Within the last year, on a couple different applications, I ran into deployment problems that stemmed from my yarn.lock file falling out of sync with my package.json. In both cases, just deleting my lockfile and running yarn to create a new one was all I needed to do to complete the deploy.
In the first case, I moved a dependency from devDependencies to dependencies. I would think that I used the Yarn CLI to do so, but it’s been long enough that I can’t clearly remember. Ultimately, I let a modified package.json hit our repository without an updated yarn.lock file. Running yarn install --production on our servers wasn’t picking up the new dependency.
In the second case, which was a Gatsby project deployed on GitLab, I had updated Gatsby from ^2.0.53 to ^2.14.2, which involved a corresponding update of gatsby-plugin-manifest to ^2.2.9. I can’t remember whether I used yarn add or yarn upgrade or both at different times. The yarn.lock file was modified and committed. Everything was working on my machine, but the build on GitLab kept failing with a readout of:
node: symbol lookup error: /builds/[username]/[project_name]/node_modules/gatsby-plugin-manifest/node_modules/sharp/build/Release/sharp.node: undefined symbol: \_ZNK4vips6VImage7pngsaveEPKcPNS_7VOptionE
ERROR: Job failed: exit code 1
It seemed like GitLab was still trying to build the project with an older version of gatsby-plugin-manifest. I suspected the problem was that GitLab had cached the node_modules directory, but after a couple different attempts to clear the cache with no change in the build results, I just deleted my yarn.lock file and created a new one by running yarn.
It’s likely that the reason both files — yarn.lock and package.json — had been updated in this instance was that I had upgraded gatsby and gatsby-plugin-manifest, but also added react-spring. I suspect that my yarn.lock file only had changes for react-spring (and maybe gatsby), but not for gatsby-plugin-manifest.
It seems like the best thing to have done in this situation would have been to have used yarn upgrade --latest or yarn upgrade-interactive --latest, as described in this blog post. yarn upgrade will upgrade your installed packages to the latest version listed in your package.json, which may update your yarn.lock file, but it won’t bump your listed versions in package.json. The --latest flag should upgrade the package to the latest available version (and handle both your package.json and yarn.lock files). upgrade-interactive would give you options of which version to upgrade to.