Having installed @codemirror/lang-markdown into a project a while ago, and upgraded it a few times since then, I notice that the installed version of @lezer/markdown is still at v1.0.1 rather than the latest v1.0.2.
This makes sense, because @codemirror/lang-markdown only specifies "@lezer/markdown": "^1.0.0" as a dependency, but I wonder what the recommended method should be for keeping these kinds of sub-dependencies updated.
Should we install them independently into the project (i.e. treat @lezer/markdown as a peer dependency), or should @codemirror/lang-markdown have a more specific dependency on the latest version of @lezer/markdown?
npm is, unfortunately, rather dumb about transitive dependencies. When upgrading, killing the package lock and recreating it from scratch is usually the safest, but I guess on very large projects with some dependencies that they want to keep locked, that might be difficult as well.