Updates and Rollbacks
Update procedures, dependency management, and rollback strategies
Updates and Rollbacks
Procedures for updating dependencies, deploying changes, and rolling back failed deployments.
Deployment Flow
Every push to main triggers the following pipeline:
git push origin main
|
v
┌──────────────────┐
│ GitHub Actions │ Lint, type-check, test, build, E2E
│ (CI Pipeline) │
└────────┬─────────┘
|
v
┌──────────────────┐
│ Vercel Build │ prisma migrate deploy + next build
│ (Auto-deploy) │
└────────┬─────────┘
|
v
┌──────────────────┐
│ Production │ https://www.josemadrid.net
│ Deployment │
└──────────────────┘Rolling Back
Via Vercel Dashboard
Go to Deployments
Navigate to your project in the Vercel Dashboard and click the Deployments tab.
Find the last working deployment
Each deployment shows its git commit, timestamp, and status. Find the last deployment that was working correctly.
Promote to production
Click the three-dot menu on the target deployment and select Promote to Production. This instantly serves that deployment without rebuilding.
Via CLI
# List recent deployments
vercel ls
# Promote a specific deployment to production
vercel promote <deployment-url>Database Migrations Are Not Rolled Back
Promoting a previous deployment reverts the application code but does NOT revert database migrations. If the new deployment included a migration, you may need to manually create a reverse migration.
Updating Dependencies
Routine Updates
# Check for outdated packages
npm outdated
# Update within semver ranges
npm update
# Update a specific package
npm install package-name@latestMajor Version Updates
For major version upgrades (breaking changes):
Create a branch
git checkout -b chore/update-package-nameUpdate the package
npm install package-name@latestRun the test suite
npm run lint
npm run type-check
npm run testTest the build
npm run buildOpen a PR
Push the branch and open a PR. The CI pipeline will run automatically. Verify the preview deployment works before merging.
Security Overrides
The project pins transitive dependencies for security fixes:
"overrides": {
"tar": ">=7.5.10",
"minimatch": ">=10.2.3",
"@vercel/node": { "undici": "6.24.1", "path-to-regexp": "6.3.0" }
}When npm audit reports a vulnerability in a transitive dependency, add an override to force the patched version.
Next.js Updates
Next.js is currently at 16.2.1. To upgrade:
npm install next@latest react@latest react-dom@latestCheck the Next.js upgrade guide for breaking changes between versions. The resolutions field in package.json pins Next.js across the dependency tree:
"resolutions": {
"next": "16.2.1"
}Prisma Updates
npm install prisma@latest @prisma/client@latest
npx prisma generateAfter updating Prisma, verify:
prisma generatesucceedsprisma migrate devworks locally- Binary targets include
rhel-openssl-3.0.xfor Vercel
Node.js Version
The project uses Node.js 22.x on Vercel (configured in .vercel/project.json). Update the version in the Vercel Dashboard under Project Settings > General > Node.js Version.
Recovery Checklist
If a deployment breaks production:
- Immediate: Promote the last working deployment in Vercel Dashboard
- Investigate: Check Vercel build logs and Sentry for errors
- Fix: Create a hotfix branch, test locally, push to main
- Verify: Confirm the new deployment resolves the issue
- Postmortem: Document what went wrong and how to prevent it
How is this guide?
Last updated on