Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,550 --> 00:00:02,300
Hello, everyone, and welcome back.
2
00:00:02,860 --> 00:00:09,280
This is actually you are from the future, taking a quick little detour in our currently scheduled course
3
00:00:09,280 --> 00:00:13,830
outline to mention how you can update your packages.
4
00:00:14,440 --> 00:00:20,050
So because I'm in the future, the version of react that I'm seeing that just got released is different
5
00:00:20,050 --> 00:00:23,580
from the version that we are using throughout this course right now.
6
00:00:24,400 --> 00:00:31,180
Right now, the latest version is sixteen point ten point two as of the time of the recording of this
7
00:00:31,180 --> 00:00:31,620
video.
8
00:00:32,170 --> 00:00:37,170
In the course, though, the version of Riak that we're using is sixteen point eight point six.
9
00:00:37,570 --> 00:00:42,940
It's a very minor version change, but there are a couple of new things that came out in that react
10
00:00:42,940 --> 00:00:43,510
version.
11
00:00:44,080 --> 00:00:51,100
But even then, I think it's important to understand how we can update our packages as well as see some
12
00:00:51,130 --> 00:00:55,250
other issues that might come up that are very easy to resolve.
13
00:00:55,870 --> 00:01:02,880
I'm going to show you in this lesson how you can do so with both yarn or NPM as your main package manager.
14
00:01:03,460 --> 00:01:05,430
But we're going to start with yarn first.
15
00:01:06,220 --> 00:01:12,580
So the first thing to do is check what version of whatever packages that you want to upgrade are that
16
00:01:12,580 --> 00:01:13,630
you are currently running.
17
00:01:14,080 --> 00:01:19,980
The easiest way to do so is simply using inside of your terminal yarn list.
18
00:01:20,470 --> 00:01:24,010
So if you type in your own list and then the name of the packages.
19
00:01:24,010 --> 00:01:29,440
So for me, I'm checking out, react, react, dom and react scripts.
20
00:01:30,870 --> 00:01:37,320
I will see that react and react at sixteen point eight point six and react scrips as three point zero
21
00:01:37,320 --> 00:01:46,290
point oh I know that react and react can be upgraded to sixteen point ten point two, which is the latest
22
00:01:46,290 --> 00:01:49,590
version, and reacts grips to three point two point zero.
23
00:01:50,370 --> 00:01:56,520
Now, instead of directly modifying the value here, there's another thing that we can do to make sure
24
00:01:56,520 --> 00:02:01,330
that whenever we either want to upgrade, we can always use the latest version.
25
00:02:01,830 --> 00:02:05,460
Now, the way to do that is simply to go to our package that Jason.
26
00:02:06,560 --> 00:02:11,360
Inside of our project, so inside of our package that Jason.
27
00:02:12,260 --> 00:02:18,770
You'll see that I have inside of these two dependencies for react and react, Dom, sixteen point eight
28
00:02:18,770 --> 00:02:23,570
point six and sixteen point eight point six and three point eight point O.
29
00:02:24,610 --> 00:02:31,060
So if you have used create react app to create your application, as you've been following on this course,
30
00:02:31,060 --> 00:02:35,690
you may see that there's this little carrot symbol in front of your version.
31
00:02:36,190 --> 00:02:41,710
All that means is that this is a rule that tells whatever package manager we're using, whether it be
32
00:02:41,710 --> 00:02:50,800
Yana AMPM, whenever it sees NPM upgrade or yarn upgrade to update to the latest stable non breaking
33
00:02:50,800 --> 00:02:51,270
version.
34
00:02:52,060 --> 00:02:58,210
So if you see this carrot, then you see that whenever you installed your package, even if it's sixteen
35
00:02:58,210 --> 00:03:01,330
point eight point six, it will try and get the latest version.
36
00:03:02,370 --> 00:03:09,570
In my case, though, because I did not have it, whenever I run yarn, install or NPM install, it
37
00:03:09,570 --> 00:03:15,290
will find just the exact version, which is sixteen point eight point six.
38
00:03:16,050 --> 00:03:17,910
So I'm just going to add this carrott in.
39
00:03:19,450 --> 00:03:27,130
To all these locations here, here and here, and what this will now do is whenever I run yarn upgrade,
40
00:03:27,130 --> 00:03:30,130
it will try and upgrade with these new rules.
41
00:03:30,850 --> 00:03:36,970
The issue that you will encounter if you change your package, thought Jason, and then try to simply
42
00:03:36,970 --> 00:03:38,320
run yarn upgrade.
