> ## Documentation Index
> Fetch the complete documentation index at: https://docs.openhands.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Dependency Upgrades

> Automating dependency updates and upgrades with OpenHands

Keeping dependencies up to date is essential for security, performance, and access to new features. OpenHands can help you identify outdated dependencies, plan upgrades, handle breaking changes, and validate that your application still works after updates.

## Overview

OpenHands helps with dependency management by:

* **Analyzing dependencies**: Identifying outdated packages and their versions
* **Planning upgrades**: Creating upgrade strategies and migration guides
* **Implementing changes**: Updating code to handle breaking changes
* **Validating results**: Running tests and verifying functionality

## Dependency Analysis Examples

### Identifying Outdated Dependencies

Start by understanding your current dependency state:

```
Analyze the dependencies in this project and create a report:

1. List all direct dependencies with current and latest versions
2. Identify dependencies more than 2 major versions behind
3. Flag any dependencies with known security vulnerabilities
4. Highlight dependencies that are deprecated or unmaintained
5. Prioritize which updates are most important
```

**Example output:**

| Package | Current | Latest  | Risk           | Priority |
| ------- | ------- | ------- | -------------- | -------- |
| lodash  | 4.17.15 | 4.17.21 | Security (CVE) | High     |
| react   | 16.8.0  | 18.2.0  | Outdated       | Medium   |
| express | 4.17.1  | 4.18.2  | Minor update   | Low      |
| moment  | 2.29.1  | 2.29.4  | Deprecated     | Medium   |

### Security-Related Dependency Upgrades

Dependency upgrades are often needed to fix security vulnerabilities in your dependencies. If you're upgrading dependencies specifically to address security issues, see our [Vulnerability Remediation](/openhands/usage/use-cases/vulnerability-remediation) guide for comprehensive guidance on:

* Automating vulnerability detection and remediation
* Integrating with security scanners (Snyk, Dependabot, CodeQL)
* Building automated pipelines for security fixes
* Using OpenHands agents to create pull requests automatically

### Compatibility Checking

Check for compatibility issues before upgrading:

```
Check compatibility for upgrading React from 16 to 18:

1. Review our codebase for deprecated React patterns
2. List all components using lifecycle methods
3. Identify usage of string refs or findDOMNode
4. Check third-party library compatibility with React 18
5. Estimate the effort required for migration
```

**Compatibility matrix:**

| Dependency        | React 16 | React 17 | React 18    | Action Needed |
| ----------------- | -------- | -------- | ----------- | ------------- |
| react-router      | v5 ✓     | v5 ✓     | v6 required | Major upgrade |
| styled-components | v5 ✓     | v5 ✓     | v5 ✓        | None          |
| material-ui       | v4 ✓     | v4 ✓     | v5 required | Major upgrade |

## Automated Upgrade Examples

### Version Updates

Perform straightforward version updates:

<Tabs>
  <Tab title="Node.js">
    ```
    Update all patch and minor versions in package.json:

    1. Review each update for changelog notes
    2. Update package.json with new versions
    3. Update package-lock.json
    4. Run the test suite
    5. List any deprecation warnings
    ```
  </Tab>

  <Tab title="Python">
    ```
    Update dependencies in requirements.txt:

    1. Check each package for updates
    2. Update requirements.txt with compatible versions
    3. Update requirements-dev.txt similarly
    4. Run tests and verify functionality
    5. Note any deprecation warnings
    ```
  </Tab>

  <Tab title="Java">
    ```
    Update dependencies in pom.xml:

    1. Check for newer versions of each dependency
    2. Update version numbers in pom.xml
    3. Run mvn dependency:tree to check conflicts
    4. Run the test suite
    5. Document any API changes encountered
    ```
  </Tab>
</Tabs>

### Breaking Change Handling

When major versions introduce breaking changes:

```
Upgrade axios from v0.x to v1.x and handle breaking changes:

1. List all breaking changes in axios 1.0 changelog
2. Find all axios usages in our codebase
3. For each breaking change:
   - Show current code
   - Show updated code
   - Explain the change
4. Create a git commit for each logical change
5. Verify all tests pass
```

