yarn upgrade does not update package.json

[milesj]

Do you want to request a feature or report a bug?

Bug (or maybe request)?

What is the current behavior?

Running yarn upgrade will update dependencies, but not update the versions in package.json.

If the current behavior is a bug, please provide the steps to reproduce.

Here's an output of my console logs.

[16:05:27] Miles:aesthetic > yarn outdated
yarn outdated v0.17.8
Package                 Current Wanted Latest Package Type   
eslint                  3.10.2  3.11.0 3.11.0 devDependencies
mocha                   3.1.2   3.2.0  3.2.0  devDependencies
react                   15.4.0  15.4.1 15.4.1 devDependencies
react-addons-test-utils 15.4.0  15.4.1 15.4.1 devDependencies
react-dom               15.4.0  15.4.1 15.4.1 devDependencies
eslint-plugin-jsx-a11y  2.2.3   2.2.3  3.0.1  devDependencies
flow-bin                0.35.0  0.35.0 0.36.0 devDependencies
✨  Done in 0.49s.
[16:05:30] Miles:aesthetic > gs
# On branch: master  |  No changes (working directory clean)
[16:05:31] Miles:aesthetic > yarn upgrade --ignore-engines
yarn upgrade v0.17.8
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 📃  Building fresh packages...
success Saved lockfile.
success Saved 448 new dependencies.
├─ abbrev@1.0.9
├─ acorn-jsx@3.0.1
├─ acorn@4.0.3
├─ ajv-keywords@1.1.1
├─ ajv@4.9.0
├─ ansi-escapes@1.4.0
├─ ansi-regex@2.0.0
├─ ansi-styles@2.2.1
├─ anymatch@1.3.0
├─ aphrodite@1.1.0
├─ aproba@1.0.4
├─ are-we-there-yet@1.1.2
├─ argparse@1.0.9
├─ arr-diff@2.0.0
├─ arr-flatten@1.0.1
├─ array-union@1.0.2
├─ array-uniq@1.0.3
├─ array-unique@0.2.1
├─ arrify@1.0.1
├─ asap@2.0.5
├─ asn1@0.2.3
├─ assert-plus@0.2.0
├─ assertion-error@1.0.2
├─ async-each@1.0.1
├─ asynckit@0.4.0
├─ aws-sign2@0.6.0
├─ aws4@1.5.0
├─ babel-cli@6.18.0
├─ babel-code-frame@6.16.0
├─ babel-core@6.18.2
├─ babel-eslint@7.1.1
├─ babel-generator@6.19.0
├─ babel-helper-bindify-decorators@6.18.0
├─ babel-helper-builder-binary-assignment-operator-visitor@6.18.0
├─ babel-helper-builder-react-jsx@6.18.0
├─ babel-helper-call-delegate@6.18.0
├─ babel-helper-define-map@6.18.0
├─ babel-helper-explode-assignable-expression@6.18.0
├─ babel-helper-explode-class@6.18.0
├─ babel-helper-function-name@6.18.0
├─ babel-helper-get-function-arity@6.18.0
├─ babel-helper-hoist-variables@6.18.0
├─ babel-helper-optimise-call-expression@6.18.0
├─ babel-helper-regex@6.18.0
├─ babel-helper-remap-async-to-generator@6.18.0
├─ babel-helper-replace-supers@6.18.0
├─ babel-helpers@6.16.0
├─ babel-messages@6.8.0
