How can I upgrade ansi-html from 0.0.7 to 0.0.8?

Question

I have a maven application which uses ReactJS for the front-end and it is using ansi-html:0.0.7 currently. This led to vulnerability alert by GitHub dependabot and it asks me to upgrade to version @^0.0.8.

Usually when I need to upgrade something, I go to yarn.lock file and delete the respective block of configuration and run yarn install/build again which installs the latest version of the dependency.

However, in this case, it is only re-installing 0.0.7 and not 0.0.8 or higher. I even tried adding the package "ansi-html":"0.0.8" in package.json file and reinstalled everything. Still, no luck.

How can fix this?

Thanks in advance.

Answer 1

I know this is an old question, but I am going to add an answer anyway for general knowledge.

From what I understood from the question, ansi-html is a sub-dependency of other dependency in your application. Before forcing a new version of a sub-dependency you need to know what package uses this dependency. You can do that by running

yarn why <package name>

The output will tell you what package in the project that uses that dependency. If that package has a new version then upgrade to it. If that doesn't work, you can force the affected package to use a newer version of it by adding it to the resolutions section of package.json file

"resolutions": {
    <package name>: <version number>
}

Then try to do a full yarn install or npm install

I don't like this approach and I only use it as a last resort, because if you do any upgrades in the future, it will force sub-dependencies to always download the versions of the resolution section and it could cause issues in the future. So please use it when there is no other solution