Security vulnerability in direct dependency json-ptr CVE-2021-23509

[felix-hcl]

Describe the bug
There is a security vulnerability reported in a direct dependency of openapi-to-graphql. https://nvd.nist.gov/vuln/detail/CVE-2021-23509
As far as I could see this only affects the set method and this package is only using the get method here

openapi-to-graphql/packages/openapi-to-graphql/src/oas_3_tools.ts

Lines 268 to 270 in df660f9

	export function resolveRef<T = any>(ref: string, oas: Oas3): T {
	return jsonptr.JsonPointer.get(oas, ref) as T
	}

To Reproduce
Steps to reproduce the behavior:

1. Go to a project where openapi-to-graphql is installed
2. runnpm ls json-ptr
3. There is a direct dependency in version 2.X

Expected behavior
Although this vulnerability is not immediately exploitable this should be upgraded.