fs-updatelisted

# Dependency Update Check all dependencies across the project, automatically apply safe patch-level npm upgrades, flag security vulnerabilities separately, prompt the user for decisions on anything riskier, then commit and display a summary table. ## Scope This skill checks four categories: 1. **npm packages** — `server/` and `client/` (via `npm outdated`) 2. **npm security** — `npm audit` in both directories 3. **GitHub Actions** — versions pinned in `.github/workflows/*.yml` 4. **Docker images** — base image in `Dockerfile` and third-party images in `docker-compose.yml` ## Safe vs. Prompt - **Auto-apply**: npm patch-level bumps only (Current and Wanted match, Latest differs only in patch segment) - **Always prompt**: npm minor bumps, npm major bumps, GitHub Actions version bumps, Docker image bumps - **CVEs**: Treated as higher priority — always surfaced separately with severity, even if the fix requires a major bump ## Steps ### 1. Gather all dependency information in parallel Run all checks simultaneously: ```bash # npm outdated (exit code 1 when outdated packages exist — that's normal) cd server && npm outdated --json 2>/dev/null || true cd client && npm outdated --json 2>/dev/null || true # Security audits cd server && npm audit --json 2>/dev/null || true cd client && npm audit --json 2>/dev/null || true ``` For GitHub Actions, read all workflow files in `.github/workflows/` and extract `uses:` lines with their pinned versions. For Docker images, read `Docke