Bump github/gh-aw from 0.57.2 to 0.58.3

[dependabot]

Bumps github/gh-aw from 0.57.2 to 0.58.3.

Release notes

Sourced from github/gh-aw's releases.

v0.58.3

🌟 Release Highlights

This release focuses on security hardening, GHES compatibility, and developer experience improvements — with better MCP write protection, a new Copilot pre-flight diagnostic for enterprise environments, and a noticeably improved run details summary.

✨ What's New

• MCP Write-Sink Guard Policy — All non-GitHub MCP servers configured via the gateway now enforce a write-sink guard policy, preventing unintended writes through third-party MCP tools. This improves the security posture of workflows using custom MCP integrations. (#21005)

• Copilot Pre-flight Diagnostic for GHES — A new pre-flight check helps diagnose Copilot configuration issues in GitHub Enterprise Server environments before a workflow run fails, saving time when debugging enterprise setups. (#20975)

• Action Pins Mode with gh-aw-actions v0 — The action-tag step now uses action pins mode, enabling stable and auditable action references via gh-aw-actions at the v0 tag. (#20991)

• Enhanced Run Details Step Summary — Workflow run summaries now render as structured bullet points, display the gh-aw version, and include full aw_info output for easier post-run inspection. (#20989)

⚡ Performance

• Faster Workflow Name Extraction — extractWorkflowNameFromFile no longer performs an unnecessary full YAML parse, reducing overhead when processing large workflow collections. (#21012)

🐛 Bug Fixes & Improvements

• GHES Host Leakage Prevention — The "Install GitHub Copilot CLI" step now explicitly emits GH_HOST: github.com, preventing GHES host values from leaking into the Copilot CLI installation context. (#20992)
• Workflow Call Artifact Downloads Fixed — Artifact prefix handling in the conclusion job and script step downloads now works correctly in workflow_call contexts. (#21011)
• TypeScript Type Error Fixed — Resolved a type error in json_object_to_markdown.cjs that could cause runtime failures in certain output scenarios. (#21010)
• Go Firewall Rule for Shared Workflows — The shared/go-make.md shared workflow now includes go in its firewall allowed set, enabling Go toolchain downloads during builds. (#21014)

📚 Documentation

• Accessibility: Live Search Results — The docs site search now announces results to screen readers via aria-live, improving accessibility for keyboard and assistive technology users. (#21019)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• Optimize qmd-docs workflows: explicitly instruct models to use qmd-query for doc search by @​Copilot in github/gh-aw#20987
• Add Copilot pre-flight diagnostic for GHES environments by @​Claude in github/gh-aw#20975
• Improve run details step summary: bullet points, aw version, and full aw_info rendering by @​Copilot in github/gh-aw#20989
• feat: update action-tag to use action pins mode (gh-aw-actions) with v0 by @​Copilot in github/gh-aw#20991
• fix: emit GH_HOST: github.com on Install GitHub Copilot CLI step to prevent GHES host leakage by @​Copilot in github/gh-aw#20992
• [instructions] Sync github-agentic-workflows.md with v0.40.1 by @​github-actions[bot] in github/gh-aw#21001
• [docs] docs: condense CentralRepoOps intro and remove duplicate cross-repo notes by @​github-actions[bot] in github/gh-aw#21003
• feat: add write-sink guard policy to all non-GitHub MCP servers configured by gateway by @​Copilot in github/gh-aw#21005
• Add go firewall allowed set to shared/go-make.md by @​Copilot in github/gh-aw#21014
• perf: optimize extractWorkflowNameFromFile by eliminating unnecessary YAML parse by @​Copilot in github/gh-aw#21012

... (truncated)

Commits

• 08a903b docs: add aria-live enhancement for search results accessibility (#issue) (#2...
• 1cb4a5a Remove copilot-preflight script and associated step generation (#21016)
• 47ab8dd fix: use artifact prefix in conclusion job and script step downloads for work...
• c87077e perf: optimize extractWorkflowNameFromFile by eliminating unnecessary YAML ...
• 1a426d0 Add go firewall allowed set to shared/go-make.md (#21014)
• 50e4991 feat: add write-sink guard policy to all non-GitHub MCP servers configured by...
• 4e2b550 docs: condense intro and remove duplicate cross-repo notes in central-repo-op...
• 1333b4a docs: add action-tag feature flag to github-agentic-workflows.md (#21001)
• 5a8a60a fix: emit GH_HOST: github.com on Install GitHub Copilot CLI step to prevent G...
• 4173449 feat: update action-tag to use action pins mode (gh-aw-actions) with v0 (#20991)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Superseded by #510.