Bump github/gh-aw from 0.61.0 to 0.62.0

[dependabot]

Bumps github/gh-aw from 0.61.0 to 0.62.0.

Release notes

Sourced from github/gh-aw's releases.

v0.62.0

🌟 Release Highlights

This release promotes the GitHub MCP guard policy to general availability, adds inline custom safe-output scripts, and ships several quality-of-life improvements for diagnostics and documentation.

✨ What's New

• Custom safe-output scripts — Define inline JavaScript handlers in safe-outputs.scripts that run inside the consolidated safe-outputs job, without creating a separate GitHub Actions job. This gives you lightweight extensibility right where you need it. (#21582)

• GitHub MCP guard policy is now GA — The tools.github repos/min-integrity guard policy is out of experimental status. The noisy "experimental feature" warning has been removed for cleaner workflow logs. (#21717)

• Collapsible guard policy step summary — The GitHub MCP guard policy step now uses a <details> element for its summary, reducing visual noise in the Actions UI while keeping details accessible. (#21677)

🐛 Bug Fixes & Improvements

• Guard policy defaults fixed — Specifying only min-integrity under tools.github without a repos field no longer raises a hard validation error; it now correctly defaults to repos: all. (#21718)

• Audit diagnostics improved — The gh aw audit command no longer shows the contradictory "failed with 0 error(s)" message, and correctly reports workflow_name for pre-activation failures (cancelled runs, infrastructure-level failures). (#21692)

• Better PR permission error guidance — When PR creation fails due to missing GitHub Actions permissions, diagnostics now include a direct link to the relevant FAQ entry to speed up resolution. (#21694)

• Corrected default timeout documentation — The documented default timeout was incorrectly listed as 360 minutes; it is 20 minutes. (#21673)

📚 Documentation

• steps.sanitized.outputs.* is now the canonical form — All documentation has been updated to use $\{\{ steps.sanitized.outputs.text/title/body }} instead of the deprecated $\{\{ needs.activation.outputs.* }} form. The compiler still accepts the old form (with a deprecation warning) for backward compatibility. (#21682)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @dsyme for correct default timeout docs from 360 to 20 minutes (#21663)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• fix: correct default timeout docs from 360 to 20 minutes (#21663) by @​dsyme in github/gh-aw#21673
• [instructions] Sync github-agentic-workflows.md with v0.40.1 by @​github-actions[bot] in github/gh-aw#21683
• Use <details> element for GitHub MCP guard policy step summary by @​Copilot in github/gh-aw#21677
• Add support for defined custom safe-output scripts by @​Copilot in github/gh-aw#21582
• Add DIFC_FILTERED event support to gateway log parsing by @​Copilot in github/gh-aw#21681
• fix: add docs/.npmrc to resolve astro-mermaid peer dep conflict with Astro v6 by @​Copilot in github/gh-aw#21691
• Deprecate needs.activation.outputs.* in workflow markdown; update all docs to use steps.sanitized.outputs.* by @​Copilot in github/gh-aw#21682

... (truncated)

Commits

• f1633bc Update gh-aw-mcpg to v0.1.19 (#21737)
• ca1a1b2 docs: document safe-outputs scripts and guard policy repos default (#21731)
• 3f72d35 fix: default github.repos to all when omitted from guard policy (#21718)
• 477b67c Remove experimental warning for tools.github guard policy (repos/min-integrit...
• 44162bc Add FAQ link to "GitHub Actions not permitted to create or approve pull reque...
• 56547c3 fix(audit): misleading "failed with 0 error(s)" message and wrong workflow_na...
• d307ae3 fix(smoke): remove redundant title-prefix from smoke-update-cross-repo-pr (#2...
• bad0038 Replace github.lockdown with github.repos/min-integrity guard policies in cre...
• d07c1af Deprecate needs.activation.outputs.* in workflow markdown; update all docs ...
• d1dced1 fix: add docs/.npmrc to resolve astro-mermaid peer dep conflict with Astro v6...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Superseded by #514.