├─ babel-plugin-check-es2015-constants@6.8.0
├─ babel-plugin-syntax-async-functions@6.13.0
├─ babel-plugin-syntax-async-generators@6.13.0
├─ babel-plugin-syntax-class-properties@6.13.0
├─ babel-plugin-syntax-decorators@6.13.0
├─ babel-plugin-syntax-dynamic-import@6.18.0
├─ babel-plugin-syntax-exponentiation-operator@6.13.0
├─ babel-plugin-syntax-flow@6.18.0
├─ babel-plugin-syntax-jsx@6.18.0
├─ babel-plugin-syntax-object-rest-spread@6.13.0
├─ babel-plugin-syntax-trailing-function-commas@6.13.0
├─ babel-plugin-transform-async-generator-functions@6.17.0
├─ babel-plugin-transform-async-to-generator@6.16.0
├─ babel-plugin-transform-class-properties@6.19.0
├─ babel-plugin-transform-decorators@6.13.0
├─ babel-plugin-transform-es2015-arrow-functions@6.8.0
├─ babel-plugin-transform-es2015-block-scoped-functions@6.8.0
├─ babel-plugin-transform-es2015-block-scoping@6.18.0
├─ babel-plugin-transform-es2015-classes@6.18.0
├─ babel-plugin-transform-es2015-computed-properties@6.8.0
├─ babel-plugin-transform-es2015-destructuring@6.19.0
├─ babel-plugin-transform-es2015-duplicate-keys@6.8.0
├─ babel-plugin-transform-es2015-for-of@6.18.0
├─ babel-plugin-transform-es2015-function-name@6.9.0
├─ babel-plugin-transform-es2015-literals@6.8.0
├─ babel-plugin-transform-es2015-modules-amd@6.18.0
├─ babel-plugin-transform-es2015-modules-commonjs@6.18.0
├─ babel-plugin-transform-es2015-modules-systemjs@6.19.0
├─ babel-plugin-transform-es2015-modules-umd@6.18.0
├─ babel-plugin-transform-es2015-object-super@6.8.0
├─ babel-plugin-transform-es2015-parameters@6.18.0
├─ babel-plugin-transform-es2015-shorthand-properties@6.18.0
├─ babel-plugin-transform-es2015-spread@6.8.0
├─ babel-plugin-transform-es2015-sticky-regex@6.8.0
├─ babel-plugin-transform-es2015-template-literals@6.8.0
├─ babel-plugin-transform-es2015-typeof-symbol@6.18.0
├─ babel-plugin-transform-es2015-unicode-regex@6.11.0
├─ babel-plugin-transform-exponentiation-operator@6.8.0
├─ babel-plugin-transform-flow-comments@6.17.0
├─ babel-plugin-transform-flow-strip-types@6.18.0
├─ babel-plugin-transform-object-rest-spread@6.19.0
├─ babel-plugin-transform-react-display-name@6.8.0
├─ babel-plugin-transform-react-jsx-self@6.11.0
├─ babel-plugin-transform-react-jsx-source@6.9.0
├─ babel-plugin-transform-react-jsx@6.8.0
├─ babel-plugin-transform-regenerator@6.16.1
├─ babel-plugin-transform-runtime@6.15.0
├─ babel-plugin-transform-strict-mode@6.18.0
├─ babel-polyfill@6.16.0
├─ babel-preset-es2015@6.18.0
├─ babel-preset-react@6.16.0
├─ babel-preset-stage-2@6.18.0
├─ babel-preset-stage-3@6.17.0
