Added
- Targeted retry and offline hints for OSV 429 rate-limit and 5xx server error responses
- Lockfile-refresh fix commands for pnpm (
pnpm update), yarn (yarn upgrade), and bun (bun update) when the parent's declared range already covers the fixed transitive dependency version
Fixed
- Package manager hint added to
--fixcommand failure errors
Changed
- Workspace-scoped lockfile-refresh commands for pnpm, yarn, and bun; fix-plan sections for lockfile-refresh targets now appear separately from direct-fix targets; fix coverage count ("Running these commands should fix X of Y findings") added to terminal and HTML output; "within current range" label renamed to "lockfile refresh" with rewritten context strings that plainly state the parent already permits the safe child version
- Unified
EXCLUDED_DIRSconstant for--usagesource scanning - Extracted
formatAdvisoryDbFreshness,relativeAge, CLI flag validation,formatAdvisorySourceLine,countBySeverity, package.json helpers, and magic number constants into dedicated modules
Validation
- npm test
- npm run build
Contributors
Thanks to everyone who contributed to this release: @macayu17, @coder-Yash886, @luojiyin1987, @nanookclaw, @barton87, @Kushaal-k