I am receiving security vulnerability detected in mpath defined in my package-lock.json file as a mongoose dependency. I try to update fawn and mongoose but mongoose in fawn doesn’t receive the update!
Mongoose version in package.json is “^5.6.7” but in package-lock.json the version under fawn is “4.12.3”.
How can I update it?
Yes, I did.
Here is the implementation:
package-lock.json line 1893 fawn package
Cannot update mongoose nested in fawn.
Receiving security vulnerability for ‘mpath’ which needs to be updated but nested under mongoose.
It is difficult to update this nested dependency indeed. I tried different solutions; deleted all, installed again, audit fix force …