In resolutions, it's more common to use > or >= ranges to ensure a dependency is above a particular (especially vulnerable) version.
Example:
package.json:
{
"workspaces": ["*"],
"resolutions": {
"foo": ">= 5"
}
}
package1/package.json:
{
"dependencies": {
"foo": "^4.0.0"
}
}
The autofix will currently change foo's version to >= 5, which is likely unsafe/overly-aggressive.
Related: #348
In resolutions, it's more common to use
>or>=ranges to ensure a dependency is above a particular (especially vulnerable) version.Example:
package.json:{ "workspaces": ["*"], "resolutions": { "foo": ">= 5" } }package1/package.json:{ "dependencies": { "foo": "^4.0.0" } }The autofix will currently change foo's version to
>= 5, which is likely unsafe/overly-aggressive.Related: #348