Skip to content

chore(deps): bump the github-actions group with 2 updates#27

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/github_actions/github-actions-1426934ff2
Mar 16, 2026
Merged

chore(deps): bump the github-actions group with 2 updates#27
github-actions[bot] merged 1 commit intomainfrom
dependabot/github_actions/github-actions-1426934ff2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 16, 2026

Bumps the github-actions group with 2 updates: github/gh-aw and actions/download-artifact.

Updates github/gh-aw from 0.56.2 to 0.58.3

Release notes

Sourced from github/gh-aw's releases.

v0.58.3

🌟 Release Highlights

This release focuses on security hardening, GHES compatibility, and developer experience improvements — with better MCP write protection, a new Copilot pre-flight diagnostic for enterprise environments, and a noticeably improved run details summary.

✨ What's New

  • MCP Write-Sink Guard Policy — All non-GitHub MCP servers configured via the gateway now enforce a write-sink guard policy, preventing unintended writes through third-party MCP tools. This improves the security posture of workflows using custom MCP integrations. (#21005)

  • Copilot Pre-flight Diagnostic for GHES — A new pre-flight check helps diagnose Copilot configuration issues in GitHub Enterprise Server environments before a workflow run fails, saving time when debugging enterprise setups. (#20975)

  • Action Pins Mode with gh-aw-actions v0 — The action-tag step now uses action pins mode, enabling stable and auditable action references via gh-aw-actions at the v0 tag. (#20991)

  • Enhanced Run Details Step Summary — Workflow run summaries now render as structured bullet points, display the gh-aw version, and include full aw_info output for easier post-run inspection. (#20989)

⚡ Performance

  • Faster Workflow Name ExtractionextractWorkflowNameFromFile no longer performs an unnecessary full YAML parse, reducing overhead when processing large workflow collections. (#21012)

🐛 Bug Fixes & Improvements

  • GHES Host Leakage Prevention — The "Install GitHub Copilot CLI" step now explicitly emits GH_HOST: github.com, preventing GHES host values from leaking into the Copilot CLI installation context. (#20992)
  • Workflow Call Artifact Downloads Fixed — Artifact prefix handling in the conclusion job and script step downloads now works correctly in workflow_call contexts. (#21011)
  • TypeScript Type Error Fixed — Resolved a type error in json_object_to_markdown.cjs that could cause runtime failures in certain output scenarios. (#21010)
  • Go Firewall Rule for Shared Workflows — The shared/go-make.md shared workflow now includes go in its firewall allowed set, enabling Go toolchain downloads during builds. (#21014)

📚 Documentation

  • Accessibility: Live Search Results — The docs site search now announces results to screen readers via aria-live, improving accessibility for keyboard and assistive technology users. (#21019)

For complete details, see CHANGELOG.

Generated by Release

What's Changed

... (truncated)

Commits
  • 08a903b docs: add aria-live enhancement for search results accessibility (#issue) (#2...
  • 1cb4a5a Remove copilot-preflight script and associated step generation (#21016)
  • 47ab8dd fix: use artifact prefix in conclusion job and script step downloads for work...
  • c87077e perf: optimize extractWorkflowNameFromFile by eliminating unnecessary YAML ...
  • 1a426d0 Add go firewall allowed set to shared/go-make.md (#21014)
  • 50e4991 feat: add write-sink guard policy to all non-GitHub MCP servers configured by...
  • 4e2b550 docs: condense intro and remove duplicate cross-repo notes in central-repo-op...
  • 1333b4a docs: add action-tag feature flag to github-agentic-workflows.md (#21001)
  • 5a8a60a fix: emit GH_HOST: github.com on Install GitHub Copilot CLI step to prevent G...
  • 4173449 feat: update action-tag to use action pins mode (gh-aw-actions) with v0 (#20991)
  • Additional commits viewable in compare view

Updates actions/download-artifact from 8.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

Full Changelog: actions/download-artifact@v8...v8.0.1

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the github-actions group with 2 updates
d616ec5 
Bumps the github-actions group with 2 updates: [github/gh-aw](https://github.com/github/gh-aw) and [actions/download-artifact](https://github.com/actions/download-artifact).


Updates `github/gh-aw` from 0.56.2 to 0.58.3
- [Release notes](https://github.com/github/gh-aw/releases)
- [Changelog](https://github.com/github/gh-aw/blob/main/CHANGELOG.md)
- [Commits](github/gh-aw@f1073c5...08a903b)

Updates `actions/download-artifact` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@70fc10c...3e5f45b)

---
updated-dependencies:
- dependency-name: github/gh-aw
  dependency-version: 0.58.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 16, 2026

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions github-actions bot merged commit c6e2e5c into main Mar 16, 2026
7 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/github-actions-1426934ff2 branch March 16, 2026 14:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants