### mrjoy-0.3.7 / 2014-06-26

* Integrated upstream 0.3.1 changes, excluding changes related to the vendored
  DB, as this fork doesn't use a vendored DB.
* Slightly more thorough purge of Ruby 1.8 support.

### 0.3.1 / 2014-04-20

* Added thor ~> 0.18 as a dependency.
* No longer rely on the vendored version of thor within bundler.
* Store the timestamp of when `data/ruby-advisory-db` was last updated in
  `data/ruby-advisory-db.ts`.
* Use `data/ruby-advisory-db.ts` instead of the creation time of the
  `dataruby-advisory-db` directory, which is always the install time
  of the rubygem.

### mrjoy-0.3.6 / 2014-04-16

* Improve user experience when insecure sources -- but no insecure gem
  versions -- are found.

### mrjoy-0.3.5 / 2014-04-16

* Improve user experience when no vulnerability DB has been downloaded.
* Slight improvement to code coverage.

### mrjoy-0.3.4 / 2014-04-16

* Integrate upstream changes from `gut_vendored_db`.  This eliminates the
  internal copy of the database entirely and automatically downloads one if
  needed.
* Fix several bugs in upstream branch, and make test cases more robust.
* Include integration test results in coverage analysis.
* Improve code coverage.
* Improve Travis integration.

### mrjoy-0.3.3 / 2014-04-15

* Fix development-mode code loading issue.
* Update Travis config to include Ruby 2.1.0 and 2.1.1.
* Improve test suite to 90+% code coverage.
* Fix a couple Ruby 1.9-isms.
* Freshen included vulnerability DB.
* Incorporate upstream changes, including fix for Bundler-vendored Thor
  creating a conflict.

### mrjoy-0.3.2 / 2013-11-04

* Fix for [serious issue](https://github.com/rubysec/bundler-audit/issues/48)
  that would cause bundle-audit to ignore a locally installed cache of the
  vulnerability database in favor of its vendored version.
* Simplified code according to ABC metric, getting CodeClimate results to 4.0.
* Added SimpleCov to ensure reasonable test coverage.
* Updated docs to explain differentiation of this fork vs. upstream.

### mrjoy-0.3.1 / 2013-11-04

* Integrated upstream 0.3.0 changes.
* Refresh built-in dataset.
* Make regression test more resilient and more bulletproof.
* Integrate grosser's mechanism for [DRYing up tests a bit](https://github.com/grosser/bundler-audit/commit/8568f936fe86eb92c95d63ef3c0a33bffd3aeee9).

### 0.3.0 / 2013-10-31

* Added {Bundler::Audit::Database.update!} which uses `git` to download
  [ruby-advisory-db] to `~/.local/share/ruby-advisory-db`.
* {Bundler::Audit::Database.path} now returns the path to either
  `~/.local/share/ruby-advisory-db` or the vendored copy, depending on which
  is more recent.

#### CLI

* Added the `bundle-audit update` sub-command.

### mrjoy-0.2.1 / 2013-09-13

* Integrate upstream changes from 0.2.0, with local changes from 0.1.4.
* Make specs automatically refresh `.gitignore`'d `Gemfile.lock` in spec
  scenarios when the Gemfile has changed in a way that `bundle install` isn't
  happy about (e.g. version bump on a gem previously listed in the `Gemfile`.)

### 0.2.0 / 2013-03-05

* Require RubyGems >= 1.8.0. Prior versions of RubyGems could not correctly
  parse approximate version requirements (`~> 1.2.3`).
* Updated the [ruby-advisory-db].
* Added {Bundler::Audit::Advisory#unaffected_versions}.
* Added {Bundler::Audit::Advisory#unaffected?}.
* Added {Bundler::Audit::Advisory#patched?}.
* Renamed `Advisory#cve` to {Bundler::Audit::Advisory#id}.

