Skip to content

OWASP/cve-lite-cli

v1.19.1 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 2d Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

security cve javascript nodejs owasp security-tools

Affected surfaces

deps

Summary

AI summary

Updates Validation, Before, and wrong across a mixed release.

Changes in this release

Bugfix Medium

Correctly detects within-range transitive fixes for dependency chains deeper than 2 levels.

Correctly detects within-range transitive fixes for dependency chains deeper than 2 levels.

Source: llm_adapter@2026-06-02

Confidence: high
Full changelog

Fixed

  • Within-range transitive fix now detected for dependency chains deeper than 2 levels. When the immediate parent's declared range already covers a safe version of the vulnerable package, CVE Lite now suggests a lockfile refresh (npm update <package>) instead of an incorrect best-effort parent upgrade.

Example: project → aws-amplify → @aws-amplify/core → [email protected]

  • Before: npm install [email protected] (wrong)
  • After: npm update js-cookie (correct — @aws-amplify/core's ^3.0.5 range already covers the fix)

Validation

  • npm test
  • npm run build
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OWASP/cve-lite-cli

Get notified when new releases ship.

Sign up free

About OWASP/cve-lite-cli

All releases →

Related context

Beta — feedback welcome: [email protected]