Download Latest Version
v0.46.0 source code.tar.gz (216.1 MB)
Get an email when there's a new version of GitHub Agentic Workflows
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| sbom.cdx.json | < 18 hours ago | 3.0 MB | |
| sbom.spdx.json | < 18 hours ago | 5.1 MB | |
| linux-amd64 | < 18 hours ago | 21.7 MB | |
| linux-arm | < 18 hours ago | 20.8 MB | |
| linux-arm64 | < 18 hours ago | 20.1 MB | |
| windows-amd64.exe | < 18 hours ago | 22.3 MB | |
| windows-arm64.exe | < 18 hours ago | 20.4 MB | |
| linux-386 | < 18 hours ago | 20.9 MB | |
| checksums.txt | < 18 hours ago | 872 Bytes | |
| darwin-amd64 | < 18 hours ago | 22.1 MB | |
| darwin-arm64 | < 18 hours ago | 20.5 MB | |
| freebsd-386 | < 18 hours ago | 20.7 MB | |
| freebsd-amd64 | < 18 hours ago | 21.6 MB | |
| freebsd-arm64 | < 18 hours ago | 20.0 MB | |
| README.md | < 19 hours ago | 3.4 kB | |
| v0.46.0 source code.tar.gz | < 19 hours ago | 216.1 MB | |
| v0.46.0 source code.zip | < 19 hours ago | 217.9 MB | |
| Totals: 17 Items | 673.1 MB | 0 | |
🌟 Release Highlights
This release focuses on security hardening and workflow discoverability, with critical injection attack protection and smarter secret management.
🔒 Security Improvements
- Injection attack prevention - Numeric context variables in activation are now validated to prevent sophisticated injection attacks that could exploit numeric-to-string coercion (#16515). This hardens workflows against malicious input in issue numbers, PR numbers, and other numeric GitHub context fields.
✨ What's New
-
Smart secret detection -
gh aw secrets bootstrapnow automatically analyzes your workflows to determine which secrets are actually required, eliminating guesswork and reducing setup friction (#16475). Learn more -
Granular discussion permissions - Safe output tools
add-commentandhide-commentnow support an optionaldiscussionsfield, giving you fine-grained control over thediscussions:writepermission (#16509). Only request discussion access when you need it.
⚡ Performance
- Faster compilation - Failed action resolutions are now cached per compilation run, significantly reducing compile times for workflows with missing actions (#16506)
🐛 Bug Fixes & Improvements
-
Better title formatting - Workflow titles with prefixes ending in
]or-now have proper spacing, improving readability in the GitHub Actions UI (#16517) -
Playground UX - Removed the Copy button from the playground editor to streamline the editing experience (#16508)
📚 Documentation
- Bootstrap discovery docs - Updated documentation reflects the new workflow analysis feature in
gh aw secrets bootstrap(#16512) - Safe outputs spec - Specification updated to document the new discussions permission control (#16516)
For complete details, see CHANGELOG.
Generated by Release
What's Changed
- Analyze workflows to determine required secrets in bootstrap by @Copilot in https://github.com/github/gh-aw/pull/16475
- Cache failed action resolutions per compilation run by @Copilot in https://github.com/github/gh-aw/pull/16506
- Remove Copy button from playground editor by @Copilot in https://github.com/github/gh-aw/pull/16508
- [docs] Update documentation for gh aw secrets bootstrap workflow discovery feature by @github-actions[bot] in https://github.com/github/gh-aw/pull/16512
- Add optional discussions field to control discussions:write permission for add-comment and hide-comment by @Copilot in https://github.com/github/gh-aw/pull/16509
- chore(deps): bump fast-xml-parser from 5.3.5 to 5.3.6 in /docs in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/github/gh-aw/pull/16484
- Update safe outputs spec with discussions field from PR [#16509] by @Copilot in https://github.com/github/gh-aw/pull/16516
- Add spacing after title prefixes ending with
]or-by @Copilot in https://github.com/github/gh-aw/pull/16517 - Validate numeric context variables in activation to prevent injection attacks by @Copilot in https://github.com/github/gh-aw/pull/16515
Full Changelog: https://github.com/github/gh-aw/compare/v0.45.7...v0.46.0
