Force dependency selectively

(name cannot be blank) #1

Hi,

One of the dependencies of dependencies we have has a vulnerability. How can I force the vulnerable dependency version bump to avoid being exposed?

(John Gee) #2

The first thing I try is running npm audit and seeing if it has advice on how to try fixing it. For example, my package currently has one warning with this advice:

# Run  npm update handlebars --depth 7  to resolve 1 vulnerability
(system) closed #3

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.