OWASP/cve-lite-cli v1.19.1
v1.19.1 - Within-range transitive fix for deep dependency chains

on GitHub

latest release: v1

4 hours ago

Fixed

Within-range transitive fix now detected for dependency chains deeper than 2 levels. When the immediate parent's declared range already covers a safe version of the vulnerable package, CVE Lite now suggests a lockfile refresh (npm update <package>) instead of an incorrect best-effort parent upgrade.

Example: project → aws-amplify → @aws-amplify/core → js-cookie@3.0.6

Before: npm install aws-amplify@6.16.4 (wrong)
After: npm update js-cookie (correct — @aws-amplify/core's ^3.0.5 range already covers the fix)

Validation

npm test
npm run build

Check out latest releases or
releases around OWASP/cve-lite-cli v1.19.1

Don't miss a new cve-lite-cli release

NewReleases is sending notifications on new releases.

Get notifications