Open Skills Logo
Open Skills

dependency-upgrade

通过兼容性分析、分阶段推出和全面测试来管理主要依赖版本升级。适用于升级框架版本、更新主要依赖项或处理库中的破坏性变更时使用。

查看详情
name:dependency-upgradedescription:Manage major dependency version upgrades with compatibility analysis, staged rollout, and comprehensive testing. Use when upgrading framework versions, updating major dependencies, or managing breaking changes in libraries.

Dependency Upgrade

Master major dependency version upgrades, compatibility analysis, staged upgrade strategies, and comprehensive testing approaches.

Do not use this skill when

  • The task is unrelated to dependency upgrade

  • You need a different domain or tool outside this scope

    • Instructions

  • Clarify goals, constraints, and required inputs.

  • Apply relevant best practices and validate outcomes.

  • Provide actionable steps and verification.

  • If detailed examples are required, open resources/implementation-playbook.md.

    • Use this skill when

  • Upgrading major framework versions

  • Updating security-vulnerable dependencies

  • Modernizing legacy dependencies

  • Resolving dependency conflicts

  • Planning incremental upgrade paths

  • Testing compatibility matrices

  • Automating dependency updates

    • Semantic Versioning Review

    MAJOR.MINOR.PATCH (e.g., 2.3.1)
    MAJOR: Breaking changes
    MINOR: New features, backward compatible
    PATCH: Bug fixes, backward compatible
    ^2.3.1 = >=2.3.1 <3.0.0 (minor updates)
    ~2.3.1 = >=2.3.1 <2.4.0 (patch updates)
    2.3.1 = exact version

    Dependency Analysis

    Audit Dependencies


    # npm
    npm outdated
    npm audit
    npm audit fix
    yarn

    yarn outdated
    yarn audit
    Check for major updates

    npx npm-check-updates
    npx npm-check-updates -u  # Update package.json

    Analyze Dependency Tree


    # See why a package is installed
    npm ls package-name
    yarn why package-name
    Find duplicate packages

    npm dedupe
    yarn dedupe
    Visualize dependencies

    npx madge --image graph.png src/

    Compatibility Matrix

    // compatibility-matrix.js
    const compatibilityMatrix = {
      'react': {
        '16.x': {
          'react-dom': '^16.0.0',
          'react-router-dom': '^5.0.0',
          '@testing-library/react': '^11.0.0'
        },
        '17.x': {
          'react-dom': '^17.0.0',
          'react-router-dom': '^5.0.0 || ^6.0.0',
          '@testing-library/react': '^12.0.0'
        },
        '18.x': {
          'react-dom': '^18.0.0',
          'react-router-dom': '^6.0.0',
          '@testing-library/react': '^13.0.0'
        }
      }
    };
    function checkCompatibility(packages) {
      // Validate package versions against matrix
    }

    Staged Upgrade Strategy

    Phase 1: Planning


    # 1. Identify current versions
    npm list --depth=0
    2. Check for breaking changes

    Read CHANGELOG.md and MIGRATION.md
    3. Create upgrade plan

    echo "Upgrade order:
  • TypeScript

  • React

  • React Router

  • Testing libraries

  • Build tools" > UPGRADE_PLAN.md

    • Phase 2: Incremental Updates


    # Don't upgrade everything at once!
    Step 1: Update TypeScript

    npm install typescript@latest
    Test

    npm run test
    npm run build
    Step 2: Update React (one major version at a time)

    npm install react@17 react-dom@17
    Test again

    npm run test
    Step 3: Continue with other packages

    npm install react-router-dom@6
    And so on...

    Phase 3: Validation


    // tests/compatibility.test.js
    describe('Dependency Compatibility', () => {
      it('should have compatible React versions', () => {
        const reactVersion = require('react/package.json').version;
        const reactDomVersion = require('react-dom/package.json').version;
        expect(reactVersion).toBe(reactDomVersion);
      });
      it('should not have peer dependency warnings', () => {
        // Run npm ls and check for warnings
      });
    });

    Breaking Change Handling

    Identifying Breaking Changes


    # Use changelog parsers
    npx changelog-parser react 16.0.0 17.0.0
    Or manually check

    curl https://raw.githubusercontent.com/facebook/react/main/CHANGELOG.md

    Codemod for Automated Fixes


    # React upgrade codemods
    npx react-codeshift <transform> <path>
    Example: Update lifecycle methods

    npx react-codeshift \
      --parser tsx \
      --transform react-codeshift/transforms/rename-unsafe-lifecycles.js \
      src/

    Custom Migration Script


    // migration-script.js
    const fs = require('fs');
    const glob = require('glob');
    glob('src/*/.tsx', (err, files) => {
      files.forEach(file => {
        let content = fs.readFileSync(file, 'utf8');
        // Replace old API with new API
        content = content.replace(
          /componentWillMount/g,
          'UNSAFE_componentWillMount'
        );
        // Update imports
        content = content.replace(
          /import { Component } from 'react'/g,
          "import React, { Component } from 'react'"
        );
        fs.writeFileSync(file, content);
      });
    });

