Dependabot detects problems with yaml dependency

[ruben-treams]

Which packages are impacted by your issue?

@graphql-codegen/cli

Describe the bug

A vulnerability was found in the yaml dependency and upgrading to 2.2.2 is recommended.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2251

Your Example Website or App

Unrelated

Steps to Reproduce the Bug or Issue

1. Run dependabot or any other security checking tool on a repo including @graphql-codegen/cli

Expected behavior

yaml to be updated to a more secure version

Screenshots or Videos

No response

Platform

• OS: [e.g. macOS, Windows, Linux] N/a
• NodeJS: [e.g. 18.5.0] N/a
• graphql version: [e.g. 16.3.0] N/a
• @graphql-codegen/cli version(s): [e.g. 2.6.2] 3.3.1

Codegen Config File

No response

Additional context

No response

[DerTimonius]

This issue still persists.

[mannyistyping]

It looks like yaml is now at 2.3.1

• ref

As mentioned by @cichelero in #9513

@ruben-treams & @DerTimonius would you both agree?
If so, would it make sense to close this issue?

[cichelero]

@mannyistyping true, I re-updated the yaml dependency manually because the Dependabot PR was rejected in the past because on Node.js compatibility. Now with the project requiring Node >=16 it should not be a problem.

However the release was not done yet, so probably the issue still persists.