### mrjoy-0.1.4 / 2013-08-15

* RVM compartmentalization for the project (only relevant to people hacking on
  it).
* Adding Ruby 2.0.0 to Travis config.
* Updated the [ruby-advisory-db] from [ffce5a2](https://github.com/rubysec/ruby-advisory-db/commit/ffce5a27f239191e22bd47bb62c5a3121952b8d0)
  to [ee2ff0b](https://github.com/rubysec/ruby-advisory-db/commit/ee2ff0b6c971d0eb295595dc1cd48a777d8829bb).
* Update `Advisory` class to compensate for change in naming convention in
  [ruby-advisory-db].
* Make some tests less brittle, and get them passing again after the
  [ruby-advisory-db] update.
* Add ability for individual spec files to be called individually.
* Rename gem so this can be installed via Rubygems.

### mrjoy-0.1.3 / 2013-03-05

* Require RubyGems >= 1.8.0. Prior versions of RubyGems could not correctly
  parse approximate version requirements (`~> 1.2.3`).
* Updated the [ruby-advisory-db].
* Added {Bundler::Audit::Advisory#unaffected_versions}.
* Added {Bundler::Audit::Advisory#unaffected?}.
* Added {Bundler::Audit::Advisory#patched?}.

### 0.1.2 / 2013-02-17

* Require [bundler] ~> 1.2.
* Vendor a full copy of the [ruby-advisory-db].
* Added {Bundler::Audit::Advisory#path} for debugging purposes.
* Added {Bundler::Audit::Advisory#to_s} for debugging purposes.

#### CLI

* Simply parse the `Gemfile.lock` instead of loading the bundle (@grosser).
* Exit with non-zero status on failure (@grosser).

### 0.1.1 / 2013-02-12

* Fixed a Ruby 1.8 syntax error.

### Advisories

* Imported advisories from the [Ruby Advisory DB][ruby-advisory-db].
  * [CVE-2011-0739](http://www.osvdb.org/show/osvdb/70667)
  * [CVE-2012-2139](http://www.osvdb.org/show/osvdb/81631)
  * [CVE-2012-2140](http://www.osvdb.org/show/osvdb/81632)
  * [CVE-2012-267](http://osvdb.org/83077)
  * [CVE-2012-1098](http://osvdb.org/79726)
  * [CVE-2012-1099](http://www.osvdb.org/show/osvdb/79727)
  * [CVE-2012-2660](http://www.osvdb.org/show/osvdb/82610)
  * [CVE-2012-2661](http://www.osvdb.org/show/osvdb/82403)
  * [CVE-2012-3424](http://www.osvdb.org/show/osvdb/84243)
  * [CVE-2012-3463](http://osvdb.org/84515)
  * [CVE-2012-3464](http://www.osvdb.org/show/osvdb/84516)
  * [CVE-2012-3465](http://www.osvdb.org/show/osvdb/84513)

### CLI

* If the advisory has no `patched_versions`, recommend removing or disabling
  the gem until a patch is made available.

### 0.1.0 / 2013-02-11

* Initial release:
  * Checks for vulnerable versions of gems in `Gemfile.lock`.
  * Prints advisory information.
  * Does not require a network connection.

#### Advisories

* [CVE-2013-0269](http://direct.osvdb.org/show/osvdb/90074)
* [CVE-2013-0263](http://osvdb.org/show/osvdb/89939)
* [CVE-2013-0155](http://osvdb.org/show/osvdb/89025)
* [CVE-2013-0156](http://osvdb.org/show/osvdb/89026)
* [CVE-2013-0276](http://direct.osvdb.org/show/osvdb/90072)
* [CVE-2013-0277](http://direct.osvdb.org/show/osvdb/90073)
* [CVE-2013-0333](http://osvdb.org/show/osvdb/89594)

[bundler]: http://gembundler.com/
[ruby-advisory-db]: https://github.com/rubysec/ruby-advisory-db#readme