v1.2.1

Fixed

• Ruby version freshness reported the running Ruby (e.g. 4.0.1) instead of the target project's Ruby from Gemfile.lock; now reads RUBY VERSION section from lockfile, falls back to running version only when absent
• Platform-specific gems (e.g. nokogiri on multiple architectures) were processed once per platform, wasting API calls and inflating the progress counter total

v1.2.0

Added

• --fail-if-vulnerable[=SEVERITY] flag: exit 1 if any gem has known vulnerabilities, optionally filtered by severity (low/medium/high/critical)
• --fail-if-outdated=LIBYEARS flag: exit 1 if any gem exceeds the given libyear threshold
• Coloured OpenSSF column in terminal output: green for strong practices (7.0+), yellow for notably weak (below 4.0)

Changed

• Removed composite health score (0-100) and Health column from terminal, markdown, and JSON output; individual columns (vulns, OpenSSF, activity, version) communicate these signals without collapsing them into one number
• Replaced --fail-below-score with --fail-if-vulnerable and --fail-if-outdated for targeted CI gating

Fixed

• Repository URLs with .git suffix (e.g. socketry/async.git) caused 404s against GitHub/GitLab APIs
• GitLab 301 redirects for renamed projects silently failed; now follows up to 3 redirects with trusted host check
• Network errors (ECONNRESET, timeouts, etc.) during RubyGems version lookup or HTTP API calls dropped the entire gem from results instead of warning
• GitHub Packages URI check used substring match, allowing crafted URLs to bypass host validation; now parses URI and compares host exactly
• Tri-state archived? predicate renamed to archived to honestly reflect true/false/nil return contract
• Rubocop offences from code scanning (WordArray, IfInsideElse, MultilineHash, frozen_string_literal)

v1.1.0

Highlights

• Composite health score (0-100) per gem combining version freshness, activity, OpenSSF Scorecard, and vulnerabilities
• Libyear metric for version drift measurement
• Vulnerability enrichment with CVSS scores, severity labels, and advisory IDs
• Ruby version freshness with EOL detection via endoflife.date API
• Archived repo detection via GitHub and GitLab APIs
• Yanked version detection for pinned versions pulled from RubyGems
• Source detection for rubygems, git, path, and GitHub Packages sources
• CI gating: --fail-below-score=SCORE and --ignore=GEM,... flags
• Visibility: API failures now warn on stderr instead of degrading silently

See CHANGELOG.md for full details.

v1.0.1

SEO & Discoverability

Documentation-only release to improve discoverability on RubyGems and GitHub.

• Rewrite gemspec summary and description with search terms people actually use (dependency health, outdated, vulnerabilities, abandoned gems). Mentions bundle outdated, bundler-audit, and libyear-bundler by name.
• Restructure README: problem-first opening, terminal output example, comparison table vs competitors, quick start guide, configuration defaults table.
• Add 13 GitHub topics for search visibility.
• Update GitHub repo description.

Full Changelog: v1.0.0...v1.0.1

v1.0.0

Highlights

• Coloured terminal tables as default output (auto-detects TTY vs piped)
• GitLab repository support alongside GitHub
• OpenSSF Scorecard scores and known vulnerabilities via deps.dev
• --fail-if-critical and --fail-if-warning flags for CI quality gating
• Autopublish to RubyGems via trusted publishing

See CHANGELOG.md for full details.