codeflash-agent/docs/hypothesis.md

# Hypothesis: Outdated Dependencies Cause Performance Regressions

## Claim
Outdated dependencies accumulate performance regressions over time through:
- Missing tree-shaking improvements in newer versions
- Duplicated polyfills for features now native to the runtime
- Unoptimized codepaths that newer releases have rewritten
- Missed bundle-size reductions from internal refactors
- Transitive dependency bloat from old sub-dependencies

## Testing approach
Upgrade dependencies in order of likely performance impact on the cf-webapp Next.js dashboard (app.codeflash.ai). Build after each batch. Measure bundle size and build time before/after.

## Experiment: cf-webapp (2026-04-10)

### Baseline
- 46 outdated packages identified via `npm outdated`
- 16 major version bumps, ~30 semver-compatible patches

### Round 1 — Semver-compatible patches (~30 packages)
React 19.2.5, Sentry 10.48.0, Radix UI patches, PostCSS 8.5.9, auth0 4.17.0, etc.
- **Result**: Build passes, 0 vulnerabilities

### Round 2 — Major version upgrades (performance-impactful)
- `posthog-js` 1.127 → 1.367 (analytics SDK, loads every page)
- `lucide-react` 0.563 → 1.8 (icon library, v1 tree-shaking rewrite; required `Github` → `GitFork` rename — brand icons removed)
- `tailwind-merge` 2.6 → 3.5 (used in every `cn()` call, v3 smaller/faster runtime)
- `marked` 16.4 → 18.0 (markdown parser)
- `react-markdown` 9.1 → 10.1 (required removing `className` prop — dropped in v10)
- `prettier` 3.2 → 3.8, `lint-staged` 15 → 16, `posthog-node` 4 → 5
- **Result**: Build passes after migration fixes

### Deferred (high migration cost)
- tailwindcss 3 → 4 (complete CSS framework rewrite)
- prisma 6 → 7 (database client API changes)
- zod 3 → 4 (validation API changes)
- typescript 5 → 6 (type system changes)

### Measurements
TODO: Run `ANALYZE=true npm run build` before/after to capture concrete bundle size deltas.
squash 2026-04-09 08:36:01 +00:00			`# Hypothesis: Outdated Dependencies Cause Performance Regressions`

			`## Claim`
			`Outdated dependencies accumulate performance regressions over time through:`
			`- Missing tree-shaking improvements in newer versions`
			`- Duplicated polyfills for features now native to the runtime`
			`- Unoptimized codepaths that newer releases have rewritten`
			`- Missed bundle-size reductions from internal refactors`
			`- Transitive dependency bloat from old sub-dependencies`

			`## Testing approach`
			`Upgrade dependencies in order of likely performance impact on the cf-webapp Next.js dashboard (app.codeflash.ai). Build after each batch. Measure bundle size and build time before/after.`

			`## Experiment: cf-webapp (2026-04-10)`

			`### Baseline`
			- 46 outdated packages identified via `npm outdated`
			`- 16 major version bumps, ~30 semver-compatible patches`

			`### Round 1 — Semver-compatible patches (~30 packages)`
			`React 19.2.5, Sentry 10.48.0, Radix UI patches, PostCSS 8.5.9, auth0 4.17.0, etc.`
			`- Result: Build passes, 0 vulnerabilities`

			`### Round 2 — Major version upgrades (performance-impactful)`
			- `posthog-js` 1.127 → 1.367 (analytics SDK, loads every page)
			- `lucide-react` 0.563 → 1.8 (icon library, v1 tree-shaking rewrite; required `Github` → `GitFork` rename — brand icons removed)
			- `tailwind-merge` 2.6 → 3.5 (used in every `cn()` call, v3 smaller/faster runtime)
			- `marked` 16.4 → 18.0 (markdown parser)
			- `react-markdown` 9.1 → 10.1 (required removing `className` prop — dropped in v10)
			- `prettier` 3.2 → 3.8, `lint-staged` 15 → 16, `posthog-node` 4 → 5
			`- Result: Build passes after migration fixes`

			`### Deferred (high migration cost)`
			`- tailwindcss 3 → 4 (complete CSS framework rewrite)`
			`- prisma 6 → 7 (database client API changes)`
			`- zod 3 → 4 (validation API changes)`
			`- typescript 5 → 6 (type system changes)`

			`### Measurements`
			TODO: Run `ANALYZE=true npm run build` before/after to capture concrete bundle size deltas.