├─ babel-register@6.18.0
├─ babel-runtime@6.18.0
├─ babel-template@6.16.0
├─ babel-traverse@6.19.0
├─ babel-types@6.19.0
├─ babylon@6.14.1
├─ balanced-match@0.4.2
├─ bcrypt-pbkdf@1.0.0
├─ binary-extensions@1.7.0
├─ block-stream@0.0.9
├─ boolbase@1.0.0
├─ boom@2.10.1
├─ bowser@1.5.0
├─ brace-expansion@1.1.6
├─ braces@1.8.5
├─ browser-stdout@1.3.0
├─ buffer-shims@1.0.0
├─ builtin-modules@1.1.1
├─ caller-path@0.1.0
├─ callsites@0.2.0
├─ caseless@0.11.0
├─ chai@3.5.0
├─ chalk@1.1.3
├─ cheerio@0.22.0
├─ chokidar@1.6.1
├─ circular-json@0.3.1
├─ cli-cursor@1.0.2
├─ cli-width@2.1.0
├─ co@4.6.0
├─ code-point-at@1.1.0
├─ combined-stream@1.0.5
├─ commander@2.9.0
├─ concat-map@0.0.1
├─ concat-stream@1.5.2
├─ console-control-strings@1.1.0
├─ contains-path@0.1.0
├─ convert-source-map@1.3.0
├─ core-js@2.4.1
├─ core-util-is@1.0.2
├─ cryptiles@2.0.5
├─ css-select@1.2.0
├─ css-what@2.1.0
├─ d@0.1.1
├─ damerau-levenshtein@1.0.3
├─ dashdash@1.14.1
├─ debug@2.2.0
├─ deep-eql@0.1.3
├─ deep-extend@0.4.1
├─ deep-is@0.1.3
├─ define-properties@1.1.2
├─ del@2.2.2
├─ delayed-stream@1.0.0
├─ delegates@1.0.0
├─ detect-indent@4.0.0
├─ diff@1.4.0
├─ doctrine@1.5.0
├─ dom-serializer@0.1.0
├─ domelementtype@1.3.0
├─ domhandler@2.3.0
├─ domutils@1.5.1
├─ ecc-jsbn@0.1.1
├─ encoding@0.1.12
├─ entities@1.1.1
├─ enzyme@2.6.0
├─ es-abstract@1.6.1
├─ es-to-primitive@1.1.1
├─ es5-ext@0.10.12
├─ es6-iterator@2.0.0
├─ es6-map@0.1.4
├─ es6-set@0.1.4
├─ es6-symbol@3.1.0
├─ es6-weak-map@2.0.1
├─ escape-string-regexp@1.0.5
├─ escope@3.6.0
├─ eslint-config-airbnb-base@10.0.1
├─ eslint-config-airbnb@13.0.0
├─ eslint-import-resolver-node@0.2.3
├─ eslint-module-utils@2.0.0
├─ eslint-plugin-flowtype@2.25.0
├─ eslint-plugin-import@2.2.0
├─ eslint-plugin-jsx-a11y@2.2.3
├─ eslint-plugin-react@6.7.1
├─ eslint@3.11.0
├─ espree@3.3.2
├─ esprima@2.7.3
├─ esrecurse@4.1.0
├─ estraverse@4.2.0
├─ esutils@2.0.2
├─ event-emitter@0.3.4
├─ exit-hook@1.1.1
├─ expand-brackets@0.1.5
├─ expand-range@1.8.2
├─ extend@3.0.0
├─ extglob@0.3.2
├─ extsprintf@1.0.2
├─ fast-levenshtein@2.0.5
├─ fbjs@0.8.6
├─ figures@1.7.0
├─ file-entry-cache@2.0.0
├─ filename-regex@2.0.0
├─ fill-range@2.2.3
├─ find-up@1.1.2
├─ flat-cache@1.2.1
├─ flow-bin@0.35.0
├─ for-in@0.1.6
├─ for-own@0.1.4
├─ foreach@2.0.5
├─ forever-agent@0.6.1
├─ form-data@2.1.2
├─ fs-readdir-recursive@1.0.0
├─ fs.realpath@1.0.0
├─ fsevents@1.0.15
├─ fstream-ignore@1.0.5
├─ fstream@1.0.10
├─ function-bind@1.1.0
├─ function.prototype.name@1.0.0
├─ gauge@2.7.1
├─ generate-function@2.0.0
├─ generate-object-property@1.2.0
