EXPLANATION.md file that documents:
- Upgrade summary: Current and target versions, upgrade type
- Compatibility analysis: Java version requirements, breaking changes expected
- OpenRewrite recipe selection: Which recipe was chosen and why
- Pre-upgrade state: Build status, test results, application functionality
- Breaking changes analysis: Detailed analysis from release notes
- OpenRewrite migration results: All changes made by OpenRewrite including:
- Recipe executed and execution status
- Files modified by OpenRewrite
- POM updates, package migrations, deprecated API replacements
- Configuration property updates
- Manual changes still required after OpenRewrite
- All changes made: Every file modified (by OpenRewrite and manually) with explanations
- Build issues encountered: Every issue with root cause and resolution
- Test results: Complete test execution results and fixes
- Application verification: Endpoint testing and functionality verification
- Code quality and security: Static analysis and security scan results
- Executive summary: Final status, metrics, OpenRewrite results, and recommendations
The vulnerable dependencies plugin creates a comprehensive VULNERABILITY_REPORT.md file that documents:
- Scan information: Date, project name, detected languages and package managers
- Vulnerability details organized by severity:
- Critical (CVSS 9.0-10.0)
- High (CVSS 7.0-8.9)
- Medium (CVSS 4.0-6.9)
- Low (CVSS 0.1-3.9)
- For each vulnerability: Package name, current version, fixed version, CVE ID, CVSS score, description
- Update strategy: Prioritized list of updates (Priority 1: Immediate, Priority 2: Next Sprint, Priority 3: Backlog)
- Dependencies with no fix: Documented workarounds and mitigations
- Updates applied: Before/after versions, CVEs resolved, status
- Test results: Complete test execution results and verification
- Remaining issues: Any unfixed vulnerabilities with mitigation plans
All documentation files are included in commits and referenced in PRs for full transparency.
- Java: Focuses on LTS versions (8, 11, 17, 21, 25)
- Node.js: Prioritizes LTS releases
- Python: Checks active support status
- Go: Leverages strong backward compatibility
- Rust: Follows stable release channel
- Spring Boot: All versions (2.x and 3.x)
- Handles major version upgrades (2.x → 3.x) including Jakarta EE migration
- Handles minor version upgrades with new features
- Handles patch upgrades for bug fixes
- Java: Maven (OWASP Dependency-Check), Gradle (dependencyCheckAnalyze)
- JavaScript/TypeScript: npm audit, yarn audit, pnpm audit, Snyk
- Python: pip-audit, safety, Snyk
- Go: govulncheck (official), nancy
- Ruby: bundler-audit
- Rust: cargo-audit
- .NET: dotnet list package --vulnerable
- PHP: composer audit, local-php-security-checker
The plugin uses intelligent logic:
- Check current version: Is it EOL soon? Still supported?
- Analyze project type: Production app vs sample/learning project
- Look for hints: Branch name, local environment version
- Select version:
- Production apps → Most mature LTS
- Sample projects → Latest stable LTS
- Respect user hints from branch names
- Recommends latest stable version
- Checks active support status
- Avoids bleeding-edge releases unless specified
pom.xml(Maven)build.gradle(Gradle).github/workflows/*.ymlDockerfile.tool-versionsREADME.md
package.json.nvmrc.github/workflows/*.ymlDockerfileREADME.md
pyproject.tomlsetup.py.python-versionPipfiletox.ini.github/workflows/*.ymlDockerfile
go.mod.github/workflows/*.ymlDockerfileREADME.md
- No Destructive Operations: Won't force push or hard reset
- Comprehensive Testing: Runs full test suite before committing
- Issue Documentation: Records all warnings and deprecations
- Rollback Friendly: Clean git history allows easy reversion
Common issues and solutions are documented in the skill file:
- Tests fail with new version: Update test dependencies
- Dependencies incompatible: Stage the upgrade (dependencies first)
- CI/CD fails but local works: Check platform support
- Deprecated API warnings: Document and create follow-up issues
Contributions are welcome! Please:
- Test changes with multiple languages
- Update documentation
- Follow the existing code style
- Add examples for new features
MIT License - See LICENSE file for details
For issues, questions, or contributions:
- GitHub Issues: /issues
- Documentation:
- See
skills/upgrade-language/SKILL.mdfor detailed language upgrade process - See
skills/upgrade-springboot/SKILL.mdfor detailed Spring Boot upgrade process - See
skills/update-vulnerable-dependencies/SKILL.mdfor detailed security vulnerability management process
- See
- Spring Boot Documentation
- Spring Boot Release Notes
- Spring Boot System Requirements
- Spring Boot Migration Guides
- National Vulnerability Database (NVD)
- CVE Database
- Snyk Vulnerability Database
- GitHub Advisory Database
- OWASP Dependency-Check
- Initial release with three plugins:
- Upgrade Language Plugin:
- Support for Java, Node.js, Python, Go, Rust
- Autonomous version selection
- UPGRADE_EXPLANATION.md documentation
- Full CI/CD integration
- Comprehensive testing workflow
- Upgrade Spring Boot Plugin:
- Support for all Spring Boot versions (2.x and 3.x)
- OpenRewrite integration for automated migrations
- Comprehensive UPGRADE_SPRING_EXPLANATION.md documentation
- Automatic dependency resolution
- Configuration property updates
- Full test suite validation
- Application functionality verification
- PR creation with detailed documentation
- Update Vulnerable Dependencies Plugin:
- Multi-language security vulnerability management
- Support for Java, JavaScript/TypeScript, Python, Go, Ruby, Rust, .NET, PHP
- Automatic vulnerability scanning with industry-standard tools
- VULNERABILITY_REPORT.md with CVE details and severity classification
- Prioritized update strategy based on CVSS scores
- Comprehensive testing and verification
- Before/after vulnerability comparison
- PR creation with security analysis
- Upgrade Language Plugin: