-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
yarn upgrade-interactive
does not update package.json
#4390
Comments
I also have the same problem. |
Same with: |
@kaylieEB thank you for explanation. |
Assume we have a
This installs the packages (
This says everything is up to date, but my Thanks. |
@f - your scenario sounds a bit different than the initial report. Would you mind sharing your |
This appears to update package.json and upgrade all yarn outdated packages to the latest version: yarn upgrade --latest |
Having played around with the commands a bit, I think what happens is that when all dependencies have been updated, Solution is to simply undo (git reset or delete) your yarn.lock file, then upgrade it again. |
@SenHeng using |
As I said in my previous message, using the Series of events that I did.
|
@SenHeng It is expected that after you run After reading you comment again, I have to wonder, what did you expect after running |
@alexdevero I thought it would update the package.json to the latest versions |
@SenHeng It doesn't make any sense. If packages in node_modules are up to date, there is no reason for yarn to do anything if you use command for update. |
I agree that the current behaviour is a bit weird. Suppose you have a package.json like this (mock code):
The real installed versions are 1.1.0 and 2.0.0 respectively, while the latest versions are 1.1.0 and 2.1.0. Now running As far as I'm aware there isn't a command currently to instruct yarn to sync package.json to the actual versions. If we had an actual |
@bartvanandel I like the idea you proposed about command for syncing yarn.lock and package.json files. |
Here is another problem with not updating
After deleting |
This issue needs to be addressed. It is, and always will be, important to know EXACTLY what versions you are using. Semver is a wonderful theory but the real world is always a bit different than theory. Please make it easy & less confusing for us to keep package.json updated! Thanks. |
Feel free to contribute to make things easier and less confusing both for yourself and the whole community? 😉 |
Using the Running Running |
We are running into the same problem. We've tried $ yarn upgrade
$ yarn upgrade --latest
$ yarn upgrade-interactive
$ yarn upgrade-interactive --latest The updated version appears in the resolved section of the Is there any other way to have resolved version number from the |
Our solution was to verify that the carot(^) in the $ yarn upgrade --latest upgraded all the version numbers in the Next, we went back and just added the carot to all the version numbers again in the It was a fast easy solution. Instead of trying to find a work around anywhere else. |
I also agree that not updating the package.json file is super counter intuitive. |
@Noiwex We know they should both be versioned. We know what the purpose of |
The main problem I see with this is that my What if these new versions actually break my code? If I've done a bunch of work and I only realise later that a single dependency is breaking things. There is no easy way for me to revert back to the previous versions - because my I just wish there was an argument we could pass to
|
@BYK I think it is worth having an option for I have also seen a number of issues regarding the confusion of |
Ran into same issue today. I agree that there needs to be a way to keep package.json in sync. |
same issue for me today |
Having issues with this for a while as well. If the maintainers are interested I can attempt a PR. |
|
I am facing this issue right now. I am working with workspaces project. |
I confirm this bug should be opened again |
This whole thing defeats the point of a lock file. Its very frustrating because all that these upgrade commands do is modify the lock file but not the actual As I mentioned before (almost a year ago now... seems like nothing is being heard though), the way it acts now is actually very dangerous to your code base because if down the line you decide you actually need to go back to that previous version of a dependency - your lock file has now changed what your old version actually is locked to. I've dealt with this before - it was a very tedious fix and not at all obvious what was wrong at first - and its the reason I actually never use these features anymore. I manually update everything, and it sucks. The last time this happened I had to go searching through old git commits to find the state of the lock file at that time. I honestly can't think of any reason why it was built in the way it is now. And its such a simple fix - Just update both the |
@lostpebble Yes or at least a |
I use |
@tuurbo Nope, It worked in a past project but in the current one not. I also tried to remove yarn.lock |
The reason for this is because the major version is changing - so yarn is forcing itself to update the So using
@grigio I assume that the updates you are doing, even with the |
To add to what @lostpebble said, you can also end up with a lockfile that contains multiple versions of the same library by accident if you aren't flatting the tree: $ yarn upgrade-interactive
# User notices that package.json wasn't updated, comes to this thread and then tries to fix it
$ git checkout -- yarn.lock # remove the lockfile changes
$ yarn upgrade-interactive --latest # using the current workaround
# User notices that there are multiple versions now appearing in the lockfile Granted this won't happen if you flatten the tree with |
@lostpebble That's exactly my problem, this is a serious flaw in yarn! |
Honestly, given the response from the yarn devs, I wouldn't hold my breath about any PRs for this subject being accepted. I do have a script for this very purpose on my local machine (with some limitations), if anyone's interested I can post it in the coming days. |
would be greatly appreciated 👍 |
Apparently I already uploaded a script a while ago, in javascript. Wasn't aware of this and re-created it in Python. Well why not upload both then :) Here you go: https://gist.github.com/bartvanandel/0418571bad30a3199afdaa1d5e3dbe25 The main limitation is that it only supports simple version semver-like specs, and may choke on anything else (never tested this). |
Great thanks! Stumbled upon this thread naturally again when googling haha. |
I was reading this issue and I've just found that |
How did you run that please? |
Still happening with one of my repositories.. |
What is the current behavior?
After updating to Yarn v1.0.1
yarn upgrade-interactive
does not update package.json. In Yarn v0.28.4, runningyarn upgrade-interactive
and updating dependencies always also updated dependency versions package.json.If the current behavior is a bug, please provide the steps to reproduce.
Run
yarn upgrade-interactive
in project with outdated dependencies and update at least one page. After update, only yarn.lock is updated.What is the expected behavior?
Running
yarn upgrade-interactive
should update dependency version in package.json as it did in version v0.28.4.Please mention your node.js, yarn and operating system version.
Node: v8.4.0
Yarn: 1.0.1
Windows 10 (1703)
The text was updated successfully, but these errors were encountered: