The latest graphql-ergonomock release 1.2.0 is has a dependency to graph-tools version ^7.0.0.
This depends on a cross-fetch version with an vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2022-1365
Affected are cross-fetch version >= 3.0.0, < 3.1.5
Is it possible to upgrade the graphql-tools version or to remove the vulnerable dependency somehow and release those fixes?
The latest
graphql-ergonomock
release1.2.0
is has a dependency tograph-tools
version^7.0.0
. This depends on across-fetch
version with an vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2022-1365 Affected arecross-fetch
version>= 3.0.0, < 3.1.5
Is it possible to upgrade the
graphql-tools
version or to remove the vulnerable dependency somehow and release those fixes?