Yarn: `yarn upgrade` does not update package.json

62

Do you want to request a feature or report a bug?

Bug (or maybe request)?

What is the current behavior?

Running yarn upgrade will update dependencies, but not update the versions in package.json.

If the current behavior is a bug, please provide the steps to reproduce.

Here's an output of my console logs.

[16:05:27] Miles:aesthetic > yarn outdated
yarn outdated v0.17.8
Package                 Current Wanted Latest Package Type   
eslint                  3.10.2  3.11.0 3.11.0 devDependencies
mocha                   3.1.2   3.2.0  3.2.0  devDependencies
react                   15.4.0  15.4.1 15.4.1 devDependencies
react-addons-test-utils 15.4.0  15.4.1 15.4.1 devDependencies
react-dom               15.4.0  15.4.1 15.4.1 devDependencies
eslint-plugin-jsx-a11y  2.2.3   2.2.3  3.0.1  devDependencies
flow-bin                0.35.0  0.35.0 0.36.0 devDependencies
✨  Done in 0.49s.
[16:05:30] Miles:aesthetic > gs
# On branch: master  |  No changes (working directory clean)
[16:05:31] Miles:aesthetic > yarn upgrade --ignore-engines
yarn upgrade v0.17.8
[1/4] πŸ”  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] πŸ”—  Linking dependencies...
[4/4] πŸ“ƒ  Building fresh packages...
success Saved lockfile.
success Saved 448 new dependencies.
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected].3
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ block-strea[email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
β”œβ”€ [email protected]
└─ [email protected]
✨  Done in 3.72s.
[16:05:41] Miles:aesthetic > gs
# On branch: master  |  [*] => $e*
#
➀ Changes not staged for commit
#
#       modified:  [1] yarn.lock
#
[16:05:54] Miles:aesthetic > yarn outdated
yarn outdated v0.17.8
Package                Current Wanted Latest Package Type   
eslint-plugin-jsx-a11y 2.2.3   2.2.3  3.0.1  devDependencies
flow-bin               0.35.0  0.35.0 0.36.0 devDependencies
✨  Done in 0.54s.

What is the expected behavior?

The package.json versions are updated (including the ^ caret).

Please mention your node.js, yarn and operating system version.

Yarn v0.17.8
Node.js v7.2.0
macOS v10.12.1

More information.

In my projects, I would constantly use npm update --save-dev to update dev dependencies and the package.json with the latest versions. This allows my dev tooling to always stay constant.

However, I would not do the same for non-dev dependencies, as those should be locked into a specific version as to not restrict consumers. For example, supporting React ^15.0.0 instead of ^15.4.1.

milesj picture milesj  Β·  26 Nov 2016

Most helpful comment

182

@goemaeret While that is correct, I'm just not a fan of adding a version to package.json once and forgetting it forever. I'd rather the lock file and package.json be incremented together.

Just seems odd that the version in the package.json could theoretically be a year old and like 30 versions behind. Furthermore, it's the more human readable version compared to the lock file.

milesj picture milesj  Β·  4 Jan 2017

All comments

-37

As I understand the docs, the package.json file will only be modified if you run upgrade on a particular package: https://yarnpkg.com/en/docs/cli/upgrade

csvan picture csvan  Β·  26 Nov 2016
20

I could of sworn that yarn upgrade also updated package.json at some point in previous versions. Regardless, I believe this should be a feature, perhaps under a flag like --save-dev.

My other issue with upgrading a package directly, is that it updates the version without the ^ caret.

milesj picture milesj  Β·  26 Nov 2016
0

I could of sworn that yarn upgrade also updated package.json at some point in previous versions.

It could be a bug.

I don't think it's necessary to update package.json in this case. You should track your yarn.lock file with git.

torifat picture torifat  Β·  26 Nov 2016
136

I also want a way to update my version numbers in package.json when upgrading all packages, mostly because it provides an easy reference to what the current version is (easier than grepping the lockfile).

As a workaround, I am currently doing:

yarn global add npm-check-updates
ncu --upgrade --upgradeAll && yarn upgrade

The last line I alias to yup, so the workaround is not too painful.

harlantwood picture harlantwood  Β·  29 Dec 2016
3

Maybe a strange question, but is it actually necessary to update the package.json file? Since the specific package versions are locked away in the yarn.lock file I don't really understand why the package.json file still is being updated when running the yarn upgrade command on a specific package... Any reason/explanation for this behaviour?

Thx in advance

goemaeret picture goemaeret  Β·  4 Jan 2017
182

@goemaeret While that is correct, I'm just not a fan of adding a version to package.json once and forgetting it forever. I'd rather the lock file and package.json be incremented together.

