| name | upgrade-project-dependencies |
| description | Keeps a Django/Wagtail project current with dependency updates by assessing current setup, applying safe package updates, and delivering a thorough upgrade report |
| license | MIT |
Overview
Structured dependency maintenance workflow for Django/Wagtail projects and packages. Starts with understanding the project's current dependency and tooling setup, validates upgrade decisions against authoritative sources, then applies and verifies updates with clear reporting.
Methodology
Goals
- Build a precise baseline of the project's current dependency setup before making changes.
- Use authoritative documentation and release notes to guide every update decision.
- Upgrade dependencies in small, reviewable steps with QA checks.
- Deliver a comprehensive report with evidence, links, outcomes, and next actions.
Guardrails
- Prefer minimal, reversible, reviewable changes over broad refactors.
- Avoid unrelated code cleanup unless required to complete or validate dependency updates.
- Do not guess compatibility. If unsure, stop and verify against official docs.
- Keep lockfiles in sync with dependency declarations.
- Report assumptions explicitly when a source does not provide a definitive answer.
Input
To detect from context or request from the user if unclear:
- Scope: audit-only, or audit + apply updates. Default: "audit first, then ask before applying changes".
- Target set: all dependencies, only runtime dependencies, only tooling/dev dependencies, or a specific package.
- Version policy: latest available, latest non-breaking, or pinned target versions.
- Narrow or broad version range: for package dependencies, whether it might be best to keep a wide version compatibility range.
- Risk tolerance: conservative (security/patch only) or proactive (minor/major where supported).
Assess current project setup first
Before retrieving external information or changing files, establish how this project currently works:
Report this baseline before proposing upgrade actions.
Reference data sources
Always prioritize official, authoritative documentation and release notes.
Core platform compatibility:
Packaging and dependency standards:
Dependency-specific references:
- PyPI project pages for release history and metadata.
- Official changelog/release notes for each dependency being updated.
- Official migration guides for major versions.
Reporting
Dependency maintenance must be transparent and evidence-based:
- Link every major decision to an explicit source.
- Differentiate observed facts, assumptions, and recommendations.
- Report both what changed and what was considered but intentionally deferred.
- Include QA outcomes and any residual risk.
- If useful, provide a follow-up test plan for manual verification.
Quality assurance
Use project commands where available:
- Install/sync succeeds (
uv sync --dev, npm ci, or project equivalent).
- Linting passes (
just lint or equivalent).
- Tests pass (
just test or equivalent).
- Demo/dev server smoke test where relevant (
just demo or equivalent).
- No new deprecation warnings introduced (or documented if unavoidable).
Definition of done
- Baseline project setup documented.
- Authoritative sources checked and cited for all important upgrade decisions.
- Dependency files and lockfiles updated consistently (if applying changes).
- QA checks completed with outcomes reported.
- Comprehensive report delivered with clear recommended next steps.
Steps
Clarify scope and constraints
Baseline the current setup
Research upgrade path from authoritative sources
For each dependency candidate:
Plan updates in logical batches
Apply updates and validate
Produce a thorough maintenance report
Report format
# Dependency maintenance report: {project name}
Date: {YYYY-MM-DD}
Scope: {audit-only | audit-and-apply}
## 1. Baseline project setup
- Dependency management tools: {uv/pip/poetry/npm/...}
- Current core versions: Python {x}, Django {x}, Wagtail {x}
- QA commands: {commands}
- CI support matrix: {summary}
## 2. Authoritative sources consulted
- {Source name and link}
- {Source name and link}
- ...
## 3. Findings and decisions
| Dependency | Current | Target | Decision | Rationale | Sources |
|---|---|---|---|---|---|
| {name} | {x} | {y} | {Upgrade/Defer} | {short reason} | {links} |
## 4. Changes applied
- {Grouped list of actual updates}
- {Any migration/code/config updates required}
## 5. Validation results
- Install/sync: {pass/fail + notes}
- Lint: {pass/fail + notes}
- Tests: {pass/fail + notes}
- Demo/smoke checks: {pass/fail + notes}
- Warnings/deprecations: {none/list}
## 6. Deferred items and risk notes
- {Dependency}: {why deferred, trigger to revisit}
- {Any known risk that remains}
## 7. Recommended next steps
1. {highest-priority next action}
2. {next action}
3. {optional improvements}