Yarn upgrade does not properly update package.json for dev dependencies

[SaladFork]

Do you want to request a feature or report a bug?

bug

What is the current behavior?

Running yarn upgrade to upgrade a dev dependency, even with the --dev flag, will add the upgraded version of the dependency to the dependencies hash in package.json rather than devDependencies.

This might also be an issue with other dependency types (like peer), but I have not tested.

If the current behavior is a bug, please provide the steps to reproduce.

$ mkdir foo && cd foo
$ yarn init
<snip>
$ yarn add lodash@3 --dev
<snip>

$ grep lodash package.json -C 1
  "devDependencies": {
    "lodash": "3"
  }

$ yarn outdated
yarn outdated v0.16.1
Package Current Wanted Latest
lodash  3.10.1  3.10.1 4.16.4

$ yarn upgrade lodash --dev
<snip>
success Saved 1 new dependency
└─ lodash@4.16.4

$ grep lodash package.json -C 1
  "devDependencies": {
    "lodash": "3"
  },
--
--
  "dependencies": {
    "lodash": "^4.16.4"
  }

What is the expected behavior?

yarn upgrade should update the version string of the entry in the devDependencies hash.

It would be nice if this could be done without --dev using the current location of the dependency (upgrading a dev dep would modify devDependencies, upgrading a normal dep would modify dependencies).

Please mention your node.js, yarn and operating system version.

$ node --version
v6.9.1
$ yarn --version
0.16.1
$ sw_vers
ProductName:    Mac OS X
ProductVersion: 10.12
BuildVersion:   16A323

[Vheissu]

I can confirm that I am seeing this happen on the exact same version of Yarn. Instead of updating the existing development dependency, it adds a new entry to "dependencies" and leaves the existing development dependency there.

[peschee]

Confirmed bug here as well.

[skellock]

Same here. standard keeps getting inserted into dependencies even though it lives in devDependencies.

I've tried both yarn upgrade standard and yarn upgrade standard -D. Same thing.

Lovely program though! Thank you for building it!

[vladshcherbin]

Here is the same issue, a bit before - #1262

[hannupekka]

Same here.

[jabbrwcky]

Same here. Every module updated via yarn update gets added to dependencies.
--dev or other options are not documented foryarn update and apparently ignored.

IMO update should either accept the same opts as install - or even better update the dependency in the category it is found in in package.json

node --version
v6.9.0
yarn --version
0.16.1

[sebmck]

#1620 fixes this so I'm going to close this and move discussion there.

[kube]

Still not fixed, I'm using latest Yarn installed via Homebrew.

[wyze]

@kube Could you please add more details if it is still an issue? Versions for OS, Node, Yarn? A package.json that can be used to reproduce?

[kube]

λ yarn --version
0.16.1

I'm on macOS 10.12.1, installed Yarn with Homebrew.

And here is the package.json on which I tried.

ts-loader and webpack-merge are outdated, upgrading them with yarn added them to dependencies, leaving devDependencies outdated.

[wyze]

@kube Please try on 0.17.0 that was just released today, this fix was included in that release, but not in 0.16.1.

[kube]

Sure, but Homebrew still has 0.16.1

λ brew upgrade yarn
Error: yarn 0.16.1 already installed

Tried installing with NPM and just had the latest version, but seems strange to install Yarn with NPM.

[kube]

Ok everything works fine when using 0.17.0, but maybe you should update Brew version.
Which is the preferred package manager or way to install Yarn ?

[wyze]

Brew is the preferred method of installation for OSX. It is still a manual process for getting it updated on Homebrew, so someone will have to request it being updated like they did here: Homebrew/homebrew-core#6060

[milesj]

When I run yarn upgrade, it doesn't update any versions in package.json. This is quite annoying coming from NPM, in which it would automatically update the numbers.

I'm using yarn 0.17.2 from homebrew.

[wyze]

@milesj, this should probably be a separate issue and please provide steps to reproduce along with a package.json that we could use to reproduce.

[milesj]

I'll create a new issue.

[jayands]

On Debian Stable, yarn 0.17.4, this issue seems to be fixed at least. It upgraded lodash@3 to lodash@4 properly, so it could just be a matter of going to the latest version.

[ibbatta]

I'm trying to upgrade grunt-sass from 1.1.0 to 2.0.0 (in my dev-dependencies)
I execute yarn upgrade grunt-sass@2.0.0 but add grunt-sass in my dependencies and not upgrade the one in dev-dependencies

I also tried yarn upgrade grunt-sass@2.0.0 --dev but the problem still remain

[wagenet]

Using yarn v0.18.1 I'm still unable to force an upgrade of a sub-dependency. yarn upgrade only adds a new entry to the package.json and doesn't update the sub-dependency.

[leosco]

@iamfreee Nope, you've gotta do npm update --save which is supposed to be Yarn's default behavior.

[leosco]

I posted a new issue detailing all this, see here #3492 and perhaps continue the discussion there.

