'Dependabot issue - cannot update glob-parent to a non-vulnerable version

I've just started to use Dependabot and encountered an issue with one of its alerts. I was looking for an answer how to handle such vulnerabilities, but didn't fine any proper resource. What I can see that it is a dependency of my deps, so it affects package-lock file.

Here is what Dependabot provided:

Dependabot cannot update glob-parent to a non-vulnerable version
The latest possible version that can be installed is 3.1.0 because of the following conflicting dependencies:

[email protected] requires glob-parent@^6.0.1
[email protected] requires glob-parent@^3.1.0 via a transitive dependency on [email protected]
The earliest fixed version is 5.1.2.

I don't have glob-parent in my package.json file - it is just the dependency of my other dependencies. What is the attitude to handle such alerts? Should I dismiss it? As far as I know manually changing package-lock is not the way to go.

javascriptreactjsnpmdependenciesdependabot


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

React Router with optional path parameter

How to dynamically update google recaptcha sitekey?

How to dynamically update google recaptcha sitekey?

Remove duplicate in a string - javascript

Remove duplicate in a string - javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Find an element in DOM based on an attribute value

Redirecting html page with javascript

Find an element in DOM based on an attribute value

Find an element in DOM based on an attribute value

Redirecting html page with javascript

How to find x and y coordinates of a button while using keyboard navigation?

How to find x and y coordinates of a button while using keyboard navigation?