如何更新package-lock.json

Github is telling me that a dependency in my package-lock.json file is vulnerable and outdated. The problem is that if I do npm install or npm update, neither of them update the dependency in the package-lock.json file. Github is telling me that a dependency in my pa