Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,550 --> 00:00:02,300 Hello, everyone, and welcome back. 2 00:00:02,860 --> 00:00:09,280 This is actually you are from the future, taking a quick little detour in our currently scheduled course 3 00:00:09,280 --> 00:00:13,830 outline to mention how you can update your packages. 4 00:00:14,440 --> 00:00:20,050 So because I'm in the future, the version of react that I'm seeing that just got released is different 5 00:00:20,050 --> 00:00:23,580 from the version that we are using throughout this course right now. 6 00:00:24,400 --> 00:00:31,180 Right now, the latest version is sixteen point ten point two as of the time of the recording of this 7 00:00:31,180 --> 00:00:31,620 video. 8 00:00:32,170 --> 00:00:37,170 In the course, though, the version of Riak that we're using is sixteen point eight point six. 9 00:00:37,570 --> 00:00:42,940 It's a very minor version change, but there are a couple of new things that came out in that react 10 00:00:42,940 --> 00:00:43,510 version. 11 00:00:44,080 --> 00:00:51,100 But even then, I think it's important to understand how we can update our packages as well as see some 12 00:00:51,130 --> 00:00:55,250 other issues that might come up that are very easy to resolve. 13 00:00:55,870 --> 00:01:02,880 I'm going to show you in this lesson how you can do so with both yarn or NPM as your main package manager. 14 00:01:03,460 --> 00:01:05,430 But we're going to start with yarn first. 15 00:01:06,220 --> 00:01:12,580 So the first thing to do is check what version of whatever packages that you want to upgrade are that 16 00:01:12,580 --> 00:01:13,630 you are currently running. 17 00:01:14,080 --> 00:01:19,980 The easiest way to do so is simply using inside of your terminal yarn list. 18 00:01:20,470 --> 00:01:24,010 So if you type in your own list and then the name of the packages. 19 00:01:24,010 --> 00:01:29,440 So for me, I'm checking out, react, react, dom and react scripts. 20 00:01:30,870 --> 00:01:37,320 I will see that react and react at sixteen point eight point six and react scrips as three point zero 21 00:01:37,320 --> 00:01:46,290 point oh I know that react and react can be upgraded to sixteen point ten point two, which is the latest 22 00:01:46,290 --> 00:01:49,590 version, and reacts grips to three point two point zero. 23 00:01:50,370 --> 00:01:56,520 Now, instead of directly modifying the value here, there's another thing that we can do to make sure 24 00:01:56,520 --> 00:02:01,330 that whenever we either want to upgrade, we can always use the latest version. 25 00:02:01,830 --> 00:02:05,460 Now, the way to do that is simply to go to our package that Jason. 26 00:02:06,560 --> 00:02:11,360 Inside of our project, so inside of our package that Jason. 27 00:02:12,260 --> 00:02:18,770 You'll see that I have inside of these two dependencies for react and react, Dom, sixteen point eight 28 00:02:18,770 --> 00:02:23,570 point six and sixteen point eight point six and three point eight point O. 29 00:02:24,610 --> 00:02:31,060 So if you have used create react app to create your application, as you've been following on this course, 30 00:02:31,060 --> 00:02:35,690 you may see that there's this little carrot symbol in front of your version. 31 00:02:36,190 --> 00:02:41,710 All that means is that this is a rule that tells whatever package manager we're using, whether it be 32 00:02:41,710 --> 00:02:50,800 Yana AMPM, whenever it sees NPM upgrade or yarn upgrade to update to the latest stable non breaking 33 00:02:50,800 --> 00:02:51,270 version. 34 00:02:52,060 --> 00:02:58,210 So if you see this carrot, then you see that whenever you installed your package, even if it's sixteen 35 00:02:58,210 --> 00:03:01,330 point eight point six, it will try and get the latest version. 36 00:03:02,370 --> 00:03:09,570 In my case, though, because I did not have it, whenever I run yarn, install or NPM install, it 37 00:03:09,570 --> 00:03:15,290 will find just the exact version, which is sixteen point eight point six. 38 00:03:16,050 --> 00:03:17,910 So I'm just going to add this carrott in. 39 00:03:19,450 --> 00:03:27,130 To all these locations here, here and here, and what this will now do is whenever I run yarn upgrade, 40 00:03:27,130 --> 00:03:30,130 it will try and upgrade with these new rules. 41 00:03:30,850 --> 00:03:36,970 The issue that you will encounter if you change your package, thought Jason, and then try to simply 42 00:03:36,970 --> 00:03:38,320 run yarn upgrade. 