Skip to content

chore(deps): bump githubnext/gh-aw from 0.34.5 to 0.37.0 #369

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump githubnext/gh-aw from 0.34.5 to 0.37.0 #369

dependabot wants to merge 1 commit into from
+73 −73

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 19, 2026

Bumps githubnext/gh-aw from 0.34.5 to 0.37.0.

Release notes

Sourced from githubnext/gh-aw's releases.

gh-aw 0.36.0

🌟 Release Highlights

This release brings significant improvements to network security, agent workflows, and developer experience with 94 merged pull requests.

✨ What's New

Network Security Enhancements

  • Domain blocklist support - Block specific domains or ecosystems (e.g., python, node) while allowing others via network.blocked and --block-domains flag (#9063)
  • Protocol-specific filtering - Restrict domains to HTTP-only or HTTPS-only with http:// and https:// prefixes (#9062)
  • Localhost rewriting - Automatic localhosthost.docker.internal for MCP servers when firewall is enabled (#9281)

Agent Session Improvements

  • New terminology - Migrated from "agent task" to "agent session" with automatic codemod support via gh aw fix (#9214)
  • Session state logging - Copy Copilot session files to workflow artifacts for debugging (#9272)
  • Conversation markdown - Transform Copilot conversation.md headers for step summaries (#9301)

Workflow System Enhancements

  • Runtime imports - Import steps from external files with @import: path/to/file.md and automatic checkout (#9306, #9315, #9316)
  • Missing data handler - New missing_data safe output type for reporting data gaps (#9324)
  • Integrated missing_tool - Refactored to safe output handler pattern (#9322)

Developer Experience

  • Firewall log summaries - Use awf logs summary for CI reports (#9055)
  • Action path isolation - Move setup/compiler from /tmp/gh-aw to /opt/gh-aw for read-only agent access (#9273)
  • Better error messages - Simplified compiler errors and removed regex validation noise (#9309)

🐛 Key Bug Fixes

Security Fixes

  • Fixed template injection vulnerabilities by moving user inputs to environment variables (#9147, #9124)
  • Resolved path traversal false positives in workflow validation (#9308, #9294)
  • Removed dangerous write permissions feature flag from compiler errors (#9275)

Workflow Compilation

  • Fixed invalid YAML from template conditionals in heredocs (#9289)
  • Relaxed firewall log field validation to match JavaScript parser (#9227)
  • Fixed read-only permissions with safe-outputs jobs (#9191)

MCP & Tools

  • Skip tools validation for custom agents with array-format tools (#9307)
  • Remove command stdio server support per MCP v1.0.0 specification (#9304)
  • Add create_project_status_update to handler config generation (#9169)

⚡ Version Updates

  • Copilot CLI0.0.375 with conversation markdown support (#9271)
  • Codex0.79.0 with improved session handling (#9271)
  • AWF (firewall)v0.8.2 (#9163)
  • actions/upload-artifactv6.0.0 (#9302)

... (truncated)

Changelog

Sourced from githubnext/gh-aw's changelog.

Changelog

All notable changes to this project will be documented in this file.

v0.36.0 - 2026-01-08

Features

Migrate terminology from "agent task" to "agent session".

This change updates the CLI, JSON schemas, codemods, docs, and tests to use the new "agent session" terminology. A codemod (gh aw fix) is included to automatically migrate workflows; the old create-agent-task key remains supported with a deprecation warning to preserve backward compatibility.

Bug Fixes

Add domain blocklist support via --block-domains flag.

This change adds support for specifying blocked domains in workflow frontmatter and passes the --block-domains flag to Copilot/Claude/Codex engines during compilation. Includes parser updates, unit and integration tests, and documentation updates.

Add domain blocklist support via the --block-domains flag and the

blocked frontmatter field. This enables specifying domains or ecosystem identifiers to block in workflows and ensures the flag is only added when blocked domains are present.

Supported engines: Copilot, Claude, Codex.

Ref: githubnext/gh-aw#9063

Use awf logs summary to generate the CI firewall report and print it to the GitHub Actions step summary.

  • Adds continue-on-error: true to the "Firewall summary" step so CI does not fail when generating reports.
  • Recompiles workflow lock files and merges main to pick up latest changes.
  • Fixes githubnext/gh-aw#9041

Bump gh-aw-firewall (AWF) default binary version to v0.8.2.

Updated the DefaultFirewallVersion constant, corresponding test expectations, updated documentation, and recompiled workflow lock files.

Bump Codex CLI default version to 0.78.0.

This updates the repository to reference @openai/codex@0.78.0 (used by workflows), and aligns the DefaultCodexVersion constant and related tests/docs with the new version. Changes include security hardening, reliability fixes, and UX improvements.

Files affected in the PR: constants, tests, docs, and recompiled workflow lock files.

... (truncated)

Commits
  • f096b8b Add issue grouping support to create-issue safe-output (#10497)
  • bfbea6b Add Pelis Agent Factory documentation to create-agentic-workflow templates (#...
  • 74c3642 fix: Copy gh-aw binary to /opt/gh-aw for agentic-workflows MCP server contain...
  • 3fc1435 Move SBOM generation after release creation in release workflow (#10501)
  • 12346cc Upload compiled Linux binary as CI artifact (#10498)
  • 91fefe2 Remove included_file_schema.json and consolidate to single main workflow sche...
  • b5cf079 Consolidate release artifacts, simplify release_tag usage, fix release creati...
  • 085e057 Fix daily firewall report caching stale aggregated data (#10492)
  • 6633b6f Add daily regulatory agentic workflow for monitoring daily reports (#10491)
  • aa36291 Add daily observability report workflow for AWF firewall and MCP Gateway logg...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump githubnext/gh-aw from 0.34.5 to 0.37.0
3c0368d 
Bumps [githubnext/gh-aw](https://github.com/githubnext/gh-aw) from 0.34.5 to 0.37.0.
- [Release notes](https://github.com/githubnext/gh-aw/releases)
- [Changelog](https://github.com/githubnext/gh-aw/blob/main/CHANGELOG.md)
- [Commits](githubnext/gh-aw@v0.34.5...v0.37.0)

---
updated-dependencies:
- dependency-name: githubnext/gh-aw
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 19, 2026
@github-actions
Copy link

github-actions bot commented Jan 19, 2026

✅ Coverage Check Passed

Overall Coverage

Metric Base PR Delta
Lines 77.88% 77.88% ➡️ +0.00%
Statements 77.94% 77.94% ➡️ +0.00%
Functions 77.29% 77.29% ➡️ +0.00%
Branches 71.00% 71.00% ➡️ +0.00%

Coverage comparison generated by scripts/ci/compare-coverage.ts

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 19, 2026
View reviewed changes
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant