chore: bump version to v1.7.0 and update changelog (#200)

sonukapoor · web-flow · commit 228f5e8bed03 · 2026-04-17T13:55:30.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,16 @@
 
 All notable changes to CVE Lite CLI will be documented in this file.
 
+## [1.7.0] - 2026-04-17
+
+### Added
+- pnpm lockfile v9 support — the v9 format (default in current pnpm installations) uses `name@version` keys and a `snapshots` section instead of the legacy `/name/version` and `packages` layout; the parser now branches on `lockfileVersion` and routes v9+ lockfiles through a dedicated path, eliminating false negatives on modern pnpm projects
+- Analog case study — full scan-fix workflow on a real pnpm v9 Angular monorepo (3,367 packages), including a comparison table against `pnpm audit`, fix journey, and baseline findings table
+- Baseline findings tables backported to NestJS and Juice Shop case studies for structural consistency across all studies
+
+### Fixed
+- BFS path-tracking in the pnpm parser replaced path-fingerprint `seenPaths` with a visited-key `seenKeys` set, eliminating exponential queue growth through circular dependency chains in large lockfiles (e.g. Analog's 15 circular deps)
+
 ## [1.6.0] - 2026-04-16
 
 ### Added
diff --git a/docs/index.html b/docs/index.html
@@ -44,7 +44,7 @@
       "description": "Free, local-first dependency vulnerability scanner for JavaScript and TypeScript projects. Scans npm, pnpm, Yarn, and Bun lockfiles, provides copy-and-run fix commands, and supports offline advisory DB scanning.",
       "url": "https://sonukapoor.github.io/cve-lite-cli/",
       "downloadUrl": "https://www.npmjs.com/package/cve-lite-cli",
-      "softwareVersion": "1.6.0",
+      "softwareVersion": "1.7.0",
       "license": "https://github.com/sonukapoor/cve-lite-cli/blob/main/LICENSE",
       "releaseNotes": "https://github.com/sonukapoor/cve-lite-cli/releases",
       "codeRepository": "https://github.com/sonukapoor/cve-lite-cli",
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "cve-lite-cli",
-  "version": "1.6.0",
+  "version": "1.7.0",
   "description": "Developer-friendly CLI for scanning JS/TS projects for dependency vulnerabilities using local lockfiles and OSV",
   "type": "module",
   "bin": {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "cve-lite-cli",`
`3`		`- "version": "1.6.0",`
	`3`	`+ "version": "1.7.0",`
`4`	`4`	`"description": "Developer-friendly CLI for scanning JS/TS projects for dependency vulnerabilities using local lockfiles and OSV",`
`5`	`5`	`"type": "module",`
`6`	`6`	`"bin": {`