Skip to content

Bump github/gh-aw from 0.80.5 to 0.80.9#551

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github/gh-aw-0.80.9
Open

Bump github/gh-aw from 0.80.5 to 0.80.9#551
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github/gh-aw-0.80.9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps github/gh-aw from 0.80.5 to 0.80.9.

Release notes

Sourced from github/gh-aw's releases.

v0.80.9

🌟 Release Highlights

This release focuses on reliability and correctness — squashing noisy error conditions in the MCP server and agentic workflows, hardening security, and keeping the observability pipeline complete.

🐛 Bug Fixes & Improvements

  • MCP stdio error handlinghandleMessage now correctly serialises plain-object throws (not just Error instances), eliminating the cryptic -32603 [object Object] failures that blocked submit_pull_request_review on the stdio transport path. (#40715)

  • Issue Monster noise reduction — Agent-availability errors ("copilot coding agent is not available for this repository") are now treated as transient and silently skipped, so the issue tracker is no longer spammed with failure issues on every 30-minute poll cycle. (#40716)

  • Observability report completeness — The daily observability report now explicitly requests agent and detection artifact sets alongside usage metrics, preventing incomplete/noop outcomes caused by missing telemetry inputs. (#40705)

  • Task session data fetch — Fixed a failing agent GitHub Actions job caused by a stale data-fetch pattern in task session handling. (#40728)

🔒 Security

  • Atomic temp-file writes — Replaced direct fs.writeFileSync calls in the safe-output evaluations script with an atomic write helper, closing a CWE-377 insecure-temporary-file vulnerability flagged by CodeQL. (#40721)

🔧 Internal

  • Safe Outputs conformance checker — Added MCE-006 check verifying that mcp_server_core.cjs enforces valid JSON-RPC 2.0 error codes (spec §8.2); split spec/script version comments for clarity. (#40737)

  • Maintenance workflow headeragentics-maintenance.yml now carries an explicit, purpose-specific header describing the maintenance schedule and how to disable it, replacing the generic compiled-workflow boilerplate. (#40706)

Generated by 🚀 Release · 31.3 AIC · ⊞ 8.2K

What's Changed

Full Changelog: github/gh-aw@v0.80.8...v0.80.9

v0.80.8

🌟 Release Highlights

This release brings a meaningful performance win, improved slash-command UX, a new Go linter, and a wave of reliability and documentation improvements.

⚡ Performance

... (truncated)

Commits
  • a362436 [code-scanning-fix] Fix js/insecure-temporary-file: use atomic write to preve...
  • 8d48d89 docs: add weekly blog post for 2026-06-22 (#40724)
  • 75f540e feat: add MCE-006 conformance check for JSON-RPC error code validity (#40737)
  • 592d420 fix(issue-monster): gracefully skip agent availability errors with ignore-if-...
  • a15c5b4 Update task session data fetch (#40728)
  • 48f9e0c fix: handleMessage avoids [object Object] errors and enforces valid JSON-RPC ...
  • b720e39 Update agentic maintenance workflow header content (#40706)
  • 1af3c5f fix(daily-observability-report): request agent+detection artifacts in logs fe...
  • a401853 Reduce ambient prompt surface in high-traffic workflows (#40695)
  • 4bb6180 Allow Daily Safe Output Integrator to inspect compiler safe-output tests (#40...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github/gh-aw from 0.80.5 to 0.80.9
567f0f4 
Bumps [github/gh-aw](https://github.com/github/gh-aw) from 0.80.5 to 0.80.9.
- [Release notes](https://github.com/github/gh-aw/releases)
- [Commits](github/gh-aw@v0.80.5...v0.80.9)

---
updated-dependencies:
- dependency-name: github/gh-aw
  dependency-version: 0.80.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 23, 2026
@sonarqubecloud

sonarqubecloud Bot commented Jun 23, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants