Security issue: @babel/traverse has an exploit for versions < 7.23.2

[aaronclong]

Which packages are impacted by your issue?

@graphql-codegen/cli, @graphql-codegen/add, @graphql-codegen/typescript-resolvers, @graphql-codegen/typescript

Describe the bug

This is less of a bug but more of security issue, @babel/traverse has an exploit in it. My company's security scanning tool has detected this, and it is also been detected by Github security. Auditing my company's internal app's lockfile and using yarn why, I've notice your app has depency on these versions with exploits.

Admittedly, I am not exceptional at reading yarn lock files, but I have found affect versions in your lockfile:

• https://github.com/dotansimha/graphql-code-generator/blob/967a34d23de34e84c47439b7b63ec5b12c5af039/yarn.lock#L10031
• https://github.com/dotansimha/graphql-code-generator/blob/967a34d23de34e84c47439b7b63ec5b12c5af039/yarn.lock#L260
• https://github.com/dotansimha/graphql-code-generator/blob/967a34d23de34e84c47439b7b63ec5b12c5af039/yarn.lock#L213

Your Example Website or App

...

Steps to Reproduce the Bug or Issue

Please check this page from github security: https://github.com/advisories/GHSA-67hx-6x53-jw92

Expected behavior

To upgrade this dep and maintain functionality

Screenshots or Videos

No response

Platform

• OS: macOS, Linux
• NodeJS: 18.14.2
• @graphql-codegen/* version(s): 5.0.0

Codegen Config File

No response

Additional context

You might want to introduce a security template in your issues.

[abhishek-parative]

Any mitigration plans?