How to update dependent package version

336 views Asked by At

I am working on an Angular 10 project. And as part of the internal audit, I was asked to update the version of minimatch to 3.0.5. I checked my package.json, and I couldn't find the same. But after further research. I found out that, the same package was internally used by many other packages (eg: @angular/cli, karma, tslint etc PFA) I use in my application. All the other packages are using v3.0.4.

What can I do about this issue? Any help is appreciated.

Dependencies

1

There are 1 answers

0
Dragan Petrovic On

You can add the version 3.0.5 of this specific library in the dependencies of your projects, and it will override it.

Another option is to use this npm if for security vulnerabilities you must update a nested dependency

https://www.npmjs.com/package/npm-force-resolutions