This package depends on a vulnerable version @graphql-codegen/cli

[boronine]

This vulnerability has been there since July

up to date, audited 958 packages in 2s

106 packages are looking for funding
  run `npm fund` for details

# npm audit report

ws  8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/@shopify/shopify_function/node_modules/ws
  @graphql-tools/executor-graphql-ws  <=1.0.1
  Depends on vulnerable versions of ws
  node_modules/@shopify/shopify_function/node_modules/@graphql-tools/executor-graphql-ws
    @graphql-tools/url-loader  7.16.13-alpha-20221108142800-3beb5fe2 - 8.0.0-rc-20230519104627-f6fea064
    Depends on vulnerable versions of @graphql-tools/executor-graphql-ws
    Depends on vulnerable versions of @graphql-tools/executor-legacy-ws
    node_modules/@shopify/shopify_function/node_modules/@graphql-tools/url-loader
      @graphql-tools/prisma-loader  7.2.33-alpha-20221108142800-3beb5fe2 - 8.0.0-rc-20230519104627-f6fea064
      Depends on vulnerable versions of @graphql-tools/url-loader
      node_modules/@shopify/shopify_function/node_modules/@graphql-tools/prisma-loader
        @graphql-codegen/cli  2.16.2-alpha-20221208004256-1c235a000 - 3.3.1
        Depends on vulnerable versions of @graphql-tools/prisma-loader
        node_modules/@shopify/shopify_function/node_modules/@graphql-codegen/cli
  @graphql-tools/executor-legacy-ws  <=1.0.5-rc-20231209231904-e54d73f101707443b905403caac59ece59c784aa
  Depends on vulnerable versions of ws
  node_modules/@shopify/shopify_function/node_modules/@graphql-tools/executor-legacy-ws

6 high severity vulnerabilities

To address all issues, run:
  npm audit fix

[andrewhassan]

Thank you for this report @boronine! We've updated these dependencies and will release a new version soon.

[andrewhassan]

We've released version 1.0.4 that addresses this.