how does yarn work when it encounters ^ (caret)?

The selected answer is wrong.

caret means following

^3.1.4 will allow a version range from >=3.1.4 <4.0.0

yarn install will install the exact version in the lockfile. That's the great benefit of a lockfile, everyone working on your project gets the exact same version of the package regardless of when the do yarn install. (e.g. I do yarn install today, when 16.0.0 is the current version, but you do yarn install tomorrow when 16.1.0 is the current version. We'll still both get 16.0.0 because that's what our lockfile says we should get. Our development environments are exactly the same, which is what we want. Likewise if we deploy in 2 weeks when 16.2.0 is the current version, 16.0.0 will get deployed; thus our dev and prod environments are exactly the same, too)

If 16.1.0 is released and you want to update your project to use it, use yarn upgrade. Note that you can upgrade all of your packages, or just one specific package, as well as update to the latest version of a package or a specific version of a package. https://yarnpkg.com/lang/en/docs/cli/upgrade/

Version Control Your package.json and yarn.lock

By adding these two files to version control, you'll easily be able to revert your project to a specific point in time in regards to your packages.