Different versions of some library can be used in range of other libraries. Which can cause dependencies hell. And one thing which bothered me recently - security vulnerability of some particular version library.
We can see such security reports in github repository. They usually advise to increase version of some lib. But how to do this if it is indirect dependency, which is added by other libraries? And even more, they can reference different versions of it.
As straightforward solution I fixed it manually in package-lock.json file. It works, but it takes time. And it can be broken down again after the next
npm install call.
Wise colleague advised me to use this - just add resolution rule to
package.json at root level
This fix all sub dependencies and redirect it to version you specified in resolutions.