Yarn will avoid updating transitive dependencies if you’re not actively updating the source of the transitive dependency.

This is reasonably well-motivated: say you depend on package `A` which depends on `"B": "^1.0.0"`, and Yarn resolves `B` at `1.0.1` and you later install package `C` which depends on `"B": "^1.0.2"`, `A` _says_ it’s compatible with that version, but it’s still possible for A to be relying on broken behavior in B `1.0.1` which got _fixed_ in `1.0.2`, so Yarn leaves the original in place instead of updating it, and you just end up with two copies of `B` in your dependency graph; `A` uses the original and `C` uses a new one.

That is _broadly_ preferable for Node-side applications, because it means you can control it by explicitly upgrading `A` or even `A`’s version of `B`, but it never happens implicitly.

To work around it in cases like this, you can `volta install yarn-deduplicate` and then run `yarn-deduplicate` in your repo, and that will _usually_ clear out issues like this as long as the original dependency version range is actually compatible with the new one.