Dependency major-upgrade plan
Ship major version bumps with confidence. Audit, stage, test, and roll back.
1. Inventory
Run npm outdated or yarn upgrade-interactive. Capture current versions, wanted ranges, and latest majors in a spreadsheet.
2. Changelog audit
For each candidate, read the release notes and migration guide. Flag breaking changes: removed APIs, renamed exports, peer-dependency shifts, Node engine bumps.
3. Risk triage
Score each package on blast radius (import count × call-site count) and test coverage. Sort low-risk first. Bundle related upgrades (e.g., ESLint + plugins) into a single PR.
4. Staged PRs
One PR per risk tier. Each PR includes the version bump, migration code changes, and updated lockfile. Run the full CI suite. If a PR fails, bisect to isolate the culprit.
5. Canary deploy
Merge low-risk PRs first. Deploy to a staging or canary environment. Monitor error rates, bundle size, and build time for 24 hours before promoting.
6. Rollback plan
Pin the previous version in a revert PR before merging the upgrade. Keep the revert branch ready. If production errors spike, revert within the SLO window.
Pro tip: Usenpx tazefor interactive bulk upgrades with changelog previews.