From f7e13852f8f13f93f694c2db2ba65fe308737722 Mon Sep 17 00:00:00 2001
From: Sonu Kapoor <sonukapoor@gmail.com>
Date: Fri, 22 May 2026 09:00:00 -0400
Subject: [PATCH] release: v1.17.1

---
 CHANGELOG.md      | 6 ++++++
 package-lock.json | 4 ++--
 package.json      | 2 +-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e972215..05d59eb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 All notable changes to CVE Lite CLI will be documented in this file.
 
+## [1.17.1] - 2026-05-22
+
+### Fixed
+- Validated fix version now shown in the finding line and verbose table instead of the raw OSV hint, preventing confusing downgrade suggestions.
+- Malicious advisory findings (`MAL-*`) now surface a clear removal message across all output modes: inline hint in compact, `⚠ Malicious` badge and removal legend in verbose, and `⚠ Malicious` badge with tooltip in the HTML report.
+
 ## [1.17.0] - 2026-05-20
 
 ### Added
diff --git a/package-lock.json b/package-lock.json
index 6b491c8..a1f7aa2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "cve-lite-cli",
-  "version": "1.17.0",
+  "version": "1.17.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "cve-lite-cli",
-      "version": "1.17.0",
+      "version": "1.17.1",
       "license": "MIT",
       "dependencies": {
         "better-sqlite3": "^12.8.0",
diff --git a/package.json b/package.json
index f325b67..95a0f3b 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "cve-lite-cli",
-  "version": "1.17.0",
+  "version": "1.17.1",
   "description": "Developer-friendly CLI for scanning JS/TS projects for dependency vulnerabilities using local lockfiles and OSV",
   "type": "module",
   "bin": {