fix(ci): bump github/gh-aw from 0.43.23 to 0.50.3

[dependabot]

Bumps github/gh-aw from 0.43.23 to 0.50.3.

Release notes

Sourced from github/gh-aw's releases.

v0.50.3

🌟 Release Highlights

This release focuses on reliability and correctness improvements — fixing data races, MCP context management, safe-outputs permissions, and compiler diagnostics. Dependency and tooling updates keep everything fresh.

🐛 Bug Fixes & Improvements

• add-comment now emits pull-requests: write by default — Previously, workflows using add-comment safe-outputs would fail with "Resource not accessible by integration" when commenting on PRs because the compiler only emitted issues: write. The compiler now correctly emits both issues: write and pull-requests: write, and provides new issues/pull-requests/discussions flags for fine-grained control. (#18318)

• Eliminated a sync.Once data race in cache-clear functions — A concurrency bug that could cause non-deterministic behavior when clearing caches has been resolved. (#18280)

• MCP request context propagation fixed — checkActorPermission now correctly receives the MCP request context, ensuring timeouts and cancellations propagate correctly throughout the permission-check call chain. (#18281)

• MCP inspector sub-contexts released promptly — connectStdioMCPServer and connectHTTPMCPServer now release WithTimeout sub-contexts immediately after each sequential MCP operation rather than deferring, reducing timer resource hold time. (#18343)

• Preserved ExitError in error chain — ExitError is no longer dropped during run-workflow validation, enabling downstream error handling to correctly inspect exit codes. (#18282 via release notes)

✨ What's New

• Schema path heuristic for misplaced frontmatter fields — When a field appears in the wrong location in a workflow's frontmatter, the compiler now suggests the correct schema path, making it much easier to diagnose configuration errors. (#18320)

• Suppressed actionlint SC1003 false positives — Generated AWF shell commands no longer trigger spurious actionlint SC1003 warnings, reducing noise in CI linting output. (#18316)

• Cleaner footer install message — The workflow footer now links "agentic workflow" directly to the source URL and displays the install command in a formatted code block for better readability. (#18345)

🔧 Internal

• Refactored MCP error construction with a newMCPError helper, eliminating 30+ repeated jsonrpc.Error struct literals across MCP tool files. (#18341)
• Updated Claude Code 2.1.52 → 2.1.56 and Copilot CLI 0.0.415 → 0.0.417. (#18313)
• Updated golang.org/x/tools from v0.41.0 to v0.42.0. (#18319)

🌍 Community Contributions

A huge thank you to the community members who reported issues resolved in this release:

• @ViktorHofer for gh aw compile does not add pull-requests: write to safe_outputs job when add-comment is configured (#18311)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• fix: preserve ExitError in error chain in run_workflow_validation.go by @​Copilot in github/gh-aw#18282
• Propagate MCP request context into checkActorPermission by @​Copilot in github/gh-aw#18281
• fix: eliminate sync.Once reset data race in cache-clear functions by @​Copilot in github/gh-aw#18280

... (truncated)

Changelog

Sourced from github/gh-aw's changelog.

Changelog

All notable changes to this project will be documented in this file.

v0.40.1 - 2026-02-03

Move from githubnext/gh-aw to github/gh-aw

If you were a former user of the githubnext Agentic Workflows you might have to re-register the extension to reflect the new location. As the gh-aw project moved from githubnext to github please delete the old channel and register the new one.

Example:

gh extension list
NAME   REPO              VERSION
gh aw  githubnext/gh-aw  v0.36.0
gh extension upgrade --all
[aw]: already up to date
gh extension remove gh-aw
gh extension install github/gh-aw
✓ Installed extension github/gh-aw
gh extension list
NAME   REPO          VERSION
gh aw  github/gh-aw  v0.40.1

Bug Fixes

Handle 502 Bad Gateway errors in assign_to_agent handler by treating them as success. The cloud gateway may return 502 errors during agent assignment, but the assignment typically succeeds despite the error. The handler now logs 502 errors for troubleshooting but does not fail the workflow.

Add discussion interaction to smoke workflows and serialize the discussion

flag in safe-outputs handler config.

Smoke workflows now select a random discussion and post thematic comments to validate discussion comment functionality. The compiler now emits the "discussion": true flag in GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG when a workflow requests discussion output, and lock files include discussions: write permission where applicable.

Add discussion interaction to smoke workflows; compiler now serializes the discussion flag into the safe-outputs handler config so workflows can post comments to discussions. Lock files include discussions: write where applicable.

Smoke workflows pick a random discussion and post a thematic comment (copilot: playful, claude: comic-book, codex: mystical oracle, opencode: space mission). This is a non-breaking tooling/workflow change.

Add discussion interaction to smoke workflows; deprecate the discussion flag and

... (truncated)

Commits

• b70143d Release MCP inspector sub-contexts promptly after each operation (#18343)
• 92baa35 fix: add pull-requests:write to safe_outputs job for add-comment (#18318)
• fd0cfd0 fix: update wasm golden fixtures to Copilot CLI 0.0.417 (#18331)
• 6867b81 Add schema path heuristic to suggest correct location for misplaced frontmatt...
• 4215607 deps: update golang.org/x/tools from v0.41.0 to v0.42.0 (#18319)
• 57a2da4 Update Claude Code 2.1.52→2.1.56 and Copilot CLI 0.0.415→0.0.417 (#18313)
• 5cf594e Suppress actionlint SC1003 false positives in generated AWF commands (#18316)
• 322b250 docs: add Unassign from User term to glossary (#18308)
• 974efc0 fix: eliminate sync.Once reset data race in cache-clear functions (#18280)
• 7411bba Propagate MCP request context into checkActorPermission (#18281)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[DimaBir]

LGTM