43
00:03:39,250 --> 00:03:42,760
Is that you will see that you have an outdated lock file.
44
00:03:43,700 --> 00:03:47,310
Please Runyan song and try again, this is perfectly fine.
45
00:03:47,780 --> 00:03:53,870
All this means is that you're upgrading is not going to work here because we updated the rules in our
46
00:03:53,870 --> 00:04:00,130
package that Jason, when we added that carrot, instead, we have to run yarn install instead.
47
00:04:01,210 --> 00:04:07,870
Now, while this is installing this is actually a good time to take a look at this lock file that gets
48
00:04:07,870 --> 00:04:13,060
mentioned, because I'm sure some of you may or may not have noticed that there is a yarnold lock or
49
00:04:13,060 --> 00:04:16,140
a package thought lock inside of your application folder.
50
00:04:17,160 --> 00:04:19,230
So what is this lock file?
51
00:04:20,350 --> 00:04:28,210
On this lock file is it is an auto generated file by either NPM or Yorn that locks the version of all
52
00:04:28,210 --> 00:04:35,200
the packages inside of our application within a specific range based on the rules that we set inside
53
00:04:35,200 --> 00:04:35,800
of package.
54
00:04:35,840 --> 00:04:36,270
Jason.
55
00:04:36,880 --> 00:04:40,180
So the rules being simply what we saw here as our version number.
56
00:04:40,720 --> 00:04:47,380
If I use this carrot, it's saying that I want it to be at least sixteen point eight point six or greater,
57
00:04:47,380 --> 00:04:48,610
but not breaking.
58
00:04:50,830 --> 00:04:56,350
What that means is that when we had it before without this carrot, the yarn lock file was generated,
59
00:04:56,350 --> 00:05:02,500
saying that the version of react and react, dom and react scripts are locked to exactly that version.
60
00:05:02,980 --> 00:05:07,510
Now that we've added this carrot, it gives more flexibility, which means the yarn lock is out of date
61
00:05:07,510 --> 00:05:08,830
and needs to be updated.
62
00:05:09,100 --> 00:05:12,970
And this lock file only updates whenever you run yarn and stall.
63
00:05:13,780 --> 00:05:16,630
So why do we need a lock for the lock?
64
00:05:16,630 --> 00:05:22,690
File is simply there so that if multiple people are working on this application, they are all using
65
00:05:22,690 --> 00:05:29,740
versions of these dependencies that don't conflict with each other because maybe somebody is running
66
00:05:29,740 --> 00:05:35,770
Riak 17, someone is running Riak 16, and there is a difference in features that might be breaking
67
00:05:35,770 --> 00:05:36,970
in the application.
68
00:05:37,330 --> 00:05:43,660
That yard lock file just ensures that everybody is using a consistent version of these dependencies.
69
00:05:44,800 --> 00:05:51,190
But with that, after we ran your store, we generated a new lock file and from now on you can simply
70
00:05:51,190 --> 00:05:54,490
run your upgrade whenever you want to upgrade these dependencies.
71
00:05:55,000 --> 00:06:00,100
And we can just double check to make sure the version of these packages that we got are updated.
72
00:06:00,580 --> 00:06:06,370
So if I run your list, react, react and react scrips.
73
00:06:08,380 --> 00:06:13,960
I'll see that they're now at sixteen point ten point two for react and react as well as they point to
74
00:06:13,960 --> 00:06:15,670
point overreact scripts.
75
00:06:16,210 --> 00:06:20,390
So with this, I have now updated my packages to the latest version.
76
00:06:21,250 --> 00:06:23,320
Now let's see how we do this in NPM.
77
00:06:24,440 --> 00:06:30,860
So here I have a separate repository that is a complete clone of our last repository, the only difference
78
00:06:30,860 --> 00:06:35,070
is that in this one I'm using NPM as my package manager instead of yarn.
79
00:06:35,930 --> 00:06:40,670
All I have to do in order to update these packages is run NPM update.
80
00:06:41,240 --> 00:06:47,250
The main difference here is that NPM update will force the versions to update to their latest versions.
81
00:06:47,750 --> 00:06:54,500
However, it's still good to be explicit in our rules and package JSON so that we know what kind of
82
00:06:54,500 --> 00:06:56,050
versioning we want to do.
83
00:06:56,540 --> 00:07:02,480
So first, let's just check what versions we have actually installed for react, react to them and react
84
00:07:02,480 --> 00:07:04,780
scripts instead of yarn list.
