Yarn Upgrade Doesn't Update Package.json

[mtpultz]

Do you want to request a feature or report a bug?

Bug

What is the current behavior?
yarn upgrade doesn't update package.json unless you go package by package yarn upgrade @angular, and using yarn upgrade-interactive puts a lot of responsibility on knowing exactly what package depend on what as our team found out when the version of codelyzer, tslint, zone.js, and typescript were updated beyond what Angular and Angular CLI required.

What is the expected behavior?
Package.json would have the version changes added.

Please mention your node.js, yarn and operating system version.
Yarn v0.22.0
Windows 10
Node 7.7.2

[rally25rs]

The documented behavior of yarn upgrade is:

This command updates all dependencies to their latest version based on the version range specified in the package.json file.

So running a yarn upgrade should not result in anything needing to change in your package.json. The yarn.lock file, on the other hand, should contain the newest versions of packages that fit the semver range in package.json.

---

yarn upgrade <package_name> and yarn upgrade-interactive on the other hand resolves to the newest release of packages, ignoring the semver range in package.json, so both the package.json and yarn.lock files would see updates if there were new versions of packages.

[voxsim]

@rally25rs you are right @bestander we should close this.

[harlantwood]

For a decent workaround, see #2042 (comment)

[yanisvieilly]

For those of you like myself who were confused by @rally25rs comment:

yarn update <package_name> and yarn upgrade-interactive on the other hand resolves to the newest release of packages

There's a small typo on the first command, it's yarn upgrade, not yarn update:
yarn upgrade <package_name>

Otherwise, I can confirm that it works as expected!

[rally25rs]

oops, sorry for the confusion. NPM and Bower both have an update command. I always forget that Yarn doesn't until I try it and it errors. I edited/corrected my previous comment.

[MrHubble]

yarn upgrade-interactive does not update package.json for me. Perhaps this is the desired behaviour and I misunderstand the documentation.

[rally25rs]

@MrHubble from the docs for upgrade

yarn upgrade

This command updates dependencies to their latest version based on the version range specified in the package.json file. The yarn.lock file will be recreated as well.

yarn upgrade --latest

The upgrade --latest command upgrades packages the same as the upgrade command, but ignores the version range specified in package.json. Instead, the version specified by the latest tag will be used (potentially upgrading the packages across major versions).

The package.json file will be updated to reflect the latest version range.

The same is true for upgrade-interactive since it is basically just upgrade with a UI.

Not updating the package.json file is the as-designed behavior since there is nothing to update. The version upgraded to will match the semver range specified in package.json.

Adding the --latest flag will ignore the semver range in package.json, so the version upgraded to may not fit that range, so the package.json file is updated to reflect the new latest version.

Hope that makes sense. There was a discussion thread in an issue somewhere about a feature request to still update package.json to whatever new version is installed no matter what, but that has not been implemented yet.

[webdif]

I want to update a package from 1.0.10 to last version (1.0.13).
yarn upgrade mypackage does not update my package.json.

I guess I'm still going with this dirty workaround: delete line in package.json and yarn add ¯\_(ツ)_/¯

[bestander]

what does `yarn add mypackage@1.0.13` say?

…

On 8 November 2017 at 09:58, Maxime Vasse ***@***.***> wrote: I want to update a package from 1.0.10 to last version (1.0.13). yarn upgrade mypackage does not update my package.json. I guess I'm still going with this dirty workaround: delete line in package.json and yarn add ¯\_(ツ)_/¯ — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#3266 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACBdWKTYVK64ZDcH2xqQ-QQwImEcw_cCks5s0evEgaJpZM4NJvLj> .

[webdif]

what does yarn add mypackage@1.0.13 say?

This works!
I juste tried yarn add mypackage@latest, which is working as well.

Still don't know why yarn upgrade does not work here, but if yarn add does, this is cool! 😄
Thank you very much @bestander!

[asadakbar]

@webdif yarn upgrade objection@0.9.0 seemed to work for me. It updated both yarn.lock and package.json.

[dinvlad]

yarn upgrade --latest still doesn't seem to have the intended effect for us with yarn 1.9.4. I.e. it doesn't upgrade major versions neither in yarn.lock nor in package.json.