├─ getpass@0.1.6
├─ glob-base@0.3.0
├─ glob-parent@2.0.0
├─ glob@7.0.5
├─ globals@9.14.0
├─ globby@5.0.0
├─ graceful-fs@4.1.11
├─ graceful-readlink@1.0.1
├─ growl@1.9.2
├─ har-validator@2.0.6
├─ has-ansi@2.0.0
├─ has-color@0.1.7
├─ has-flag@1.0.0
├─ has-unicode@2.0.1
├─ has@1.0.1
├─ hawk@3.1.3
├─ hoek@2.16.3
├─ hoist-non-react-statics@1.2.0
├─ home-or-tmp@2.0.0
├─ htmlparser2@3.9.2
├─ http-signature@1.1.1
├─ hyphenate-style-name@1.0.2
├─ iconv-lite@0.4.15
├─ ignore@3.2.0
├─ imurmurhash@0.1.4
├─ in-publish@2.0.0
├─ inflight@1.0.6
├─ inherits@2.0.3
├─ ini@1.3.4
├─ inline-style-prefixer@2.0.4
├─ inquirer@0.12.0
├─ interpret@1.0.1
├─ invariant@2.2.2
├─ is-binary-path@1.0.1
├─ is-buffer@1.1.4
├─ is-callable@1.1.3
├─ is-date-object@1.0.1
├─ is-dotfile@1.0.2
├─ is-equal-shallow@0.1.3
├─ is-extendable@0.1.1
├─ is-extglob@1.0.0
├─ is-finite@1.0.2
├─ is-fullwidth-code-point@1.0.0
├─ is-glob@2.0.1
├─ is-in-browser@1.0.2
├─ is-my-json-valid@2.15.0
├─ is-number@2.1.0
├─ is-path-cwd@1.0.0
├─ is-path-in-cwd@1.0.0
├─ is-path-inside@1.0.0
├─ is-posix-bracket@0.1.1
├─ is-primitive@2.0.0
├─ is-property@1.0.2
├─ is-regex@1.0.3
├─ is-resolvable@1.0.0
├─ is-stream@1.1.0
├─ is-subset@0.1.1
├─ is-symbol@1.0.1
├─ is-typedarray@1.0.0
├─ isarray@1.0.0
├─ isobject@2.1.0
├─ isomorphic-fetch@2.2.1
├─ isstream@0.1.2
├─ jodid25519@1.0.2
├─ js-tokens@2.0.0
├─ js-yaml@3.7.0
├─ jsbn@0.1.0
├─ jsesc@1.3.0
├─ json-schema@0.2.3
├─ json-stable-stringify@1.0.1
├─ json-stringify-safe@5.0.1
├─ json3@3.3.2
├─ json5@0.5.0
├─ jsonify@0.0.0
├─ jsonpointer@4.0.0
├─ jsprim@1.3.1
├─ jss@5.5.6
├─ jsx-ast-utils@1.3.4
├─ kind-of@3.0.4
├─ levn@0.3.0
├─ lodash._baseassign@3.2.0
├─ lodash._basecopy@3.0.1
├─ lodash._basecreate@3.0.3
├─ lodash._getnative@3.9.1
├─ lodash._isiterateecall@3.0.9
├─ lodash.assignin@4.2.0
├─ lodash.bind@4.2.1
├─ lodash.cond@4.5.2
├─ lodash.create@3.1.1
├─ lodash.defaults@4.2.0
├─ lodash.filter@4.6.0
├─ lodash.flatten@4.4.0
├─ lodash.foreach@4.5.0
├─ lodash.isarguments@3.1.0
├─ lodash.isarray@3.0.4
├─ lodash.keys@3.1.2
├─ lodash.map@4.6.0
├─ lodash.merge@4.6.0
├─ lodash.pick@4.4.0
├─ lodash.pickby@4.6.0
├─ lodash.reduce@4.6.0
├─ lodash.reject@4.6.0
├─ lodash.some@4.6.0
├─ lodash@4.17.2
├─ loose-envify@1.3.0
├─ micromatch@2.3.11
├─ mime-db@1.25.0
├─ mime-types@2.1.13
├─ minimatch@3.0.3
├─ minimist@0.0.8
├─ mkdirp@0.5.1
├─ mocha@3.2.0
├─ ms@0.7.1
├─ murmurhash-js@1.0.0
├─ mute-stream@0.0.5
├─ nan@2.4.0
├─ natural-compare@1.4.0
├─ node-fetch@1.6.3
├─ node-pre-gyp@0.6.31
├─ nopt@3.0.6
├─ normalize-path@2.0.1
├─ npmlog@4.0.1
