Security vulnerability in transitive dependencies

[tapegram]

Issue workflow progress

Progress of the issue based on the Contributor Workflow

• [ ] 1. The issue provides a reproduction available on GitHub, Stackblitz or CodeSandbox

  For example, you can start off by editng the 'basic' example on Stackblitz.

  Please make sure the graphql-eslint version under package.json matches yours.

• [ ] 2. A failing test has been provided

• [ ] 3. A local solution has been provided

• [ ] 4. A pull request is pending review

---

Describe the bug

Dependabot is reporting a transitive dependency needs updating:

It would be great if graphql-eslint could update its dependencies on graphql-tools once they release their updates.

They updated their version of ws in the last week:

https://github.com/ardatan/graphql-tools/pull/6273

To Reproduce Steps to reproduce the behavior:

Expected behavior

No more vulnerability in transitive dependencies!

Thanks!

[bxt]

It seems the a recent version (>5) of graphql-config does not have this dependency chain anymore, and it was already updated in https://github.com/dimaMachina/graphql-eslint/commit/296f700de147f2e5d218cfbf03921a7f41944764 so a fresh release of @graphql-eslint/eslint-plugin would already resolve the issue, I think.

[alimony]

@dimaMachina What are the plans for a new release? The last release was almost a year ago.