Skip to content

Bump github/gh-aw from 0.47.2 to 0.50.2#3751

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github/gh-aw-0.50.2
Closed

Bump github/gh-aw from 0.47.2 to 0.50.2#3751
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github/gh-aw-0.50.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Feb 25, 2026

Bumps github/gh-aw from 0.47.2 to 0.50.2.

Release notes

Sourced from github/gh-aw's releases.

v0.50.2

🌟 Release Highlights

This release brings a long-awaited gh aw validate command, expanded safe-output capabilities, a new checkout frontmatter field, and a wave of community-reported bug fixes — making workflows more reliable and easier to author.

✨ What's New

  • gh aw validate command (#18191) — Validate workflows with a single, discoverable command instead of chaining compile --validate --no-emit --zizmor --actionlint --poutine. Catch issues before they reach CI. Learn more

  • checkout frontmatter field (#18223) — Fine-tune how actions/checkout is emitted in the agent job directly from frontmatter, giving you more control over repository checkout depth and behavior.

  • duplicate state reason for close-issue (#18257) — Safe-output close-issue now supports state_reason: duplicate, enabling agentic triage workflows to properly categorize and close duplicate issues.

  • New built-in prompt files (#18273, #18272, #18221) — Three new reference prompt files added to .github/aw/: test-coverage.md (with artifact-reading guidance), visual-regression.md (Playwright + cache-memory patterns), and report.md (report generation with markup style guidance).

  • Smarter create-agentic-workflow prompt (#18274, #18271) — The workflow creation prompt now correctly suggests deployment_status triggers for external deployment monitoring, and expands language ecosystem inference to automatically configure network.allowed based on project type.

🐛 Bug Fixes & Improvements

  • threat-detection: false now respected across imports (#18231) — Imported safe-output fragments no longer silently re-enable threat detection when the main workflow has explicitly disabled it, preventing spurious compilation errors with sandbox.agent: false.

  • hide-older-comments now correctly identifies previous comments (#18205) — Fixed a matching bug where hide-older-comments on add-comment safe output failed to find previous comments due to a mismatch in XML marker format.

  • Fixed relative import resolution for nested remote files (#18190) — Nested remote imports now resolve relative to their immediate parent file's directory instead of the top-level workflow, enabling proper modular workflow composition.

  • code-simplifier unblocked for Go projects (#18214) — The go network preset now includes proxy.golang.org so go build, go test, and make lint no longer fail in the code-simplifier workflow.

  • ExitError preserved in workflow validation error chain (#18282) — errors.As(err, &exec.ExitError{}) now works correctly in workflow validation, enabling accurate error type detection downstream.

  • Fixed invalid Compiler Playground URL (#18206) — The broken 404 link in the editors reference documentation now correctly points to the Compiler Playground.

  • GFM Alert syntax for discussion-to-issue fallback warning (#18268) — The fallback warning added to issues when create-discussion fails due to permissions is now rendered as a prominent GFM [!NOTE] alert instead of a plain blockquote.

📚 Documentation

  • Updated docs for gh aw validate, checkout field, and threat-detection behavior from this release (#18254)
  • Clarified mandatory sudo requirement for self-hosted agentic workflow runners (#18210)
  • Condensed and streamlined FAQ page to reduce repetition (#18237)
  • Updated init/upgrade/fix help text to remove stale .github/aw/ prompt file references (#18218)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

And a special thanks to @dsyme and @bmerkle for their direct code contributions in this release!

... (truncated)

Commits
  • e324355 Add visual regression reference prompt (.github/aw/visual-regression.md) (#18...
  • 4570f89 Add deployment_status trigger guidance to create-agentic-workflow prompt (#...
  • 0399c09 feat: add test-coverage prompt with artifact-reading guidance (#18273)
  • 78724a9 docs: document intentional exclusion of head_commit.id from numeric validatio...
  • 5118202 feat(safe-outputs): add duplicate state_reason to close-issue (#18257)
  • a916278 Expand language ecosystem inference for network.allowed in create-agentic-wor...
  • 1b6171d Use GFM Alert syntax for discussion-to-issue fallback warning (#18268)
  • b144774 refactor: semantic function clustering — eliminate duplicates and relocate ou...
  • 6d2b6b1 jsweep: clean add_reaction_and_edit_comment.cjs (#18252)
  • 2e315b4 docs: document gh aw validate command and threat-detection import precedence ...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github/gh-aw from 0.47.2 to 0.50.2
5847484 
Bumps [github/gh-aw](https://github.com/github/gh-aw) from 0.47.2 to 0.50.2.
- [Release notes](https://github.com/github/gh-aw/releases)
- [Commits](github/gh-aw@v0.47.2...v0.50.2)

---
updated-dependencies:
- dependency-name: github/gh-aw
  dependency-version: 0.50.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Feb 25, 2026
@dependabot dependabot bot mentioned this pull request Feb 25, 2026
Closed
@roji roji closed this Feb 25, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Feb 25, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/github_actions/github/gh-aw-0.50.2 branch February 25, 2026 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@roji