| name | dep-update |
| description | Use when updating dependencies, running security audits, or managing tech debt in Go, Python, or React projects |
Dependency Updates & Security
Overview
Safe dependency update workflows for Go, Python (uv), and Bun. Branch per update, test after each.
Core principle: One category at a time. Full test suite after each update. Never batch blindly.
Go Update Workflow
go list -m -u all
go get -u ./...
go get -u package@v1.2
go mod tidy
govulncheck ./...
go test ./... -race -count=1
Python Update Workflow
uv pip list --outdated
uv lock --upgrade
uv lock --upgrade-package pkg
uv sync
mypy src/
ruff check .
pip-audit
pytest
Bun/React Update Workflow
bun outdated
bun update
bun update package
bun audit
bun test
bun run build
Safe Update Process
- Create feature branch:
git checkout -b chore/dep-updates
- Update one category at a time (e.g., test deps, then framework, then DB)
- Commit after each category with passing tests
- Full test + type-check + lint after each commit
- PR with summary of what changed
Update Categories
| Category | Risk | Update frequency |
|---|
| Security patches | Critical | Immediately |
| Bug fixes (patch) | Low | Weekly |
| Minor versions | Medium | Monthly |
| Major versions | High | Quarterly (plan migration) |
Tech Debt Identification
Look for:
- Deprecated API usage in dependency changelogs
- Outdated patterns (pre-generics Go, pre-2.0 SQLAlchemy)
- Unused dependencies (
go mod tidy, depcheck)
- Pinned versions with known vulnerabilities
Chains
- REQUIRED: Invoke
superpowers:finishing-a-development-branch when done
- REQUIRED: Update CLAUDE.md if major dependencies changed (
claude-md)