graphql-cli-prepare icon indicating copy to clipboard operation
graphql-cli-prepare copied to clipboard

Published 20 hours ago verified publisher icon graphql-cli

Dependency Vulnerability

Open kalm42 opened this issue 6 years ago • 0 comments

So... this seems almost needlessly complicated but here it goes.

The dependency graphql-static-binding has a dependency cucumber-html-reporter and the version of cucumber-html-reporter that graphql-static-binding uses has a dependency "open" which was replaced by "opn". The "open" repo has a security vulnerability. "cucumber-html-reporter" has already fixed it, so "graphql-static-binding" would just need to update the version of "cucumber-html-reporter" it uses, but "graphql-static-binding" has been archived and so will not be updated.

I'm much too junior a dev to know how to fix this. My best guess is that "graphql-static-binding" be forked, updated, and have this repo use the fork in-lieu of the original? Or should this repo re-write schema code generation to use a different repro, one that is active? Or am I entirely wrong?

kalm42 avatar Jul 20 '19 20:07 kalm42