chore(deps): bump githubnext/gh-aw from 0.40.0 to 0.43.5

[dependabot]

Bumps githubnext/gh-aw from 0.40.0 to 0.43.5.

Release notes

Sourced from githubnext/gh-aw's releases.

v0.43.5

🌟 Release Highlights

A security-focused maintenance release that hardens file operations and refines sandbox configuration, plus important bug fixes for compilation feedback.

🔒 Security Improvements

• Path Traversal Protection (#14883): Standardized path validation across all file operations using fileutil.ValidateAbsolutePath() to prevent malicious path traversal attacks. All file reads/writes now enforce absolute path requirements.

⚠️ Breaking Changes

• Sandbox Configuration Update (#14888): Deprecated top-level sandbox: false in favor of sandbox.agent: false for more granular control. The new syntax allows disabling the agent firewall while keeping MCP gateway enabled.

  Migration:

  # ❌ Old (deprecated)
  sandbox: false
  ✅ New
  sandbox:
  agent: false

🐛 Bug Fixes

• Compilation Error Visibility (#14901): Fixed a critical issue where validation errors weren't displayed during gh aw compile, leaving users unaware of workflow problems. Error messages now properly appear in compilation output.

⚡ Updates

• Firewall Update (#14903): Updated gh-aw-firewall to v0.14.0 with latest security patches and performance improvements.
• MCP Simplification (#14887): Removed jq filter support from MCP server tools. Users should use native filtering options or adjust max_tokens parameter for response size control.

📚 Documentation

• Setup Guidance (#14909): Added video tutorial for configuring Copilot organization tokens to help teams get started faster.

🔧 Internal Improvements

• Test suite cleanup after sandbox: false deprecation and jq removal
• Build system refinements for utility packages
• Code refactoring: Extracted duplicate expires field preprocessing into shared helper

---

For complete details, see the CHANGELOG.

Generated by Release

---

... (truncated)

Changelog

Sourced from githubnext/gh-aw's changelog.

Changelog

All notable changes to this project will be documented in this file.

v0.40.1 - 2026-02-03

Bug Fixes

Handle 502 Bad Gateway errors in assign_to_agent handler by treating them as success. The cloud gateway may return 502 errors during agent assignment, but the assignment typically succeeds despite the error. The handler now logs 502 errors for troubleshooting but does not fail the workflow.

Add discussion interaction to smoke workflows and serialize the discussion

flag in safe-outputs handler config.

Smoke workflows now select a random discussion and post thematic comments to validate discussion comment functionality. The compiler now emits the "discussion": true flag in GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG when a workflow requests discussion output, and lock files include discussions: write permission where applicable.

Add discussion interaction to smoke workflows; compiler now serializes the discussion flag into the safe-outputs handler config so workflows can post comments to discussions. Lock files include discussions: write where applicable.

Smoke workflows pick a random discussion and post a thematic comment (copilot: playful, claude: comic-book, codex: mystical oracle, opencode: space mission). This is a non-breaking tooling/workflow change.

Add discussion interaction to smoke workflows; deprecate the discussion flag and

add a codemod to remove it. Smoke workflows now query discussions and post comments to both discussions and PRs to validate discussion functionality.

The compiler no longer emits a discussion boolean flag in compiled handler configs; the add_comment handler auto-detects target type or accepts a discussion_number parameter. A codemod add-comment-discussion-removal is available via gh aw fix --write to remove the deprecated field from workflows.

Add GitHub App token minting for the GitHub MCP server tooling and workflows.

Add expires support to safe-outputs.create-pull-request so PRs can mark, describe, and auto-close expired runs.

Add safe-inputs gh CLI testing to smoke workflows; updates shared/gh.md to remove the network.allowed restriction and validate GitHub CLI access using GITHUB_TOKEN.

This changeset accompanies the PR that adds safeinputs-gh testing to all smoke workflows (smoke-copilot.md, smoke-claude.md, smoke-codex.md, smoke-opencode.md) and adjusts shared/gh.md accordingly.

Add safe-inputs gh CLI testing to smoke workflows.

This patch adds validation to the smoke workflows to exercise the GitHub CLI integration via the safeinputs-gh tool. It also updates shared/gh.md to remove the network.allowed restriction so the safeinputs-gh tool can query PRs using the provided GITHUB_TOKEN.

Add step summaries for safe-output processing results.

... (truncated)

Commits

• ab43451 Fix error messages not shown in gh aw compile output (#14901)
• 53c6ad2 Update awf (gh-aw-firewall) to v0.14.0 (#14903)
• 2e26fe0 Remove sandbox: false, add sandbox.agent: false for firewall-only disable (#1...
• ca36bd7 Extract duplicate expires preprocessing logic into shared helper (#14899)
• 10591ad Remove jq filter support from MCP server tools (#14887)
• c4416a7 Standardize path validation across file operations to prevent path traversal ...
• 88cda73 Fix test fixture using deprecated timeout_minutes field (#14885)
• 634feae Update CLI tools: Claude Code 2.1.39, Copilot 0.0.406, Sandbox Runtime 0.0.37...
• a60f95b Set default max to 1 for assign-to-agent safe-output (#14867)
• ffc4ce3 Add 10-second delay between agent assignments to prevent spawn rate limiting ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)