Bump github/gh-aw from 0.47.5 to 0.50.3 in the github-actions-minor-patch group

[dependabot]

Bumps the github-actions-minor-patch group with 1 update: github/gh-aw.

Updates github/gh-aw from 0.47.5 to 0.50.3

Release notes

Sourced from github/gh-aw's releases.

v0.50.3

🌟 Release Highlights

This release focuses on reliability and correctness improvements — fixing data races, MCP context management, safe-outputs permissions, and compiler diagnostics. Dependency and tooling updates keep everything fresh.

🐛 Bug Fixes & Improvements

• add-comment now emits pull-requests: write by default — Previously, workflows using add-comment safe-outputs would fail with "Resource not accessible by integration" when commenting on PRs because the compiler only emitted issues: write. The compiler now correctly emits both issues: write and pull-requests: write, and provides new issues/pull-requests/discussions flags for fine-grained control. (#18318)

• Eliminated a sync.Once data race in cache-clear functions — A concurrency bug that could cause non-deterministic behavior when clearing caches has been resolved. (#18280)

• MCP request context propagation fixed — checkActorPermission now correctly receives the MCP request context, ensuring timeouts and cancellations propagate correctly throughout the permission-check call chain. (#18281)

• MCP inspector sub-contexts released promptly — connectStdioMCPServer and connectHTTPMCPServer now release WithTimeout sub-contexts immediately after each sequential MCP operation rather than deferring, reducing timer resource hold time. (#18343)

• Preserved ExitError in error chain — ExitError is no longer dropped during run-workflow validation, enabling downstream error handling to correctly inspect exit codes. (#18282 via release notes)

✨ What's New

• Schema path heuristic for misplaced frontmatter fields — When a field appears in the wrong location in a workflow's frontmatter, the compiler now suggests the correct schema path, making it much easier to diagnose configuration errors. (#18320)

• Suppressed actionlint SC1003 false positives — Generated AWF shell commands no longer trigger spurious actionlint SC1003 warnings, reducing noise in CI linting output. (#18316)

• Cleaner footer install message — The workflow footer now links "agentic workflow" directly to the source URL and displays the install command in a formatted code block for better readability. (#18345)

🔧 Internal

• Refactored MCP error construction with a newMCPError helper, eliminating 30+ repeated jsonrpc.Error struct literals across MCP tool files. (#18341)
• Updated Claude Code 2.1.52 → 2.1.56 and Copilot CLI 0.0.415 → 0.0.417. (#18313)
• Updated golang.org/x/tools from v0.41.0 to v0.42.0. (#18319)

🌍 Community Contributions

A huge thank you to the community members who reported issues resolved in this release:

• @ViktorHofer for gh aw compile does not add pull-requests: write to safe_outputs job when add-comment is configured (#18311)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• fix: preserve ExitError in error chain in run_workflow_validation.go by @​Copilot in github/gh-aw#18282
• Propagate MCP request context into checkActorPermission by @​Copilot in github/gh-aw#18281
• fix: eliminate sync.Once reset data race in cache-clear functions by @​Copilot in github/gh-aw#18280

... (truncated)

Commits

• b70143d Release MCP inspector sub-contexts promptly after each operation (#18343)
• 92baa35 fix: add pull-requests:write to safe_outputs job for add-comment (#18318)
• fd0cfd0 fix: update wasm golden fixtures to Copilot CLI 0.0.417 (#18331)
• 6867b81 Add schema path heuristic to suggest correct location for misplaced frontmatt...
• 4215607 deps: update golang.org/x/tools from v0.41.0 to v0.42.0 (#18319)
• 57a2da4 Update Claude Code 2.1.52→2.1.56 and Copilot CLI 0.0.415→0.0.417 (#18313)
• 5cf594e Suppress actionlint SC1003 false positives in generated AWF commands (#18316)
• 322b250 docs: add Unassign from User term to glossary (#18308)
• 974efc0 fix: eliminate sync.Once reset data race in cache-clear functions (#18280)
• 7411bba Propagate MCP request context into checkActorPermission (#18281)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions