deps(actions): bump github/gh-aw from 0.45.0 to 0.49.7

[dependabot]

Bumps github/gh-aw from 0.45.0 to 0.49.7.

Release notes

Sourced from github/gh-aw's releases.

v0.49.7

🌟 Release Highlights

This release sharpens the developer experience with a cleaner CI token configuration, more accurate audit diagnostics, polished error messages, and a new self-hosted runners guide.

⚠️ Breaking Changes

• GH_AW_EXTRA_EMPTY_COMMIT_TOKEN renamed to GH_AW_CI_TRIGGER_TOKEN — If you set this environment variable to trigger CI pipelines on empty commits, update your secret name to GH_AW_CI_TRIGGER_TOKEN. (#17997)

✨ What's New

• Simplified CI trigger token configuration — GH_AW_CI_TRIGGER_TOKEN is now used automatically when github-token-for-extra-empty-commit is not explicitly set, removing the need for the default keyword. Less boilerplate, same power. (#17997)
• AI message footer in activation comments — Activation comments (PR/issue links and commit-pushed messages) now include a contextual AI message footer, giving collaborators clearer context about agent activity. (#18021)

🐛 Bug Fixes & Improvements

• audit now points to the right error — The audit command was extracting error details from the "Complete job" teardown step instead of the actual failing step. It now correctly surfaces ##[error] annotations from the step that failed, making debugging dramatically more straightforward. (#18010)
• Clearer max-turns error for Copilot engine — The error message for unsupported max-turns on the Copilot engine was self-contradictory (telling users to remove it while showing an example using it). The message is now clean and unambiguous. (#18009)
• Fixed IMP-002 conformance check false failure — A casing mismatch in check-safe-outputs-conformance.sh caused a permanent false HIGH failure on every run. Now fixed. (#18011)

📚 Documentation

• New guide: Self-hosted runners — A comprehensive new guide covers all runs-on formats, shared runner configuration patterns, and detection job runner overrides. View guide (#17986)
• Streamlined triggers reference — The triggers reference page has been refactored for clarity, reducing size by 16% while preserving all essential information. (#18002)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @benvillalobos for Confusing error message: max-turns not supported example contradicts the error

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• [instructions] Sync github-agentic-workflows.md with release v0.40.1 by @​github-actions[bot] in github/gh-aw#17996
• [docs] Consolidate engine architecture, JS sanitization pipeline, activation output transforms into dev.md v2.9 by @​github-actions[bot] in github/gh-aw#17999
• Add documentation page on self-hosted runners configuration by @​Copilot in github/gh-aw#17986
• [docs] docs: unbloat triggers reference page by @​github-actions[bot] in github/gh-aw#18002
• fix: correct function name casing in IMP-002 conformance check by @​Copilot in github/gh-aw#18011
• 🔑 Rename env var to GH_AW_CI_TRIGGER_TOKEN and default its usage by @​dsyme in github/gh-aw#17997
• fix(audit): extract ##[error] annotations from all step logs instead of last-step content by @​Copilot in github/gh-aw#18010
• fix: simplify max-turns error message by removing contradictory example by @​Copilot in github/gh-aw#18009
• [WIP] Update activation comments with AI message footer by @​Copilot in github/gh-aw#18021

... (truncated)

Changelog

Sourced from github/gh-aw's changelog.

Changelog

All notable changes to this project will be documented in this file.

v0.40.1 - 2026-02-03

Move from githubnext/gh-aw to github/gh-aw

If you were a former user of the githubnext Agentic Workflows you might have to re-register the extension to reflect the new location. As the gh-aw project moved from githubnext to github please delete the old channel and register the new one.

Example:

gh extension list
NAME   REPO              VERSION
gh aw  githubnext/gh-aw  v0.36.0
gh extension upgrade --all
[aw]: already up to date
gh extension remove gh-aw
gh extension install github/gh-aw
✓ Installed extension github/gh-aw
gh extension list
NAME   REPO          VERSION
gh aw  github/gh-aw  v0.40.1

Bug Fixes

Handle 502 Bad Gateway errors in assign_to_agent handler by treating them as success. The cloud gateway may return 502 errors during agent assignment, but the assignment typically succeeds despite the error. The handler now logs 502 errors for troubleshooting but does not fail the workflow.

Add discussion interaction to smoke workflows and serialize the discussion

flag in safe-outputs handler config.

Smoke workflows now select a random discussion and post thematic comments to validate discussion comment functionality. The compiler now emits the "discussion": true flag in GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG when a workflow requests discussion output, and lock files include discussions: write permission where applicable.

Add discussion interaction to smoke workflows; compiler now serializes the discussion flag into the safe-outputs handler config so workflows can post comments to discussions. Lock files include discussions: write where applicable.

Smoke workflows pick a random discussion and post a thematic comment (copilot: playful, claude: comic-book, codex: mystical oracle, opencode: space mission). This is a non-breaking tooling/workflow change.

Add discussion interaction to smoke workflows; deprecate the discussion flag and

... (truncated)

Commits

• 0ea0cf1 [WIP] Update activation comments with AI message footer (#18021)
• 7d65d72 fix: simplify max-turns error message by removing contradictory example (#18009)
• 30b5391 fix(audit): extract ##[error] annotations from all step logs instead of last-...
• 4e13b1a 🔑 Rename env var to GH_AW_CI_TRIGGER_TOKEN and default its usage (#17997)
• 081eb67 fix: correct function name casing in IMP-002 conformance check (#18011)
• 1c597ef docs: unbloat triggers reference page (#18002)
• 34cfbf5 [WIP] Add documentation page on self-hosted runners configuration (#17986)
• d96fd82 docs: consolidate engine architecture, JS sanitization pipeline, activation o...
• 58771f4 Sync github-agentic-workflows.md with release v0.40.1 (#17996)
• c7b898f update reference links
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: release-note-none. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[yankay]

/lgtm

[github-actions]

Cannot approve the pull request: Error: yankay is not included in the approvers role in the OWNERS file

[dependabot]

Superseded by #381.