Commit 0a10767
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
Bump the github-actions group across 1 directory with 2 updates (openvinotoolkit#3775)
Bumps the github-actions group with 2 updates in the / directory:
[github/gh-aw](https://github.com/github/gh-aw) and
[openvinotoolkit/openvino](https://github.com/openvinotoolkit/openvino).
Updates `github/gh-aw` from 0.68.3 to 0.71.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/gh-aw/releases">github/gh-aw's
releases</a>.</em></p>
<blockquote>
<h2>v0.71.5</h2>
<h2>🌟 Release Highlights</h2>
<p>This release focuses on reliability and correctness across the
<code>engine.env</code> compilation pipeline, the security check layer,
and the Claude engine — with five community-reported issues
resolved.</p>
<h3>🐛 Bug Fixes & Improvements</h3>
<ul>
<li>
<p><strong>Claude engine stability</strong> — Workflows using the
<code>claude</code> engine no longer crash mid-session with "Fast
mode unavailable". <code>CLAUDE_CODE_DISABLE_FAST_MODE=1</code> is
now set automatically to suppress an incompatible server-side flag
introduced in Claude Code 2.1.120+.</p>
</li>
<li>
<p><strong><code>engine.env</code> multi-line values</strong> —
Block-scalar <code>engine.env</code> values (written with
<code>>-</code> and extra-indented continuation lines) previously
compiled to broken YAML with embedded newlines. These now compile
correctly into valid multi-line <code>env:</code> entries. <em>(Reported
by <code>@jeffhandley</code> in <a
href="https://redirect.github.com/github/gh-aw/issues/30204">#30204</a>)</em></p>
</li>
<li>
<p><strong><code>engine.env</code> <code>needs</code>
expressions</strong> — Custom job references in <code>engine.env</code>
values (e.g. <code>${{ needs.my_job.outputs.value }}</code>) were
silently dropped from the agent job's <code>needs</code> list, causing
those expressions to evaluate to empty strings at runtime. The compiler
now correctly wires these dependencies. <em>(Reported by
<code>@jeffhandley</code> in <a
href="https://redirect.github.com/github/gh-aw/issues/30232">#30232</a>)</em></p>
</li>
<li>
<p><strong><code>gh aw upgrade</code> false BYOK warning</strong> —
<code>gh aw upgrade</code> was incorrectly warning "Remove unsafe
secrets from engine.env" for <code>COPILOT_PROVIDER_API_KEY</code>
and <code>COPILOT_PROVIDER_BEARER_TOKEN</code>, silently stripping
legitimate BYOK configuration. <code>gh aw upgrade</code> now matches
<code>gh aw compile</code> in allowing these keys. <em>(Reported by
<code>@MauroDruwel</code> in <a
href="https://redirect.github.com/github/gh-aw/issues/30178">#30178</a>)</em></p>
</li>
<li>
<p><strong><code>pull_request_review</code> activation signal</strong> —
Workflows triggered by <code>pull_request_review</code> events no longer
silently skip the 👀 reaction and <code>run-started</code> comment. The
<code>buildReactionLikeCondition</code> allowlist now includes this
event type. <em>(Reported by <code>@mason-tim</code> in <a
href="https://redirect.github.com/github/gh-aw/issues/30336">#30336</a>)</em></p>
</li>
<li>
<p><strong>Confused-deputy false positive for bot-menu patterns</strong>
— The security check introduced in v0.71.4 was blocking the legitimate
pattern where a bot posts a checkbox-menu comment and a human maintainer
edits it to tick a box (<code>issue_comment:edited</code>). The check
now automatically detects <code>[bot]</code>-authored comments and skips
the guard for that path, while keeping all other
<code>issue_comment:created</code> paths fully protected. <em>(Reported
by <code>@theletterf</code> in <a
href="https://redirect.github.com/github/gh-aw/issues/30327">#30327</a>)</em></p>
</li>
</ul>
<h3>✨ What's New</h3>
<ul>
<li>
<p><strong><code>allow-bot-authored-trigger-comment</code> frontmatter