├─ nth-check@1.0.1
├─ number-is-nan@1.0.1
├─ oauth-sign@0.8.2
├─ object-assign@4.1.0
├─ object-is@1.0.1
├─ object-keys@1.0.11
├─ object.assign@4.0.4
├─ object.entries@1.0.3
├─ object.omit@2.0.1
├─ object.values@1.0.3
├─ once@1.4.0
├─ onetime@1.1.0
├─ optionator@0.8.2
├─ os-homedir@1.0.2
├─ os-tmpdir@1.0.2
├─ output-file-sync@1.1.2
├─ parse-glob@3.0.4
├─ path-exists@2.1.0
├─ path-is-absolute@1.0.1
├─ path-is-inside@1.0.2
├─ pify@2.3.0
├─ pinkie-promise@2.0.1
├─ pinkie@2.0.4
├─ pkg-dir@1.0.0
├─ pkg-up@1.0.0
├─ pluralize@1.2.1
├─ prelude-ls@1.1.2
├─ preserve@0.2.0
├─ private@0.1.6
├─ process-nextick-args@1.0.7
├─ progress@1.1.8
├─ promise@7.1.1
├─ punycode@1.4.1
├─ qs@6.3.0
├─ randomatic@1.1.6
├─ rc@1.1.6
├─ react-addons-test-utils@15.4.1
├─ react-dom@15.4.1
├─ react@15.4.1
├─ readable-stream@2.0.6
├─ readdirp@2.1.0
├─ readline2@1.0.1
├─ rechoir@0.6.2
├─ regenerate@1.3.2
├─ regenerator-runtime@0.9.6
├─ regex-cache@0.4.3
├─ regexpu-core@2.0.0
├─ regjsgen@0.2.0
├─ regjsparser@0.1.5
├─ repeat-element@1.1.2
├─ repeat-string@1.6.1
├─ repeating@2.0.1
├─ request@2.79.0
├─ require-uncached@1.0.3
├─ resolve-from@1.0.1
├─ resolve@1.1.7
├─ restore-cursor@1.0.1
├─ rimraf@2.5.4
├─ run-async@0.1.0
├─ rx-lite@3.1.2
├─ semver@5.3.0
├─ set-blocking@2.0.0
├─ set-immediate-shim@1.0.1
├─ shelljs@0.7.5
├─ signal-exit@3.0.1
├─ slash@1.0.0
├─ slice-ansi@0.0.4
├─ sntp@1.0.9
├─ source-map-support@0.4.6
├─ source-map@0.5.6
├─ sprintf-js@1.0.3
├─ sshpk@1.10.1
├─ string_decoder@0.10.31
├─ string-width@1.0.2
├─ stringstream@0.0.5
├─ strip-ansi@3.0.1
├─ strip-bom@3.0.0
├─ strip-json-comments@1.0.4
├─ supports-color@3.1.2
├─ table@3.8.3
├─ tar-pack@3.3.0
├─ tar@2.2.1
├─ text-table@0.2.0
├─ through@2.3.8
├─ to-fast-properties@1.0.2
├─ tough-cookie@2.3.2
├─ tryit@1.0.3
├─ tunnel-agent@0.4.3
├─ tweetnacl@0.14.3
├─ type-check@0.3.2
├─ type-detect@1.0.0
├─ typedarray@0.0.6
├─ ua-parser-js@0.7.12
├─ uid-number@0.0.6
├─ user-home@2.0.0
├─ util-deprecate@1.0.2
├─ uuid@2.0.3
├─ v8flags@2.0.11
├─ verror@1.3.6
├─ warning@3.0.0
├─ whatwg-fetch@2.0.1
├─ wide-align@1.1.0
├─ wordwrap@1.0.0
├─ wrappy@1.0.2
├─ write@0.2.1
└─ xtend@4.0.1
✨  Done in 3.72s.
[16:05:41] Miles:aesthetic > gs
# On branch: master  |  [*] => $e*
#
➤ Changes not staged for commit
#
#       modified:  [1] yarn.lock
#
[16:05:54] Miles:aesthetic > yarn outdated
yarn outdated v0.17.8
Package                Current Wanted Latest Package Type   
eslint-plugin-jsx-a11y 2.2.3   2.2.3  3.0.1  devDependencies
flow-bin               0.35.0  0.35.0 0.36.0 devDependencies
✨  Done in 0.54s.

