Please update cosmiconfig in @graphql-codegen/cli

[shellscape]

Which packages are impacted by your issue?

@graphql-codegen/cli

Describe the bug

@graphql-codegen/cli is using a version of cosmiconfig that is a full major version (plus) behind. That major version (7.x) contains a particular CVE that is impossible to get around: GHSA-f9xv-q969-pqx4

Overriding the version of yaml with a package manager results in a crash of cosmiconfig and subsequently @graphql-codegen/cli as there are breaking changes with the version of yaml that cosmiconfig@7 uses, and the latest version which resolves the CVE yaml@2.2.2. Additionally, cosmiconfig@8 no longer uses the yaml package.

Offending line is here: https://github.com/dotansimha/graphql-code-generator/blob/master/packages/graphql-codegen-cli/package.json#L61

Your Example Website or App

n/a

Steps to Reproduce the Bug or Issue

Doesn't require a reproduction, as this is strictly a dependency update.

Expected behavior

A reasonably updated version of cosmiconfig and other dependencies would be used.

Screenshots or Videos

No response

Platform

• OS: all
• NodeJS: LTS
• graphql version: 15+
• @graphql-codegen/* version(s): 3.3.1

Codegen Config File

No response

Additional context

No response

[n1ru4l]

done as part of #9449 and will be released soon.