diff --git a/CHANGELOG.md b/CHANGELOG.md index df16c7c..860cc54 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,15 @@ All notable changes to CVE Lite CLI will be documented in this file. ## [Unreleased] +## [1.22.0] - 2026-06-11 + +### Added +- Dev dependency labelling: terminal output and HTML report now show `direct · dev` / `transitive · dev` for findings from devDependencies; Yarn Classic and Berry parsers updated to detect dev status (#578) +- `yarn-within-range` and `dev-only-finding` example fixtures for regression testing (#537, #613) + +### Fixed +- Private registry detection (`⚠ Unverifiable (private source)`) now works for pnpm (legacy and v9), Yarn Classic, and Bun lockfiles — previously only npm was supported (#616) + ## [1.21.0] - 2026-06-09 ### Added diff --git a/package-lock.json b/package-lock.json index f7a651b..f4d4ddd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "cve-lite-cli", - "version": "1.21.0", + "version": "1.22.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "cve-lite-cli", - "version": "1.21.0", + "version": "1.22.0", "license": "MIT", "dependencies": { "better-sqlite3": "^12.8.0", diff --git a/package.json b/package.json index 733116e..3cbee60 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cve-lite-cli", - "version": "1.21.0", + "version": "1.22.0", "description": "Developer-friendly CLI for scanning JS/TS projects for dependency vulnerabilities using local lockfiles and OSV", "type": "module", "bin": { diff --git a/website/docusaurus.config.ts b/website/docusaurus.config.ts index 486d515..82b2701 100644 --- a/website/docusaurus.config.ts +++ b/website/docusaurus.config.ts @@ -2,7 +2,7 @@ import {themes as prismThemes} from 'prism-react-renderer'; import type {Config} from '@docusaurus/types'; import type * as Preset from '@docusaurus/preset-classic'; -const latestVersion = 'v1.21.0'; +const latestVersion = 'v1.22.0'; const config: Config = { title: 'CVE Lite CLI',