Is there an existing issue for this?
Feature description
We’d like the tool to use overrides in package.json for dependency vulnerability fixes, instead
of only updating package-lock.json. Right now, it only changes the lockfile. While that may fix the immediate issue, it does not clearly document the intended dependency constraint in source control. Using overrides would make the remediation explicit and persistent, especially when lockfiles are regenerated or dependencies are reinstalled.
https://docs.npmjs.com/cli/v8/configuring-npm/package-json#overrides
Is there an existing issue for this?
Feature description
We’d like the tool to use overrides in package.json for dependency vulnerability fixes, instead
of only updating package-lock.json. Right now, it only changes the lockfile. While that may fix the immediate issue, it does not clearly document the intended dependency constraint in source control. Using overrides would make the remediation explicit and persistent, especially when lockfiles are regenerated or dependencies are reinstalled.
https://docs.npmjs.com/cli/v8/configuring-npm/package-json#overrides