dpndncY

Manifest patching

The manifest patcher edits your dependency declaration to the fixed version, in place, across 9 formats — preserving comments, ordering, and formatting so the diff is minimal and reviewable.

Supported manifests

package.json · requirements.txt · pom.xml · go.mod · Cargo.toml · packages.config · composer.json · Gemfile · build.gradle

How it patches

  • Semver-aware bumps — chooses the minimal version that clears the advisory while respecting your declared range style (caret, tilde, pin).
  • Workspace / monorepo aware — handles Yarn / pnpm workspaces and multi-module builds.
  • Conflict detection — flags when a bump would create a resolution conflict instead of silently breaking the graph.
  • Format-preserving — keeps comments, key order, and whitespace so the PR diff is just the version.
Manifest + lockfile move together
Patching the manifest alone leaves the lockfile pinning the old version. dpndncY regenerates the lockfile in the same PR so the fix is actually applied.

See also