View my tickets
Submit a ticket Try Snyk for free

Articles in this section

See more
  1. Support Portal | Snyk
  2. Using Snyk
  3. Fixing Vulnerabilities

Failed to update the yarn.lock, please update manually before merging.

Problem

When opening a Fix Pull Request from Snyk on a Yarn project you may sometimes receive the following Warning in the body of your PR:

 

⚠️ Warning
Failed to update the yarn.lock, please update manually before merging.

 

Discussion

There could be a couple of different issues when Snyk fails to update the yarn.lock file when creating a PR.

 

Private Dependencies

The most common root cause of this warning is the project has some private dependencies that Snyk does not have access to and is thus failing to re-lock the yarn.lock file.

In these cases, it will be necessary to re-lock the yarn.lock file manually from a system that has access to the private dependencies

 

Out-of-Sync Package.json and Yarn.lock files

Another common issue is that the two files i.e package.json and the yarn.lock files are out of sync. For this, you could simply run yarn install and that should resolve the issue.