Skip to content

Commit 6a9e500

Browse files
authored
release: v1.10.0 (#256)
1 parent b5af066 commit 6a9e500

4 files changed

Lines changed: 22 additions & 8 deletions

File tree

CHANGELOG.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,20 @@
22

33
All notable changes to CVE Lite CLI will be documented in this file.
44

5+
## [1.10.0] - 2026-04-28
6+
7+
### Added
8+
- HTML report now includes breaking change indicators, validation statistics, scan notes, and a search/filter control in the findings table.
9+
10+
### Fixed
11+
- Transitive vulnerability findings now display tier-aware, actionable guidance instead of the generic "Upgrade the parent dependency chain" message. When a primary parent package is identified, it is named explicitly. When no dependency path data is available, the output honestly says so and directs developers to inspect their lockfile.
12+
- Fix plan skip reasons now distinguish between findings where a parent is known but no safe upgrade version was identified (Tier 2) and findings with no dependency path data at all (Tier 3).
13+
- Urgent fix plan table now renders parent-upgrade targets in their own table with a Context column showing which vulnerable package each parent upgrade resolves.
14+
15+
### Changed
16+
- CI integration docs updated to reference the `OWASP/cve-lite-cli` GitHub Action and include the `--all` flag in example commands.
17+
- Comparison docs expanded with a dedicated GitHub Dependabot section covering advisory database differences, methodology, and where CVE Lite CLI provides more actionable output.
18+
519
## [1.9.0] - 2026-04-25
620

721
### Added

docs/index.html

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@
5151
"description": "Free, local-first dependency vulnerability scanner for JavaScript and TypeScript projects. Scans npm, pnpm, Yarn, and Bun lockfiles, provides copy-and-run fix commands, and supports offline advisory DB scanning.",
5252
"url": "https://owasp.org/cve-lite-cli/",
5353
"downloadUrl": "https://www.npmjs.com/package/cve-lite-cli",
54-
"softwareVersion": "1.9.0",
54+
"softwareVersion": "1.10.0",
5555
"license": "https://github.com/OWASP/cve-lite-cli/blob/main/LICENSE",
5656
"releaseNotes": "https://github.com/OWASP/cve-lite-cli/releases",
5757
"codeRepository": "https://github.com/OWASP/cve-lite-cli",
@@ -109,10 +109,10 @@
109109
</a>
110110
</div>
111111
</div>
112-
<a class="release-badge" href="https://github.com/OWASP/cve-lite-cli/releases/tag/v1.9.0"
113-
aria-label="Latest release v1.9.0">
112+
<a class="release-badge" href="https://github.com/OWASP/cve-lite-cli/releases/tag/v1.10.0"
113+
aria-label="Latest release v1.10.0">
114114
<span class="release-badge-label">Latest Release</span>
115-
<span class="release-badge-version">v1.9.0</span>
115+
<span class="release-badge-version">v1.10.0</span>
116116
</a>
117117
<p class="eyebrow">JavaScript/TypeScript Dependency Scanner &mdash; <a href="https://owasp.org/cve-lite-cli" style="color:inherit;text-decoration:underline">An OWASP Foundation Project</a></p>
118118
<h1>Scan. Understand. Fix.</h1>
@@ -391,7 +391,7 @@ <h3>Trust and support</h3>
391391
<footer class="container site-footer">
392392
<p><em>Most tools tell you what's wrong. CVE Lite CLI tells you what to run.</em></p>
393393
<p>CVE Lite CLI is MIT licensed and built in public. <a href="https://owasp.org/cve-lite-cli">An OWASP Foundation Project</a>.</p>
394-
<p>Latest: <a href="https://github.com/OWASP/cve-lite-cli/releases/tag/v1.9.0">v1.9.0</a></p>
394+
<p>Latest: <a href="https://github.com/OWASP/cve-lite-cli/releases/tag/v1.10.0">v1.10.0</a></p>
395395
<p>Developed with love by <a href="https://sonukapoor.com">Sonu Kapoor</a>.</p>
396396
<p>
397397
<a href="https://github.com/OWASP/cve-lite-cli/issues">Open an issue</a>

package-lock.json

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "cve-lite-cli",
3-
"version": "1.9.0",
3+
"version": "1.10.0",
44
"description": "Developer-friendly CLI for scanning JS/TS projects for dependency vulnerabilities using local lockfiles and OSV",
55
"type": "module",
66
"bin": {

0 commit comments

Comments
 (0)