Skip to content

build(deps): bump the github-actions-minor-patch group across 1 directory with 3 updates#691

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-minor-patch-e1213ededc
Open

build(deps): bump the github-actions-minor-patch group across 1 directory with 3 updates#691
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-minor-patch-e1213ededc

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions-minor-patch group with 3 updates in the / directory: github/gh-aw/actions/setup, actions/upload-artifact and actions/download-artifact.

Updates github/gh-aw/actions/setup from 0.51.6 to 0.81.6

Release notes

Sourced from github/gh-aw/actions/setup's releases.

v0.81.6

🌟 Release Highlights

This release focuses on stability and observability — restoring broken fleet-wide token tracking, hardening CI quality gates, and adding release traceability for merged PRs.

✨ What's New

  • Release PR notifications — A new post-agent release job now automatically comments on every PR included in each release, making it easy to trace which release shipped your changes (#41834).
  • Loop engineering playbook.github/aw/loop.md codifies patterns from autoloop, goal, and crane into a unified reference for building robust agentic loops (#41833).
  • Benchstat regression gate — The CI bench job now compares against a stored baseline using benchstat, preventing silent performance regressions from merging (#41813).

🐛 Bug Fixes & Improvements

  • Restored fleet-wide token usage collectionTokenUsage had been reporting 0 across the entire fleet since June 20 due to two co-conspirating bugs in the conclusion job. Both are fixed, restoring accurate AI credit tracking (#41823).
  • Security: pinned govulncheck to go.mod version — CI vulnerability scans now use the exact version declared in go.mod and produce reproducible SARIF reports. A local make vuln-sarif target is also available (#41815).
  • Hardened BYOK Ollama startup — The daily BYOK Ollama test now gates on explicit model and API readiness before proceeding, eliminating pre-agent failures from incomplete startup (#41838).
  • Stabilized Go Logger Enhancement compile — Fixed exit code 126 caused by unsafe shell glob expansion in the workflow tool allowlist (#41840).
  • Enforced safe output completion in quality workflow — The daily compiler quality workflow now requires an explicit safe output call, preventing silent no-op runs (#41841).

🔧 Internal

  • Refactored 5 extreme function-length hotspots (145–650 lines) in pkg/workflow and pkg/cli into focused, testable units (#41800).
  • SortedKeys sweep and deduplication logic consolidation across the codebase (#41829).

Generated by 🚀 Release · 32.9 AIC · ⊞ 8.3K


What's Changed

Full Changelog: github/gh-aw@v0.81.5...v0.81.6

v0.81.5

🌟 Release Highlights

This release focuses on org-mode maturity, performance optimizations, and sandbox hardening — making gh aw update/upgrade --org more robust and production-ready while delivering meaningful speed improvements across the compiler and validator.

... (truncated)

Commits
  • eed4304 Add .github/aw/loop.md playbook synthesizing loop-engineering patterns from...
  • afff5d5 refactor: SortedKeys sweep, deduplicate dedup logic, redistribute misplaced h...
  • a443203 [aw] Stabilize Go Logger Enhancement compile invocation (#41840)
  • 51a55d8 Harden Daily BYOK Ollama startup path with explicit model/API readiness gatin...
  • 146abd7 Require explicit safe output completion in daily compiler quality workflow (#...
  • 1f7fa00 [community] Update community contributions in README (#41836)
  • bc0a5e4 Apply remaining changes (#41834)
  • b3ffb04 fix(token-usage): restore fleet-wide TokenUsage collection via non-empty copy...
  • 4c5f79c Add benchstat regression gate to CI bench job (#41813)
  • c24a65f fix(security): pin govulncheck to go.mod version in CI, add local SARIF targe...
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • See full diff in compare view

Updates actions/download-artifact from 8.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

Full Changelog: actions/download-artifact@v8...v8.0.1

Commits

@dependabot dependabot Bot added debt Code quality issues dependencies Pull requests that update a dependency file no-changelog don't include this item in release notes. labels Jun 26, 2026
@github-actions github-actions Bot enabled auto-merge (squash) June 26, 2026 19:45
…tory with 3 updates

Bumps the github-actions-minor-patch group with 3 updates in the / directory: [github/gh-aw/actions/setup](https://github.com/github/gh-aw), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact).


Updates `github/gh-aw/actions/setup` from 0.51.6 to 0.81.6
- [Release notes](https://github.com/github/gh-aw/releases)
- [Changelog](https://github.com/github/gh-aw/blob/main/CHANGELOG.md)
- [Commits](github/gh-aw@33cd6c7...eed4304)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@bbbca2d...043fb46)

Updates `actions/download-artifact` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@70fc10c...3e5f45b)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor-patch
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor-patch
- dependency-name: github/gh-aw/actions/setup
  dependency-version: 0.80.9
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-minor-patch-e1213ededc branch from 847f87f to 54bc95b Compare July 3, 2026 19:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

debt Code quality issues dependencies Pull requests that update a dependency file no-changelog don't include this item in release notes.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants