Skip to content
Latchkey

bun update: Upgrade Dependencies

bun update bumps installed dependencies to the newest versions allowed by their package.json ranges and rewrites bun.lock.

bun update keeps dependencies current. It respects semver ranges by default, so it is safer than it sounds, but --latest deliberately ignores ranges and can break builds.

What it does

bun update re-resolves dependencies to the newest versions that satisfy the ranges in package.json, updating bun.lock and node_modules. With a package name it updates only that one; with --latest it upgrades to the newest version even past the declared range and rewrites the range.

Common usage

Terminal
bun update                          # all deps, within ranges
bun update react                    # just one package
bun update --latest                 # ignore ranges, go to newest
bun outdated                        # preview what would change

Options

FlagWhat it does
<package>Update only the named package
--latestUpgrade past semver ranges to the newest version
--frozen-lockfileRefuse to change the lockfile (effectively a no-op check)
--dry-runShow the resolution without applying it

In CI

bun update belongs in a scheduled dependency-bump job, not in normal build pipelines. Run it on a branch, let CI install --frozen-lockfile and run tests against the new bun.lock, then open a PR. Pair bun outdated with bun update to review the diff before committing.

Common errors in CI

A normal build that runs bun update will fail a downstream --frozen-lockfile check because the lockfile changed; keep update out of build jobs. After --latest, "Cannot find module" or type errors usually mean a major bump introduced a breaking change; pin back the offending package and bump it deliberately.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →