# Dependency Lifecycle Management

## Purpose

Keep dependencies healthy over time by balancing security, compatibility, maintainability, and upgrade cost.

## When to use

- Upgrading libraries, frameworks, runtimes, or tooling
- Auditing dependency risk or staleness
- Reducing upgrade backlog and ecosystem drift
- Planning how to adopt breaking changes safely

## Inputs to gather

- Current dependency versions and their role in the system
- Changelogs, upgrade guides, and breaking changes
- Existing test coverage and high-risk integration points
- Security, support-window, or maintenance concerns

## How to work

- Prefer focused upgrade batches that are easy to validate and revert.
- Separate mechanical version bumps from behavior-changing adaptation when possible.
- Read authoritative release notes before changing usage patterns.
- Verify the highest-risk integration paths, not just installation success.
- Capture follow-up work when a safe incremental upgrade leaves known deprecated patterns behind.

## Output expectations

- Upgrade plan or completed upgrade with adaptation notes
- Risk summary for changed dependencies
- Verification results and known remaining debt

## Quality checklist

- The upgrade reduces risk or maintenance burden meaningfully.
- Breaking changes are understood before implementation.
- Validation covers the most likely failure surfaces.
- Residual deprecations or postponed steps are documented clearly.

## Handoff notes

- Note whether the work is a full upgrade, a safe intermediate step, or a reconnaissance pass.
- Pair with test strategy and release/change summary when adoption affects developer workflow or runtime behavior.