Skip to content

Bump github/gh-aw from 0.47.2 to 0.50.0#3749

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github/gh-aw-0.50.0
Closed

Bump github/gh-aw from 0.47.2 to 0.50.0#3749
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github/gh-aw-0.50.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Feb 24, 2026

Bumps github/gh-aw from 0.47.2 to 0.50.0.

Release notes

Sourced from github/gh-aw's releases.

v0.50.0

🌟 Release Highlights

This release focuses on improving reliability and flexibility for agentic engine authentication — giving teams more control over how secrets are managed — alongside important fixes for CRLF repositories and token security.

✨ What's New

  • Custom engine token secrets — You can now provide your own engine.env in workflow frontmatter to override the default agentic engine token expression. gh-aw automatically wires your secret into both the execution step and the secret validator, giving teams full control over credential naming conventions (#18017).

🐛 Bug Fixes & Improvements

  • CRLF repository compatibility — Workflows like Code Simplification that push changes via safe_outputs were silently failing on repositories that normalize line endings with .gitattributes. The git am patch application step now correctly handles CRLF-encoded patches (#18029).

  • GH_AW_CI_TRIGGER_TOKEN scoped correctly — The CI trigger token is now emitted only at the step level (instead of job level), ensuring it is available exclusively to the safe-outputs handler and not inadvertently exposed across all job steps (#18030).

  • Dependency bumps — Claude Code updated to 2.1.51 and Copilot CLI to 0.0.415 across all 158 compiled workflows (#18046).

📚 Documentation

  • Agent-focused quick-start links (llms.txt, Create, Debug, Update) added to the documentation site footer — visible on every page (#18032).
  • README updated with instructions for agents to download llms.txt (#18031).

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

  • @AmoebaChant for [Code Simplification agent silently fails to create PRs when the repo stores line endings as CRLF (#17975)](github/gh-aw#17975)

For complete details, see CHANGELOG.

Generated by Release

What's Changed

... (truncated)

Commits
  • 8624e99 Add features.copilot-requests feature flag for GitHub Actions token auth (#...
  • 8cbe287 refactor: extract applyFrontmatterLineTransform to eliminate duplicate code...
  • dae4e88 Bump Claude Code to 2.1.51 and Copilot CLI to 0.0.415 (#18046)
  • 8316433 docs: fix magic secret command and add threat-detection runs-on field (#18051)
  • fe2713b Strengthen noop documentation and add explicit noop instructions to all workf...
  • e750213 jsweep: clean add_reaction.cjs (#18041)
  • c24b871 Fix premature exit in conformance checker due to bash arithmetic increment bu...
  • ef611e5 Add agent-focused links to the docs footer (#18032)
  • 91ff02a 🔧 Fix GH_AW_CI_TRIGGER_TOKEN emit scope and update docs (#18030)
  • 8cb3b78 Fix silent git am failure on CRLF repositories in safe_outputs patch applicat...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github/gh-aw from 0.47.2 to 0.50.0
79b0efd 
Bumps [github/gh-aw](https://github.com/github/gh-aw) from 0.47.2 to 0.50.0.
- [Release notes](https://github.com/github/gh-aw/releases)
- [Commits](github/gh-aw@v0.47.2...v0.50.0)

---
updated-dependencies:
- dependency-name: github/gh-aw
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Feb 24, 2026
@dependabot dependabot bot mentioned this pull request Feb 24, 2026
Closed
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Feb 25, 2026

Superseded by #3751.

@dependabot dependabot bot closed this Feb 25, 2026
@dependabot dependabot bot deleted the dependabot/github_actions/github/gh-aw-0.50.0 branch February 25, 2026 10:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@roji roji roji approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@roji