Skip to content

build(deps): Bump github/gh-aw from 0.57.2 to 0.58.0#336

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github/gh-aw-0.58.0
Open

build(deps): Bump github/gh-aw from 0.57.2 to 0.58.0#336
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github/gh-aw-0.58.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 13, 2026

Bumps github/gh-aw from 0.57.2 to 0.58.0.

Release notes

Sourced from github/gh-aw's releases.

v0.58.0

🌟 Release Highlights

v0.58.0 is a substantial release focused on cross-repo workflow reliability, custom AI endpoint support, and a wave of community-driven bug fixes. 92 PRs merged.

✨ What's New

  • Custom API Endpoints for Agentic Engines — You can now point workflows at custom OpenAI and Anthropic API targets (e.g., Azure OpenAI, proxies, private deployments) via the engine frontmatter. Both the sandbox and engine configuration support custom base_url and authentication settings. (#20730, #20631)

  • Auto-derived Safe Outputs Guard Policy — The safeoutputs guard policy is now automatically derived from the GitHub MCP guard policy, eliminating redundant configuration. Paired with a bump to MCP gateway v0.1.14. (#20467)

  • Redirect Failure Issues to a Different Repo — New safe-outputs.failure-issue-repo frontmatter field lets you route workflow failure issues to a central repository instead of the workflow's own repo. (#20429)

  • Unified Agent Artifact — Agent job artifacts are now merged into a single agent artifact, making it easier to download and inspect workflow outputs. (#20507)

  • APM Artifact Pack/Unpack Support Reimplemented — APM (Artifact Package Manager) dependency workflows now correctly pack and unpack artifacts across jobs. (#20564)

  • Compile-time Warnings for push-to-pull-request-branch — The compiler now emits warnings when push-to-pull-request-branch is configured with target: "*", helping catch potentially unintended broad-scope writes before deployment. (#20580)

  • --skip-secret Flag for add-wizard — A new --skip-secret flag bypasses the API key prompt during gh aw add, useful for CI environments and workflows that manage secrets externally. (#20598)

🐛 Bug Fixes & Improvements

  • Fixed "Exceeded max expression length 21000" — Compiled workflows with large toolsets (e.g., toolsets: [all]) combined with create-pull-request.base-branch no longer fail GitHub Actions YAML validation. (#20751)

  • Cross-repo relay activation checkout — A series of fixes resolves checkout failures in event-driven relay workflows where event_name propagation caused the wrong repo/ref to be checked out. (#20583)

  • dispatch_workflow now honors target-repo — Cross-repo relay workflows using dispatch_workflow correctly dispatch to the configured target-repo instead of always targeting context.repo. (#20708)

  • submit_pull_request_review cross-repo support — Added target-repo support to submit_pull_request_review so review submissions work correctly in cross-repo workflows. (#20678)

  • gh aw logs actionable errors — Fixed a bug where an invalid path field in gh run list caused errors to be misclassified as authentication failures. The CLI now surfaces the real cause. (#20684)

  • Codex web search disabled by default — Codex no longer uses web search unless the web-search tool is explicitly configured, preventing unintended external lookups. (#20607)

  • Fixed push-to-pull-request-branch default max: 1 — The default value was incorrectly set to 0 instead of the documented 1. (#20582)

  • Fixed git fetch auth after clean_git_credentials.shpush_to_pull_request_branch no longer fails with authentication errors after credential cleanup. (#20581, #20524)

  • Fixed PR creation fallback statuscreate-pull-request no longer incorrectly reports a PR as created when it fell back to creating a review issue instead. (#20602)

  • Improved merge conflict failure issues — When create_pull_request or push_to_pull_request_branch fail due to merge conflicts, the resulting failure issue now includes actionable context. (#20421)

  • reply_to_pull_request_review_comment registered in config — The tool was missing from config.json, preventing it from being used. (#20525)

  • Custom safe-output job types now recognized — Fixed a regression where custom safe-output job types were not recognized in the safe_outputs job. (#20682)

  • Artifact name prefix for workflow_call — Prevents artifact name collisions when multiple callers invoke the same reusable workflow concurrently. (#20685)

  • actionlint integration failures distinguished from lint findingsgh aw compile --actionlint now correctly differentiates tool failures (non-zero exit with no findings) from actual lint errors. (#20637)

... (truncated)

Commits
  • cb79665 fix: update release job dependencies to include sync_actions
  • 2da30a6 release: replace sync_actions workflow_call with environment-gated manual app...
  • 04e391b refactor: remove sync_actions job from release workflow and update dependencies
  • ea7c70f fix: update release configuration to set default release type to patch and en...
  • d004aee fix: use -c web_search="disabled" instead of non-existent --no-search fla...
  • 00137b1 jsweep: clean hide_comment.cjs and add tests (#20754)
  • cd1656e Add Custom API Endpoint Configuration for Agentic Engines (#20730)
  • 1c0e480 Fix "Exceeded max expression length 21000" in compiled workflows with large t...
  • 694d456 Fix misleading Docker error and compiled_file populated on failed compilati...
  • ae5b14f docs: reduce bloat in footers.md reference page (#20737)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): Bump github/gh-aw from 0.57.2 to 0.58.0
ed3f605 
Bumps [github/gh-aw](https://github.com/github/gh-aw) from 0.57.2 to 0.58.0.
- [Release notes](https://github.com/github/gh-aw/releases)
- [Changelog](https://github.com/github/gh-aw/blob/main/CHANGELOG.md)
- [Commits](github/gh-aw@32b3a71...cb79665)

---
updated-dependencies:
- dependency-name: github/gh-aw
  dependency-version: 0.58.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants