Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

BLACK DUCK SCAN Failure related to internal dependency of nopt #1777

Open
rahul-pe opened this issue Jul 15, 2024 · 2 comments
Open

BLACK DUCK SCAN Failure related to internal dependency of nopt #1777

rahul-pe opened this issue Jul 15, 2024 · 2 comments

Comments

@rahul-pe
Copy link

rahul-pe commented Jul 15, 2024
edited
Loading

Hi,

We're using 'grunt' v1.6.1 as a dependency in our project.
As a part of Black Duck scan, the below issue has been identified:

"Node.js is vulnerable to a remote code execution (RCE). This allows a malicious site to perform code execution on a machine running the Node.js process."

This is coming because of the peer dependency "nopt" v3.0.6.

image

So, can you please have a look at this ?
@vladikoff
Copy link
Member

We are looking into this @rahul-pe

@Krinkle
Copy link
Contributor

Krinkle commented Sep 5, 2024

This was fixed in #1778, but is not yet released. There is an open question on the PR about whether it is fine to release as a minor version.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vladikoff @Krinkle @rahul-pe