For the first time last week, i received a “Security Alert Digest” email from Github.
Inside were all the dependencies of a project,
gatsby-starter, that had known vulnerabilities. It listed the name of the dependency, its version, and the version i should upgrade to to be safe. Okay.
I started thinking, wait, how the heck do i upgrade all of the dependencies at once? There were about 14 or so.
In case you’re wondering how to do so, too, here you go.
First off, running
npm update won’t update major releases by standard
package.json rules. You’ll need to install the
npm-check-updates package globally. It’s used to let npm know to install the minor
devDependencies for each of your packages in the
npm install -g npm-check-updates
npm install. Boom.
Hope that helps!
Cheers and peace.