Save time updating Astro websites
Dominik Rüttiger
Source: Email from GitHub Dependabot
Updating a large number of Astro websites can be pretty annoying. So many CVEs are reported these days (get notified with GitHub Dependabot) and I highly recommend updating in a timely manner.
Although there is an automated CLI tool, it will not upgrade all project dependencies and does not provide enough information. What I like to do is add the following maintenance scripts to my projects:
{ "scripts": { "upgrade": "echo 'Astro upgrades:' && npx @astrojs/upgrade && echo 'Other upgrades:' && npm update --save && echo 'Upgrades outside of semver ranges:' && npm outdated", "upgrade-check": "npm run build && npm run preview" }}Then I can update with:
npm run upgradeThis runs the Astro CLI tool, updates all other dependencies within the defined
semver ranges and shows
remaining severity vulnerabilities. It will then show possible upgrades outside
the defined semver ranges which you could do manually by editing the
package.json file.
Remember to check the Astro release notes for breaking changes when updating major versions.
To check if everything is still working, I run:
npm run upgrade-check