danoc
commented
7 years ago Duplicate of https://github.com/yarnpkg/yarn/issues/4443, I think.
Open marcofugaro opened 7 years ago
danoc
commented
7 years ago Duplicate of https://github.com/yarnpkg/yarn/issues/4443, I think.
gluons
commented
7 years ago And #4390
rally25rs
commented
7 years ago The old Yarn (pre v1) would always update to the latest as specified by the registry, so if your package.json had ^1.3.2 but the registry had 2.0.0 as the latest, it would upgrade you to 2.0.0 (ignoring your package.json). As of v1 that behavior now only happens if you pass -L/--latest flag. Without that flag it will respect what range is in your package.json.
I could certainly see the desire to update this range, and that could certainly be a feature request. We intentionally don't edit it at this point, because people might have some "exotic" ranges in there like 1.x || >=2.5.0 || 5.0.0 - 7.2.3 which is a valid range, and could be quite problematic to update and "get right".
Some thought behind this change is documented in this RFC: https://github.com/yarnpkg/rfcs/blob/master/implemented/0000-upgrade-command-consistency.md
I'll mark this as a "feature request" for now and leave it open.
nodkz
commented
7 years ago I confirm that package.json is not updated. BUT should!
Updated versions just in yarn.lock is not good for me as a packages administrator. I receive different errors (with optionalDependencies, peerDeps, unproper package installations with nesting node_modules) with yarn when upgrade or install new packages and rarely remove yarn.lock or node_modules folder to get proper fresh install.
So with current behavior, I don't know with which top packages I had proper node_modules folder in past (with yarn 0.27 I had nice updated package.json and it gives to me good point for resolving package problems).
@rally25rs :
because people might have some "exotic" ranges in there like 1.x || >=2.5.0 || 5.0.0 - 7.2.3
So I suggest to skip updates for this "exotic", but update versions for x.x.x, ~x.x.x, ^x.x.x, >=x.x.x And make 99% of users happy 😉
levithomason
commented
6 years ago The only way I can get the package.json to update is to remove and re-add the packages. Passing --latest to upgrade or upgrade-interactive does not update the package.json for me either.
yarn 1.3.2
marcofugaro
commented
6 years ago I just retried running yarn upgrade-interactive --latest with v1.3.2 and the package.json is edited correctly. Even with still valid semver.
Is that for you guys also?
eddie-dunn
commented
5 years ago @rally25rs :
because people might have some "exotic" ranges in there like 1.x || >=2.5.0 || 5.0.0 - 7.2.3
So I suggest to skip updates for this "exotic", but update versions for
x.x.x,~x.x.x,^x.x.x,>=x.x.xAnd make 99% of users happy wink
Is there a reason we can't have this behavior? I would greatly appreciate being able to quickly see the current minor|patch version by taking a quick look at package.json rather than grepping through yarn.lock which can grow rather large.
jon-shipley
commented
4 years ago One use-case that makes sense to me is for security updates.
If a security update is created at patch level, for instance, then it makes sense to me to also allow the user to request that the package.json file is also updated to make it clear that the actual dependency has also been updated.
Thoughts?
What is the current behavior? When running
yarn upgrade-interactiveand updating the patch version of some package, if in your package.json the version is still valid (ie.^1.3.2update to1.3.3), the package.json file is not changedWhat is the expected behavior? It should update the package.json anyway like the old yarn used to do
Please mention your node.js, yarn and operating system version. yarn v1.0.2 node v8.5.0