Invalid npm error while Updating transitive dependency using npm force resolution

Question

How do i fix vulnerable package(cache-base@1.0.1) which is not direct dependency but a transitive dependency listed in package-lock.json.

below is the graph : --webpa