option</strong> — For bots that don't follow the standard
<code>[bot]</code> naming convention, you can now opt into the
confused-deputy bypass explicitly:</p>
<pre lang="yaml"><code>on:
issue_comment:
types: [edited]
allow-bot-authored-trigger-comment: true
</code></pre>
</li>
<li>
<p><strong>MCP progress notifications</strong> — The <code>logs</code>,
<code>audit</code>, and <code>audit-diff</code> MCP tools now stream
real-time progress updates to AI clients (Copilot, Claude) during
long-running operations, eliminating silent 30+ second waits.</p>
</li>
<li>
<p><strong>MCP Gateway bump to v0.3.6</strong> — The embedded MCP
gateway has been updated to
<code>ghcr.io/github/gh-aw-mcpg:v0.3.6</code> with pinned digest for
supply-chain safety.</p>
</li>
</ul>
<h3>🌍 Community Contributions</h3>
<!-- raw HTML omitted -->
<h3><code>@jeffhandley</code></h3>
<ul>
<li><a
href="https://redirect.github.com/github/gh-aw/issues/30232">Agent
'needs' does not incorporate jobs in engine.env expressions</a>
<em>(direct issue)</em></li>
<li><a
href="https://redirect.github.com/github/gh-aw/issues/30204">Multi-line
expressions unsupported in <code>engine.env</code> values</a>
<em>(direct issue)</em></li>
</ul>
<h3><code>@mason-tim</code></h3>
<ul>
<li><a
href="https://redirect.github.com/github/gh-aw/issues/30336">Activation
comment / reaction not posted for <code>pull_request_review</code>
triggers — <code>buildReactionLikeCondition</code> allowlist is
incomplete</a> <em>(direct issue)</em></li>
</ul>
<h3><code>@MauroDruwel</code></h3>
<ul>
<li>[gh aw upgrade: still warns 'Remove unsafe secrets from engine.env'
despite fix in <a
href="https://redirect.github.com/github/gh-aw/issues/29378">#29378</a>
for compile](<a
href="https://redirect.github.com/github/gh-aw/issues/30178">github/gh-aw#30178</a>)
<em>(direct issue)</em></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/gh-aw/commit/19ac811a4a85389c33b15128e1d7b7d4507f814a"><code>19ac811</code></a>
Bump default AWF firewall image set to v0.25.40 (<a
href="https://redirect.github.com/github/gh-aw/issues/30406">#30406</a>)</li>
<li><a
href="https://github.com/github/gh-aw/commit/ec084897bffb5017816faee39a5121fcb6a7c71e"><code>ec08489</code></a>
Fix CJS shard failures caused by <code>template_branch.cjs</code>
integration gaps (<a
href="https://redirect.github.com/github/gh-aw/issues/30425">#30425</a>)</li>
<li><a
href="https://github.com/github/gh-aw/commit/377109d8377d6b8181cb58e30ea067609e22ff1f"><code>377109d</code></a>
Fix js-typecheck failure in <code>template_branch.cjs</code> null-else
branch typing (<a
href="https://redirect.github.com/github/gh-aw/issues/3">#3</a>...</li>
<li><a
href="https://github.com/github/gh-aw/commit/456c1ceb138515521b83352081577ad232d95892"><code>456c1ce</code></a>
Add MCP Gateway v0.3.6 container pin to lock data and embedded pin maps
(<a
href="https://redirect.github.com/github/gh-aw/issues/30408">#30408</a>)</li>
<li><a
href="https://github.com/github/gh-aw/commit/8098a8ee8c57df985adfd36f98a7328d3b31d13e"><code>8098a8e</code></a>
Rename <code>MustBeWithin</code> → <code>ValidatePathWithinBase</code>
in <code>pkg/fileutil</code> (<a
href="https://redirect.github.com/github/gh-aw/issues/30421">#30421</a>)</li>
<li><a
href="https://github.com/github/gh-aw/commit/6a0ab1e13133c52348f9d1d61bd5955e29341c3b"><code>6a0ab1e</code></a>
chore: update source reference in token optimizer workflows (<a
href="https://redirect.github.com/github/gh-aw/issues/30420">#30420</a>)</li>
<li><a
href="https://github.com/github/gh-aw/commit/53bd0fb80f8eba52cc0e62dea5095aef2a88f715"><code>53bd0fb</code></a>
feat: Update OTel instrumentation workflow to support multiple endpoints
(<a
href="https://redirect.github.com/github/gh-aw/issues/30">#30</a>...</li>
<li><a