Just seems odd that the version in the package.json could theoretically be a year old and like 30 versions behind. Furthermore, it's the more human readable version compared to the lock file.

milesj picture milesj  Β·  4 Jan 2017
0

@milesj some very clever arguments you pointed out there. Thx a lot!

goemaeret picture goemaeret  Β·  5 Jan 2017
47

yarn upgrade package change the package.json version, i did not find a reason, why yarn upgrade not update the version in package.json?

rottmann picture rottmann  Β·  1 Apr 2017
1

This would be useful to have the package.json file have the up-to-date version numbers so you can see at a glance the version numbers you have

mjbates7 picture mjbates7  Β·  13 Apr 2017
10

Interestingly, upgrade-interactive does update package.json even though upgrade doesn't (though perhaps that's because it does the equivalent of yarn upgrade package for each internally.

edmorley picture edmorley  Β·  13 Apr 2017
0

Where is upgrade-interactive documented?

mjbates7 picture mjbates7  Β·  13 Apr 2017
0

Only in yarn --help.

2891 is meaning features are frequently being added without their equivalent docs changes.

edmorley picture edmorley  Β·  13 Apr 2017
-88

@bestander we can close this O.o

voxsim picture voxsim  Β·  28 Apr 2017
3

@voxsim @bestander Why was it closed? Because of upgrade-interactive?

milesj picture milesj  Β·  28 Apr 2017
0

@milesj read here for more info https://github.com/yarnpkg/yarn/issues/3266!

voxsim picture voxsim  Β·  28 Apr 2017
5

I also wanted yarn upgrade to update package.json for the same reasons as everyone else, but there is also something important for me that command provides: it upgrades all dependencies within their respective semver range. It doesn't seem like there is an option or command available to do this when running yarn upgrade <package> or yarn upgrade-interactive. At times, I want to avoid introducing breaking changes when upgrading packages.

ctumolosus picture ctumolosus  Β·  29 Jun 2017
25

This is currently happening to me now after installing yarn v1.0.1. It updates my yarn.lock file, but not package.json.

macOS v10.12.6
Node.js v5.12.0

ConAntonakos picture ConAntonakos  Β·  7 Sep 2017
21

This needs to be reopened. I'm currently experiencing the same behaviour with v1.0.1. Either it's a bug, or the documentation is incorrect.

mikerogerz picture mikerogerz  Β·  10 Sep 2017
68

This needs to be reopened +1

f picture f  Β·  12 Sep 2017
0

Instead of reopening, we may file a new issue. We had a similar report at #4390.

BYK picture BYK  Β·  12 Sep 2017
5

Is this just expected behavior? Am I missing something?

dmtroyer picture dmtroyer  Β·  24 Oct 2017
6

check yarn upgrade --latest

but use with caution as it will not respect semver. It will just update to the latest tag
https://yarnpkg.com/lang/en/docs/cli/upgrade/#toc-yarn-upgrade-package-latest-l-caret-tilde-exact-pattern

guilhermecvm picture guilhermecvm  Β·  28 Nov 2017
1

I was having the same problem. As others were suggesting running:

$ yarn upgrade webpack webpack-dev-server or-any-other-library --latest

updated only the packages listed to the latest version (as expected) and also updated both package.json and yarn.lock files.

cansin picture cansin  Β·  4 Dec 2017
3

if works (package.json is updated) if you specify the version of the package, for example:
yarn upgrade [email protected]

ynuska picture ynuska  Β·  13 Dec 2017
1

If you want to upgrade all packages in the package.json file at the same time, this is a cool utility:
yarn-upgrade-all. Takes a bit of time to run, but it accomplishes the job.

Update: one downside: it won't respect any package urls you are using. They apparently have to be restored manually after the process completes. :(

dseipp picture dseipp  Β·  14 Mar 2018
25

Update on this?

damianobarbati picture damianobarbati  Β·  2 Jun 2018
6

Contrary to what is stated above, both yarn upgrade and yarn upgrade-interactive does not update the package.json. This seems strange.
So I guess we are expected to have our package.json version numbers be effecively completely irrelevant and solely rely on yarn.lock..?

phil294 picture phil294  Β·  14 Jul 2018
2

@phil294 No, yarn upgrade and yarn upgrade-interactive will upgrade to the latest satisfied range.

For example, you have ^1.0.0 in your package.json and you have 1.1.0 in the lock file. But, the package now has 1.2.0. Running yarn upgrade or yarn upgrade-interactive will bump the version in your lock file from 1.1.0 to 1.2.0 which satisfies the version in your package.json (^1.0.0). Use --latest flag to get the latest version. It will update both package.json and yarn.lock file.

torifat picture torifat  Β·  14 Jul 2018
3

It doesn't work for beta flagged packages.
i.e: "@babel/core": "^7.0.0-beta.52" won't be upgraded on package.json to "@babel/core": "^7.0.0-beta.53"

damianobarbati picture damianobarbati  Β·  14 Jul 2018
2

I ran into this issue, Google brought me here.

