Skip to content

build(deps): bump github/gh-aw from 0.40.0 to 0.41.1 #2105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

build(deps): bump github/gh-aw from 0.40.0 to 0.41.1 #2105

dependabot wants to merge 1 commit into from
+6 −6

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 4, 2026

Bumps github/gh-aw from 0.40.0 to 0.41.1.

Release notes

Sourced from github/gh-aw's releases.

v0.41.1

🌟 Release Highlights

This patch release addresses a critical Playwright MCP configuration issue and includes essential maintenance cleanup.

🐛 Bug Fixes

Playwright MCP Configuration Corrected (#13667)
Fixed --allowed-hosts flag to use comma separators instead of semicolons, aligning with the Playwright MCP specification. This ensures Playwright browser automation works correctly with multiple allowed hosts. All 145 workflow lock files have been regenerated with the correct format.

- "--allowed-hosts", "localhost;localhost:*;127.0.0.1;127.0.0.1:*"
+ "--allowed-hosts", "localhost,localhost:*,127.0.0.1,127.0.0.1:*"

Test Suite Alignment (#13652)
Updated TestUpgradeCommand_UpdatesAgentFiles to reflect recent changes in agent file management. The upgrade command now correctly handles the on-demand download of agentic-workflows.agent.md from GitHub.

🔧 Maintenance

  • Workflow Cleanup - Removed legacy security alert burndown workflows (#13662, #13660)
  • Release Workflow Simplification - Removed the changesets job from the release workflow (#13654)

For complete details, see the CHANGELOG.

Ahoy! This treasure was crafted by 🏴‍☠️ Release

What's Changed

Full Changelog: github/gh-aw@v0.41.0...v0.41.1

v0.41.0

🌟 Release Highlights

This release brings important tooling updates and workflow improvements to keep gh-aw running smoothly with the latest AI engine and MCP server versions.

⚡ What's New

Updated CLI Tool Versions (#13645)

  • Claude CLI: v2.1.31 - Latest bug fixes and stability improvements
  • GitHub Copilot CLI: v0.0.402 - Enhanced agent capabilities

... (truncated)

Changelog

Sourced from github/gh-aw's changelog.

Changelog

All notable changes to this project will be documented in this file.

v0.40.1 - 2026-02-03

Bug Fixes

Handle 502 Bad Gateway errors in assign_to_agent handler by treating them as success. The cloud gateway may return 502 errors during agent assignment, but the assignment typically succeeds despite the error. The handler now logs 502 errors for troubleshooting but does not fail the workflow.

Add discussion interaction to smoke workflows and serialize the discussion

flag in safe-outputs handler config.

Smoke workflows now select a random discussion and post thematic comments to validate discussion comment functionality. The compiler now emits the "discussion": true flag in GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG when a workflow requests discussion output, and lock files include discussions: write permission where applicable.

Add discussion interaction to smoke workflows; compiler now serializes the discussion flag into the safe-outputs handler config so workflows can post comments to discussions. Lock files include discussions: write where applicable.

Smoke workflows pick a random discussion and post a thematic comment (copilot: playful, claude: comic-book, codex: mystical oracle, opencode: space mission). This is a non-breaking tooling/workflow change.

Add discussion interaction to smoke workflows; deprecate the discussion flag and

add a codemod to remove it. Smoke workflows now query discussions and post comments to both discussions and PRs to validate discussion functionality.

The compiler no longer emits a discussion boolean flag in compiled handler configs; the add_comment handler auto-detects target type or accepts a discussion_number parameter. A codemod add-comment-discussion-removal is available via gh aw fix --write to remove the deprecated field from workflows.

Add GitHub App token minting for the GitHub MCP server tooling and workflows.

Add expires support to safe-outputs.create-pull-request so PRs can mark, describe, and auto-close expired runs.

Add safe-inputs gh CLI testing to smoke workflows; updates shared/gh.md to remove the network.allowed restriction and validate GitHub CLI access using GITHUB_TOKEN.

This changeset accompanies the PR that adds safeinputs-gh testing to all smoke workflows (smoke-copilot.md, smoke-claude.md, smoke-codex.md, smoke-opencode.md) and adjusts shared/gh.md accordingly.

Add safe-inputs gh CLI testing to smoke workflows.

This patch adds validation to the smoke workflows to exercise the GitHub CLI integration via the safeinputs-gh tool. It also updates shared/gh.md to remove the network.allowed restriction so the safeinputs-gh tool can query PRs using the provided GITHUB_TOKEN.

Add step summaries for safe-output processing results.

... (truncated)

Commits
  • d47697b Fix Playwright MCP --allowed-hosts to use comma separator per spec (#13667)
  • 924faa4 Remove changesets job from release workflow (#13654)
  • 0c8e423 chore: rm legacy security alert burndown workflows (#13662)
  • 13b8b5f chore: rm old dependabot burner (#13660)
  • af9e7b8 Fix TestUpgradeCommand_UpdatesAgentFiles after agent template removal (#13652)
  • c4c684b Download agent file from GitHub on demand with version-aware URL patching (#1...
  • cc46afd Update CLI tool versions: Claude 2.1.31, Copilot 0.0.402, GitHub MCP v0.30.3,...
  • 329ad34 Add fallback to create issue on discussion failure (#13569)
  • dbd04a7 Update Docker image version in workflow (#13623)
  • 5a61a3d Initial plan (#13619)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump github/gh-aw from 0.40.0 to 0.41.1
3817afe 
Bumps [github/gh-aw](https://github.com/github/gh-aw) from 0.40.0 to 0.41.1.
- [Release notes](https://github.com/github/gh-aw/releases)
- [Changelog](https://github.com/github/gh-aw/blob/main/CHANGELOG.md)
- [Commits](github/gh-aw@76d37d9...d47697b)

---
updated-dependencies:
- dependency-name: github/gh-aw
  dependency-version: 0.41.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 4, 2026
@dependabot dependabot bot requested a review from a team as a code owner February 4, 2026 10:24
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 4, 2026
@gdams gdams enabled auto-merge (squash) February 4, 2026 10:26
@gdams gdams disabled auto-merge February 4, 2026 11:13
@gdams
Copy link
Member

gdams commented Feb 4, 2026

@dependabot ignore this dependency

@dependabot dependabot bot closed this Feb 4, 2026
@dependabot dependabot bot deleted the dependabot/github_actions/github/gh-aw-0.41.1 branch February 4, 2026 11:16
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 4, 2026

OK, I won't notify you about github/gh-aw again, unless you re-open this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gdams gdams gdams approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gdams