npm's dependency graph is a ticking time bomb, how many times do we need to see a minor version bump of a transitive dependency break the entire build before we rethink this approach?