Well, at least you seem to be using cargo for the rust parts.
Since this stuff is breaking an new anyway, it would be nice to see dependency resolution and a reasonable way for historically reproducible builds (prod runs server 1.0.4 which is 5 years old, let's build that locally to do some bug fixing, using the same dependencies, gradually bringing it up to current 3.7.1...).
Sounds like the lifecycle management of deno projects will about as much fun as php before package management. And about as reliable.
I don't like running "npm update" to try and get security updates, though. npm packages aren't very rigorous about PATCH level changes.