Dependency Vulnerability

[kalm42]

So... this seems almost needlessly complicated but here it goes.

The dependency graphql-static-binding has a dependency cucumber-html-reporter and the version of cucumber-html-reporter that graphql-static-binding uses has a dependency "open" which was replaced by "opn". The "open" repo has a security vulnerability. "cucumber-html-reporter" has already fixed it, so "graphql-static-binding" would just need to update the version of "cucumber-html-reporter" it uses, but "graphql-static-binding" has been archived and so will not be updated.

I'm much too junior a dev to know how to fix this. My best guess is that "graphql-static-binding" be forked, updated, and have this repo use the fork in-lieu of the original? Or should this repo re-write schema code generation to use a different repro, one that is active? Or am I entirely wrong?