BLACK DUCK SCAN Failure related to internal dependency of nopt

[rahul-pe]

Hi,

We're using 'grunt' v1.6.1 as a dependency in our project.
As a part of Black Duck scan, the below issue has been identified:

"Node.js is vulnerable to a remote code execution (RCE). This allows a malicious site to perform code execution on a machine running the Node.js process."

This is coming because of the peer dependency "nopt" v3.0.6.

So, can you please have a look at this ?

[vladikoff]

We are looking into this @rahul-pe

[Krinkle]

This was fixed in #1778, but is not yet released. There is an open question on the PR about whether it is fine to release as a minor version.