v0.5.0

What's Changed

• GitLab support (audit/diff/apply) + per-provider refactor by @jstockdi in #35

Full Changelog: v0.4.0...v0.5.0

v0.4.0

Full Changelog: v0.3.0...v0.4.0

v0.3.0

What's Changed

• Add org-level code security configuration support by @jstockdi in #34

Full Changelog: v0.2.0...v0.3.0

v0.2.0

What's Changed

• Self-create the GitHub release on tag push (0.2.0) by @jstockdi in #33

Full Changelog: v0.1.3...v0.2.0

v0.1.3 — Semgrep workflow scaffolding; first crates.io release (bcl-repocat)

Added

• actions.require_semgrep_workflow — scaffolds a SHA-pinned Semgrep → SARIF → GitHub code-scanning workflow (skips private repos). SAST in the same place CodeQL would report (SA-11, RA-5).

Packaging

• Published to crates.io as bcl-repocat (the repocat name is taken by an unrelated crate): cargo install bcl-repocat installs the repocat binary.

Binaries below are also installable via cargo binstall bcl-repocat.

v0.1.1 — security bugfix

[0.1.1] — 2026-04-29

Security

• Replace the unmaintained serde_yml crate (and its libyml dependency)
  with the community-maintained serde_yaml_ng
  fork. Closes two open Dependabot advisories: GHSA-gfxp-f68g-8x78
  (high — libyml::string::yaml_string_extend is unsound) and
  GHSA-hhw4-xg65-fp2x (medium — serde_yml crate is unmaintained).
  YAML parsing behavior is unchanged; this is a drop-in API swap.

v0.1.0 — first tagged release

0.1.0 — 2026-04-29

First tagged release. The CLI is functional end-to-end against GitHub.com,
covering ten built-in rules with NIST 800-53 control mappings.

Added

• audit, diff, and apply commands covering ten rules: branch_protection,
  merge_settings, secret_scanning, required_files, codeowners,
  dependabot_security, workflow_permissions, workflow_yaml,
  signed_commits, and teams_only_access.
• init command with three opinionated presets (minimal, standard,
  strict). Templates are heavily commented and double as the live schema
  reference via repocat init --preset strict --stdout.
• repo add <name> for appending a repo entry to an existing baseline while
  preserving comments.
• Top-level defaults: block. Per-repo entries overlay defaults: scalars
  override, vec fields extend and dedupe, nested struct fields recurse with the
  same rules.
• --format json and --format sarif output for audit, suitable for
  downstream tooling and GitHub Code Scanning upload.
• Preflight OAuth scope check on apply so runs that need the workflow scope
  fail fast with an explicit gh auth refresh hint.
• Prebuilt binaries on each tagged release for Linux (x86_64, aarch64), macOS
  (x86_64, aarch64), and Windows (x86_64).