Skip to content

Bump the github-actions-minor-patch group across 1 directory with 2 updates#447

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-minor-patch-ad3468a71c
Open

Bump the github-actions-minor-patch group across 1 directory with 2 updates#447
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-minor-patch-ad3468a71c

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 18, 2026
edited
Loading

Bumps the github-actions-minor-patch group with 2 updates in the / directory: github/gh-aw and actions/download-artifact.

Updates github/gh-aw from 0.53.2 to 0.61.0

Release notes

Sourced from github/gh-aw's releases.

v0.61.0

🌟 Release Highlights

v0.61.0 delivers important reliability fixes for safe-outputs, expands cross-repository project management, and improves the debugging experience with automatic runner debug detection. GHE Cloud users also get a critical compatibility fix.

✨ What's New

  • 🔍 Automatic debug logging — When running with ACTIONS_RUNNER_DEBUG=true, full debug logging now activates automatically — no more setting DEBUG=* manually to diagnose workflow issues. (#21406)

  • 🗂️ Cross-repo project item updatesupdate_project now accepts a target_repo parameter, enabling org-level project boards to update fields on items from repositories other than the triggering one. (#21404)

  • 🏢 GHE Cloud data residency support — Compiled workflows now automatically inject a GH_HOST configuration step, fixing gh CLI failures on *.ghe.com instances. (#21408)

  • 📦 CI build artifacts — The build CI job now uploads the compiled gh-aw binary as a downloadable artifact with step summary instructions, making it easier to test binaries from any CI run. (#21440)

🐛 Bug Fixes & Improvements

  • Safe-outputs staged modesafe-outputs.staged: true was silently failing for most handler types due to schema validation issues (additionalProperties) and missing conditional logic. All 40 handler types now work correctly. (#21414)

  • set_issue_type in runtime tools — The set_issue_type tool was missing from the runtime tools JSON, making it unavailable to agents at runtime despite being compiled in. (#21421)

  • Security: editor URL validation — Fixed a client-side request forgery vulnerability where unvalidated location.hash values were passed directly to fetch(), allowing requests to arbitrary hosts. (#21423)

  • Clean lock.yml output — Generated .lock.yml files no longer start with a spurious bare # line before the ASCII logo. (#21413)

  • CLI help text consistency — Resolved 10 inconsistencies across command help text including mismatched descriptions, vague group labels, and flag semantic drift. (#21400)

📚 Documentation

  • Creating Command Workflows guide — New section in the workflow creation docs covering on-demand "command" workflows and when to use each approach. (#21410)

  • Claude plugins + APM dependencies FAQ — Added a FAQ entry explaining how to use Claude Code plugins alongside APM (dependencies:) configuration. (#21409)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

For complete details, see CHANGELOG.

Generated by Release

What's Changed

... (truncated)

Commits
  • 9758a19 fix: ensure safe-outputs staged mode works for all handler types (#21414)
  • 30b2873 ci(build): add action-mode release + current commit SHA to step summary (#21450)
  • a6dfd4c docs(cli): clarify automatic gh CLI configuration in GHES agent jobs (#21437)
  • 5f84729 ci: upload gh-aw binary from build job as artifact with download instructions...
  • bc8c7f8 log: add debug logging to 5 Go files across workflow and cli packages (#21445)
  • c717c8b feat(update_project): add target_repo for cross-repo project item resolutio...
  • 27c63b6 [doc-healer] DDUw: scan recently closed documentation issues to catch deferre...
  • 5cb9ec0 Add missing safe-output test workflows and Go compiler tests (#21427)
  • fc23139 Inject GH_HOST configuration step into compiled agent job for GHE Cloud data ...
  • 33200cd fix: remove unused import of safe-output-app from changeset workflow
  • Additional commits viewable in compare view

Updates actions/download-artifact from 8.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

Full Changelog: actions/download-artifact@v8...v8.0.1

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-minor-patch-ad3468a71c branch 2 times, most recently from 1a575fc to 3e70893 Compare March 25, 2026 15:04
@dependabot
Bump the github-actions-minor-patch group across 1 directory with 2 u…
a9d5d7d 
…pdates

Bumps the github-actions-minor-patch group with 2 updates in the / directory: [github/gh-aw](https://github.com/github/gh-aw) and [actions/download-artifact](https://github.com/actions/download-artifact).


Updates `github/gh-aw` from 0.53.2 to 0.61.0
- [Release notes](https://github.com/github/gh-aw/releases)
- [Changelog](https://github.com/github/gh-aw/blob/main/CHANGELOG.md)
- [Commits](github/gh-aw@bd9c0ca...9758a19)

Updates `actions/download-artifact` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@70fc10c...3e5f45b)

---
updated-dependencies:
- dependency-name: github/gh-aw
  dependency-version: 0.61.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor-patch
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-minor-patch-ad3468a71c branch from 3e70893 to a9d5d7d Compare April 1, 2026 19:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

debt dependencies no-changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants