Latest version of @graphql-eslint/eslint-plugin (4.4.0) uses the vulnerable braces@3.0.2 package

**Is your feature request related to a problem? Please describe.**

In order to fix CVE-2024-4068, we need to upgrade the braces package to version 3.0.3. But the latest version of @graphql-eslint/eslint-plugin (4.4.0) still uses the vulnerable braces@3.0.2 package.

<img width="1026" alt="Image" src="https://github.com/user-attachments/assets/98041c3a-977c-408d-a76c-15f50ace8893" />

**Describe the solution you'd like**

Use a newer version of the braces package.

**Describe alternatives you've considered**

You can let me know if there is a workaround.

**Additional context**

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Latest version of @graphql-eslint/eslint-plugin (4.4.0) uses the vulnerable [email protected] package #2913

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Latest version of @graphql-eslint/eslint-plugin (4.4.0) uses the vulnerable [email protected] package #2913

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions