Skip to content

build(deps): bump the actions group across 1 directory with 2 updates#11065

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-8473489bbc
Closed

build(deps): bump the actions group across 1 directory with 2 updates#11065
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-8473489bbc

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the actions group with 2 updates in the / directory: actions/checkout and github/gh-aw.

Updates actions/checkout from 6 to 7

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates github/gh-aw from 0.71.5 to 0.80.9

Release notes

Sourced from github/gh-aw's releases.

v0.80.9

🌟 Release Highlights

This release focuses on reliability and correctness — squashing noisy error conditions in the MCP server and agentic workflows, hardening security, and keeping the observability pipeline complete.

🐛 Bug Fixes & Improvements

  • MCP stdio error handlinghandleMessage now correctly serialises plain-object throws (not just Error instances), eliminating the cryptic -32603 [object Object] failures that blocked submit_pull_request_review on the stdio transport path. (#40715)

  • Issue Monster noise reduction — Agent-availability errors ("copilot coding agent is not available for this repository") are now treated as transient and silently skipped, so the issue tracker is no longer spammed with failure issues on every 30-minute poll cycle. (#40716)

  • Observability report completeness — The daily observability report now explicitly requests agent and detection artifact sets alongside usage metrics, preventing incomplete/noop outcomes caused by missing telemetry inputs. (#40705)

  • Task session data fetch — Fixed a failing agent GitHub Actions job caused by a stale data-fetch pattern in task session handling. (#40728)

🔒 Security

  • Atomic temp-file writes — Replaced direct fs.writeFileSync calls in the safe-output evaluations script with an atomic write helper, closing a CWE-377 insecure-temporary-file vulnerability flagged by CodeQL. (#40721)

🔧 Internal

  • Safe Outputs conformance checker — Added MCE-006 check verifying that mcp_server_core.cjs enforces valid JSON-RPC 2.0 error codes (spec §8.2); split spec/script version comments for clarity. (#40737)

  • Maintenance workflow headeragentics-maintenance.yml now carries an explicit, purpose-specific header describing the maintenance schedule and how to disable it, replacing the generic compiled-workflow boilerplate. (#40706)

Generated by 🚀 Release · 31.3 AIC · ⊞ 8.2K

What's Changed

Full Changelog: github/gh-aw@v0.80.8...v0.80.9

v0.80.8

🌟 Release Highlights

This release brings a meaningful performance win, improved slash-command UX, a new Go linter, and a wave of reliability and documentation improvements.

⚡ Performance

... (truncated)

Commits
  • a362436 [code-scanning-fix] Fix js/insecure-temporary-file: use atomic write to preve...
  • 8d48d89 docs: add weekly blog post for 2026-06-22 (#40724)
  • 75f540e feat: add MCE-006 conformance check for JSON-RPC error code validity (#40737)
  • 592d420 fix(issue-monster): gracefully skip agent availability errors with ignore-if-...
  • a15c5b4 Update task session data fetch (#40728)
  • 48f9e0c fix: handleMessage avoids [object Object] errors and enforces valid JSON-RPC ...
  • b720e39 Update agentic maintenance workflow header content (#40706)
  • 1af3c5f fix(daily-observability-report): request agent+detection artifacts in logs fe...
  • a401853 Reduce ambient prompt surface in high-traffic workflows (#40695)
  • 4bb6180 Allow Daily Safe Output Integrator to inspect compiler safe-output tests (#40...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the actions group across 1 directory with 2 updates
3d98d62 
Bumps the actions group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [github/gh-aw](https://github.com/github/gh-aw).


Updates `actions/checkout` from 6 to 7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6...v7)

Updates `github/gh-aw` from 0.71.5 to 0.80.9
- [Release notes](https://github.com/github/gh-aw/releases)
- [Changelog](https://github.com/github/gh-aw/blob/main/CHANGELOG.md)
- [Commits](github/gh-aw@v0.71.5...v0.80.9)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: github/gh-aw
  dependency-version: 0.80.9
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested review from bterlson and markcowl as code owners June 24, 2026 03:44
@dependabot @github

dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 24, 2026
@dependabot dependabot Bot deleted the dependabot/github_actions/actions-8473489bbc branch June 24, 2026 22:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bterlson bterlson Awaiting requested review from bterlson bterlson is a code owner
@markcowl markcowl Awaiting requested review from markcowl markcowl is a code owner
@timotheeguerin timotheeguerin Awaiting requested review from timotheeguerin timotheeguerin is a code owner
@witemple-msft witemple-msft Awaiting requested review from witemple-msft witemple-msft is a code owner
@iscai-msft iscai-msft Awaiting requested review from iscai-msft iscai-msft is a code owner

Assignees

No one assigned

Labels

eng

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants