Skip to content

ci: bump githubnext/gh-aw from 0.37.22 to 0.42.16 #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

ci: bump githubnext/gh-aw from 0.37.22 to 0.42.16 #18

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 9, 2026

Bumps githubnext/gh-aw from 0.37.22 to 0.42.16.

Release notes

Sourced from githubnext/gh-aw's releases.

v0.42.16

🔧 Maintenance Release

This release updates the MCP Gateway to version 0.0.113, ensuring compatibility with the latest gateway improvements.

What's Changed

  • MCP Gateway Update: Bumped gh-aw-mcpg from v0.0.103 to v0.0.113 (#14559)
    • All 148 workflow lock files regenerated with the new version
    • 444 references updated across the codebase
    • Tests confirm stable operation

Generated by Release

What's Changed

Full Changelog: github/gh-aw@v0.42.15...v0.42.16

v0.42.15

🌟 Release Highlights

This release focuses on improving stability, developer experience, and workflow reliability with 35 merged pull requests. Key improvements include enhanced plugin management, better error handling, and significant security fixes.

✨ What's New

  • 🔌 Plugin Experimental Status - Plugins are now clearly marked as experimental with schema warnings and compilation notices (#14551), helping users understand this feature is under active development. The compiler validates plugin support per-engine with improved error messages (#14516). Learn more about engines

  • 🤖 Automatic Issue Cleanup - Workflows can now automatically close older CI failure issues when new ones are created (#14555), reducing noise in issue trackers. Updated issues include workflow run links and searchable markers for better traceability (#14523).

  • 🆔 Friendly Temporary IDs - Draft issue updates now return temporaryId for tracking, and users can reference temporary IDs with user-friendly formats (#14482). Learn more about safe-outputs

  • 🚧 Firewall Transparency - AI-generated footers now display which domains were blocked by firewall rules (#14517), improving debugging for network-restricted workflows. Learn more about network permissions

🐛 Bug Fixes & Security

  • 🔒 Security Hardening - Prevented unauthorized uploads during workflow initialization (#14558) and partially resolved artipacked security issue in cleaner workflows (#14449)

  • 🛡️ Improved Error Handling - Closed PR checkout failures are now treated as warnings instead of errors (#14528), and network validation now enforces ssl-bump: true when using allow-urls (#14494)

  • 🔧 Workflow Fixes - Resolved Projects v2 token issues in Dependabot Burner (#14515) and removed trailing commas in smoke-project instructions (#14472)

⚡ Engine Changes

  • Plugin Support Clarification - Only the Copilot engine now supports plugin installation; Claude and Codex engines have plugin support removed (#14532). This aligns with engine capabilities and prevents configuration errors.

... (truncated)

Changelog

Sourced from githubnext/gh-aw's changelog.

Changelog

All notable changes to this project will be documented in this file.

v0.40.1 - 2026-02-03

Bug Fixes

Handle 502 Bad Gateway errors in assign_to_agent handler by treating them as success. The cloud gateway may return 502 errors during agent assignment, but the assignment typically succeeds despite the error. The handler now logs 502 errors for troubleshooting but does not fail the workflow.

Add discussion interaction to smoke workflows and serialize the discussion

flag in safe-outputs handler config.

Smoke workflows now select a random discussion and post thematic comments to validate discussion comment functionality. The compiler now emits the "discussion": true flag in GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG when a workflow requests discussion output, and lock files include discussions: write permission where applicable.

Add discussion interaction to smoke workflows; compiler now serializes the discussion flag into the safe-outputs handler config so workflows can post comments to discussions. Lock files include discussions: write where applicable.

Smoke workflows pick a random discussion and post a thematic comment (copilot: playful, claude: comic-book, codex: mystical oracle, opencode: space mission). This is a non-breaking tooling/workflow change.

Add discussion interaction to smoke workflows; deprecate the discussion flag and

add a codemod to remove it. Smoke workflows now query discussions and post comments to both discussions and PRs to validate discussion functionality.

The compiler no longer emits a discussion boolean flag in compiled handler configs; the add_comment handler auto-detects target type or accepts a discussion_number parameter. A codemod add-comment-discussion-removal is available via gh aw fix --write to remove the deprecated field from workflows.

Add GitHub App token minting for the GitHub MCP server tooling and workflows.

Add expires support to safe-outputs.create-pull-request so PRs can mark, describe, and auto-close expired runs.

Add safe-inputs gh CLI testing to smoke workflows; updates shared/gh.md to remove the network.allowed restriction and validate GitHub CLI access using GITHUB_TOKEN.

This changeset accompanies the PR that adds safeinputs-gh testing to all smoke workflows (smoke-copilot.md, smoke-claude.md, smoke-codex.md, smoke-opencode.md) and adjusts shared/gh.md accordingly.

Add safe-inputs gh CLI testing to smoke workflows.

This patch adds validation to the smoke workflows to exercise the GitHub CLI integration via the safeinputs-gh tool. It also updates shared/gh.md to remove the network.allowed restriction so the safeinputs-gh tool can query PRs using the provided GITHUB_TOKEN.

Add step summaries for safe-output processing results.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
ci: bump githubnext/gh-aw from 0.37.22 to 0.42.16
6fd381c 
Bumps [githubnext/gh-aw](https://github.com/githubnext/gh-aw) from 0.37.22 to 0.42.16.
- [Release notes](https://github.com/githubnext/gh-aw/releases)
- [Changelog](https://github.com/github/gh-aw/blob/main/CHANGELOG.md)
- [Commits](github/gh-aw@afac8d0...15d0e13)

---
updated-dependencies:
- dependency-name: githubnext/gh-aw
  dependency-version: 0.42.16
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot mentioned this pull request Feb 9, 2026
Closed
@github-actions
Copy link

github-actions bot commented Feb 9, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/githubnext/gh-aw/actions/setup 15d0e133ebb103ed42485353efea00d7c8c07304 UnknownUnknown

Scanned Files

  • .github/workflows/issue-triage.lock.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies github-actions

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants