feat(download): add --filename and --download-all options (#270)

* feat(download): add --filename and --download-all options

* fix: address PR review comments

* refactor: restructure download command into 4-step architecture, fix SKIPPED status, and extract shared helpers

* replace the the pretty_print_table call with rich.table.Table

* replace the the pretty_print_table call with rich.table.Table in testcases

* change release date

Author: opswithranjan

CHANGELOG.md

@@ -5,9 +5,34 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+
 ## [Unreleased]
+
+
+## [1.15.0] - 2026-03-18
+
+### Added
+
 - Added `--tag` option to `download` command for filtering packages by tags
 - Added download command documentation to README with comprehensive usage examples
+- Added `--filename` option to `download` command for filtering by package filename, with support for glob patterns (e.g., `--filename '*.snupkg'`)
+- Added `--download-all` flag to `download` command to download all matching packages instead of erroring on multiple matches
+- Multiple packages table now includes a Filename column for easier disambiguation
+
+## [1.14.0] - 2026-03-11
+
+### Added
+
+- Added `vulnerabilities` command to retrieve security scan results for a package
+  - Summary View (Default): Displays a high-level count of vulnerabilities broken down by severity (Critical, High, Medium, Low, Unknown).
+  - Assessment View `--show-assessment` (`-A`): Provides a detailed breakdown where vulnerabilities are:
+    - Grouped by the specific affected upstream package / dependency.
+    - Sorted by severity (Critical first).
+    - Richly formatted tables.
+  - Filtering Capabilities:
+    - By Severity: `--severity` Show only specific levels (e.g., just Critical and High).
+    - By Status: `--fixable | --non-fixable` Filter to show only "Fixable" vulnerabilities (where a patch exists) or "Non-Fixable" ones.
+  - Supports `--output-format json | pretty_json` for programmatic usage
 
 ## [1.14.0] - 2026-03-13
 

README.md

@@ -277,6 +277,16 @@ cloudsmith download your-account/your-repo package-name --tag latest
 # Combine tag with metadata filters
 cloudsmith download your-account/your-repo package-name --tag stable --format deb --arch arm64
 
+# Filter by filename (exact or glob pattern)
+cloudsmith download your-account/your-repo package-name --filename '*.nupkg'
+cloudsmith download your-account/your-repo package-name --filename 'mypackage-1.0.0.snupkg'
+
+# Download all matching packages (when multiple packages share the same name/version)
+cloudsmith download your-account/your-repo package-name --download-all
+
+# Combine --download-all with --filename to download a subset
+cloudsmith download your-account/your-repo package-name --download-all --filename '*.snupkg'
+
 # Download all associated files (POM, sources, javadoc, etc.)
 cloudsmith download your-account/your-repo package-name --all-files