still_active 0.5.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ceb8e8354e46bfc9298ab2ca1a9cc60bd74bb4f9389cd3d71a8f5a47bcc60168
-  data.tar.gz: 85e622f7867cfc8fb00dfed786b1a291634c05351633e27ae7a8875571b8c1f7
+  metadata.gz: 336b101db0d44c21bc01fa71954c4aea16c4187e051cfb07c2dae674b03efe87
+  data.tar.gz: 5f4cf5bf46f0394f1cea692704c569713eaf37590d3fe34b576d4172cdaf2cbc
 SHA512:
-  metadata.gz: 9c196159d6ff27c5979469cd6c85205fb36a308bdd559c1cad63a50d35dffe3158bd125dd96d211f2fb7907f1db6bc4a1d7fb0483d2d1e64ade04744b42764a2
-  data.tar.gz: 7c6446be503c2dc64864a294c270ca2bdc751101da4287c787cbea5ef34bda1e58a114d1a00edad146e2b15fb7a92e5cc0fc9436a506a73bb43096cde8dceb86
+  metadata.gz: 0744ecad97a50140981afa1ad7d0083caa20b33949e973cc79bc52f0ef525d9043d70d9cabbae9954ab0841cf6790e269ba95ea7df9918f4d473d54806f3f0d5
+  data.tar.gz: 01b02c7b86fae1895880845d17be49f9d692aa1c2090fc3642fc37c2280f176b2a07dc258b9c6dd785dceb9d261f5bdfa56247399ad827907ec1c5c8b6b5f74a

data/.github/dependabot.yml

@@ -0,0 +1,21 @@
+version: 2
+updates:
+  - package-ecosystem: bundler
+    directory: "/"
+    schedule:
+      interval: weekly
+    groups:
+      production:
+        dependency-type: production
+        update-types: [minor, patch]
+      development:
+        dependency-type: development
+        update-types: [minor, patch]
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
+    groups:
+      actions:
+        patterns: ["*"]
+        update-types: [minor, patch]

data/.github/workflows/codeql-analysis.yml

@@ -1,21 +1,10 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
 name: "CodeQL"
 
 on:
+  workflow_dispatch:
   push:
     branches: [ main ]
   pull_request:
-    # The branches below must be a subset of the branches above
     branches: [ main ]
   schedule:
     - cron: '0 0 1 * *'
@@ -33,38 +22,18 @@ jobs:
       fail-fast: false
       matrix:
         language: [ 'ruby' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
-    # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
+      uses: github/codeql-action/autobuild@v4
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v4

data/.github/workflows/publish.yml

@@ -0,0 +1,19 @@
+name: Publish to RubyGems
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ruby
+          bundler-cache: true
+      - uses: rubygems/release-gem@v1

data/.github/workflows/rspec.yml

@@ -1,10 +1,10 @@
 name: RSpec tests
 
 on:
+  workflow_dispatch:
   push:
     branches: [ main ]
   pull_request:
-    # The branches below must be a subset of the branches above
     branches: [ main ]
   schedule:
     - cron: '0 0 1 * *'
@@ -13,10 +13,10 @@ jobs:
   test:
     strategy:
        matrix:
-         ruby: [3.0, 3.1, 3.2, head]
+         ruby: ['3.2', '3.3', '3.4', '4.0', head]
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:

data/.github/workflows/rubocop-analysis.yml

@@ -1,11 +1,10 @@
-# pulled from repo
 name: "Rubocop"
 
 on:
+  workflow_dispatch:
   push:
     branches: [ main ]
   pull_request:
-    # The branches below must be a subset of the branches above
     branches: [ main ]
   schedule:
     - cron: '0 0 1 * *'
@@ -18,30 +17,22 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
-    # If running on a self-hosted runner, check it meets the requirements
-    # listed at https://github.com/ruby/setup-ruby#using-self-hosted-runners
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 3.2.0
-
-    # This step is not necessary if you add the gem to your Gemfile
-    # - name: Install Code Scanning integration
-    #   run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
-
-    - name: Install dependencies
-      run: bundle install
+        ruby-version: '3.4'
+        bundler-cache: true
 
     - name: Rubocop run
       run: |
         bash -c "
           bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
-          [[ $? -ne 2 ]]
+          [[ \$? -ne 2 ]]
         "
 
