Yarn doesn't update the "version" field in node_modules' package.json files

[Jessidhia]

Do you want to request a feature or report a bug?

bug

What is the current behavior?

Yarn doesn't seem to correctly update the version field in the package.json files inside node_modules when an upgrade is done.

If the current behavior is a bug, please provide the steps to reproduce.

$ yarn init -y
$ yarn add check-dependencies autoprefixer@9.0.0
$ yarn run check-dependencies
$ yarn upgrade --latest # upgrades autoprefixer to latest, currently 9.0.1
$ yarn run check-dependencies
autoprefixer: installed: 9.0.0, expected: 9.0.1

By looking at the node_modules/autoprefixer/CHANGELOG.md file, you can tell that the installed version is 9.0.1, but the node_modules/autoprefixer/package.json still claims to be 9.0.0, which trips check-dependencies. The package.json is also not updated by --check-files.

This does not only happen with upgrade --latest but also when the yarn.lock is committed and then used from another clone to run a regular yarn install.

What is the expected behavior?

The version in each package's package.json should match the version installed.

Please mention your node.js, yarn and operating system version.

• node: 10.2.1 or 10.5.0
• yarn: 1.8.0
• OS: macOS Mojave

This affects other users in other OSes as well.