chore(deps): bump github/gh-aw from 0.53.4 to 0.56.2

[dependabot]

Bumps github/gh-aw from 0.53.4 to 0.56.2.

Release notes

Sourced from github/gh-aw's releases.

v0.56.2

🌟 Release Highlights

This release focuses on reliability improvements across protected-file handling, setup CLI pinning, and cross-repo workflows — along with an upgrade to GitHub MCP server v0.32.0 and a new strict allowlist feature for protected-file protection.

✨ What's New

• allowed-files strict allowlist for protected-file PR safe outputs (#20051) — You can now configure an explicit allowlist of files that are permitted in protected-file PRs. Any file outside the allowlist is blocked, giving teams tighter control over what agents can modify in sensitive branches.

🐛 Bug Fixes & Improvements

• Protected-file fallback-to-issue now works when workflows permission is absent (#20106) — When an agent patch touches .github/workflows/ files and the GitHub App lacks workflows permission, gh-aw now correctly creates a fallback review issue rather than silently failing.
• Default branch no longer hardcoded to main (#20099) — create_pull_request and related operations now query the repository's actual default branch, fixing failures in repos using master, develop, or any non-main default.
• add-wizard correctly syncs working tree after PR merge (#20094) — Switching to the default branch after merging a wizard-created PR ensures workflow files are visible immediately, eliminating "workflow file not found" errors.
• setup-cli action now respects pinned version input (#20081) — The action verifies the installed version matches the requested version after gh extension install, falling back to a manual binary download if there's a mismatch.
• Safe output handler gracefully handles custom safe output job types (#20114) — Unknown job types no longer surface as unhandled errors; they are now logged and skipped cleanly.

⚡ Performance

• Compiled regex patterns moved to package-level variables (#20073, #20079) — regexp.MustCompile calls across pkg/cli, pkg/workflow, and the expression-validation hot path are now initialized once at startup rather than on every invocation, reducing allocation pressure in high-frequency compilation paths.

🔧 Dependencies & Infrastructure

• GitHub MCP server upgraded to v0.32.0 (#20100) — Picks up the latest GitHub MCP tooling improvements and bug fixes.

📚 Documentation

• New Cost Management reference page (#20078) — Added guidance on understanding and controlling the compute costs associated with running agentic workflows.

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @dsyme for Change to protected file not correctly using a fallback issue (#20103)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Add missing scanner.Buffer() calls to prevent silent truncation in gateway_logs.go by @​Copilot in github/gh-aw#20074
• chore: hoist regexp.MustCompile calls to package-level vars across pkg/cli and pkg/workflow by @​Copilot in github/gh-aw#20073
• perf: hoist regexp.MustCompile calls to package-level vars in validateExpressionForDangerousProps by @​Copilot in github/gh-aw#20079
• IMP-003: Move generateCustomJobToolDefinition to safe_outputs_config_generation.go by @​Copilot in github/gh-aw#20080
• docs: add Cost Management reference page by @​Copilot in github/gh-aw#20078

... (truncated)

Commits

• f1073c5 refactor: simplify generateCustomJobToolDefinition and extractDispatchWorkflo...
• 984fc7a Fix safe output handler to gracefully ignore custom safe output job types (#2...
• 5ab3d52 Add allowed-files strict allowlist for protected-file protection on PR safe...
• 63f1ea4 Upgrade GitHub MCP server to v0.32.0, recompile workflows (#20100)
• b554e94 Update MCP gateway GitHub guard terminology (#20096)
• 32c7af7 fix: create protected-file review issue when push fails due to workflows perm...
• 59d071d fix: switch to default branch before pulling after add-wizard PR merge (#20094)
• e43b634 chore: remove 9 unreachable dead functions (#20101)
• cc0d007 fix: query repo default branch instead of hardcoding 'main' (#20098) (#20099)
• 482aa92 Fix setup-cli action ignoring pinned version input (#20081)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)