Suppose you have top level Dependency A.
Dependency A is licensed under MIT.
Dependency A packages Dependency B as part of its distribution.
Dependency B is licensed under GPL.
In order to use Dependency A, do you need to agree to the terms of both MIT as well as GPL, or just MIT.
The GPL license is written in such a way that you are not allowed to use GPL-licensed code in a product unless the users of the product have the same rights that are granted by applying the GPL license. This is even the case if only a small portion of the complete product is actually licensed under the GPL.
Due to this “infectious” nature of the GPL, if you indirectly/transitively depend on some code that is licensed under the GPL, then you are also required to release your project under a license that is compatible with the GPL.
So, if you want to use Dependency A (MIT licensed), which in turn depends on Dependency B (GPL licensed), then your code must be licensed in a way that is compatible with the terms of the GPL, which essentially means that you have to use an open-source license.