Skip to content

Commit 432158e

Browse files
dependabot[bot]dependabot[bot]
authored
chore(deps): bump github/gh-aw from 0.57.2 to 0.58.3 (#154)
Bumps [github/gh-aw](https://github.com/github/gh-aw) from 0.57.2 to 0.58.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/gh-aw/releases">github/gh-aw's releases</a>.</em></p> <blockquote> <h2>v0.58.3</h2> <h2>🌟 Release Highlights</h2> <p>This release focuses on <strong>security hardening, GHES compatibility, and developer experience improvements</strong> — with better MCP write protection, a new Copilot pre-flight diagnostic for enterprise environments, and a noticeably improved run details summary.</p> <h3>✨ What's New</h3> <ul> <li> <p><strong>MCP Write-Sink Guard Policy</strong> — All non-GitHub MCP servers configured via the gateway now enforce a write-sink guard policy, preventing unintended writes through third-party MCP tools. This improves the security posture of workflows using custom MCP integrations. (<a href="https://redirect.github.com/github/gh-aw/issues/21005">#21005</a>)</p> </li> <li> <p><strong>Copilot Pre-flight Diagnostic for GHES</strong> — A new pre-flight check helps diagnose Copilot configuration issues in GitHub Enterprise Server environments before a workflow run fails, saving time when debugging enterprise setups. (<a href="https://redirect.github.com/github/gh-aw/issues/20975">#20975</a>)</p> </li> <li> <p><strong>Action Pins Mode with <code>gh-aw-actions</code> v0</strong> — The <code>action-tag</code> step now uses action pins mode, enabling stable and auditable action references via <code>gh-aw-actions</code> at the <code>v0</code> tag. (<a href="https://redirect.github.com/github/gh-aw/issues/20991">#20991</a>)</p> </li> <li> <p><strong>Enhanced Run Details Step Summary</strong> — Workflow run summaries now render as structured bullet points, display the <code>gh-aw</code> version, and include full <code>aw_info</code> output for easier post-run inspection. (<a href="https://redirect.github.com/github/gh-aw/issues/20989">#20989</a>)</p> </li> </ul> <h3>⚡ Performance</h3> <ul> <li><strong>Faster Workflow Name Extraction</strong> — <code>extractWorkflowNameFromFile</code> no longer performs an unnecessary full YAML parse, reducing overhead when processing large workflow collections. (<a href="https://redirect.github.com/github/gh-aw/issues/21012">#21012</a>)</li> </ul> <h3>🐛 Bug Fixes &amp; Improvements</h3> <ul> <li><strong>GHES Host Leakage Prevention</strong> — The &quot;Install GitHub Copilot CLI&quot; step now explicitly emits <code>GH_HOST: github.com</code>, preventing GHES host values from leaking into the Copilot CLI installation context. (<a href="https://redirect.github.com/github/gh-aw/issues/20992">#20992</a>)</li> <li><strong>Workflow Call Artifact Downloads Fixed</strong> — Artifact prefix handling in the conclusion job and script step downloads now works correctly in <code>workflow_call</code> contexts. (<a href="https://redirect.github.com/github/gh-aw/issues/21011">#21011</a>)</li> <li><strong>TypeScript Type Error Fixed</strong> — Resolved a type error in <code>json_object_to_markdown.cjs</code> that could cause runtime failures in certain output scenarios. (<a href="https://redirect.github.com/github/gh-aw/issues/21010">#21010</a>)</li> <li><strong>Go Firewall Rule for Shared Workflows</strong> — The <code>shared/go-make.md</code> shared workflow now includes <code>go</code> in its firewall allowed set, enabling Go toolchain downloads during builds. (<a href="https://redirect.github.com/github/gh-aw/issues/21014">#21014</a>)</li> </ul> <h3>📚 Documentation</h3> <ul> <li><strong>Accessibility: Live Search Results</strong> — The docs site search now announces results to screen readers via <code>aria-live</code>, improving accessibility for keyboard and assistive technology users. (<a href="https://redirect.github.com/github/gh-aw/issues/21019">#21019</a>)</li> </ul> <hr /> <p>For complete details, see <a href="https://github.com/github/gh-aw/blob/main/CHANGELOG.md">CHANGELOG</a>.</p> <blockquote> <p>Generated by <a href="https://github.com/github/gh-aw/actions/runs/23102913091">Release</a></p> </blockquote> <!