[paxperscientiam]

I would also like to echo that I've had success with yarn interactive-upgrade whereas yarn upgrade --latest has not worked for me.
Using yarn v0.24.6 with node v7.10.0.

[joseluisq]

yarn upgrade --latest works fine 👍

~> yarn -v
1.0.0
~> yarn upgrade --help | grep "\-\-latest" | head -n 1

  --latest       list the latest version of packages, ignoring version ranges in package.json

[milesj]

yarn interactive-upgrade seems to be having issues now in v1.

[kaylie-alexa]

@milesj Can you try the nightly builds? https://yarnpkg.com/en/docs/nightly This PR may have fixed it da2b909

[lehni]

@kaylieEB I am not certain but I think yarn interactive-upgrade behaves differently now. I just ran it in a project with lots of minor upgrades, and package.json wasn't modified, just yarn.lock. Before 1.0.2, I think package.json would have been kept in sync with the upgraded versions, but I may be wrong about this... The latest nightly build didn't change that behavior for me.

yarn upgrade --latest now works fine, but I preferred being able to interactively choose what to upgrade, and then have the package.json adjusted accordingly.

[milesj]

@lehni There's also yarn interactive-upgrade --latest.

[pedro-mass]

@milesj : did you mean yarn upgrade-interactive --latest?
docs: https://yarnpkg.com/en/docs/cli/upgrade-interactive

[milesj]

Err yeah, brain fart. Thanks.

[iwinux]

same here with yarn 1.3.2

[brneto]

same here with yarn 1.5.1

[arrygoo]

Broken in 1.5.1 again

[asapzacy]

broken with -

$ node --version
v9.0.0
$ yarn --version
1.5.1

[aljones15]

same issue node v8.9.4
yarn 1.5.1

[octref]

One workaround: use yarn add instead of yarn upgrade.

In short:

• yarn upgrade: upgrade packages to latest possible range specified by pacakge.json, but do not overwrite
• yarn add: upgrade packages to latest possible range and rewrite package.json
• yarn update, like npm update: doesn't exist

However npm update's doc says:

As of npm@5.0.0, the npm update will change package.json to save the new version as the minimum required dependency. To get the old behavior, use npm update --no-save.

But in fact...

 y > npm -v
5.7.0
 y > cat package.json
{
  "dependencies": {
    "lodash": "^4.17.5"
  }
}
 y > npm update lodash
npm WARN y No description
npm WARN y No repository field.
npm WARN y No license field.

+ lodash@4.17.10
added 1 package from 2 contributors in 1.004s
 y > cat package.json
{
  "dependencies": {
    "lodash": "^4.17.5"
  }
} 

Don't know which one to use :( Yarn added this behavior sometime in 2017 and then broke it silently. npm claims to have it when it doesn't work either.

@kittens Please reopen this issue.

[aprilmintacpineda]

as said by @octref yarn upgrade upgrades the dependencies to their latest version but does not overwrite the package.json. yarn add <package> will update the package to it's latest version if it's already install and overwrite the package.json. Is there a reason for yarn upgrade not to overwrite the package.json? If so, then maybe that can be added as a flag to yarn upgrade.

yarn@1.7.0
node@v10.4.0
os: MacOS

Edit

read #5602 (comment)

[guylepage3]

One workaround: use yarn add instead of yarn upgrade.

Works like a charm. Need to update these two Docs pages to use yarn add instead of yarn upgrade.

• https://yarnpkg.com/lang/en/docs/cli/upgrade/
• https://yarnpkg.com/lang/en/docs/managing-dependencies/

[lehni]

I've been using yarn upgrade-interactive --latest for quite a while now without any hiccups...

[guylepage3]

I've been using yarn upgrade-interactive --latest for quite a while now without any hiccups...

Seems a bit redundant.. Why not just use the easiest of all of these commands, yarn add? Super simple.

[lehni]

@guylepage3 because I get to see what upgrades are available in what versions with different color coding based on patch / minor / major version changes, pick the ones I want to upgrade, and perform multiple upgrades at once that way. Nothing redundant about that?

[guylepage3]

@lehni then the documentation on the website should reflect this and the following two pages should state to use the yarn upgrade-interactive --latest method.

• https://yarnpkg.com/lang/en/docs/cli/upgrade/
• https://yarnpkg.com/lang/en/docs/managing-dependencies/

[alexdevero]

@guylepage3 this conversation is leading nowhere nor does it help. If you want to suggest update of docs, it might be better to create new issue specifically for that.

[guylepage3]

Sorry if you feel that way @alexdevero. And yep already did if you look above.. #1458 (reference)

[homerjam]

This helped me: https://www.npmjs.com/package/syncyarnlock

$ yarn upgrade-interactive && syncyarnlock

[igbopie]

This does not work for me for yarn workspaces. Can someone take a look?

[alexkuc]

@igbopie perhaps this should be raised as a separate issue since this issue is closed?