85
00:07:04,790 --> 00:07:09,680
We use NPM list and then we type out the actual package names the same way.
86
00:07:12,640 --> 00:07:13,890
I got a typo there.
87
00:07:17,750 --> 00:07:23,300
So here with this, it's just like yarn before we see that our versions are sixteen point eight point
88
00:07:23,300 --> 00:07:27,560
six four react and react and three point zero point zero four react scripts.
89
00:07:28,250 --> 00:07:36,020
So in order to update this, we can go into our package that Jayson and we can add Tilde in front of
90
00:07:36,020 --> 00:07:40,190
react, react and react scripts just to be explicit.
91
00:07:40,940 --> 00:07:43,700
And then we simply run NPM update.
92
00:07:44,720 --> 00:07:49,820
One thing I want to note is that even if you don't add the tilde, it will update the version numbers
93
00:07:49,820 --> 00:07:54,770
and it will overwrite your package, that JSON file to show the latest version.
94
00:07:55,640 --> 00:08:01,880
So NPM update and NPM install are both a little different because NPM install sometimes will skip over
95
00:08:01,880 --> 00:08:05,320
certain versions if it doesn't see that it's a major update.
96
00:08:06,050 --> 00:08:11,590
The safest way to make sure that you actually do update all your versions if you want to is run npm
97
00:08:11,630 --> 00:08:12,070
update.
98
00:08:12,650 --> 00:08:13,820
It takes a little longer.
99
00:08:13,850 --> 00:08:15,950
So let's just fast forward through the section.
100
00:08:16,580 --> 00:08:20,260
So here we'll see already that it's told us that it's updated.
101
00:08:20,270 --> 00:08:26,840
React on to sixteen point ten point to react scripts, the three point two point O and react to sixteen
102
00:08:26,840 --> 00:08:27,740
point ten point two.
103
00:08:28,700 --> 00:08:32,700
Now, you'll also see down here that it says found zero vulnerabilities.
104
00:08:33,380 --> 00:08:40,000
So what our vulnerabilities you might see this number change sometimes, whether you see it as a warning
105
00:08:40,000 --> 00:08:45,440
in your GitHub or maybe when you do something with your NPM, it'll show you that there's certain vulnerabilities.
106
00:08:46,040 --> 00:08:49,550
Vulnerabilities are essentially at these minor security concerns.
107
00:08:49,730 --> 00:08:52,150
Sometimes they're major, most of the time they're minor.
108
00:08:52,640 --> 00:08:59,870
That has to do with either a dependency that you have installed or a dependency that your packages depend
109
00:08:59,870 --> 00:09:03,300
upon, that you yourself don't know that you also installed.
110
00:09:03,530 --> 00:09:08,360
So, for example, REACT probably has something like 60 other packages that it depends upon.
111
00:09:08,780 --> 00:09:10,930
And one of those might have a security concern.
112
00:09:11,450 --> 00:09:19,790
The easiest way to actually fix this inside of NPM is to run NPM Audit Fix, and this command will go
113
00:09:19,790 --> 00:09:25,220
through and update the versions to a version of a package where it doesn't have the security concern
114
00:09:25,220 --> 00:09:25,610
anymore.
115
00:09:26,090 --> 00:09:32,690
Unfortunately, with yarn, this is not so easy while yarn does have access to a yarn audit.
116
00:09:33,750 --> 00:09:39,570
All it will do is will audit all of the packages as well as those packages, dependency packages, to
117
00:09:39,570 --> 00:09:45,360
see if there's any vulnerabilities and any of them, if it does, it will list them to you and show
118
00:09:45,360 --> 00:09:46,560
you at what severity.
119
00:09:46,560 --> 00:09:52,920
But for you to actually update it, there's no such easy command as NPM audit fix in Yade.
120
00:09:53,340 --> 00:09:59,970
Well, you'll have to do is manually install and upgrade all of those packages that you see with a vulnerability
121
00:09:59,970 --> 00:10:03,530
if you do use yarn as your main package manager.
122
00:10:03,900 --> 00:10:08,910
So that's just one thing to highlight as the main difference between NAPM and yarn, as well as how
123
00:10:08,910 --> 00:10:09,710
the commands work.
124
00:10:10,230 --> 00:10:15,480
So hopefully with this you now know how to update your packages, whether you're using yarn or NPM,
125
00:10:15,660 --> 00:10:17,850
as well as fixed security vulnerabilities.
126
00:10:18,890 --> 00:10:22,720
And with that, good luck and I'll see everyone in the next lesson.
13430
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.