DEV Community

Why Running `yarn upgrade` Does Not Update My `package.json`

Wei Gao on April 22, 2019

Why Running yarn upgrade Does Not Update My package.json Today I wanted to upgrade the dependency of React of one of my projects. So I r...
Read full post
Collapse
 
muhammadmuzammilqadri profile image
Muhammad Muzammil

Nice article, but there is one little mistake that I found, which is:

yarn upgrade --latest on dependency "react": "^16.5.1": installs the latest version 16.8.6 as of today, and DOES NOT update package.json to "react": ^16.8.6". AS THE VERSION 16.8.6 IS ALREADY IN THE SPECIFIED RANGE ^16.5.1

Collapse
 
canrau profile image
Can Rau

Great write up 👏

I prefer to use yarn upgrade-interactive --latest thankfully Oh My ZSH' Git plugin cones with a alias yui
Anyway, upgrading interactive let's me see and selectively upgrade and it updates package.json as well 🥳

Collapse
 
mindplay profile image
Rasmus Schultz

But what is a proper way for me to upgrade dependency in this semantic situation? Namely, to upgrade dependency to latest package and indicating that my app now depends on that version?

So this there?

This is what I'm trying to answer - I don't feel like this article reached a conclusion on this question... unless the answer is "no"?

yarn upgrade --latest does not respect version constraints - it installs the latest available versions, even if that conflicts with your constraints: "react": "^16.5.1" will change it to "react": "^18.2.0" which is not what I wanted.

I just want to upgrade to the next compatible version and update my package.json.

That's not a thing?

(I'm about a week into yarn and it's uber frustrating how many little ways it deviates from npm. I hate it. I wish it didn't exist. Why did we have to split the entire ecosystem in two like this? Because yarn used to be faster? ugh.)

Collapse
 
mindplay profile image
Rasmus Schultz • Edited

Okay, so I finally found the answer I was looking for:

yarn upgrade
npx syncyarnlock --save --keepPrefix
yarn install
Enter fullscreen mode Exit fullscreen mode

yarn upgrade will respect your version constraints - as opposed to yarn upgrade --latest, which will most likely break everything.

syncyarnlock will transfer the installed version numbers from yarn.lock to package.json, plain and simple - the --save option makes it write the changes back to package.json, so you can git diff and review the results, while --keepPrefix will preserve the ^ or ~ operators in your existing package.json version constraints.

yarn install finally will update your yarn.lock using the updated version constraints - it won't install anything new at this point, but this step is required, or yarn will complain later that your yarn.lock is outdated with the new version constraints in your updated package.json.

Collapse
 
renanlido profile image
Renan Oliveira

That was fantastic, thanks!!

Collapse
 
jianwu profile image
jianwu

It's just a weird design of yarn upgrade. Anyway thanks for your article which saved my day.

I faced a bug because of the old dependencies. Tried yarn upgrade, never get it to work.

I finally upgraded all my versions in my package.json and solved my problem by removing the version range. And run:

yarn upgrade --latest

Collapse
 
kosm profile image
Kos-M

thanks for the :

 yarn upgrade react@^
Enter fullscreen mode Exit fullscreen mode
Collapse
 
tanhauhau profile image
Tan Li Hau

That's why yarn.lock is important...

...And are we getting react hooks soon?!

Collapse
 
developarvin profile image
Arthur Vincent Simon

Yup, I had the same problem with yarn upgrade.

I solved this by mandating specific versions in package.json so that there is no ambiguity about what version is installed.

Collapse
 
jeffml profile image
Jeff Lowery

But the microversion number changes are supposed to be bug fix patches not expected to change behavior. You want to manage all those by hand? Seems tedious.

Collapse
 
sshymko profile image
Sergii Shymko • Edited

Have been using yarn upgrade --exact. The flag forces the command to override package.json no matter how the version constraint is declared.

yarn upgrade react --latest --exact
Enter fullscreen mode Exit fullscreen mode
Collapse
 
sshymko profile image
Sergii Shymko • Edited

Actually, discovered that sometimes package.json is not being updated.

Looks like yarn add is more reliable than yarn upgrade:

yarn add react --exact
Enter fullscreen mode Exit fullscreen mode

The downside it will install a new package if it has not been installed yet.

This technique can be used to upgrade all packages in a given scope:

jq -r '.dependencies | keys | .[] | select(startswith("@myscope/"))' package.json | xargs yarn add --exact
Enter fullscreen mode Exit fullscreen mode
Collapse
 
stevugnin profile image
Steve Huguenin-Elie

Simply use yarn upgrade all

Collapse
 
mindplay profile image
Rasmus Schultz

Great if you just want to upgrade this 😉

Collapse
 
sturpin profile image
Sergio Turpín

Good article Wei!! Just clarified my doubt ;)

Collapse
 
mysticaltech profile image
K. N.

Saved my butt, thanks

Collapse
 
jorgecuevas92 profile image
Jorge Cuevas

POG solution, I was beating my head with this.