Skip to content

OWASP/cve-lite-cli

v1.6.0 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 1mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

security cve javascript nodejs owasp security-tools

Summary

AI summary

Bun lockfile support added and fix tables now annotate major‑version breaking changes.

Full changelog

What's new

Added

  • Bun lockfile support — CVE Lite CLI now parses bun.lock (the JSONC format introduced in Bun v1.1.38). Dev-only packages are detected via workspace dependency manifests, --prod-only filtering is supported, and fix commands emit bun add automatically.
  • Breaking change labels — fix command tables now annotate major-version upgrade targets (e.g. 8.5.1 → 9.0.0) with (breaking change) so you know before running the command.

Full changelog

See CHANGELOG.md for details.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OWASP/cve-lite-cli

Get notified when new releases ship.

Sign up free

About OWASP/cve-lite-cli

All releases →

Related context

Beta — feedback welcome: [email protected]