chore(deps): bump gh-aw toolchain to v0.68.7 + pydantic 2.13.2#1023
Merged
chore(deps): bump gh-aw toolchain to v0.68.7 + pydantic 2.13.2#1023
Conversation
Mega bump replacing four churn Dependabot PRs with a single coherent upgrade that preserves the lock-file + compile invariants. ## Changes ### actions-lock.json (authorized action pins) - actions/github-script@v9: 373c709c... → 3a2844b7... (latest v9) - github/gh-aw-actions/setup: v0.68.3 → v0.68.7 (f5280288...) ### Compiled .lock.yml (regenerated via `gh aw compile` at v0.68.7) - 9 workflow files regenerated with new SHA pins - Compiler v0.68.3 → v0.68.7 - Firewall images 0.25.20 → 0.25.23 - mcpg v0.2.19 → v0.2.22 - New v0.68.7 safety features: base-branch preservation step, expanded protected_files list, agent config folder handling ### copilot-setup-steps.yml (manual workflow) - github/gh-aw/actions/setup-cli: v0.68.1 → v0.68.7 (f916d5de...) - Resolves pre-existing version skew with compiled workflows ### pyproject.toml + uv.lock - pydantic >=2.13.0 → >=2.13.2 (security/bugfix minors) ### dependabot.yml - Ignore github/gh-aw-actions/* and actions/github-script - These are embedded in compiled .lock.yml files. Updates must go through actions-lock.json + recompile, not direct edits. Prevents churn PRs that would drift from compiler output. ## Security payload (from v0.68.4-v0.68.7) - XPIA sanitization - Cache-memory planted executable fix - Steganographic injection fix - Safe-output injection hardening (homoglyphs, NFKC, heredoc, protocol-relative URLs) ## Supersedes Dependabot PRs Closes #1017 (pydantic) — subsumed here Closes #1018 (gh-aw-actions untagged SHA) — superseded by proper v0.68.7 bump Closes #1019 (setup-cli v0.68.3) — superseded by v0.68.7 Closes #1020 (github-script SHA) — subsumed here ## Issue linkage Closes #1021 Refs #92 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR consolidates multiple dependency bumps by upgrading the gh-aw GitHub Actions toolchain to v0.68.7 (and recompiling the generated *.lock.yml workflows accordingly), while also updating the Python dependency floor for pydantic to >=2.13.2.
Changes:
- Bump gh-aw toolchain pins (including
github/gh-aw-actions/setupandactions/github-script) and recompile the generated workflow lock files. - Update the manual
copilot-setup-steps.ymlworkflow to install gh-aw v0.68.7 (removing prior version skew). - Update
pyproject.toml(and lockfile) to requirepydantic>=2.13.2,<3, and adjust Dependabot ignores to avoid churn on compiled workflow pins.
Reviewed changes
Copilot reviewed 13 out of 14 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
pyproject.toml |
Bumps pydantic minimum version to 2.13.2. |
.github/aw/actions-lock.json |
Updates the authoritative SHA pins for actions/github-script@v9 and github/gh-aw-actions/setup@v0.68.7. |
.github/dependabot.yml |
Adds ignore rules intended to prevent Dependabot churn for compiled workflow action pins. |
.github/workflows/copilot-setup-steps.yml |
Updates the gh-aw setup action + version to v0.68.7 for the manual setup workflow. |
.github/workflows/test-analysis.lock.yml |
Recompiled lock workflow with v0.68.7 pins and new safety/runtime script changes. |
.github/workflows/quality-gate.lock.yml |
Same as above for the quality gate workflow. |
.github/workflows/perf-analysis.lock.yml |
Same as above for performance analysis workflow. |
.github/workflows/perf-agent-improver.lock.yml |
Same as above for perf agent improver workflow. |
.github/workflows/feature-planner.lock.yml |
Same as above for feature planner workflow. |
.github/workflows/code-health.lock.yml |
Same as above for code health workflow. |
.github/workflows/ci-fixer.lock.yml |
Same as above for CI fixer workflow, including updated safe-outputs protections list. |
.github/workflows/issue-implementer.lock.yml |
Recompiled lock workflow with v0.68.7 pins and updated runtime steps. |
