chore(deps): bump github/gh-aw from 0.58.3 to 0.62.5

[dependabot]

Bumps github/gh-aw from 0.58.3 to 0.62.5.

Release notes

Sourced from github/gh-aw's releases.

v0.62.5

🌟 Release Highlights

This release focuses on security hardening, reliability fixes across safe-outputs and activation, and a significant documentation expansion — with a couple of quality-of-life feature additions along the way.

⚠️ Security

Two important security improvements ship in this release:

• Supply chain protection: The Trivy vulnerability scanner action has been removed following the discovery of a supply chain compromise (#22007, #22065). Vulnerability scanning has been replaced with an alternative approach.
• Public repo integrity hardening: GitHub App authentication no longer exempts public repositories from the automatic minimum-integrity guard policy (#21969). This closes a gap where same-repo untrusted content could bypass integrity checks on public repos.

✨ What's New

• Timezone support for scheduled workflows: on.schedule cron entries now accept an optional timezone field, letting you express schedules in local time rather than UTC (#22018).
• Boolean expression optimizer: Condition node trees are now optimized at compile time, producing cleaner and more efficient if: expressions in compiled workflows (#22025).
• Wildcard target-repo in safe-output handlers: Safe-output handlers now accept target-repo: "*" to match any repository, making reusable handler definitions much more flexible (#21877).

🐛 Bug Fixes & Improvements

• Bot comment activation fixed: slash_command workflows now correctly activate on bot comments that append metadata after a newline separator — a common pattern with GitHub Apps (#22013).
• Signed commits on new branches: create-pull-request no longer fails when a "Require signed commits" branch ruleset is active and the target branch doesn't yet exist on the remote (#22012).
• Agent output artifact path: Fixed a nested-path issue where GH_AW_AGENT_OUTPUT artifacts were not found because the file resided outside the /tmp/gh-aw/ artifact root (#21968).
• GHE: agentics URL resolution: githubnext/agentics now correctly resolves to github.com when a GitHub Enterprise Server host is configured, preventing failed action lookups on GHE (#22014).
• gh aw new safe-output validation: Safe-output names entered via gh aw new are now validated against the JSON schema, preventing invalid configurations from being written (#21981).
• Smoke-codex stability: Eliminated a race condition causing intermittent safe_outputs failures on scheduled smoke runs and spurious wrong-PR comments (#22039).
• Code-push skip no longer triggers fail-fast: When a code-push step is intentionally skipped, the workflow now continues rather than halting with a failure (#21976).
• MCP Gateway updated to v0.1.20 (#21946).

📚 Documentation

A substantial documentation push accompanies this release:

• New: Integrity reference guide — covers trust levels, filtering behavior, and policy configuration (#22044).
• New: GHE Cloud data residency debugging guide — step-by-step troubleshooting for GitHub Enterprise Cloud data residency connectivity issues (#21993).
• Expanded checkout: frontmatter reference — the checkout section now documents all supported options with examples (#22041).
• GitHub MCP access control spec v1.1.0 — updated to document blocked-users and approval-labels fields (#22023).
• Streamlined agentic-authoring guide — reduced size and improved focus for faster onboarding (#22054).

---

For complete details, see the CHANGELOG.

Generated by Release

---

What's Changed

• Update MCP Gateway v0.1.19 → v0.1.20 by @​Copilot in github/gh-aw#21946

... (truncated)

Commits

• 48d8fdf Remove session management from safe outputs MCP HTTP server (#22056)
• 492682b chore: remove trivy (#22065)
• 78ef8b9 fix: cache action inputs in actions-lock.json for deterministic smoke-codex c...
• d5bae98 feat: add boolean expression optimizer for ConditionNode trees (#22025)
• 5dc9fa1 docs: add integrity.md reference documentation (#22044)
• 63e9d6b docs: document safe-outputs actions field in github-agentic-workflows.md (#22...
• 0e91af2 docs: unbloat agentic-authoring guide (#22054)
• 5d6443c chore(deps): bump h3 (#22043)
• 946e07a docs: expand checkout: section in frontmatter reference (#22041)
• 58acd3e fix(smoke-codex): eliminate safe_outputs instability on schedule runs and wro...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)