I clone this repo, and add overrides field to airflow/www/package.json to forcefully specify version of glob at any depth:
{
"name": "airflow-www",
...
"resolutions": {
"d3-color": "^3.1.0"
},
"overrides": {
"glob": "10.0.0"
},
...
}
Now when I run yarn install, and then run npm list --depth 4, I still can see glob with other versions. So does in yarn.lock, while I hope to see only glob@10.0.0.
$ npm -v
10.5.0
$ yarn -v
4.2.2
As in the Yarn Documentation for Selective dependency resolutions, one of the use cases is:
You may be depending on a package that is not updated frequently, which depends on another package that got an important upgrade. In this case, if the version range specified by your direct dependency does not cover the new sub-dependency version, you are stuck waiting for the author.
With that said, you should add to the "resolutions" key as it is already done for d3-color. So it would be like:
{
"name": "airflow-www",
...
"resolutions": {
"d3-color": "^3.1.0",
"glob": "^10.0.0"
},
...
}