github OWASP/cve-lite-cli v1.0.6
v1.0.6 – Add parent upgrade guidance for transitive vulnerabilities

latest releases: v1, v1.26.0, v1.25.0...
3 months ago

What's new

CVE Lite CLI now provides better guidance for transitive vulnerabilities.

When a vulnerable package is nested under another dependency, the tool preserves the full dependency path and, when it can determine one reliably, recommends the parent package upgrade to make.

Highlights

  • added parent upgrade guidance for transitive vulnerabilities
  • preserved full dependency path output in verbose mode
  • improved compact output with more actionable remediation guidance
  • updated README wording to reflect the new behavior

Example

Before:

project -> express-jwt -> jsonwebtoken

After:

project -> express-jwt -> jsonwebtoken
Recommended parent upgrade: express-jwt 0.1.0 -> 6.0.0

Notes

This is best-effort guidance. When a reliable parent upgrade cannot be determined, CVE Lite CLI falls back to the existing generic remediation wording.

Don't miss a new cve-lite-cli release

NewReleases is sending notifications on new releases.