    Testing Strategy

    Unit Tests


    // Ensure tests pass before and after upgrade
    npm run test
    // Update test utilities if needed
    npm install @testing-library/react@latest

    Integration Tests


    // tests/integration/app.test.js
    describe('App Integration', () => {
      it('should render without crashing', () => {
        render(<App />);
      });
      it('should handle navigation', () => {
        const { getByText } = render(<App />);
        fireEvent.click(getByText('Navigate'));
        expect(screen.getByText('New Page')).toBeInTheDocument();
      });
    });

    Visual Regression Tests


    // visual-regression.test.js
    describe('Visual Regression', () => {
      it('should match snapshot', () => {
        const { container } = render(<App />);
        expect(container.firstChild).toMatchSnapshot();
      });
    });

    E2E Tests


    // cypress/e2e/app.cy.js
    describe('E2E Tests', () => {
      it('should complete user flow', () => {
        cy.visit('/');
        cy.get('[data-testid="login"]').click();
        cy.get('input[name="email"]').type('user@example.com');
        cy.get('button[type="submit"]').click();
        cy.url().should('include', '/dashboard');
      });
    });

    Automated Dependency Updates

    Renovate Configuration


    // renovate.json
    {
      "extends": ["config:base"],
      "packageRules": [
        {
          "matchUpdateTypes": ["minor", "patch"],
          "automerge": true
        },
        {
          "matchUpdateTypes": ["major"],
          "automerge": false,
          "labels": ["major-update"]
        }
      ],
      "schedule": ["before 3am on Monday"],
      "timezone": "America/New_York"
    }

    Dependabot Configuration


    # .github/dependabot.yml
    version: 2
    updates:
      - package-ecosystem: "npm"
        directory: "/"
        schedule:
          interval: "weekly"
        open-pull-requests-limit: 5
        reviewers:
          - "team-leads"
        commit-message:
          prefix: "chore"
          include: "scope"

    Rollback Plan

    // rollback.sh
    #!/bin/bash
    Save current state

    git stash
    git checkout -b upgrade-branch
    Attempt upgrade

    npm install package@latest
    Run tests

    if npm run test; then
      echo "Upgrade successful"
      git add package.json package-lock.json
      git commit -m "chore: upgrade package"
    else
      echo "Upgrade failed, rolling back"
      git checkout main
      git branch -D upgrade-branch
      npm install  # Restore from package-lock.json
    fi

    Common Upgrade Patterns

    Lock File Management


    # npm
    npm install --package-lock-only  # Update lock file only
    npm ci  # Clean install from lock file
    yarn

    yarn install --frozen-lockfile  # CI mode
    yarn upgrade-interactive  # Interactive upgrades

    Peer Dependency Resolution


    # npm 7+: strict peer dependencies
    npm install --legacy-peer-deps  # Ignore peer deps
    npm 8+: override peer dependencies

    npm install --force

    Workspace Upgrades


    # Update all workspace packages
    npm install --workspaces
    Update specific workspace

    npm install package@latest --workspace=packages/app

    Resources

  • references/semver.md: Semantic versioning guide

  • references/compatibility-matrix.md: Common compatibility issues

  • references/staged-upgrades.md: Incremental upgrade strategies

  • references/testing-strategy.md: Comprehensive testing approaches

  • assets/upgrade-checklist.md: Step-by-step checklist

  • assets/compatibility-matrix.csv: Version compatibility table

  • scripts/audit-dependencies.sh: Dependency audit script

    • Best Practices

  • Read Changelogs: Understand what changed

  • Upgrade Incrementally: One major version at a time

  • Test Thoroughly: Unit, integration, E2E tests

  • Check Peer Dependencies: Resolve conflicts early

  • Use Lock Files: Ensure reproducible installs

  • Automate Updates: Use Renovate or Dependabot

  • Monitor: Watch for runtime errors post-upgrade

  • Document: Keep upgrade notes

    • Upgrade Checklist

    Pre-Upgrade:
  • [ ] Review current dependency versions

  • [ ] Read changelogs for breaking changes

  • [ ] Create feature branch

  • [ ] Backup current state (git tag)

  • [ ] Run full test suite (baseline)
    • During Upgrade:
  • [ ] Upgrade one dependency at a time

  • [ ] Update peer dependencies

  • [ ] Fix TypeScript errors

  • [ ] Update tests if needed

  • [ ] Run test suite after each upgrade

  • [ ] Check bundle size impact
    • Post-Upgrade:
  • [ ] Full regression testing

  • [ ] Performance testing

  • [ ] Update documentation

  • [ ] Deploy to staging

  • [ ] Monitor for errors

  • [ ] Deploy to production

    • Common Pitfalls

  • Upgrading all dependencies at once

  • Not testing after each upgrade

  • Ignoring peer dependency warnings

  • Forgetting to update lock file

  • Not reading breaking change notes

  • Skipping major versions

  • Not having rollback plan