Problem
When opening a Fix Pull Request from Snyk on a Yarn project you may sometimes receive the following Warning in the body of your PR:
⚠️ Warning
Failed to update the yarn.lock, please update manually before merging.
Discussion
There could be a couple of different issues when Snyk fails to update the yarn.lock
file when creating a PR.
Private Dependencies
The most common root cause of this warning is the project has some private dependencies that Snyk does not have access to and is thus failing to re-lock the yarn.lock
file.
In these cases, it will be necessary to re-lock the yarn.lock
file manually from a system that has access to the private dependencies
Out-of-Sync Package.json and Yarn.lock files
Another common issue is that the two files i.e package.json
and the yarn.lock
files are out of sync. For this, you could simply run yarn install
and that should resolve the issue.