When opening a Fix Pull Request from Snyk on a Yarn project you may sometimes receive the following Warning in the body of your PR:
Failed to update the yarn.lock, please update manually before merging.
There could be a couple of different issues when Snyk fails to update the
yarn.lock file when creating a PR.
For Yarn Workspaces, only the
package.json file is updated for Snyk Fix PRs. The
The most common root cause of this warning is the project has some private dependencies that Snyk does not have access to and is thus failing to re-lock the
In these cases, it will be necessary to re-lock the
yarn.lock file manually from a system that has access to the private dependencies.
Out-of-Sync Package.json and Yarn.lock files
Another common issue is that the two files i.e
package.json and the
yarn.lock files are out of sync. For this, you could simply run
yarn install and that should resolve the issue.