Add instructions file to help Copilot coding agent work efficiently with
this repository. Includes build/validation commands, project layout,
CI checks, style rules, testing patterns, and important notes about
the codebase conventions.

Add .github/copilot-instructions.md for Copilot coding agent

…nges (e.g. Maven beta versions)


 When showing patched versions in the vulnerability summary, advisories with version ranges containing non-strict semver components — such as Maven's >= 2.0-beta9, < 2.25.3 — would display "N/A" instead of the correct patched version. 
 
 The fix adds a coercion step in fail-open mode that rewrites invalid version components within the range string to their nearest valid semver equivalents (e.g. 2.0-beta9 → 2.0.0) before retrying validation, allowing the patched version lookup to succeed without affecting the fail-closed vulnerability detection path.

Adds test case for maven and another for golang for extra coverage

Node 20 is being deprecated and Node 24 is the latest LTS. This updates
the GitHub Actions runtime, CI workflows, type definitions, and
documentation to use Node 24.

Adds support for newer SPDX license identifiers such as FSL-1.1-MIT
that were not recognized in the previous version.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Update Node.js runtime from 20 to 24

Bump spdx-license-ids from 3.0.20 to 3.0.23

docs: bump actions/checkout from v4 to v6 in workflow examples

…string-semver-advisories

fix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions)

Resolve security findings

- rebuilds package files
- updates version in package.json to v5.0.0
- small README update, to indicate minimum actions runner

v5.0.0 release branch