href="https://github.com/github/gh-aw/commit/e890d0f372bb10643492a0f0b343970dce18c915"><code>e890d0f</code></a>
fix: use require.Error for error assertion in compile_args_test.go (<a
href="https://redirect.github.com/github/gh-aw/issues/30394">#30394</a>)</li>
<li><a
href="https://github.com/github/gh-aw/commit/2fa5c46826e584b5e302458acb73f16ffc1644c0"><code>2fa5c46</code></a>
Add redirect from shared/apm.md to microsoft/apm upstream and update
docs (<a
href="https://redirect.github.com/github/gh-aw/issues/3">#3</a>...</li>
<li><a
href="https://github.com/github/gh-aw/commit/19b21703d2332d12e12ff1b2866ffd6117b6607e"><code>19b2170</code></a>
Add <code>agentic-ops</code> workflows (<a
href="https://redirect.github.com/github/gh-aw/issues/30379">#30379</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/github/gh-aw/compare/v0.68.3...v0.71.5">compare
view</a></li>
</ul>
</details>
<br />
Updates `openvinotoolkit/openvino` from
10d999b8d93ce104907890c54f85eb585112f751 to
a5247d3e30ec70f8027a38d64aa46136ec39bc44
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/openvinotoolkit/openvino/blob/master/docs/RELEASE.MD">openvinotoolkit/openvino's
changelog</a>.</em></p>
<blockquote>
<h1>OpenVINO Release Management</h1>
<p>The process described below reflects the approach to managing
OpenVINO releases.</p>
<h2>Release Milestones</h2>
<ul>
<li>Planning</li>
<li>Execution (development of new features)</li>
<li>Stabilization (Feature Freeze, Code Freeze milestones)</li>
<li>Validation</li>
<li>Distribution</li>
</ul>
<h3>Planning</h3>
<p>This phase takes 2-4 weeks and involves scoping the backlog,
prioritizing it, analyzing, and making commitments by developers for
timelines specified by the release manager.</p>
<h3>Execution (development of new features)</h3>
<ul>
<li><a
href="https://github.com/openvinotoolkit/openvino/blob/master/CONTRIBUTING.md">OpenVINO
Contributing Guide</a></li>
<li><a
href="https://docs.openvino.ai/2026/about-openvino/contributing/code-contribution-guide.html">Code
Contribution Guide</a></li>
<li><a
href="https://redirect.github.com/openvinotoolkit/openvino/issues/17502">OpenVINO
First Good Issue</a></li>
</ul>
<h3>Stabilization (Feature Freeze, Code Freeze milestones)</h3>
<ul>
<li><strong>Feature Freeze</strong>: This milestone ensures that no new
features are added to the software after a certain point. This allows
the development team to focus on stabilizing and refining the existing
features, fixing bugs, and improving performance without the risk of
introducing new issues.</li>
<li><strong>Code Freeze</strong>: This milestone marks the point where
no new code changes are allowed except for critical bug fixes. This
helps in ensuring that the final product is stable and reliable, as it
minimizes the risk of last-minute changes that could introduce new bugs
or instability.</li>
</ul>
<h3>Release Validation</h3>
<ul>
<li>This is a continuous process executed on a regular basis with
cadence based on testing type: nightly, bi-weekly, weekly.</li>
<li>After Code Freeze, the testing team can perform final regression
testing to ensure that recent changes have not introduced new bugs and
that the software meets the required quality standards.</li>
</ul>
<h3>Distribution</h3>
<ul>
<li>OpenVINO has different types of build distribution: Regular
releases, Long-Term Support, Pre-release releases, Nightly builds. Read
more here: <a
href="https://docs.openvino.ai/2026/about-openvino/release-notes-openvino/release-policy.html">OpenVINO
Release Policy</a></li>
<li>Different distribution channels are supported. Explore different
options here: <a
href="https://www.intel.com/content/www/us/en/developer/tools/openvino-toolkit/download.html">OpenVINO
Download</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/openvinotoolkit/openvino/commit/a5247d3e30ec70f8027a38d64aa46136ec39bc44"><code>a5247d3</code></a>
