dependency-vulnerability-fix
CommunityPatch CVEs safely without breaking vLLM
System Documentation
What problem does it solve?
This Skill solves the risk of security vulnerabilities becoming urgent CVE liabilities while preserving production stability, especially in GPU-heavy Python stacks like vLLM/PyTorch where dependency changes can easily break compatibility.
Core Features & Use Cases
- Four-step safe workflow: scan with pip-audit, classify upgrade risk, apply patch-bounded upgrades, then verify with targeted test tiers.
- Strict compatibility guardrails: prevents major/minor jumps in large dependencies (vLLM/torch and related GPU packages) and uses patch-only constraints like
<next-minor. - Automation support: provides a script-driven approach to extract patch-only upgrade candidates from pip-audit JSON and optionally apply them with a re-audit check.
Example use case: you receive a Dependabot/Renovate alert for an aiohttp or cryptography CVE, and you need to remediate it quickly while ensuring the vLLM runtime and CUDA environment remain unchanged.
Quick Start
Run the skill command to apply patch-only fixes after your pip-audit scan: ./install.sh dependency-vulnerability-fix
Dependency Matrix
Required Modules
Components
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: dependency-vulnerability-fix Download link: https://github.com/saintgo7/claude-skills/archive/main.zip#dependency-vulnerability-fix Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.