1

I need to update old dependencies because of security reasons in a project, that uses Yarn and I would like to know the best way to do this. I have used yarn add package-name@latest and yarn upgrade package-name@latest with the same result. The old version package definition remains. Is that acceptable? Since I have to update the old version for security, I think the old version should be removed. Is there a command that updates a package to a specific version and removes the old package definition?

enter image description here

IOEnthusiast
  • 105
  • 6

1 Answers1

1

The situation you are describing should only arise if you also have transitive dependencies that come from other dependencies. So you may have another package that depends on acorn in a lower version.

If this is not the case I would try:

yarn upgrade package-name --latest

To update all packages to the latest versions, I recommend:

yarn upgrade-interactive --latest
zdolny
  • 999
  • 1
  • 11
  • 21