| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| sbom.cdx.json | < 9 hours ago | 3.0 MB | |
| sbom.spdx.json | < 9 hours ago | 5.1 MB | |
| windows-arm64.exe | < 9 hours ago | 21.0 MB | |
| linux-386 | < 9 hours ago | 21.5 MB | |
| linux-amd64 | < 9 hours ago | 22.3 MB | |
| linux-arm | < 9 hours ago | 21.4 MB | |
| linux-arm64 | < 9 hours ago | 20.6 MB | |
| windows-amd64.exe | < 9 hours ago | 22.9 MB | |
| freebsd-arm64 | < 9 hours ago | 20.5 MB | |
| gh-aw-wasm-v0.49.0.tar.gz | < 9 hours ago | 4.3 MB | |
| checksums.txt | < 9 hours ago | 964 Bytes | |
| darwin-amd64 | < 9 hours ago | 22.7 MB | |
| darwin-arm64 | < 9 hours ago | 21.1 MB | |
| freebsd-386 | < 9 hours ago | 21.3 MB | |
| freebsd-amd64 | < 9 hours ago | 22.2 MB | |
| README.md | < 9 hours ago | 5.2 kB | |
| v0.49.0 source code.tar.gz | < 9 hours ago | 216.3 MB | |
| v0.49.0 source code.zip | < 9 hours ago | 218.2 MB | |
| Totals: 18 Items | 684.5 MB | 0 | |
🌟 Release Highlights
This release focuses on security hardening, safe outputs flexibility, and code quality improvements — making workflows more robust and configurable.
🔒 Security Hardening
Critical security fixes and hardening across the codebase:
- Shell injection fix in
upload_assets.cjs— closes an incomplete fix from a prior commit (#17736) - Hardened
exec.Commandinvocations for cross-platform compatibility and security across the codebase (#17729)
✨ What's New
- Templatable boolean & integer fields in safe outputs — workflow authors can now use template expressions for boolean flags and integer max fields, enabling dynamic configuration without recompilation (#17653, [#17667], [#17694])
expirescodemod — a migration helper that automatically converts integerexpiresvalues to the new day-string format, making upgrades seamless (#17695)- Configurable bot trigger neutralization —
safe-outputs.max-bot-mentionscontrols how many bot trigger references are preserved vs. escaped, with smarter handling for already-quoted entries (#17689) - Source links in GitHub MCP tools report — the MCP tools report now includes direct links to source definitions, improving discoverability (#17709)
- MCP Gateway updated to v0.1.5 (#17697)
🐛 Bug Fixes & Improvements
- Fixed
base64executable not found on Windows duringgh aw update(#17720) - Resolved 22 actionlint expression errors caused by missing
needs:declarations in 4 workflows (#17681) - Fixed
ci-doctorto pre-download logs and artifacts, applying generic error heuristics to reduce token usage (#17719) - Replaced
curl | shuv install with pinnedastral-sh/setup-uvaction for more reliable CI (#17688)
🔧 Internal
- Enabled 16 additional Go linters +
modernizeandintrangelinters with all issues resolved (#17714, [#17705]) - Normalized report formatting across multiple internal workflows (#17727, [#17698])
For complete details, see CHANGELOG.
Generated by Release
What's Changed
- [docs] Update dictation skill instructions by @github-actions[bot] in https://github.com/github/gh-aw/pull/17665
- Convert boolean safe output fields to templatable bools by @Copilot in https://github.com/github/gh-aw/pull/17653
- Add templatable integer support for safe output max fields by @Copilot in https://github.com/github/gh-aw/pull/17667
- Fix SC2129: use grouped redirect for prompt construction in compiler template by @Copilot in https://github.com/github/gh-aw/pull/17687
- Replace
curl | shuv install with pinnedastral-sh/setup-uvaction by @Copilot in https://github.com/github/gh-aw/pull/17688 - Update safe outputs spec with templatable boolean and integer fields by @Copilot in https://github.com/github/gh-aw/pull/17694
- Normalize report formatting for step-name-alignment and bot-detection workflows by @Copilot in https://github.com/github/gh-aw/pull/17698
- Add codemod to migrate expires integer values to day-string format by @Copilot in https://github.com/github/gh-aw/pull/17695
- fix: rename "Upload Assets to Orphaned Branch" step to "Push assets" across 23 workflows by @Copilot in https://github.com/github/gh-aw/pull/17696
- Fix missing
needs:declarations causing 22 actionlint expression errors in 4 workflows by @Copilot in https://github.com/github/gh-aw/pull/17681 - Add
modernizeandintrangelinters and fix all issues by @Copilot in https://github.com/github/gh-aw/pull/17705 - Update MCP Gateway to v0.1.5 by @Copilot in https://github.com/github/gh-aw/pull/17697
- Add source links to GitHub MCP tools report by @Copilot in https://github.com/github/gh-aw/pull/17709
- fix(ci-doctor): pre-download logs and artifacts, apply generic error heuristics to reduce token usage by @Copilot in https://github.com/github/gh-aw/pull/17719
- Fix
base64executable not found on Windows ingh aw updateby @Copilot in https://github.com/github/gh-aw/pull/17720 - neutralizeBotTriggers: allow first n references unchanged then escape excess, skip already-quoted entries, configurable via safe-outputs.max-bot-mentions by @Copilot in https://github.com/github/gh-aw/pull/17689
- Normalize report formatting in org-health-report and daily-safe-outputs-conformance workflows by @Copilot in https://github.com/github/gh-aw/pull/17727
- fix: use strings.Cut to resolve stringscut lint violation in known_needs_expressions by @Copilot in https://github.com/github/gh-aw/pull/17728
- Enable 16 additional Go linters and fix all reported issues by @Copilot in https://github.com/github/gh-aw/pull/17714
- Review and harden all exec.Command invocations for cross-platform compatibility and security by @Copilot in https://github.com/github/gh-aw/pull/17729
- fix: close shell injection in upload_assets.cjs (incomplete fix from d07e64c3) by @Copilot in https://github.com/github/gh-aw/pull/17736
Full Changelog: https://github.com/github/gh-aw/compare/v0.48.4...v0.49.0