What is the expected behavior?

The package.json versions are updated (including the ^ caret).

Please mention your node.js, yarn and operating system version.

Yarn v0.17.8
Node.js v7.2.0
macOS v10.12.1

More information.

In my projects, I would constantly use npm update --save-dev to update dev dependencies and the package.json with the latest versions. This allows my dev tooling to always stay constant.

However, I would not do the same for non-dev dependencies, as those should be locked into a specific version as to not restrict consumers. For example, supporting React ^15.0.0 instead of ^15.4.1.

[csvan]

As I understand the docs, the package.json file will only be modified if you run upgrade on a particular package: https://yarnpkg.com/en/docs/cli/upgrade

[milesj]

I could of sworn that yarn upgrade also updated package.json at some point in previous versions. Regardless, I believe this should be a feature, perhaps under a flag like --save-dev.

My other issue with upgrading a package directly, is that it updates the version without the ^ caret.

[torifat]

I could of sworn that yarn upgrade also updated package.json at some point in previous versions.

It could be a bug.

I don't think it's necessary to update package.json in this case. You should track your yarn.lock file with git.

[harlantwood]

I also want a way to update my version numbers in package.json when upgrading all packages, mostly because it provides an easy reference to what the current version is (easier than grepping the lockfile).

As a workaround, I am currently doing:

yarn global add npm-check-updates
ncu --upgrade --upgradeAll && yarn upgrade

The last line I alias to yup, so the workaround is not too painful.

[goemaeret]

Maybe a strange question, but is it actually necessary to update the package.json file? Since the specific package versions are locked away in the yarn.lock file I don't really understand why the package.json file still is being updated when running the yarn upgrade command on a specific package... Any reason/explanation for this behaviour?

Thx in advance

[milesj]

@goemaeret While that is correct, I'm just not a fan of adding a version to package.json once and forgetting it forever. I'd rather the lock file and package.json be incremented together.

Just seems odd that the version in the package.json could theoretically be a year old and like 30 versions behind. Furthermore, it's the more human readable version compared to the lock file.

[goemaeret]

@milesj some very clever arguments you pointed out there. Thx a lot!

[rottmann]

yarn upgrade package change the package.json version, i did not find a reason, why yarn upgrade not update the version in package.json?

[mjbates7]

This would be useful to have the package.json file have the up-to-date version numbers so you can see at a glance the version numbers you have

[edmorley]

Interestingly, upgrade-interactive does update package.json even though upgrade doesn't (though perhaps that's because it does the equivalent of yarn upgrade package for each internally.

[mjbates7]

Where is upgrade-interactive documented?

[edmorley]

Only in yarn --help.

#2891 is meaning features are frequently being added without their equivalent docs changes.

[voxsim]

@bestander we can close this O.o

[milesj]

@voxsim @bestander Why was it closed? Because of upgrade-interactive?

[voxsim]

@milesj read here for more info #3266!

