I opened a premade Kotlin/JS project, and it has the file yarn.lock under the directory kotin-js-store. I published the code on Github, and Dependabot is giving me an alert that dependencies under yarn.lock is vulerable to security issues. But, I cannot update the dependencies through Dependabot, and yarn.lock file seems autogenerated, which means I cannot edit it. How can I update my dependencies in my yarn.lock file? My gradle dependencies are all up-to-date.

delete it then build again (or just resolve dependencies)

Deleted it, built it again, but unfortunately the exact same file got produced. Is there a way I can check which dependency is using which yarn package? Just so I can see what is causing the problem.

here's how I fixed it https://kotlinlang.slack.com/archives/C3PQML5NU/p1650448677030979?thread_ts=1639839062.315600&cid=C3PQML5NU (I meant to post that message here, but I replied in the wrong thread - oops!)