Breaking-change analysis
The reason teams ignore dependency-bump PRs is fear of breakage. dpndncY pre-flights every fix: a semver-aware diff that calls out API-surface impact directly in the PR description, so you know whether a bump is a rubber-stamp or needs real review before you merge.
What it reports
- Semver classification — major / minor / patch, and “effectively-major” when a minor release actually removed or changed public API.
- API-surface diff — which exported symbols changed, were removed, or were added, per language where the package’s API is introspectable.
- Public-API touch — whether the changed surface is something your code actually uses (cross-referenced with the call graph / reachability).
- Risk verdict — a quick read: safe bump, review recommended, or likely breaking.
Fix the bug without the breakage surprise
The most useful line in a fix PR is “this bump is patch-level and touches no API you call” — that’s a merge in seconds. The next most useful is “this is effectively-major and changes a function you use on line X” — that’s the one to slow down on.