The latest graphql-ergonomock release 1.2.0 is has a dependency to graph-tools version ^7.0.0.
This depends on a cross-fetch version with an vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2022-1365
Affected are cross-fetch version >= 3.0.0, < 3.1.5
Is it possible to upgrade the graphql-tools version or to remove the vulnerable dependency somehow and release those fixes?
The latest
graphql-ergonomockrelease1.2.0is has a dependency tograph-toolsversion^7.0.0. This depends on across-fetchversion with an vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2022-1365 Affected arecross-fetchversion>= 3.0.0, < 3.1.5Is it possible to upgrade the
graphql-toolsversion or to remove the vulnerable dependency somehow and release those fixes?