Bump github/gh-aw from 0.59.0 to 0.61.0

[dependabot]

Bumps github/gh-aw from 0.59.0 to 0.61.0.

Release notes

Sourced from github/gh-aw's releases.

v0.61.0

🌟 Release Highlights

v0.61.0 delivers important reliability fixes for safe-outputs, expands cross-repository project management, and improves the debugging experience with automatic runner debug detection. GHE Cloud users also get a critical compatibility fix.

✨ What's New

• 🔍 Automatic debug logging — When running with ACTIONS_RUNNER_DEBUG=true, full debug logging now activates automatically — no more setting DEBUG=* manually to diagnose workflow issues. (#21406)

• 🗂️ Cross-repo project item updates — update_project now accepts a target_repo parameter, enabling org-level project boards to update fields on items from repositories other than the triggering one. (#21404)

• 🏢 GHE Cloud data residency support — Compiled workflows now automatically inject a GH_HOST configuration step, fixing gh CLI failures on *.ghe.com instances. (#21408)

• 📦 CI build artifacts — The build CI job now uploads the compiled gh-aw binary as a downloadable artifact with step summary instructions, making it easier to test binaries from any CI run. (#21440)

🐛 Bug Fixes & Improvements

• Safe-outputs staged mode — safe-outputs.staged: true was silently failing for most handler types due to schema validation issues (additionalProperties) and missing conditional logic. All 40 handler types now work correctly. (#21414)

• set_issue_type in runtime tools — The set_issue_type tool was missing from the runtime tools JSON, making it unavailable to agents at runtime despite being compiled in. (#21421)

• Security: editor URL validation — Fixed a client-side request forgery vulnerability where unvalidated location.hash values were passed directly to fetch(), allowing requests to arbitrary hosts. (#21423)

• Clean lock.yml output — Generated .lock.yml files no longer start with a spurious bare # line before the ASCII logo. (#21413)

• CLI help text consistency — Resolved 10 inconsistencies across command help text including mismatched descriptions, vague group labels, and flag semantic drift. (#21400)

📚 Documentation

• Creating Command Workflows guide — New section in the workflow creation docs covering on-demand "command" workflows and when to use each approach. (#21410)

• Claude plugins + APM dependencies FAQ — Added a FAQ entry explaining how to use Claude Code plugins alongside APM (dependencies:) configuration. (#21409)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @holwerda for Support github-app: auth and Claude Code plugin registration for dependencies: (APM) (#21243)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• [doc-healer] DDUw: scan recently closed documentation issues to catch deferred gaps by @​Copilot in github/gh-aw#21439

... (truncated)

Commits

• 9758a19 fix: ensure safe-outputs staged mode works for all handler types (#21414)
• 30b2873 ci(build): add action-mode release + current commit SHA to step summary (#21450)
• a6dfd4c docs(cli): clarify automatic gh CLI configuration in GHES agent jobs (#21437)
• 5f84729 ci: upload gh-aw binary from build job as artifact with download instructions...
• bc8c7f8 log: add debug logging to 5 Go files across workflow and cli packages (#21445)
• c717c8b feat(update_project): add target_repo for cross-repo project item resolutio...
• 27c63b6 [doc-healer] DDUw: scan recently closed documentation issues to catch deferre...
• 5cb9ec0 Add missing safe-output test workflows and Go compiler tests (#21427)
• fc23139 Inject GH_HOST configuration step into compiled agent job for GHE Cloud data ...
• 33200cd fix: remove unused import of safe-output-app from changeset workflow
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud