# Upgrade package versions to fix vulnerabilities

Snyk will always recommend the smallest upgrade of a dependency to resolve a vulnerability.

To resolve a vulnerability in a transitive dependency, Snyk will calculate the dependency tree for your Project and determine the minimum upgrade to the direct dependency that will result in a vulnerability-free version of the indirect dependency.

Some fixes may require a major upgrade of a dependency. In this situation, if Snyk suspects a major change that would cause breakage, the Fix PR screen indicates this.

See [Upgrading dependencies with automatic PRs](/scan-with-snyk/pull-requests/snyk-pull-or-merge-requests/enable-automatic-upgrade-prs-for-new-dependency-upgrades.md) for more details.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.snyk.io/scan-with-snyk/snyk-open-source/manage-vulnerabilities/upgrade-package-versions-to-fix-vulnerabilities.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.