v2.13.1

What's Changed

• ci: forward bump input to reusable release workflow by @CybotTM in #61
• fix(checkpoints): GH-24..27 accept reusable-workflow delegation by @CybotTM in #62
• fix(checkpoints): GH-8/09 .yml form templates + GH-19/20 reusable workflow by @CybotTM in #63
• chore: release v2.13.1 by @github-actions[bot] in #64

New Contributors

• @github-actions[bot] made their first contribution in #64

Full Changelog: v2.13.0...v2.13.1

v2.13.0

Highlights

• New multi-repo-operations reference for batch and fleet-wide GitHub operations, with parity and loop-safety guidance
• New fleet operational hygiene reference covering patterns for maintaining many repos at once
• New workflow-bash-patterns reference — safe bash inside workflow run: steps, plus GHA expression gotchas for multi-trigger workflows
• New dependency-management reference — Dependabot ecosystem hygiene and failure modes
• Auto-merge guide gains a post-merge review-sweep process and expanded Copilot auto-approve race-condition guide (wait for Copilot before merging; validate suggestions)
• multi-repo-operations picks up a template-drift resolution pattern

CI / infrastructure

• Added the eval-validate workflow
• Fixed the auto-merge-deps reusable workflow reference
• Multiple Copilot review sweeps folded into the references (followups from #53/#54/#55, plus second-sweep fixes)

Full Changelog: v2.12.0...v2.13.0

v2.12.0

Release v2.12.0

What's Changed

• feat: add auto-merge workflow quality checkpoints and troubleshooting guide by @CybotTM in #48
• feat: branch protection audit checkpoints (enforce_admins + conversation resolution) by @CybotTM in #49
• Expand evals to 20 and improve SKILL.md diagnostic coverage by @CybotTM in #50

Full Changelog: v2.10.2...v2.12.0

v2.10.2

Maintenance release with CI and metadata fixes.

Added the required author.url field to plugin.json for skill validation compliance. Switched org-internal reusable workflow references from SHA-pinned to branch-based (@main), since SHA-pinning internal workflows causes unnecessary churn from Renovate without meaningful security benefit.

Full Changelog: v2.10.1...v2.10.2

v2.10.1

What's Changed

• fix: pin reusable workflow reference to commit SHA by @CybotTM in #43

Full Changelog: v2.10.0...v2.10.1

v2.10.0

Full Changelog: v2.9.0...v2.10.0

v2.9.0

What's Changed

• fix: harden GitHub Actions against supply chain attacks by @CybotTM in #40
• feat: add org-level security and reusable workflow security references by @CybotTM in #41

Full Changelog: v2.8.0...v2.9.0

v2.8.0

What's Changed

• docs: prefer GitHub native attestations over slsa-verifier by @CybotTM in #38
• fix: GH-6 accept Renovate as alternative to Dependabot by @CybotTM in #39

Full Changelog: v2.7.1...v2.8.0

v2.7.1

What's Changed

• feat(docs): document composite action sub-action allow-list gotcha by @CybotTM in #37

Full Changelog: v2.7.0...v2.7.1

v2.7.0

What's Changed

• chore: Configure Renovate by @renovate[bot] in #32
• feat: add GraphQL --input pattern for special characters by @CybotTM in #34

New Contributors

• @renovate[bot] made their first contribution in #32

Full Changelog: v2.6.2...v2.7.0