Hey guys, new here. I’m using

graphql-yoga

for a project and noticed a slight issue and potential security vulnerability. Maybe it’s a known issue but basically the validation rules aren’t forwarded down to

subscriptions-transport-ws

which means if you were to disable Introspection, it would only be applicable to queries over http and not subscriptions. I’ve patched this locally in my project, any objections to me opening a PR for the same in graphql-yoga? or anything I missed?