[ctumolosus]

I also wanted yarn upgrade to update package.json for the same reasons as everyone else, but there is also something important for me that command provides: it upgrades all dependencies within their respective semver range. It doesn't seem like there is an option or command available to do this when running yarn upgrade <package> or yarn upgrade-interactive. At times, I want to avoid introducing breaking changes when upgrading packages.

[ConAntonakos]

This is currently happening to me now after installing yarn v1.0.1. It updates my yarn.lock file, but not package.json.

macOS v10.12.6
Node.js v5.12.0

[mikerogerz]

This needs to be reopened. I'm currently experiencing the same behaviour with v1.0.1. Either it's a bug, or the documentation is incorrect.

[f]

This needs to be reopened +1

[BYK]

Instead of reopening, we may file a new issue. We had a similar report at #4390.

[dmtroyer]

Is this just expected behavior? Am I missing something?

[guilhermecvm]

check yarn upgrade --latest

but use with caution as it will not respect semver. It will just update to the latest tag
https://yarnpkg.com/lang/en/docs/cli/upgrade/#toc-yarn-upgrade-package-latest-l-caret-tilde-exact-pattern

[cansin]

I was having the same problem. As others were suggesting running:

$ yarn upgrade webpack webpack-dev-server or-any-other-library --latest

updated only the packages listed to the latest version (as expected) and also updated both package.json and yarn.lock files.

[tommedema]

@AmyShieh yes, I am using --latest, therefore it should have suggested Prettier@1.15.3 and it did not.

[joebernard]

The only way I managed to upgrade ALL my packages to latest was to manually run yarn upgrade package@latest on every package. Neither of the following updated package.json:

yarn upgrade --latest
yarn upgrade-interactive --latest

I would expect those to bulk update everything in package.json, but perhaps I am misunderstanding their intent. This would definitely be a useful feature to have.

[japrogramer]

yarn upgrade --latest

Does not update package.json
onle @latest does .. such a hassle

[RyanPWalker]

yarn upgrade --latest was not working for me because a certain package was timing out in the download.
Running git config --global url."https://".insteadOf git:// solved my issue. Now I can run yarn upgrade --latest

[benjamincharity]

I seem to need the opposite behavior everyone else is asking for.. possibly someone can open my eyes to something I am missing?

Scenario:

We have a codebase that requires libA. Since we have very close control over libA we have the package.json set to "libA": "latest".

Now, last time the yarn.lock file was generated, libA was at 1.1.0. Since then, libA has released 1.2.0. For our next PR we need to update the yarn.lock file so that the CI pulls the newer version.

This is where my issue arises:

It seems that every command yarn offers also updates the package.json file which overwrites latest with whatever version is actually the latest. This does solve my immediate need of using the latest package version, but it introduces a new issue where my package.json is no longer targeting latest now it's actually targeting ^1.2.0. This means that when 2.0.0 drops, the same upgrade command won't actually get me latest.

Question: Is there really no way to tell yarn to update my lockfile according to my package.json without changing package.json??

[MikeMitterer]

This bug is still not solved.
I tried

yarn upgrade --latest
yarn upgrade-interactive --latest

with yarn 1.12.3 - package gets not updated

[Alex2357]

Also was struggling with the same problem.
Then I already gave app, but when I wanted to fix another problem I noticed that this yarn upgrade fable-compiler --latest has updated both files after I did in my repository next commands

ATTENTION!!! THIS WILL WIPE YOUR WORK COMPLETELY. COMMIT ALL UNSAVED CHANGES YOU NEED!

git reset --hard
git clean -dxf

It might be cleaning all the crap might help.

Then I started yarn upgrade fable-loader without latest and it updated just yarn.lock
Now I repeat all the steps

git reset --hard
git clean -dxf
yarn upgrade fable-compiler --latest
yarn upgrade fable-loader --latest

and I have in both files both dependencies updated.

[eluchsinger]

What is the status of this issue?