43 00:03:39,250 --> 00:03:42,760 Is that you will see that you have an outdated lock file. 44 00:03:43,700 --> 00:03:47,310 Please Runyan song and try again, this is perfectly fine. 45 00:03:47,780 --> 00:03:53,870 All this means is that you're upgrading is not going to work here because we updated the rules in our 46 00:03:53,870 --> 00:04:00,130 package that Jason, when we added that carrot, instead, we have to run yarn install instead. 47 00:04:01,210 --> 00:04:07,870 Now, while this is installing this is actually a good time to take a look at this lock file that gets 48 00:04:07,870 --> 00:04:13,060 mentioned, because I'm sure some of you may or may not have noticed that there is a yarnold lock or 49 00:04:13,060 --> 00:04:16,140 a package thought lock inside of your application folder. 50 00:04:17,160 --> 00:04:19,230 So what is this lock file? 51 00:04:20,350 --> 00:04:28,210 On this lock file is it is an auto generated file by either NPM or Yorn that locks the version of all 52 00:04:28,210 --> 00:04:35,200 the packages inside of our application within a specific range based on the rules that we set inside 53 00:04:35,200 --> 00:04:35,800 of package. 54 00:04:35,840 --> 00:04:36,270 Jason. 55 00:04:36,880 --> 00:04:40,180 So the rules being simply what we saw here as our version number. 56 00:04:40,720 --> 00:04:47,380 If I use this carrot, it's saying that I want it to be at least sixteen point eight point six or greater, 57 00:04:47,380 --> 00:04:48,610 but not breaking. 58 00:04:50,830 --> 00:04:56,350 What that means is that when we had it before without this carrot, the yarn lock file was generated, 59 00:04:56,350 --> 00:05:02,500 saying that the version of react and react, dom and react scripts are locked to exactly that version. 60 00:05:02,980 --> 00:05:07,510 Now that we've added this carrot, it gives more flexibility, which means the yarn lock is out of date 61 00:05:07,510 --> 00:05:08,830 and needs to be updated. 62 00:05:09,100 --> 00:05:12,970 And this lock file only updates whenever you run yarn and stall. 63 00:05:13,780 --> 00:05:16,630 So why do we need a lock for the lock? 64 00:05:16,630 --> 00:05:22,690 File is simply there so that if multiple people are working on this application, they are all using 65 00:05:22,690 --> 00:05:29,740 versions of these dependencies that don't conflict with each other because maybe somebody is running 66 00:05:29,740 --> 00:05:35,770 Riak 17, someone is running Riak 16, and there is a difference in features that might be breaking 67 00:05:35,770 --> 00:05:36,970 in the application. 68 00:05:37,330 --> 00:05:43,660 That yard lock file just ensures that everybody is using a consistent version of these dependencies. 69 00:05:44,800 --> 00:05:51,190 But with that, after we ran your store, we generated a new lock file and from now on you can simply 70 00:05:51,190 --> 00:05:54,490 run your upgrade whenever you want to upgrade these dependencies. 71 00:05:55,000 --> 00:06:00,100 And we can just double check to make sure the version of these packages that we got are updated. 72 00:06:00,580 --> 00:06:06,370 So if I run your list, react, react and react scrips. 73 00:06:08,380 --> 00:06:13,960 I'll see that they're now at sixteen point ten point two for react and react as well as they point to 74 00:06:13,960 --> 00:06:15,670 point overreact scripts. 75 00:06:16,210 --> 00:06:20,390 So with this, I have now updated my packages to the latest version. 76 00:06:21,250 --> 00:06:23,320 Now let's see how we do this in NPM. 77 00:06:24,440 --> 00:06:30,860 So here I have a separate repository that is a complete clone of our last repository, the only difference 78 00:06:30,860 --> 00:06:35,070 is that in this one I'm using NPM as my package manager instead of yarn. 79 00:06:35,930 --> 00:06:40,670 All I have to do in order to update these packages is run NPM update. 80 00:06:41,240 --> 00:06:47,250 The main difference here is that NPM update will force the versions to update to their latest versions. 81 00:06:47,750 --> 00:06:54,500 However, it's still good to be explicit in our rules and package JSON so that we know what kind of 82 00:06:54,500 --> 00:06:56,050 versioning we want to do. 83 00:06:56,540 --> 00:07:02,480 So first, let's just check what versions we have actually installed for react, react to them and react 84 00:07:02,480 --> 00:07:04,780 scripts instead of yarn list. 85 00:07:04,790 --> 00:07:09,680 We use NPM list and then we type out the actual package names the same way. 86 00:07:12,640 --> 00:07:13,890 I got a typo there. 