**Example transformation:**

```javascript theme={null}
// Before (axios 0.x)
import axios from 'axios';
axios.defaults.baseURL = 'https://api.example.com';
const response = await axios.get('/users', {
  cancelToken: source.token
});

// After (axios 1.x)
import axios from 'axios';
axios.defaults.baseURL = 'https://api.example.com';
const controller = new AbortController();
const response = await axios.get('/users', {
  signal: controller.signal
});
```

### Code Adaptation

Adapt code to new API patterns:

```
Migrate our codebase from moment.js to date-fns:

1. List all moment.js usages in our code
2. Map moment methods to date-fns equivalents
3. Update imports throughout the codebase
4. Handle any edge cases where APIs differ
5. Remove moment.js from dependencies
6. Verify all date handling still works correctly
```

**Migration map:**

| moment.js                       | date-fns                           | Notes                   |
| ------------------------------- | ---------------------------------- | ----------------------- |
| `moment()`                      | `new Date()`                       | Different return type   |
| `moment().format('YYYY-MM-DD')` | `format(new Date(), 'yyyy-MM-dd')` | Different format tokens |
| `moment().add(1, 'days')`       | `addDays(new Date(), 1)`           | Function-based API      |
| `moment().startOf('month')`     | `startOfMonth(new Date())`         | Separate function       |

## Testing and Validation Examples

### Automated Test Execution

Run comprehensive tests after upgrades:

```
After the dependency upgrades, validate the application:

1. Run the full test suite (unit, integration, e2e)
2. Check test coverage hasn't decreased
3. Run type checking (if applicable)
4. Run linting with new lint rule versions
5. Build the application for production
6. Report any failures with analysis
```

### Integration Testing

Verify integrations still work:

```
Test our integrations after upgrading the AWS SDK:

1. Test S3 operations (upload, download, list)
2. Test DynamoDB operations (CRUD)
3. Test Lambda invocations
4. Test SQS send/receive
5. Compare behavior to before the upgrade
6. Note any subtle differences
```

### Regression Detection

Detect regressions from upgrades:

```
Check for regressions after upgrading the ORM:

1. Run database operation benchmarks
2. Compare query performance before and after
3. Verify all migrations still work
4. Check for any N+1 queries introduced
5. Validate data integrity in test database
6. Document any behavioral changes
```

## Additional Examples

### Security-Driven Upgrade

```
We have a critical security vulnerability in jsonwebtoken.

Current: jsonwebtoken@8.5.1
Required: jsonwebtoken@9.0.0

Perform the upgrade:
1. Check for breaking changes in v9
2. Find all usages of jsonwebtoken in our code
3. Update any deprecated methods
4. Update the package version
5. Verify all JWT operations work
6. Run security tests
```

### Framework Major Upgrade

```
Upgrade our Next.js application from 12 to 14:

Key areas to address:
1. App Router migration (pages -> app)
2. New metadata API
3. Server Components by default
4. New Image component
5. Route handlers replacing API routes

For each area:
- Show current implementation
- Show new implementation
- Test the changes
```

### Multi-Package Coordinated Upgrade

```
Upgrade our React ecosystem packages together:

Current:
- react: 17.0.2
- react-dom: 17.0.2
- react-router-dom: 5.3.0
- @testing-library/react: 12.1.2

Target:
- react: 18.2.0
- react-dom: 18.2.0
- react-router-dom: 6.x
- @testing-library/react: 14.x

Create an upgrade plan that handles all these together,
addressing breaking changes in the correct order.
```

## Automate This

You can schedule weekly dependency checks using [OpenHands Automations](/openhands/usage/automations/overview).
Copy this prompt into a new conversation to set one up:

```
Create an automation called "Dependency Checker" that runs every Monday at 8 AM.

It should:
1. Scan all package.json and requirements.txt files
2. Check for outdated dependencies
3. Create a report listing packages with available updates (grouped by major/minor/patch)
4. Post the report to #engineering

Learn more at https://docs.openhands.dev/openhands/usage/use-cases/dependency-upgrades
```

## Related Resources

* [Vulnerability Remediation](/openhands/usage/use-cases/vulnerability-remediation) - Fix security vulnerabilities
* [Security Guide](/sdk/guides/security) - Security best practices for AI agents
* [Prompting Best Practices](/openhands/usage/tips/prompting-best-practices) - Write effective prompts