release: v1.10.0

[sonukapoor]

Added

• HTML report now includes breaking change indicators, validation statistics, scan notes, and a search/filter control in the findings table.

Fixed

• Transitive vulnerability findings now display tier-aware, actionable guidance instead of the generic "Upgrade the parent dependency chain" message. When a primary parent package is identified, it is named explicitly. When no dependency path data is available, the output honestly says so and directs developers to inspect their lockfile.
• Fix plan skip reasons now distinguish between findings where a parent is known but no safe upgrade version was identified (Tier 2) and findings with no dependency path data at all (Tier 3).
• Urgent fix plan table now renders parent-upgrade targets in their own table with a Context column showing which vulnerable package each parent upgrade resolves.

Changed

• CI integration docs updated to reference the OWASP/cve-lite-cli GitHub Action and include the --all flag in example commands.
• Comparison docs expanded with a dedicated GitHub Dependabot section covering advisory database differences, methodology, and where CVE Lite CLI provides more actionable output.

Validation

• npm test
• npm run build