Hi,

graphql-core 2.3.0 contains a fix for the concurrency issues that have been reported in flask-graphql (e.g. #43). Given Flask rely heavily on thread-scoped global variables, I would recommend you bump the minimum version for graphql-core in setup.py to completely prevent these security errors from happening.

See https://github.com/graphql-python/graphql-core/pull/260#issue-356659503 for more context.

Cheers,
J