bun update [package]

[eelkevdbos]

What is the problem this feature would solve?

Currently, there is no way to update a single package to its latest version. Additionally, since the lock file is in binary format, it is very difficult to surgically update identifiers and hashes of packages, let alone update nested dependencies.

Specifically, I am trying to support the bunx update-browserslist-db@latest workflow, see issue (browserslist/update-db#25) and (draft) PR (browserslist/update-db#26)

What is the feature you are proposing to solve the problem?

A bun update [PACKAGE] command that would just update this package to the latest version within the specified constraints including nested dependencies.

What alternatives have you considered?

Using a different package manager like npm or yarn that provide this specific interface.

[paperdave]

yes this sucks

we will fix it

sorry

[Tenrys]

any updates on this feature? Is there an alternative, just as quick way to do the same thing? I would love to fully switch to bun as a package manager but I rely a lot the ability to easily upgrade one or multiple packages.

[DanielBaulig]

I'm struggling with this, too. Having to nuke the entire bun.lockb file to get a single package updated is not great. Due to the binary nature of the lockfile it's not really possible to make changes manually either.

This is a little off-topic, but I think this is feedback that is worth considering: I get that having a binary lockfile allows for faster processing and super fast bun update/bun install, but do people really run bun install and bun update that often that optimizing the lockfile to the level of being a binary file is really necessary? Getting this one module updated has caused me so much trouble, no amount of bun install/bun update optimization is ever going to make up for that again. I don't want to appear ungrateful or grumpy, but it seems this is a case of prioritizing micro-benchmarks optimization over real-life performance and ergonomics.

Also note that running bun update [package-name] actually appears to be doing something today, but it isn't actually updating the package. It appears to be just re-installing the same version of the package. Supplying --force or --no-cache doesn't seem to have an effect on that either. This behavior is very confusing and irritating.

[afonsojramos]

I assume that it is probably a limitation of update-browserslist-db that is not able to get the info from the lockfile as it is binary

[ai]

For Browserslist we need to update all nested dependencies, but just direct one.

[dylan-conway]

This is supported as of bun v1.1.14. You can also specify package names with a version, for example bun update jquery@3.2. --latest can be used to update to the latest version, ignoring the current version range.

We've yet to implement --interactive for bun update, you can follow along here #4895