If I run yarn upgrade-interactive --latest afterwards however, that does correctly detect the upgrades. But we would like to upgrade all packages automatically without interactive prompt (in a CI).

[AhmedElywa]

best solution
install global package
npm i -g npm-check-updates
in your project dir
ncu -u
yarn install

[homerjam]

This helped me: https://www.npmjs.com/package/syncyarnlock

$ yarn upgrade-interactive && syncyarnlock

[goldcaddy77]

This is a modified version of @harlantwood 's comment here using npx

npx npm-check-updates --upgrade --upgradeAll && yarn upgrade

[cpxPratik]

I do following to update package.json:

yarn global add syncyarnlock // install syncyarnlock globally
yarn upgrade // update dependencies, updates yarn.lock
syncyarnlock -s -k // updates package.json with versions installed from yarn.lock
yarn install // updates yarn.lock with current version constraint from package.json

[tannert44]

If this is still giving anyone troubles the comment from homerjam and cpxPratik made reference to this: https://www.npmjs.com/package/syncyarnlock

It solved the issue for me in ten minutes.

[Congee]

hey *nix guys, what about this:

jq '.dependencies | keys | .[]' package.json | xargs yarn add
jq '.devDependencies | keys | .[]' package.json | xargs yarn add --dev

[marcosadsj]

Just using " yarn upgrade-interactive " works for me! yarn vesion: 1.7.0

[metasean]

Using yarn upgrade-interactive with yarn version 1.13.0 is NOT upgrading the package.json for me, and the reason I'm using upgrade-interactive is because I'm doing selective upgrades, so upgrade-alls isn't an option for me.

[felipe-coelho]

I can't understand what upgrade command do,
because i could only upgrade express using:
yarn add express@latest

[rally25rs]

@felipe-coelho you could also use the --latest flag: yarn upgrade express --latest but the @latest specification also works.

Without latest it gets the newest version that still fits the version range specified in pacakge.json. With latest it ignores the range specified in package.json and gets the newest version according to the registry.

[rubensurf]

I found a solution.

At first I tried all the possible combinations of yarn upgrade without any results.
Reading the documentation from npm, found the following:
MAJOR version for when there are incompatible API changes (Ex * or x)
MINOR version for when functionality is added in a backwards compatible manner (Ex 1 or 1.x or ^1.0.4)
PATCH version for when backwards compatible bug fixes are done (Ex 1.0 or 1.0.x or ~1.0.4)

Notice the package version is prefixed with '^' (example: "@angular/material": "^8.1.1"), meaning only minor version upgrades will be applied.

I changed the packages from prefix '^' to '*' (example: "@angular/material": "*8.1.1"), and then after running the yarn command:
yarn install
yarn upgrade --latest

yarn install is required after modifying the package.json. The lock file needs to be updated by running the command -> yarn install

The result was the packages upgraded to the latest version at the time -> "@angular/material": "8.2.3".

I hope this helps.

[metasean]

@rubensurf - When you have a large monorepo (e.g. Lerna), you absolutely do not want to go that route.

If you have multiple dependencies, several of which have MAJOR version changes, you can end up spending a LOT of time tracking down root breaking changes that have broken your app (i.e. things in your app that broke because a dependency had a MAJOR version change).

My workflow is to regularly run yarn upgrade-interactive --latest, select all the PATCH and MINOR dependency changes, then apply them and run all my tests (i.e. verify there were no breaking changes). If our sprint has the time to deal with potential breaking changes, then and only then do I run yarn upgrade-interactive --latest and select a single MAJOR dependency change to update, then I re-run all my tests. This means that I know which MAJOR change has an impact on my repo, because I only change one of them at a time. I could absolutely do that from a more simplistic yarn add package@^new.version, but to be honest the yarn upgrade-interactive provides a very useful overview (particularly when run from a mono-repo that depends on multiple dependencies from other mono-repos that must be kept in sync). I genuinely appreciate that overview when making such updates!

The only problem is that yarn upgrade-interactive --latest doesn't automatically update the package.json when there is a update, which can lead to other problems, because the package.json no longer accurately represents the current dependency's versions.