dependency-upgrade
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseDependency Upgrade Skill
依赖项升级技能
Uses pnpm with catalog for centralized dependency management.
使用pnpm with catalog进行集中式依赖管理。
Check for Updates
检查更新
bash
pnpm outdated # Check all outdated
pnpm -r outdated # Across workspace
pnpm -F @sgcarstrends/api outdated # Specific package
pnpm dlx taze --interactive # Interactive upgradebash
pnpm outdated # Check all outdated
pnpm -r outdated # Across workspace
pnpm -F @sgcarstrends/api outdated # Specific package
pnpm dlx taze --interactive # Interactive upgradeUpgrade Process
升级流程
1. Update Catalog
1. 更新Catalog
yaml
undefinedyaml
undefinedpnpm-workspace.yaml
pnpm-workspace.yaml
catalog:
next: ^16.0.0 # Upgraded from ^15.0.0
react: ^19.0.0
Packages reference with `"package": "catalog:"` in package.json.catalog:
next: ^16.0.0 # Upgraded from ^15.0.0
react: ^19.0.0
在package.json中使用`"package": "catalog:"`来引用包。2. Install and Test
2. 安装与测试
bash
pnpm install
pnpm tsc --noEmit # Type check
pnpm test # Unit tests
pnpm biome check . # Lint
pnpm build # Build
pnpm dev # Manual testingbash
pnpm install
pnpm tsc --noEmit # Type check
pnpm test # Unit tests
pnpm biome check . # Lint
pnpm build # Build
pnpm dev # Manual testing3. Fix Breaking Changes
3. 修复破坏性变更
typescript
// Example: Next.js 16 async params
// Before
export default function Page({ params }: { params: { id: string } }) {
return <div>{params.id}</div>;
}
// After
export default async function Page({ params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
return <div>{id}</div>;
}typescript
// Example: Next.js 16 async params
// Before
export default function Page({ params }: { params: { id: string } }) {
return <div>{params.id}</div>;
}
// After
export default async function Page({ params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
return <div>{id}</div>;
}4. Commit
4. 提交代码
bash
git commit -m "chore(deps): upgrade Next.js to v16
- Upgrade Next.js 15 → 16
- Upgrade React 18 → 19
- Fix async params migration
BREAKING CHANGE: Requires Node.js 20+"bash
git commit -m "chore(deps): upgrade Next.js to v16
- Upgrade Next.js 15 → 16
- Upgrade React 18 → 19
- Fix async params migration
BREAKING CHANGE: Requires Node.js 20+"Major Version Upgrades
主版本升级
Next.js
Next.js
bash
pnpm dlx @next/codemod@latest upgrade latest # Run codemodbash
pnpm dlx @next/codemod@latest upgrade latest # Run codemodUpdate catalog: next: ^16.0.0, react: ^19.0.0
Update catalog: next: ^16.0.0, react: ^19.0.0
pnpm install
pnpm install
Fix: async params, async cookies/headers
Fix: async params, async cookies/headers
undefinedundefinedTypeScript
TypeScript
bash
undefinedbash
undefinedUpdate catalog: typescript: ^5.3.3
Update catalog: typescript: ^5.3.3
pnpm install
pnpm tsc --noEmit # Fix type errors
undefinedpnpm install
pnpm tsc --noEmit # Fix type errors
undefinedDrizzle ORM
Drizzle ORM
bash
undefinedbash
undefinedUpdate catalog: drizzle-orm: ^0.30.0, drizzle-kit: ^0.20.0
Update catalog: drizzle-orm: ^0.30.0, drizzle-kit: ^0.20.0
pnpm install
pnpm -F @sgcarstrends/database db:generate # If schema changed
undefinedpnpm install
pnpm -F @sgcarstrends/database db:generate # If schema changed
undefinedSecurity Updates
安全更新
bash
pnpm audit # Check vulnerabilities
pnpm audit --fix # Auto-fixbash
pnpm audit # Check vulnerabilities
pnpm audit --fix # Auto-fixOr manually update vulnerable package in catalog
Or manually update vulnerable package in catalog
undefinedundefinedDependency Conflicts
依赖冲突解决
bash
pnpm why package-name # Check dependency chain
pnpm dedupe # DeduplicateUse overrides as last resort:
json
{ "pnpm": { "overrides": { "react": "^19.0.0" } } }bash
pnpm why package-name # Check dependency chain
pnpm dedupe # Deduplicate将覆盖配置作为最后手段:
json
{ "pnpm": { "overrides": { "react": "^19.0.0" } } }Rollback
回滚
bash
git reset --hard HEADbash
git reset --hard HEADOr revert lockfile:
Or revert lockfile:
git checkout main -- pnpm-lock.yaml
pnpm install
undefinedgit checkout main -- pnpm-lock.yaml
pnpm install
undefinedTroubleshooting
故障排除
bash
undefinedbash
undefinedLockfile conflicts
Lockfile conflicts
rm pnpm-lock.yaml && pnpm install
rm pnpm-lock.yaml && pnpm install
Build failures after upgrade
Build failures after upgrade
rm -rf node_modules .turbo dist .next && pnpm install && pnpm build
undefinedrm -rf node_modules .turbo dist .next && pnpm install && pnpm build
undefinedBest Practices
最佳实践
- Use Catalog: Centralize versions in pnpm-workspace.yaml
- Test Thoroughly: Run all tests after upgrades
- Read Changelogs: Review breaking changes before upgrading
- Upgrade Incrementally: Don't update everything at once
- Commit Separately: Separate dependency upgrades from features
- Automate Security: Use Dependabot for security patches
- 使用Catalog:在pnpm-workspace.yaml中集中管理版本
- 全面测试:升级后运行所有测试
- 阅读变更日志:升级前查看破坏性变更
- 增量升级:不要一次性更新所有依赖
- 单独提交:将依赖升级与功能开发的提交分开
- 自动化安全更新:使用Dependabot处理安全补丁
References
参考资料
- pnpm Catalog: https://pnpm.io/catalogs
- Next.js Codemods: https://nextjs.org/docs/app/building-your-application/upgrading/codemods
- See skill for vulnerability scanning
security
- pnpm Catalog: https://pnpm.io/catalogs
- Next.js Codemods: https://nextjs.org/docs/app/building-your-application/upgrading/codemods
- 查看技能了解漏洞扫描相关内容
security