NPUW: Refactor dynamic attention as a subgraph behavior (<a
href="https://redirect.github.com/openvinotoolkit/openvino/issues/35645">#35645</a>)</li>
<li><a
href="https://github.com/openvinotoolkit/openvino/commit/29da988dd17fb8eef8b5492f185564c948164630"><code>29da988</code></a>
[GPU] Optimize MVN and reorders for nnUNet INT8 5D model (<a
href="https://redirect.github.com/openvinotoolkit/openvino/issues/34949">#34949</a>)</li>
<li><a
href="https://github.com/openvinotoolkit/openvino/commit/ffa272df855c25a2ccf2b2dbf632d74ce54d931f"><code>ffa272d</code></a>
[GPU] Avoid OpenCL build failures in broadcast and integer eltwise
kernels (#...</li>
<li><a
href="https://github.com/openvinotoolkit/openvino/commit/9a25caa5a158feb86063e7935f80e7f6eb69de09"><code>9a25caa</code></a>
[GPU] Fix Gemma4-E4B SDPA model (<a
href="https://redirect.github.com/openvinotoolkit/openvino/issues/35642">#35642</a>)</li>
<li><a
href="https://github.com/openvinotoolkit/openvino/commit/ef1db002a3edf43919feca56c02611d1c13ab631"><code>ef1db00</code></a>
Bump gtest submodule to v1.17.0-based fork (<a
href="https://redirect.github.com/openvinotoolkit/openvino/issues/35606">#35606</a>)</li>
<li><a
href="https://github.com/openvinotoolkit/openvino/commit/e3f32f4358244753961730c1fbb1dfbaf3609bb7"><code>e3f32f4</code></a>
[TRANSFORMATION] Fixed bias detection in PagedCausalConv1d fusion (<a
href="https://redirect.github.com/openvinotoolkit/openvino/issues/35621">#35621</a>)</li>
<li><a
href="https://github.com/openvinotoolkit/openvino/commit/d182734bee5c468de2a778cd28ea0901b8448d17"><code>d182734</code></a>
Add Raspberry Pi AArch64 cross-compilation toolchains for macOS and
Windows (...</li>
<li><a
href="https://github.com/openvinotoolkit/openvino/commit/420fbee564cc3a4adc43cd492bc852c7943c9f22"><code>420fbee</code></a>
[Snippets][CPU][ARM] Implement load/store + convert fusion (<a
href="https://redirect.github.com/openvinotoolkit/openvino/issues/35526">#35526</a>)</li>
<li><a
href="https://github.com/openvinotoolkit/openvino/commit/d68240115ff21ad8c23c84ec105829259bab815c"><code>d682401</code></a>
Fix for cmake_path for old cmake versions (<3.20) (<a
href="https://redirect.github.com/openvinotoolkit/openvino/issues/35663">#35663</a>)</li>
<li><a
href="https://github.com/openvinotoolkit/openvino/commit/e016feaecfcb419da24a60dd86ed4cd60a57d22b"><code>e016fea</code></a>
[GPU] Extend UnsqueezeBroadcastReshapeSDPAFusion for SDPA input patterns
(<a
href="https://redirect.github.com/openvinotoolkit/openvino/issues/35">#35</a>...</li>
<li>Additional commits viewable in <a
href="https://github.com/openvinotoolkit/openvino/compare/10d999b8d93ce104907890c54f85eb585112f751...a5247d3e30ec70f8027a38d64aa46136ec39bc44">compare
view</a></li>
</ul>
</details>
<br />
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent e75c6fa commit 0a10767
6 files changed
Lines changed: 11 additions & 11 deletions
File tree
- .github/workflows
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
21 | 21 | | |
22 | 22 | | |
23 | 23 | | |
24 | | - | |
| 24 | + | |
25 | 25 | | |
26 | 26 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
53 | 53 | | |
54 | 54 | | |
55 | 55 | | |
56 | | - | |
| 56 | + | |
57 | 57 | | |
58 | 58 | | |
59 | 59 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
43 | 43 | | |
44 | 44 | | |
45 | 45 | | |
46 | | - | |
| 46 | + | |
47 | 47 | | |
48 | 48 | | |
49 | 49 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
53 | 53 | | |
54 | 54 | | |
55 | 55 | | |
56 | | - | |
| 56 | + | |
57 | 57 | | |
58 | 58 | | |
59 | 59 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
47 | 47 | | |
48 | 48 | | |
49 | 49 | | |
50 | | - | |
| 50 | + | |
51 | 51 | | |
52 | 52 | | |
53 | 53 | | |
| |||
0 commit comments