We simply did s/"^/"/mg on our package.json and now it updates in line with yarn.lock. In other words, we set explicit package versions for NPM and otherwise use Yarn to manage them.

justinkoreska picture justinkoreska  Β·  28 Aug 2018
3

I find that running yarn upgrade [package] doesn't update the package version in package.json, but yarn upgrade [[email protected]] or yarn upgrade --latest changes package.json.
I guess only when you upgrade to specific version, it changes package.json

Nicole0320 picture Nicole0320  Β·  4 Sep 2018
7

With the command yarn upgrade-interactive --latest, you'll be able to select the packages you want to upgrade, and the --latest will enable the "feature" to update the package.json as well. But be aware that it will install latest versions, and not "wanted" versions.

"Wanted" versions are version capped by what you provided in package.json.
"Latest" versions (if superior to wanted version) can only be installed through the --latest option or specifying the version yarn upgrade [email protected]

kevinmarrec picture kevinmarrec  Β·  9 Sep 2018
4

This helped me: https://www.npmjs.com/package/syncyarnlock

$ yarn upgrade-interactive && syncyarnlock
homerjam picture homerjam  Β·  15 Oct 2018
-41

@davalapar Instead of bitching, have you ran yarn upgrade-interactive?

milesj picture milesj  Β·  9 Nov 2018
11

Sorry if I overlooked this in the comments, but would it be worth-while to open a feature request: Add flag to yarn upgrade to also update package.json?

cloverich picture cloverich  Β·  17 Nov 2018
10

@davalapar please do not use profanities on Yarn issue board. Thank you.

BYK picture BYK  Β·  19 Nov 2018
30

This worked for me, i.e. upgrading all dependencies + updating package.json:

yarn upgrade --latest

The following DID NOT update package.json:

yarn upgrade package
yarn upgrade-interactive
yarn upgrade

axhamre picture axhamre  Β·  27 Nov 2018
-1

I got this problem too, but I figured it out, with these steps below:

  1. yarn install
  2. yarn upgrade-interactive

this makes all of your dependencies are up to date in the yarn.lock file

  1. yarn upgrade-interactive β€”latest
    then press a, it will selected all packages, and up them to date
    When these steps done , u will find ur package.json file's version number up to date as well!!!
    Well , it works for me, thanks all of u guys above my floor!!!!!!!!!
SilentFlute picture SilentFlute  Β·  24 Dec 2018
36

I do following to update package.json:

yarn global add syncyarnlock // install syncyarnlock globally
yarn upgrade // update dependencies, updates yarn.lock
syncyarnlock -s -k // updates package.json with versions installed from yarn.lock
yarn install // updates yarn.lock with current version constraint from package.json
cpxPratik picture cpxPratik  Β·  25 Dec 2018
1

yarn upgrade-interactive --latest does not work for me

_package.json_:

  "devDependencies": {
    "prettier": "^1.14.2",
    "typescript": "^3.0.1"
  },

Prettier can be updated to 1.15.3 and typescript to 3.2.2, yet I get:

yarn upgrade-interactive v1.12.3
success All of your dependencies are up to date.

note that I am using yarn workspaces and this is run from the workspace root

tommedema picture tommedema  Β·  10 Jan 2019
0

@tommedema
image

AmyShieh picture AmyShieh  Β·  31 Jan 2019
0

@AmyShieh yes, I am using --latest, therefore it should have suggested [email protected] and it did not.

tommedema picture tommedema  Β·  2 Feb 2019
12

The only way I managed to upgrade ALL my packages to latest was to manually run yarn upgrade [email protected] on every package. Neither of the following updated package.json:

yarn upgrade --latest
yarn upgrade-interactive --latest

I would expect those to bulk update everything in package.json, but perhaps I am misunderstanding their intent. This would definitely be a useful feature to have.

joebernard picture joebernard  Β·  3 Feb 2019
2

yarn upgrade --latest

Does not update package.json
onle @latest does .. such a hassle

japrogramer picture japrogramer  Β·  7 Feb 2019
0

yarn upgrade --latest was not working for me because a certain package was timing out in the download.
Running git config --global url."https://".insteadOf git:// solved my issue. Now I can run yarn upgrade --latest

RyanPWalker picture RyanPWalker  Β·  15 Feb 2019
0

I seem to need the opposite behavior everyone else is asking for.. possibly someone can open my eyes to something I am missing?

Scenario:

We have a codebase that requires libA. Since we have very close control over libA we have the package.json set to "libA": "latest".