.github/workflows/review-responder.lock.yml |
Recompiled lock workflow with v0.68.7 pins and updated runtime steps. |
This was referenced Apr 20, 2026
microsasa
pushed a commit
that referenced
this pull request
Apr 21, 2026
Cap auto-merge blast radius for build glue and release scripts. ## Rationale H2 from audit #92 proposed a human-only label gate on quality-gate to prevent prompt-injection-driven auto-APPROVE. That fix kills pipeline autonomy (the whole point is no-human-in-the-loop). Instead, we cap blast radius by path: let quality-gate auto-approve PRs freely for application code (src/, tests/, docs/), but require human review for paths where a malicious change could execute arbitrary code during CI or release: - /Makefile — executed by ci.yml via `make ci`; malicious target would run in CI with whatever privileges ci.yml has. - /scripts/ — currently hold-for-merge.sh and release-from-merge.sh; release-gating logic. Compromise → bad artifacts shipped. ## Defense layers (from audit findings) 1. Option A: only @microsasa has triage role, so only @microsasa can apply 'aw' label → pipeline ignores external input. 2. Option B: gh-aw v0.68.7 XPIA/homoglyph/heredoc sanitization active as of PR #1023. 3. Option C (this PR): CODEOWNERS blocks auto-merge of changes to sensitive build/release paths. Pipeline autonomy preserved for src/, tests/, docs/. Refs #92 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
microsasa
pushed a commit
that referenced
this pull request
Apr 23, 2026
Cap auto-merge blast radius for build glue and release scripts. ## Rationale H2 from audit #92 proposed a human-only label gate on quality-gate to prevent prompt-injection-driven auto-APPROVE. That fix kills pipeline autonomy (the whole point is no-human-in-the-loop). Instead, we cap blast radius by path: let quality-gate auto-approve PRs freely for application code (src/, tests/, docs/), but require human review for paths where a malicious change could execute arbitrary code during CI or release: - /Makefile — executed by ci.yml via `make ci`; malicious target would run in CI with whatever privileges ci.yml has. - /scripts/ — currently hold-for-merge.sh and release-from-merge.sh; release-gating logic. Compromise → bad artifacts shipped. ## Defense layers (from audit findings) 1. Option A: only @microsasa has triage role, so only @microsasa can apply 'aw' label → pipeline ignores external input. 2. Option B: gh-aw v0.68.7 XPIA/homoglyph/heredoc sanitization active as of PR #1023. 3. Option C (this PR): CODEOWNERS blocks auto-merge of changes to sensitive build/release paths. Pipeline autonomy preserved for src/, tests/, docs/. Refs #92 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Mega bump that replaces four churn Dependabot PRs with a single coherent upgrade preserving the lock-file + compile invariants.
What this does
actions-lock.jsonactions/github-script@v9:373c709c→3a2844b7(latest v9)github/gh-aw-actions/setup: v0.68.3 → v0.68.7 (f5280288)Compiled
.lock.yml(regenerated viagh aw compileat v0.68.7)copilot-setup-steps.yml(manual workflow)github/gh-aw/actions/setup-cli: v0.68.1 → v0.68.7 — resolves pre-existing version skewpyproject.toml+uv.lock>=2.13.0→>=2.13.2dependabot.ymlgithub/gh-aw-actions/*andactions/github-script— these are embedded in compiled.lock.ymlfiles. Updates must go throughactions-lock.json+ recompile, not direct edits. This stops the churn PRs.Security payload (v0.68.4 → v0.68.7)
Why not just merge the Dependabot PRs?
They each had fatal problems:
.lock.ymlfiles directly..lock.ymlfiles directly; nextgh aw compilewould revert.Verification
gh aw compileidempotent — re-running produces no diff@vrefs remain in any workflowuv lockregenerated cleanlyIssue linkage
Closes #1017
Closes #1018
Closes #1019
Closes #1020
Closes #1021
Refs #92 (meta audit — do NOT close)