Skip to content

v0.82.13

Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 18 Jul 09:17
Immutable release. Only release title and notes can be modified.
017cdbc

🌟 Release Highlights

This release brings smarter ESLint rule detection, improved audit accuracy, and key bug fixes across the CLI, workshop, and setup tooling β€” with a notable breaking change in gh aw add.

⚠️ Breaking Changes

  • gh aw add now rejects packages with aw.yml config β€” packages that include an aw.yml configuration file will no longer be accepted. Update any such packages before upgrading. See PR #46273 for details.

✨ What's New

  • Auto-configure COPILOT_PROVIDER_WIRE_API from the model catalog (#46156) β€” The CLI now automatically resolves the provider wire API endpoint from the model catalog, reducing manual configuration overhead.
  • Default-on issue intent metadata (#46207) β€” set_issue_type, set_issue_field, and add_labels now emit issue intent metadata by default, enabling richer audit trails without extra configuration.
  • NO_COLOR support for stdout (#46197) β€” The CLI now honours the NO_COLOR environment variable, improving compatibility with non-interactive and accessibility-focused terminals.
  • Stronger ESLint alias detection (#46365) β€” The no-core-setoutput/exportvariable rules now catch aliased and destructured @actions/core bindings, closing a common bypass pattern.
  • Debug logging across CLI bootstrap and logs orchestration (#46337) β€” New structured debug output makes it easier to trace startup and log-download behaviour.

πŸ› Bug Fixes & Improvements

  • Accurate safe-output write counts in audit reports (#46360) β€” SafeItemsCount is now correctly populated in run_summary.json, so audit dashboards reflect real write activity.
  • Workshop progress rail and overflow fixes (#46378) β€” Resolves state coupling in the progress rail and responsive overflow issues in the workshop UI.
  • ESLint spawn-error alias guard (#46199) β€” Single-assignment aliases of spawn errors are now correctly recognised as valid guards, reducing false positives.
  • mapdeletecheck autofix safety (#46159) β€” Autofixes are now suppressed when comments overlap the replaced span, preventing incorrect edits.
  • Setup-JS error resilience (#46102) β€” All synchronous filesystem calls in actions/setup/js are now wrapped in try/catch blocks.
  • Integer overflow fix in allocation size hints (#46375) β€” Resolves a go/allocation-size-overflow code scanning alert.

πŸ“š Documentation

  • Workshop view guide added (#46237) β€” New documentation covering the workshop UI view.
  • Ephemerals reference streamlined (#46288) β€” The ephemerals reference page has been trimmed for clarity and readability.
  • ESLint factory rules documented (#46361) β€” Six previously undocumented ESLint factory rules now have full README entries.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by πŸš€ Release Β· 18.1 AIC Β· ⊞ 7.8K


What's Changed

  • [code-scanning-fix] Fix js/unused-local-variable: Remove unused TSESTree import by @github-actions[bot] in #46173
  • [WIP] Fix failing GitHub Actions job Integration: CLI Add & List Commands by @pelikhan with @Copilot in #46160
  • [docs] Update glossary - daily scan by @github-actions[bot] in #46204
  • fix: sync pkg/linters/doc.go to 51 analyzers and add drift guard test by @pelikhan with @Copilot in #46138
  • refactor(threat-detection): extract shared external detector WorkflowData setup into helper by @pelikhan with @Copilot in #46142
  • Refactor logs download orchestration to reduce pkg/cli largefunc backlog by @pelikhan with @Copilot in #46125
  • docs: add workshop view by @mnkiefer in #46237
  • fix(setup-js): wrap all sync fs calls in try/catch (eslint-monster remediation) by @pelikhan with @Copilot in #46102
  • mapdeletecheck: suppress autofix when comments overlap the replaced span by @pelikhan with @Copilot in #46159
  • Refine require-new-url-try-catch safe-argument detection by @pelikhan with @Copilot in #46190
  • fix(eslint-factory): recognize single-assignment alias of spawn error as valid guard by @pelikhan with @Copilot in #46199
  • [spec-extractor] Update package specifications for stringutil, styles, testutil, timeutil by @github-actions[bot] in #46202
  • [docs] docs: unbloat ephemerals reference by @github-actions[bot] in #46288
  • [community] Update community contributions in README by @github-actions[bot] in #46327
  • [log] Add debug logging to CLI bootstrap, logs orchestration, and domain buckets by @github-actions[bot] in #46337
  • [docs] Self-healing documentation fixes from issue analysis - 2026-07-18 by @github-actions[bot] in #46314
  • auto-configure COPILOT_PROVIDER_WIRE_API from model catalog by @pelikhan with @Copilot in #46156
  • Add list_code_scanning_alerts query-bounding guardrail and regression tests by @pelikhan with @Copilot in #46198
  • Refresh stale package specs and add linters doc drift guard by @pelikhan with @Copilot in #46257
  • docs: record breaking change for gh aw add rejecting packages with aw.yml config by @pelikhan with @Copilot in #46273
  • docs(spdd): add safeguards, edge cases, ops order, norms, and requirements to five spec files by @pelikhan with @Copilot in #46283
  • fix(eslint): resolve route/URL/control-flow lint violations in actions/setup/js by @pelikhan with @Copilot in #46100
  • [formal-spec] Add PM-10/AppG formal model coverage for security architecture summary by @pelikhan with @Copilot in #46280
  • docs(eslint-factory): document 6 undocumented rules in README by @pelikhan with @Copilot in #46361
  • [jsweep] Clean validate_secrets.cjs by @github-actions[bot] in #46129
  • test(errorutil): improve edge-case coverage and reduce assertion noise by @pelikhan with @Copilot in #46366
  • feat(eslint): extend no-core-setoutput/exportvariable rules to detect aliased and destructured core bindings by @pelikhan with @Copilot in #46365
  • Default-on issue intent metadata for set_issue_type, set_issue_field, and add_labels by @pelikhan with @Copilot in #46207
  • feat(styles,console,colorwriter): hoist palette color.Color vars and honor NO_COLOR on stdout by @pelikhan with @Copilot in #46197
  • [code-scanning-fix] Fix go/allocation-size-overflow: integer overflow in allocation size hints by @github-actions[bot] in #46375
  • fix: populate SafeItemsCount in run_summary.json so audits report accurate safe-output write counts by @pelikhan with @Copilot in #46360

Full Changelog: v0.82.12...v0.82.13