As a background there is OpenPGP’s schism (article, thread). In 2018 or thereabouts there was a falling out between the current GnuPG developers and the current OpenPGP standard developers.
An important technicality is GnuPG is no longer (aims to be) compliant to OpenPGP (standard, website) but LibrePGP (standard, website).
I don’t understand the situation, but after reading this blog post my read on the situation is the GnuPG developers declare GnuPG complete and secure, and stubbornly refuse to improve/fix it. The argument to be cautious about changing the code is valid, especially in the context of GnuPG being used on many systems and vulnerabilities can cause real harm, but I worry about their resistance to fixing vulnerabilities, for instance the ones gpg.fail revealed.
Sequoia PGP is a competing OpenPGP CLI tool, covered here. I haven’t tried it and can’t vouch for the software nor developers yet.