@graphql-authz/apollo-server-plugin should probably use @graphql-authz/core as peer dep

[OoDeLally]

@graphql-authz/apollo-server-plugin@2.0.3 declares @graphql-authz/core@1.3.0 as dependency.

This can lead to a dangerous setup: this is what I had on my project:

@graphql-authz/apollo-server-plugin@2.0.3
@graphql-authz/core@1.2.1

Because my @graphql-authz/core was at version 1.2.1, my @graphql-authz/apollo-server-plugin was using an extra instance of @graphql-authz/core at version (1.3.0). This makes the two packages disconnected. This setup result in all rules being silently ignored at all while running the graphql server.

A possible solution could be to declare @graphql-authz/core@1.3.0 as peer dep, so yarn does not create an extra instance. The runtime would crash, which would be desirable.

[OoDeLally]

Also I notice that if I yarn remove @graphql-authz/core to avoid deduplicating instances, it still does not work. It only works with both explicitely yarn added and in version sync

@graphql-authz/apollo-server-plugin@2.0.3
@graphql-authz/core@1.2.1