Skip to content

chore(deps): bump github/gh-aw from 0.51.6 to 0.56.2 in the github-actions group#26

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/github_actions/github-actions-6847de137d
Mar 9, 2026
Merged

chore(deps): bump github/gh-aw from 0.51.6 to 0.56.2 in the github-actions group#26
github-actions[bot] merged 1 commit intomainfrom
dependabot/github_actions/github-actions-6847de137d

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 9, 2026

Bumps the github-actions group with 1 update: github/gh-aw.

Updates github/gh-aw from 0.51.6 to 0.56.2

Release notes

Sourced from github/gh-aw's releases.

v0.56.2

🌟 Release Highlights

This release focuses on reliability improvements across protected-file handling, setup CLI pinning, and cross-repo workflows — along with an upgrade to GitHub MCP server v0.32.0 and a new strict allowlist feature for protected-file protection.

✨ What's New

  • allowed-files strict allowlist for protected-file PR safe outputs (#20051) — You can now configure an explicit allowlist of files that are permitted in protected-file PRs. Any file outside the allowlist is blocked, giving teams tighter control over what agents can modify in sensitive branches.

🐛 Bug Fixes & Improvements

  • Protected-file fallback-to-issue now works when workflows permission is absent (#20106) — When an agent patch touches .github/workflows/ files and the GitHub App lacks workflows permission, gh-aw now correctly creates a fallback review issue rather than silently failing.
  • Default branch no longer hardcoded to main (#20099) — create_pull_request and related operations now query the repository's actual default branch, fixing failures in repos using master, develop, or any non-main default.
  • add-wizard correctly syncs working tree after PR merge (#20094) — Switching to the default branch after merging a wizard-created PR ensures workflow files are visible immediately, eliminating "workflow file not found" errors.
  • setup-cli action now respects pinned version input (#20081) — The action verifies the installed version matches the requested version after gh extension install, falling back to a manual binary download if there's a mismatch.
  • Safe output handler gracefully handles custom safe output job types (#20114) — Unknown job types no longer surface as unhandled errors; they are now logged and skipped cleanly.

⚡ Performance

  • Compiled regex patterns moved to package-level variables (#20073, #20079) — regexp.MustCompile calls across pkg/cli, pkg/workflow, and the expression-validation hot path are now initialized once at startup rather than on every invocation, reducing allocation pressure in high-frequency compilation paths.

🔧 Dependencies & Infrastructure

  • GitHub MCP server upgraded to v0.32.0 (#20100) — Picks up the latest GitHub MCP tooling improvements and bug fixes.

📚 Documentation

  • New Cost Management reference page (#20078) — Added guidance on understanding and controlling the compute costs associated with running agentic workflows.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

For complete details, see CHANGELOG.

Generated by Release

What's Changed

... (truncated)

Commits
  • f1073c5 refactor: simplify generateCustomJobToolDefinition and extractDispatchWorkflo...
  • 984fc7a Fix safe output handler to gracefully ignore custom safe output job types (#2...
  • 5ab3d52 Add allowed-files strict allowlist for protected-file protection on PR safe...
  • 63f1ea4 Upgrade GitHub MCP server to v0.32.0, recompile workflows (#20100)
  • b554e94 Update MCP gateway GitHub guard terminology (#20096)
  • 32c7af7 fix: create protected-file review issue when push fails due to workflows perm...
  • 59d071d fix: switch to default branch before pulling after add-wizard PR merge (#20094)
  • e43b634 chore: remove 9 unreachable dead functions (#20101)
  • cc0d007 fix: query repo default branch instead of hardcoding 'main' (#20098) (#20099)
  • 482aa92 Fix setup-cli action ignoring pinned version input (#20081)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump github/gh-aw in the github-actions group
00fa81b 
Bumps the github-actions group with 1 update: [github/gh-aw](https://github.com/github/gh-aw).


Updates `github/gh-aw` from 0.51.6 to 0.56.2
- [Release notes](https://github.com/github/gh-aw/releases)
- [Changelog](https://github.com/github/gh-aw/blob/main/CHANGELOG.md)
- [Commits](github/gh-aw@33cd6c7...f1073c5)

---
updated-dependencies:
- dependency-name: github/gh-aw
  dependency-version: 0.56.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 9, 2026

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions github-actions bot merged commit 54eb245 into main Mar 9, 2026
7 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/github-actions-6847de137d branch March 9, 2026 15:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants