Description
The prefix in prefix + '; ' + error.message, (execution/values.js:141) logs the invalid input when a call to coerceVariableValues fails.
Since this might commonly fail, especially when invalid user input accidentialy reaches the API, according log messages can contain sensitive (user) data, if transmitted in the request:
While handling a GraphQL request the following error occurred: Variable "$myInput" got invalid value { abc: "xyz", address: { city: "SecretCity", country: "SecretCountry", state: "SecretState", streetName: "An Interesting Street", streetNumber: "42", zipCode: "12345" }, ... }; Field "abc" is not defined by type MyInput.
Please clarify how we could solve this problem (we can provide a PR too), or enlighten me if we happen to use the library in a wrong way.