The solution to this problem in yarn is called selective version resolutions which is basically defining resolutions for the transitive dependencies in the package.json.
The transitive dependencies are the dependencies of dependencies.
{
"resolutions": { "**/**/lodash": "^4.17.12" }
}
So here even if the lodash isn’t a direct dependency of your package, the dependent package in your package uses the version defined in the resolutions. Specific resolutions can also be provided. More info here.