OWASP · sonukapoor · Jun 11, 2026 · Jun 11, 2026
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,15 @@ All notable changes to CVE Lite CLI will be documented in this file.
 
 ## [Unreleased]
 
+## [1.22.0] - 2026-06-11
+
+### Added
+- Dev dependency labelling: terminal output and HTML report now show `direct · dev` / `transitive · dev` for findings from devDependencies; Yarn Classic and Berry parsers updated to detect dev status (#578)
+- `yarn-within-range` and `dev-only-finding` example fixtures for regression testing (#537, #613)
+
+### Fixed
+- Private registry detection (`⚠ Unverifiable (private source)`) now works for pnpm (legacy and v9), Yarn Classic, and Bun lockfiles — previously only npm was supported (#616)
+
 ## [1.21.0] - 2026-06-09
 
 ### Added

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "cve-lite-cli",
-  "version": "1.21.0",
+  "version": "1.22.0",
   "description": "Developer-friendly CLI for scanning JS/TS projects for dependency vulnerabilities using local lockfiles and OSV",
   "type": "module",
   "bin": {

diff --git a/website/docusaurus.config.ts b/website/docusaurus.config.ts
@@ -2,7 +2,7 @@ import {themes as prismThemes} from 'prism-react-renderer';
 import type {Config} from '@docusaurus/types';
 import type * as Preset from '@docusaurus/preset-classic';
 
-const latestVersion = 'v1.21.0';
+const latestVersion = 'v1.22.0';
 
 const config: Config = {
   title: 'CVE Lite CLI',