Now, last time the yarn.lock file was generated, libA was at 1.1.0. Since then, libA has released 1.2.0. For our next PR we need to update the yarn.lock file so that the CI pulls the newer version.

This is where my issue arises:

It seems that every command yarn offers also updates the package.json file which overwrites latest with whatever version is actually the latest. This _does_ solve my immediate need of using the latest package version, but it introduces a new issue where my package.json is no longer targeting latest now it's actually targeting ^1.2.0. This means that when 2.0.0 drops, the same upgrade command won't actually get me latest.

Question: Is there really no way to tell yarn to update my lockfile according to my package.json _without_ changing package.json??

benjamincharity picture benjamincharity  Β·  19 Feb 2019
10

This bug is still not solved.
I tried

yarn upgrade --latest
yarn upgrade-interactive --latest

with yarn 1.12.3 - package gets not updated

MikeMitterer picture MikeMitterer  Β·  9 Mar 2019
-7

Also was struggling with the same problem.
Then I already gave app, but when I wanted to fix another problem I noticed that this yarn upgrade fable-compiler --latest has updated both files after I did in my repository next commands

ATTENTION!!! THIS WILL WIPE YOUR WORK COMPLETELY. COMMIT ALL UNSAVED CHANGES YOU NEED!

git reset --hard
git clean -dxf

It might be cleaning all the crap might help.

Then I started yarn upgrade fable-loader without latest and it updated just yarn.lock
Now I repeat all the steps

git reset --hard
git clean -dxf
yarn upgrade fable-compiler --latest
yarn upgrade fable-loader --latest

and I have in both files both dependencies updated.

Alex2357 picture Alex2357  Β·  16 Mar 2019
1

What is the status of this issue?

eluchsinger picture eluchsinger  Β·  2 Apr 2019
11

yarn upgrade --latest works out.
version pattern "x.x.x" gets updated, "^x.x.x" not, if anyone is wondering

rpweb picture rpweb  Β·  13 Apr 2019
0

➑️ yarn upgrade react react-dom jest-dom css-loader apollo-link-batch-http
It upgrades packages in yarn.lock without touching package.json

And now you run the same but with add

➑️yarn add react react-dom jest-dom css-loader apollo-link-batch-http
it will update the package.json

It solves.

the-teacher picture the-teacher  Β·  18 Apr 2019
1

The issue still persists. My package.json is sometimes over 10 versions out of date compared to yarn.lock

*is this a feature?

ClearedFram3 picture ClearedFram3  Β·  14 May 2019
0

I have yarn v. 1.12.3
and here is the behavior on my side:
In private npm registry we have latest version of "pkgA" equal to 0.13.0
And I have a package.json containing
"dependencies": {
...
"depA": "^0.11.0",
...
}

  1. yarn cache clean
  2. yarn install
  3. yarn upgrade --latest depA
    Result: package.json don't gets updated.

If I change depA version manually to 0.13.0, execute steps 2 and 3, then I will get depA v. 0.13.0 into yarn's cache.

After that I can go into package.json, change back the depA version to 0.11.0 and execute steps 2 and 3 again. This time package.json gets the version upgraded.

My conclusion: during yarn upgrade --latest (in case of semver) yarn looks for latest version inside the cache and loads from remote only if no corresponding package (as stated by semver) found.

PS: after updating yarn to v. 1.16.0 issue above disappeared.

homoluden picture homoluden  Β·  17 May 2019
0

Looks like it's still an issue. Only thing that worked for me was yarn upgrade <package_name>@latest as suggested by @joebernard. I understand that updating the package.json file with the upgrade command is not an expected behavior but it definitely would've been nice if it did update the package.json file too.

javed24 picture javed24  Β·  13 Aug 2019
1

Just having this issue. yarn upgrade -L does nothing to package.json

vsDizzy picture vsDizzy  Β·  17 Aug 2019
0

On yarn version yarn info v1.17.3, still having the issue. Tried everything mentioned above, not sure what am I missing, but it doesn't work.

love2dishtech picture love2dishtech  Β·  10 Sep 2019
13

This worked for me:

yarn global add npm-check-updates

ncu -u

got this list in the terminal:

issue

Used yarn install with the --check-files flag:

yarn install --check-files

ncu -u

result

Also if you want to upgrade only one package and have it reflect in the package.json this worked for me:

yarn add lodash@latest 

or 

yarn add [email protected]<version>

Time to dance! :)

flavioespinoza picture flavioespinoza  Β·  14 Oct 2019
0

I am having this issue in yarn 1.22.4

justinh00k picture justinh00k  Β·  15 Jun 2020
5

I switched to the npm-check-updates tool because not yarn neither npm work in the correct way.

vsDizzy picture vsDizzy  Β·  15 Jun 2020