Skip to main content
ClaudeWave
Slash Command1.4k repo starsupdated 3d ago

dependency-upgrade

The dependency-upgrade command automates safe package dependency updates by automatically detecting the package manager (npm, yarn, pnpm, bun, pip, cargo, or go), verifying baseline tests pass before any changes, listing outdated packages categorized by risk level (patch, minor, major), and then upgrading each dependency one at a time while running tests after each upgrade to catch issues immediately. Use this when you need to update project dependencies while minimizing the risk of introducing breaking changes or compatibility issues.

View sourceRepository: claude-workflow-v2
Install in Claude Code
Copy
mkdir -p ~/.claude/commands && curl -fsSL https://raw.githubusercontent.com/CloudAI-X/claude-workflow-v2/HEAD/commands/dependency-upgrade.md -o ~/.claude/commands/dependency-upgrade.md
Then start a new Claude Code session; the slash command loads automatically.
Definition

dependency-upgrade.md

# Dependency Upgrade

Safely upgrade dependencies one at a time with testing between each upgrade.

## Context

- Package manager detection: !`ls package-lock.json 2>/dev/null && echo "npm" || ls yarn.lock 2>/dev/null && echo "yarn" || ls pnpm-lock.yaml 2>/dev/null && echo "pnpm" || ls bun.lockb 2>/dev/null && echo "bun" || ls Cargo.toml 2>/dev/null && echo "cargo" || ls go.mod 2>/dev/null && echo "go" || ls requirements.txt pyproject.toml 2>/dev/null && echo "pip/uv" || echo "Unknown"`
- Current branch: !`git branch --show-current`
- Working tree status: !`git status --short`
- Node version (if applicable): !`node --version 2>/dev/null || echo "N/A"`
- Python version (if applicable): !`python3 --version 2>/dev/null || echo "N/A"`

## Workflow

### Phase 1: Detect Environment

1. Identify the package manager from context above
2. Confirm a clean working tree (stash or commit uncommitted changes first)
3. Ensure tests pass BEFORE any upgrades — this is the baseline:
   - Node.js: `npm test` / `yarn test` / `pnpm test` / `bun test`
   - Python: `pytest` / `python -m pytest`
   - Rust: `cargo test`
   - Go: `go test ./...`
4. If baseline tests fail, STOP and report — do not upgrade on a broken baseline

### Phase 2: List Outdated Dependencies

Run the appropriate outdated command:

- npm: `npm outdated --json`
- yarn: `yarn outdated`
- pnpm: `pnpm outdated`
- bun: `bun outdated`
- pip/uv: `uv pip list --outdated` or `pip list --outdated --format=json`
- cargo: `cargo outdated` (if installed) or check Cargo.toml
- go: `go list -m -u all`

### Phase 3: Categorize Updates

Sort dependencies into risk categories:

```
## Outdated Dependencies

### Patch Updates (safe — bug fixes only)
| Package | Current | Latest | Notes |
|---------|---------|--------|-------|
| ...     | ...     | ...    | ...   |

### Minor Updates (review — new features, possible deprecations)
| Package | Current | Latest | Notes |
|---------|---------|--------|-------|
| ...     | ...     | ...    | ...   |

### Major Updates (careful — breaking changes expected)
| Package | Current | Latest | Notes |
|---------|---------|--------|-------|
| ...     | ...     | ...    | ...   |
```

If `$ARGUMENTS` specifies a package, focus only on that package.

### Phase 4: Upgrade One at a Time

Process in this order: patches first, then minors, then majors.

For EACH dependency:

1. **Announce** which package is being upgraded and from/to versions
2. **Check changelog/release notes** for breaking changes:
   - Look at the package's GitHub releases or CHANGELOG
   - For major upgrades, summarize breaking changes before proceeding
3. **Upgrade** the single package:
   - npm: `npm install package@latest`
   - yarn: `yarn upgrade package@latest`
   - pnpm: `pnpm update package@latest`
   - bun: `bun update package`
   - pip/uv: `uv add package@latest` or `uv pip install --upgrade package`
   - cargo: update version in Cargo.toml, then `cargo update -p package`
   - go: `go get package@latest && go mod tidy`
4. **Run tests** immediately
5. **If tests PASS:**
   - Commit: `chore(deps): upgrade [package] from [old] to [new]`
   - Continue to next package
6. **If tests FAIL:**
   - Revert: `git checkout -- .` and restore lockfile
   - Record the failure reason
   - If it is a minor/patch with failing tests, flag as unexpected
   - Move to the next package

### Phase 5: Summary Report

```
## Dependency Upgrade Report

### Successfully Upgraded
| Package | From | To | Type |
|---------|------|----|------|
| ...     | ...  | ...| patch/minor/major |

### Failed (Reverted)
| Package | From | To | Failure Reason |
|---------|------|----|----------------|
| ...     | ...  | ...| ...            |

### Skipped
| Package | From | To | Reason |
|---------|------|----|--------|
| ...     | ...  | ...| ...    |

### Test Results
- Baseline: [pass/fail]
- Final: [pass/fail]
- Total upgrades attempted: [count]
- Successful: [count]
- Reverted: [count]
```

## Target

$ARGUMENTS

If no target specified, process all outdated dependencies in order of risk (patches first).
More from this repository
code-reviewerSubagent

Expert code review specialist. Use PROACTIVELY after writing or modifying code, before commits, when asked to review changes, PR review, code quality check, lint, or standards audit. Focuses on quality, security, performance, and maintainability.

debuggerSubagent

Expert debugging specialist for errors, test failures, crashes, segmentation faults, memory leaks, timeouts, race conditions, deadlocks, and unexpected behavior. Use PROACTIVELY when encountering any error, exception, or failing test. Performs systematic root cause analysis.

docs-writerSubagent

Technical documentation specialist. Use for creating README files, API documentation, architecture docs, inline comments, user guides, changelogs, migration guides, release notes, FAQs, and troubleshooting docs. MUST BE USED when documentation is needed or when code changes require doc updates.

orchestratorSubagent

Master coordinator for complex multi-step tasks. Use PROACTIVELY when a task involves 2+ modules, requires delegation to specialists, needs architectural planning, or involves GitHub PR workflows. MUST BE USED for open-ended requests like "improve", "enhance", "build", "scale", "refactor", "add feature", "system design", "architecture", "complex task", or when implementing features from GitHub issues.

refactorerSubagent

Code refactoring specialist for improving code quality, reducing technical debt, eliminating code smells, reducing complexity, and applying design patterns. Use PROACTIVELY when code needs restructuring, simplification, tech debt reduction, or when applying DRY/SOLID principles.

security-auditorSubagent

Security specialist for vulnerability detection, secure coding review, and security hardening. Use PROACTIVELY when handling authentication, authorization, encryption, secrets, credentials, OAuth, JWT, CORS, headers, user input, API keys, or sensitive data. Checks for OWASP Top 10 and common vulnerabilities.

test-architectSubagent

Testing strategy specialist for designing test suites, writing tests, and ensuring comprehensive coverage. Use PROACTIVELY when adding new features, fixing bugs, improving test coverage, creating test plans, mocking strategies, handling flaky tests, or writing integration/E2E tests.

add-testsSlash Command

Add tests for recently changed files or specified code