     - name: Upload Sarif output
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: rubocop.sarif

data/.gitignore

@@ -9,3 +9,9 @@
 
 # rspec failure tracking
 .rspec_status
+
+# worktrees
+.worktrees/
+
+# claude
+.claude/tasks/

data/.rspec

@@ -1,6 +1,4 @@
 --format documentation
 --color
---require dead_end
 --require spec_helper
-
 --require faker

data/.rubocop.yml

@@ -1,10 +1,11 @@
-require:
+plugins:
   - rubocop-performance
   - rubocop-rspec
 
 AllCops:
   NewCops: enable
-  TargetRubyVersion: 3.0.2
+  TargetRubyVersion: 3.1
+  SuggestExtensions: false
 
 inherit_gem:
   rubocop-shopify: rubocop.yml
@@ -16,4 +17,7 @@ RSpec/ExampleLength:
   Enabled: false
 
 RSpec/NestedGroups:
-  Enabled: false
+  Enabled: false
+
+RSpec/MultipleExpectations:
+  Enabled: false

data/CHANGELOG.md

@@ -1,6 +1,56 @@
 # Changelog
 
-## Unreleased
+## [1.0.0] - 2026-02-19
+
+### Added
+
+- `--fail-if-critical` and `--fail-if-warning` flags for CI quality gating
+- deps.dev integration: OpenSSF Scorecard scores and known CVEs in output
+- Autopublish to RubyGems via GitHub Releases (trusted publishing)
+- Coloured terminal table as default output format with summary line
+- Auto-detection: terminal output for TTY, JSON when piped
+- GitLab repository support with `--gitlab-token` flag
+- Default token loading from `GITHUB_TOKEN` and `GITLAB_TOKEN` env vars
+- Dependabot for bundler and GitHub Actions (grouped minor/patch updates)
+- Require MFA for RubyGems publishing
+
+### Changed
+
+- **BREAKING:** Rename `--no-warning-range-end` to `--safe-range-end` (fixes OptionParser conflict)
+- **BREAKING:** Default output is now auto-detected (terminal on TTY, JSON when piped); `--markdown` is an explicit opt-in
+- **BREAKING:** Markdown table collapsed from 12 to 9 columns (dates inlined with versions)
+- Replace `activesupport` with lightweight `CoreExt` refinement
+- Remove unused `async-http` dependency (82 -> 66 installed gems)
+- **BREAKING:** Bump minimum Ruby version to 3.2 (3.1 is EOL)
+- Rename "Scorecard" column to "OpenSSF" for clarity
+- Extract shared HTTP helper from DepsDevClient and GitlabClient
+- Consolidate VCR test configuration into spec_helper
+- Re-record VCR cassettes against live APIs
+
+### Fixed
+
+- Markdown output showed wrong emoji for pre-release version comparison
+- Errors during gem lookup now go to stderr instead of corrupting structured output
+- Repository URL matching handles dots in org/repo names
+- Guard against nil URLs in Repository.valid?
+- Handle malformed JSON responses from APIs gracefully
+- Terminal output no longer crashes on empty results
+- Version comparison uses `Gem::Version` instead of string equality
+- deps.dev project ID parsing handles URLs with trailing paths
+- Add `faraday-retry` runtime dependency to silence Faraday v2 warning
+- Add missing `require "time"` for `Time.parse` in VersionHelper
+- Fix `:last_activity_warning_emoji` key typo
+- Remove dead `Gemfile` module and unused `include VersionHelper`
+
+## [0.6.0] - 2026-02-19
+
+- Replace `github_api` (unmaintained since 2019) with `octokit`
+- Remove `dead_end` dependency (absorbed into Ruby 3.2+ as `syntax_suggest`)
+- Bump minimum Ruby version to 3.1
+- Test against Ruby 3.1, 3.2, 3.3, 3.4, 4.0, and head
+- Bump all dependencies
+- Update GitHub Actions to v4/v3
+- Migrate rubocop config from `require` to `plugins`
 
 ## [0.5.0] - 2023-05-21
 

data/Gemfile

@@ -6,7 +6,6 @@ source "https://rubygems.org"
 gemspec
 
 gem "code-scanning-rubocop"
-gem "dead_end"
 gem "rake", ">= 13.0"
 gem "rspec", ">= 3.0"
 gem "vcr"