Reputation: 107
Managing packages with Yarn
I need to update old dependencies because of security reasons in a project, that uses Yarn and I would like to know the best way to do this. I have used yarn add package-name@latest and yarn upgrade package-name@latest with the same result. The old version package definition remains. Is that acceptable? Since I have to update the old version for security, I think the old version should be removed. Is there a command that updates a package to a specific version and removes the old package definition?
Upvotes: 1
Views: 470
Answers (1)
Reputation: 1109
The situation you are describing should only arise if you also have transitive dependencies that come from other dependencies.
So you may have another package that depends on acorn in a lower version.
If this is not the case I would try:
yarn upgrade package-name --latest
To update all packages to the latest versions, I recommend:
yarn upgrade-interactive --latest
Upvotes: 1
Related Questions
- How to update package-lock.json without doing npm install?
- How to sync `yarn.lock` with `package.json`?
- how to fix yarn.lock and package-lock json mix
- sync yarn.lock back into package.json and lock
- Why is my yarn.lock file changing when running yarn install after incrementing version in package.json?
- How to install packages based on the lock-file with Yarn?
- Why does my project have both a package-lock.json and yarn.lock file?
- how to convert package-lock.json to yarn.lock?
- How to have yarn fail on yarn install when package.json and yarn.lock are out of sync?
- Why are packages in my yarn.lock but not in my package.json?