v1.1.0

Added

• CI workflow with CHANGELOG validation and actionlint (includes YAML and ShellCheck)
• CodeQL workflow for static application security testing (SAST)
• OSSF Scorecard workflow for supply chain security analysis
• Dependabot auto-merge workflow for patch and minor updates
• Release workflow with major version tag updates, SBOM generation, and attestation
• Scheduled health check workflow with automatic issue creation on failure
• Security workflow with Gitleaks secret scanning and unsafe pattern detection
• Label sync workflow for automatic repository label management
• Dependency review configuration with license allow-list
• Issue templates converted to YAML form-based format
• Pull request template with checklist and structured sections
• Repository labels configuration file with type, priority, status, and area labels

Changed

• Expanded Dependabot configuration with grouped updates, timezone, and rebase strategy

Security

• Fix token permissions and prevent code injection vulnerability in get-commit-messages workflow
• Pin all GitHub Actions to commit SHAs for supply chain security
• Add step-security/harden-runner with egress blocking to all workflows
• Network egress restricted to only required endpoints per workflow
• All workflow checkout actions use persist-credentials: false

v1

docs: update changelog for v1.1.0 release