-
Notifications
You must be signed in to change notification settings - Fork 713
Updating JS dependencies
Daniel Holbach edited this page Jun 7, 2019
·
2 revisions
Sometimes security problems (or other reasons) make it necessary to update Javascript dependencies. In general it's a good idea to follow this process:
-
yarn why <pkg>(tells us what is pullingpkgin) -
yarn info <pkg>(figure out which versions are available) - consult
package.json, try updating the version - run
yarn install && yarn test - verify in
git diffif all occurrences inyarn.lockwere updated
Sometimes an old leaf package is pulled in through a bit which hasn't updated its pinned dependencies in a while, so an old version is still pulled in.
Using nvm to get the right version of node can sometimes be necessary.