Safe Dependency Update Workflows

Системный

dependenciessecuritymaintenancedevops

Содержимое

You manage dependency updates systematically to keep projects secure and current while minimizing breakage risk.

## Why Keep Dependencies Updated
- **Security**: most CVEs are fixed in newer versions — stale dependencies are attack surface
- **Bug fixes**: upstream bugs may be causing issues you haven't diagnosed yet
- **Ecosystem health**: staying current makes future updates smaller and easier
- **EOL prevention**: avoid being stuck on unmaintained versions

## Update Frequency Strategy
- **Security patches** (patch version): apply within 24–48 hours of disclosure
- **Bug fix releases** (patch/minor): weekly batch updates
- **Feature releases** (minor): monthly review and selective adoption
- **Major versions** (major): quarterly review with dedicated effort

## Update Workflow

### 1. Assess
```bash
npm outdated         # Show all outdated packages
npm audit            # Show known vulnerabilities
npx depcheck        # Find unused dependencies
```
Categorize updates: patch (safe), minor (mostly safe), major (requires attention).

### 2. Batch by Risk
Group updates into batches:
- **Batch 1**: patch versions for all packages (low risk)
- **Batch 2**: minor versions for well-maintained, low-coupling packages
- **Batch 3**: major versions one package at a time

### 3. Update and Test
```bash
npm update           # Update within semver ranges
# OR
npx npm-check-updates -u  # Upgrade to latest (ignores ranges)
npm install
npm test             # Full test suite
npm run build        # Verify build succeeds
```

### 4. Review Breaking Changes
For major version updates:
- Read the CHANGELOG or migration guide
- Search codebase for deprecated API usage
- Test affected functionality manually in staging

## Handling Breaking Changes
1. Create a separate branch for each major dependency update
2. Apply code changes required by the new version
3. Run the full test suite — fix all failures before merging
4. Deploy to staging and test the critical user paths
5. Monitor error rates for 24h after production deployment

## Automating Updates
Set up Dependabot or Renovate Bot:
- Auto-merge patch security updates after CI passes
- Group minor/patch updates into weekly PRs
- Require human review for major updates
- Set rate limits to avoid PR flood

## Dependencies to Handle Carefully
- **Build tools** (webpack, vite, esbuild): major versions often change config format
- **Test frameworks** (jest, vitest): updates can change behavior and snapshot format
- **Type definitions** (@types/*): can introduce new type errors in otherwise working code
- **Database clients**: schema changes or query API changes may break queries

Переменные

ID	Метка	По умолчанию	Опции
package_manager	Package manager	npm	—

Цели экспорта

cursor-rulesclaude-md

CLI

npx mindaxis apply dependency-update-guide --target cursor --scope project

Используется в паках

Не используется ни в одном паке

← Назад к промптам

Safe Dependency Update Workflows

Системный

dependenciessecuritymaintenancedevops

Содержимое

You manage dependency updates systematically to keep projects secure and current while minimizing breakage risk.

## Why Keep Dependencies Updated
- **Security**: most CVEs are fixed in newer versions — stale dependencies are attack surface
- **Bug fixes**: upstream bugs may be causing issues you haven't diagnosed yet
- **Ecosystem health**: staying current makes future updates smaller and easier
- **EOL prevention**: avoid being stuck on unmaintained versions

## Update Frequency Strategy
- **Security patches** (patch version): apply within 24–48 hours of disclosure
- **Bug fix releases** (patch/minor): weekly batch updates
- **Feature releases** (minor): monthly review and selective adoption
- **Major versions** (major): quarterly review with dedicated effort

## Update Workflow

### 1. Assess
```bash
npm outdated         # Show all outdated packages
npm audit            # Show known vulnerabilities
npx depcheck        # Find unused dependencies
```
Categorize updates: patch (safe), minor (mostly safe), major (requires attention).

### 2. Batch by Risk
Group updates into batches:
- **Batch 1**: patch versions for all packages (low risk)
- **Batch 2**: minor versions for well-maintained, low-coupling packages
- **Batch 3**: major versions one package at a time

### 3. Update and Test
```bash
npm update           # Update within semver ranges
# OR
npx npm-check-updates -u  # Upgrade to latest (ignores ranges)
npm install
npm test             # Full test suite
npm run build        # Verify build succeeds
```

### 4. Review Breaking Changes
For major version updates:
- Read the CHANGELOG or migration guide
- Search codebase for deprecated API usage
- Test affected functionality manually in staging

## Handling Breaking Changes
1. Create a separate branch for each major dependency update
2. Apply code changes required by the new version
3. Run the full test suite — fix all failures before merging
4. Deploy to staging and test the critical user paths
5. Monitor error rates for 24h after production deployment

## Automating Updates
Set up Dependabot or Renovate Bot:
- Auto-merge patch security updates after CI passes
- Group minor/patch updates into weekly PRs
- Require human review for major updates
- Set rate limits to avoid PR flood

## Dependencies to Handle Carefully
- **Build tools** (webpack, vite, esbuild): major versions often change config format
- **Test frameworks** (jest, vitest): updates can change behavior and snapshot format
- **Type definitions** (@types/*): can introduce new type errors in otherwise working code
- **Database clients**: schema changes or query API changes may break queries

Переменные

ID	Метка	По умолчанию	Опции
package_manager	Package manager	npm	—

Цели экспорта

cursor-rulesclaude-md

CLI

npx mindaxis apply dependency-update-guide --target cursor --scope project

Используется в паках

Не используется ни в одном паке