[rpweb]

yarn upgrade --latest works out.
version pattern "x.x.x" gets updated, "^x.x.x" not, if anyone is wondering

[the-teacher]

➡️ yarn upgrade react react-dom jest-dom css-loader apollo-link-batch-http
It upgrades packages in yarn.lock without touching package.json

And now you run the same but with add

➡️yarn add react react-dom jest-dom css-loader apollo-link-batch-http
it will update the package.json

It solves.

[ClearedFram3]

The issue still persists. My package.json is sometimes over 10 versions out of date compared to yarn.lock

*is this a feature?

[homoluden]

I have yarn v. 1.12.3
and here is the behavior on my side:
In private npm registry we have latest version of "pkgA" equal to 0.13.0
And I have a package.json containing
"dependencies": {
...
"depA": "^0.11.0",
...
}

1. yarn cache clean
2. yarn install
3. yarn upgrade --latest depA
   Result: package.json don't gets updated.

If I change depA version manually to 0.13.0, execute steps 2 and 3, then I will get depA v. 0.13.0 into yarn's cache.

After that I can go into package.json, change back the depA version to 0.11.0 and execute steps 2 and 3 again. This time package.json gets the version upgraded.

My conclusion: during yarn upgrade --latest (in case of semver) yarn looks for latest version inside the cache and loads from remote only if no corresponding package (as stated by semver) found.

PS: after updating yarn to v. 1.16.0 issue above disappeared.

[javed24]

Looks like it's still an issue. Only thing that worked for me was yarn upgrade <package_name>@latest as suggested by @joebernard. I understand that updating the package.json file with the upgrade command is not an expected behavior but it definitely would've been nice if it did update the package.json file too.

[vsDizzy]

Just having this issue. yarn upgrade -L does nothing to package.json

[anxious-coder-lhs]

On yarn version yarn info v1.17.3, still having the issue. Tried everything mentioned above, not sure what am I missing, but it doesn't work.

[flavioespinoza]

This worked for me:

yarn global add npm-check-updates

ncu -u

got this list in the terminal:

Used yarn install with the --check-files flag:

yarn install --check-files

ncu -u

Also if you want to upgrade only one package and have it reflect in the package.json this worked for me:

yarn add lodash@latest 

or 

yarn add lodash@<version>

Time to dance! :)

[justinh00k]

I am having this issue in yarn 1.22.4

[vsDizzy]

I switched to the npm-check-updates tool because not yarn neither npm work in the correct way.

[krishnaTORQUE]

its been 4 years & I am still facing this issue.

yarn upgrade
yarn upgrade --latest
yarn upgrade-interactive
yarn upgrade-interactive --latest

does not update / upgrade package.json

node: v14.16.0
yarn: v1.22.5
OS: ubuntu 20.04

[hunter2009]

This needs to be reopened +1

[johnsonsirv]

$ yarn upgrade <package-name>@^

Gives you a list of versions to pick from, and updates package.json afterwards,
Ref: https://dev.to/wgao19/why-running-yarn-upgrade-does-not-update-my-package-json-3mon

[SwapnilSoni1999]

$ yarn upgrade <package-name>@^

Gives you a list of versions to pick from, and updates package.json afterwards, Ref: https://dev.to/wgao19/why-running-yarn-upgrade-does-not-update-my-package-json-3mon

What to do If we have more than 30-50+ packages?

[iSuslov]

Does not update package.json in monorepo.

yarn upgrade pg@^8.5.1 grpc --latest

Tries to install old dependency and crashes (new versions not crashing)

[niklasholm]

Amazed nobody has mentioned syncyarnlock.

Upgrade all packages (respecting semver) and update package.json:

yarn upgrade && syncyarnlock -s -k

[herleraja]

Amazed nobody has mentioned syncyarnlock.

Upgrade all packages (respecting semver) and update package.json:

yarn upgrade && syncyarnlock -s -k

It works only for yarn version 1.2.x but not the later versions of yarn (example: yarn 3.x.x or 4.x.x)