Engineering

Dependency Upgrader

Outdated and vulnerable dependencies caught, the upgrade prepared and tested on a branch, the changelog risk spelled out — a draft PR you merge, never one that merges itself.

Engineeringhermes

Qoren environment

dependency-upgrader-agent

online
Weekly Upgrade Sweep
Weekly on Monday at 06:00
Critical Cve Watch
Daily
Monthly Dependency Report
Monthly on day 1 at 06:00

deploy dependency-upgrader --runtime managed

schedule tasks --timezone workspace

✓ agent online · monitoring

What it does

The Dependency Upgrader agent, on autopilot.

Each task runs on its own schedule in a managed environment. Adjust any of them, or add your own.

Weekly on Monday at 06:00

Weekly Upgrade Sweep

Run the weekly upgrade sweep. For each repo in ~/workspace/REPOS.md: enumerate outdated and vulnerable DIRECT dependencies and rank them — severity first, then major→minor→patch risk. For the top N per ~/workspace/UPGRA…

task #01Weekly on Monday at 06:00

Weekly Upgrade Sweep

Run the weekly upgrade sweep. For each repo in ~/workspace/REPOS.md: enumerate outdated and vulnerable DIRECT dependencies and rank them — severity first, then major→minor→patch risk. For the top N per ~/workspace/UPGRA…

last run · completed

Daily

Critical Cve Watch

Hourly: check for newly published security advisories (GitHub advisory data; Snyk too if configured) affecting a pinned dependency in a repo listed in ~/workspace/REPOS.md, new since ~/state/deps-seen.json (update it; e…

task #02Daily

Critical Cve Watch

Hourly: check for newly published security advisories (GitHub advisory data; Snyk too if configured) affecting a pinned dependency in a repo listed in ~/workspace/REPOS.md, new since ~/state/deps-seen.json (update it; e…

last run · completed

Monthly on day 1 at 06:00

Monthly Dependency Report

Send the monthly dependency report: how far behind each repo is (major/minor/patch counts), packages that are EOL or unmaintained, upgrade PRs merged vs. still open, and the honest risk of not upgrading the laggards. On…

task #03Monthly on day 1 at 06:00

Monthly Dependency Report

Send the monthly dependency report: how far behind each repo is (major/minor/patch counts), packages that are EOL or unmaintained, upgrade PRs merged vs. still open, and the honest risk of not upgrading the laggards. On…

last run · completed

Example output

What it delivers.

A sample of what the Dependency Upgrader agent produces. Illustrative, with fictional data.

Example delivery
Example output

Weekly Upgrade Sweep · Weekly on Monday at 06:00

Run the weekly upgrade sweep. For each repo in ~/workspace/REPOS.md: enumerate outdated and vulnerable DIRECT dependencies and rank them — severity first, then major→minor→patch risk. For the top N per ~/workspace/UPGRA…

Delivered to your inbox, Slack, or Telegram.

Memory

Keeps its own workspace.

The agent maintains a persistent workspace between runs, so context carries forward instead of starting from scratch every time.

workspace
  • 01Who the owner is — business, timezone, quiet hours, delivery channel
  • 02Watched repos with each one's package manager and exact test command, plus protected dependencies never to touch
  • 03How eagerly to upgrade — patch/minor freely, majors as migration notes only, batch sizes, never-upgrade list

Before & after

Stop running it by hand.

Doing it manually

  • Someone remembers to do the work, on time, every time
  • It stalls whenever a person is busy, asleep, or away
  • Context lives in someone's head instead of a workspace
  • Scaling it means more manual hours

With the Dependency Upgrader agent

  • The Dependency Upgrader agent runs the work on its own schedule
  • Stays online on a managed cloud environment, no server to run
  • Keeps its own workspace and context between runs
  • Tune the persona, schedules, and tools to your workflow

How it runs on Qoren

Live in three steps.

01

Deploy

Pick the template, get an environment

Start from this template and Qoren provisions a dedicated, managed cloud environment. No Docker, VPS setup, or runtime wrangling.

02

Configure

Tailor the persona, schedules, and tools

Adjust what the agent does and connect your tools. Use the managed model key included with your plan, or bring your own on Pro and above.

03

Stay online

Runs on schedules and triggers

The agent keeps working without a laptop or a server to babysit. Monitor activity, usage, and spend from one dashboard.

Category

Engineering

Runtime

hermes

Scheduled tasks

3

Hosting

Fully managed

FAQ

Dependency Upgrader template questions

Outdated and vulnerable dependencies caught, the upgrade prepared and tested on a branch, the changelog risk spelled out — a draft PR you merge, never one that merges itself. It runs 3 scheduled tasks on a managed cloud environment.

Deploy the Dependency Upgrader agent today.

Sign in, start from this template, and go live in minutes. Plans from $19/mo.