Bump the github-actions-minor-patch group across 1 directory with 2 updates

[dependabot]

Bumps the github-actions-minor-patch group with 2 updates in the / directory: github/gh-aw and actions/upload-artifact.

Updates github/gh-aw from 0.62.4 to 0.68.1

Release notes

Sourced from github/gh-aw's releases.

v0.68.0

🌟 Release Highlights

This release brings distributed tracing improvements, important security hardening, permission fixes, and a cleaner add-comment API — with a community-reported bug fix included.

✨ What's New

• OpenTelemetry cross-job trace hierarchy — Parent span IDs are now propagated through aw_context across jobs, enabling end-to-end distributed trace visibility for multi-job workflows. (#25540)

• Simplified discussion comment API — The deprecated add-comment.discussion (singular boolean) field has been removed in favor of the clearer discussions: true/false syntax. Update your workflows using gh aw fix --write. (#25532)

🐛 Bug Fixes & Improvements

• Fixed invalid discussions: write permission on safe-output jobs — The compiler was unconditionally emitting an invalid permission-discussions field into GitHub App token requests for safe-output jobs. This has been corrected. (#25508)

• Security: heredoc content validation — ValidateHeredocContent checks are now applied to five user-controlled heredoc insertion sites, closing a class of potential injection vectors. (#25510)

• MCP schema: proxy-args now accepted at top level — The stdio_mcp_tool schema now includes proxy-args as a top-level property, fixing validation errors for tools that use proxy arguments. (#25542)

• MCP config schema validation re-enabled — Previously dead MCP configuration schema validation paths are now wired up, improving compile-time error detection. (#25507)

• Docker pre-download list updated — The cli-proxy image is now included in the pre-download list, reducing cold-start latency in containerized runs. (#25558)

• Playground editor template dropdown restored — Four missing workflow templates have been restored to the playground editor dropdown. (#25528)

📚 Documentation

• Integrity-filtering inputs fully documented — All integrity-filtering inputs are now documented in the reference. (#25545, Learn more)

🌍 Community Contributions

@IEvangelist

• Compiler unconditionally adds invalid discussions: write permission to safe-output jobs (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.1M

---

What's Changed

... (truncated)

Commits

• 5a06d31 fix: bump Copilot CLI from v1.0.20 to v1.0.21 (#25689)
• cc56642 Doc: document firewall-audit-logs artifact name for downstream consumers (#...
• 5b9e980 feat: add engine.bare frontmatter field to suppress automatic context loading...
• 17dff22 fix: set supportsNativeAgentFile=false for Codex and Gemini engines; remove a...
• a0803a5 fix(cli): address 7 CLI consistency issues across help text and flag behavior...
• e61c83d security: fix agent-stdio.log world-readable exposure and MCP gateway token l...
• 314d821 refactor: centralize close-flow logic into shared createCloseEntityHandler ...
• 7b2108a fix(smoke-gemini): trigger on "smoke" label instead of "water" (#25639)
• c144ee3 test: add regression coverage for .github/agents/ root-relative import path...
• a8dedce chore: remove dead functions — 5 functions removed (#25630)
• Additional commits viewable in compare view

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

• Update the readme with direct upload details by @​danwkennedy in actions/upload-artifact#795
• Readme: bump all the example versions to v7 by @​danwkennedy in actions/upload-artifact#796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits

• 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
• 634250c Include changes in typespec/ts-http-runtime 0.3.5
• e454baa Readme: bump all the example versions to v7 (#796)
• 74fad66 Update the readme with direct upload details (#795)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions