Back to Details

update-deps

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Update Dependencies Workflow

依赖项更新工作流

Update project dependencies with safety checks.
安全更新项目依赖项。

1. Sync main

1. 同步主分支

git checkout main && git pull
git checkout main && git pull

2. Check current state

2. 检查当前状态

  • List outdated dependencies (e.g., 
    npm outdated
    , 
    pip list --outdated
    )
  • Identify which updates are available: patch, minor, major
  • Present the list to the user
  • 列出过时的依赖项(例如:
    npm outdated
    pip list --outdated
  • 确定可用的更新类型:补丁(patch)、小版本(minor)、大版本(major)
  • 将列表展示给用户

3. Create worktree and branch

3. 创建工作树与分支

git worktree add .claude/worktrees/chore-update-deps -b chore/update-deps
cd .claude/worktrees/chore-update-deps
All work happens in the worktree — main stays clean.
git worktree add .claude/worktrees/chore-update-deps -b chore/update-deps
cd .claude/worktrees/chore-update-deps
所有操作都在工作树中进行——主分支保持干净。

4. Update incrementally

4. 增量更新

  • Patch updates: apply all at once, low risk
  • Minor updates: apply in batches by package, run tests after each
  • Major updates: one at a time, check changelog for breaking changes
After each batch:
  • Run full test suite
  • Check for deprecation warnings
  • Verify the app builds and starts
  • 补丁更新:一次性全部应用,风险较低
  • 小版本更新:按包分批应用,每批更新后运行测试
  • 大版本更新:逐个应用,检查变更日志中的破坏性变更
每批更新后:
  • 运行完整测试套件
  • 检查弃用警告
  • 验证应用是否能构建并启动

5. Create PR

5. 创建PR

  • Commit with message listing what was updated and to which versions
  • Push and create PR via 
    gh pr create
  • Include the dependency diff in the PR description
  • Wait for CI/CD checks to complete: 
    gh pr checks <number> --watch
  • If checks fail, fix the issues and push again — do not notify the user until all checks are green
  • Once all checks pass, return the PR URL and ask the user to review
  • DO NOT merge — wait for explicit approval
  • 提交时附上信息,列出更新的内容及对应的版本
  • 推送并通过
    gh pr create
    创建PR
  • 在PR描述中包含依赖项差异信息
  • 等待CI/CD检查完成:
    gh pr checks <number> --watch
  • 如果检查失败,修复问题后重新推送——直到所有检查通过再通知用户
  • 所有检查通过后,返回PR链接并请用户审核
  • 请勿合并——等待明确的批准

6. Merge (only when approved)

6. 合并(仅在获得批准后)

  • gh pr merge <number> --merge
  • Clean up worktree: 
    cd <project-root> && git worktree remove .claude/worktrees/chore-update-deps
  • git checkout main && git pull && git branch -d chore/update-deps
  • gh pr merge <number> --merge
  • 清理工作树:
    cd <project-root> && git worktree remove .claude/worktrees/chore-update-deps
  • git checkout main && git pull && git branch -d chore/update-deps

Rules

规则

  • Never merge without explicit approval
  • Never push directly to main
  • Run tests after every update batch — catch breakage early
  • Major version bumps deserve their own PR if they're risky
  • Lock file must be committed alongside version changes
  • 未经明确批准,绝不合并
  • 绝不直接推送到主分支
  • 每批更新后都要运行测试——尽早发现问题
  • 风险较高的大版本升级应单独创建PR
  • 版本变更的同时必须提交锁文件