-- raw HTML omitted --> <hr /> <h2>What's Changed</h2> <ul> <li>Optimize qmd-docs workflows: explicitly instruct models to use qmd-query for doc search by <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a href="https://redirect.github.com/github/gh-aw/pull/20987">github/gh-aw#20987</a></li> <li>Add Copilot pre-flight diagnostic for GHES environments by <a href="https://github.com/Claude"><code>@​Claude</code></a> in <a href="https://redirect.github.com/github/gh-aw/pull/20975">github/gh-aw#20975</a></li> <li>Improve run details step summary: bullet points, aw version, and full aw_info rendering by <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a href="https://redirect.github.com/github/gh-aw/pull/20989">github/gh-aw#20989</a></li> <li>feat: update action-tag to use action pins mode (gh-aw-actions) with v0 by <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a href="https://redirect.github.com/github/gh-aw/pull/20991">github/gh-aw#20991</a></li> <li>fix: emit GH_HOST: github.com on Install GitHub Copilot CLI step to prevent GHES host leakage by <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a href="https://redirect.github.com/github/gh-aw/pull/20992">github/gh-aw#20992</a></li> <li>[instructions] Sync github-agentic-workflows.md with v0.40.1 by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/github/gh-aw/pull/21001">github/gh-aw#21001</a></li> <li>[docs] docs: condense CentralRepoOps intro and remove duplicate cross-repo notes by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/github/gh-aw/pull/21003">github/gh-aw#21003</a></li> <li>feat: add write-sink guard policy to all non-GitHub MCP servers configured by gateway by <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a href="https://redirect.github.com/github/gh-aw/pull/21005">github/gh-aw#21005</a></li> <li>Add <code>go</code> firewall allowed set to <code>shared/go-make.md</code> by <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a href="https://redirect.github.com/github/gh-aw/pull/21014">github/gh-aw#21014</a></li> <li>perf: optimize <code>extractWorkflowNameFromFile</code> by eliminating unnecessary YAML parse by <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a href="https://redirect.github.com/github/gh-aw/pull/21012">github/gh-aw#21012</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/gh-aw/commit/08a903b1fb2e493a84a57577778fe5dd711f9468"><code>08a903b</code></a> docs: add aria-live enhancement for search results accessibility (#issue) (<a href="https://redirect.github.com/github/gh-aw/issues/2">#2</a>...</li> <li><a href="https://github.com/github/gh-aw/commit/1cb4a5a680f86255b6b77674dd775e3cccfe457c"><code>1cb4a5a</code></a> Remove copilot-preflight script and associated step generation (<a href="https://redirect.github.com/github/gh-aw/issues/21016">#21016</a>)</li> <li><a href="https://github.com/github/gh-aw/commit/47ab8dd71dbf94390847928e1021fe03d7404117"><code>47ab8dd</code></a> fix: use artifact prefix in conclusion job and script step downloads for work...</li> <li><a href="https://github.com/github/gh-aw/commit/c87077e01c3c5afcbe480b9482c4712ec6bc5192"><code>c87077e</code></a> perf: optimize <code>extractWorkflowNameFromFile</code> by eliminating unnecessary YAML ...</li> <li><a href="https://github.com/github/gh-aw/commit/1a426d0a6a23f67ea17651889bed7763c4580714"><code>1a426d0</code></a> Add <code>go</code> firewall allowed set to <code>shared/go-make.md</code> (<a href="https://redirect.github.com/github/gh-aw/issues/21014">#21014</a>)</li> <li><a href="https://github.com/github/gh-aw/commit/50e49919f483506d0a27bcbd13cc74bfb0f6c7ba"><code>50e4991</code></a> feat: add write-sink guard policy to all non-GitHub MCP servers configured by...</li> <li><a href="https://github.com/github/gh-aw/commit/4e2b550d680ae1b72e21afa1d60ee19d59389a16"><code>4e2b550</code></a> docs: condense intro and remove duplicate cross-repo notes in central-repo-op...</li> <li><a href="https://github.com/github/gh-aw/commit/1333b4a97d2ebe6fe55f8dd824922b97bfbf577c"><code>1333b4a</code></a> docs: add action-tag feature flag to github-agentic-workflows.md (<a href="https://redirect.github.com/github/gh-aw/issues/21001">#21001</a>)</li> <li><a href="https://github.com/github/gh-aw/commit/5a8a60ab96ae14e6a346de91688ad7c3cc97190b"><code>5a8a60a</code></a> fix: emit GH_HOST: github.com on Install GitHub Copilot CLI step to prevent G...</li> <li><a href="https://github.com/github/gh-aw/commit/4173449562d013cc861571b7972c81a727cb80de"><code>4173449</code></a> feat: update action-tag to use action pins mode (gh-aw-actions) with v0 (<a href="https://redirect.github.com/github/gh-aw/issues/20991">#20991</a>)</li> <li>Additional commits viewable in <a href="https://github.com/github/gh-aw/compare/32b3a711a9ee97d38e3989c90af0385aff0066a7...08a903b1fb2e493a84a57577778fe5dd711f9468">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/gh-aw&package-manager=github_actions&previous-version=0.57.2&new-version=0.58.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent beece0c commit 432158e

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

.github/workflows/dependabot-major-review.lock.yml

Lines changed: 4 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)