87 00:07:17,750 --> 00:07:23,300 So here with this, it's just like yarn before we see that our versions are sixteen point eight point 88 00:07:23,300 --> 00:07:27,560 six four react and react and three point zero point zero four react scripts. 89 00:07:28,250 --> 00:07:36,020 So in order to update this, we can go into our package that Jayson and we can add Tilde in front of 90 00:07:36,020 --> 00:07:40,190 react, react and react scripts just to be explicit. 91 00:07:40,940 --> 00:07:43,700 And then we simply run NPM update. 92 00:07:44,720 --> 00:07:49,820 One thing I want to note is that even if you don't add the tilde, it will update the version numbers 93 00:07:49,820 --> 00:07:54,770 and it will overwrite your package, that JSON file to show the latest version. 94 00:07:55,640 --> 00:08:01,880 So NPM update and NPM install are both a little different because NPM install sometimes will skip over 95 00:08:01,880 --> 00:08:05,320 certain versions if it doesn't see that it's a major update. 96 00:08:06,050 --> 00:08:11,590 The safest way to make sure that you actually do update all your versions if you want to is run npm 97 00:08:11,630 --> 00:08:12,070 update. 98 00:08:12,650 --> 00:08:13,820 It takes a little longer. 99 00:08:13,850 --> 00:08:15,950 So let's just fast forward through the section. 100 00:08:16,580 --> 00:08:20,260 So here we'll see already that it's told us that it's updated. 101 00:08:20,270 --> 00:08:26,840 React on to sixteen point ten point to react scripts, the three point two point O and react to sixteen 102 00:08:26,840 --> 00:08:27,740 point ten point two. 103 00:08:28,700 --> 00:08:32,700 Now, you'll also see down here that it says found zero vulnerabilities. 104 00:08:33,380 --> 00:08:40,000 So what our vulnerabilities you might see this number change sometimes, whether you see it as a warning 105 00:08:40,000 --> 00:08:45,440 in your GitHub or maybe when you do something with your NPM, it'll show you that there's certain vulnerabilities. 106 00:08:46,040 --> 00:08:49,550 Vulnerabilities are essentially at these minor security concerns. 107 00:08:49,730 --> 00:08:52,150 Sometimes they're major, most of the time they're minor. 108 00:08:52,640 --> 00:08:59,870 That has to do with either a dependency that you have installed or a dependency that your packages depend 109 00:08:59,870 --> 00:09:03,300 upon, that you yourself don't know that you also installed. 110 00:09:03,530 --> 00:09:08,360 So, for example, REACT probably has something like 60 other packages that it depends upon. 111 00:09:08,780 --> 00:09:10,930 And one of those might have a security concern. 112 00:09:11,450 --> 00:09:19,790 The easiest way to actually fix this inside of NPM is to run NPM Audit Fix, and this command will go 113 00:09:19,790 --> 00:09:25,220 through and update the versions to a version of a package where it doesn't have the security concern 114 00:09:25,220 --> 00:09:25,610 anymore. 115 00:09:26,090 --> 00:09:32,690 Unfortunately, with yarn, this is not so easy while yarn does have access to a yarn audit. 116 00:09:33,750 --> 00:09:39,570 All it will do is will audit all of the packages as well as those packages, dependency packages, to 117 00:09:39,570 --> 00:09:45,360 see if there's any vulnerabilities and any of them, if it does, it will list them to you and show 118 00:09:45,360 --> 00:09:46,560 you at what severity. 119 00:09:46,560 --> 00:09:52,920 But for you to actually update it, there's no such easy command as NPM audit fix in Yade. 120 00:09:53,340 --> 00:09:59,970 Well, you'll have to do is manually install and upgrade all of those packages that you see with a vulnerability 121 00:09:59,970 --> 00:10:03,530 if you do use yarn as your main package manager. 122 00:10:03,900 --> 00:10:08,910 So that's just one thing to highlight as the main difference between NAPM and yarn, as well as how 123 00:10:08,910 --> 00:10:09,710 the commands work. 124 00:10:10,230 --> 00:10:15,480 So hopefully with this you now know how to update your packages, whether you're using yarn or NPM, 125 00:10:15,660 --> 00:10:17,850 as well as fixed security vulnerabilities. 126 00:10:18,890 --> 00:10:22,720 And with that, good luck and I'll see everyone in the next lesson. 13430