You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The latest graphql-ergonomock release 1.2.0 is has a dependency to graph-tools version ^7.0.0.
This depends on a cross-fetch version with an vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2022-1365
Affected are cross-fetch version >= 3.0.0, < 3.1.5
Is it possible to upgrade the graphql-tools version or to remove the vulnerable dependency somehow and release those fixes?
The text was updated successfully, but these errors were encountered:
The latest
graphql-ergonomockrelease1.2.0is has a dependency tograph-toolsversion^7.0.0.This depends on a
cross-fetchversion with an vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2022-1365Affected are
cross-fetchversion>= 3.0.0, < 3.1.5Is it possible to upgrade the
graphql-toolsversion or to remove the vulnerable dependency somehow and release those fixes?The text was updated successfully, but these errors were encountered: