build(deps): bump github/gh-aw from 0.61.0 to 0.63.1

[dependabot]

Bumps github/gh-aw from 0.61.0 to 0.63.1.

Release notes

Sourced from github/gh-aw's releases.

v0.63.1

What's Changed

• Update fuzzy schedule algorithm with weighted preferred windows and peak avoidance by @​Copilot in github/gh-aw#22547
• Upload firewall audit logs as dedicated GitHub Actions artifacts by @​Copilot in github/gh-aw#22551
• Add skip-if-check-failing pre-activation gate by @​Copilot in github/gh-aw#22537
• fix: create remote branch via REST before using createCommitOnBranch for new branches by @​Copilot in github/gh-aw#22568
• fix: use GraphQL mutation to mark pull requests as ready for review by @​Copilot in github/gh-aw#22572
• Compiler: inject DIFC proxy for pre-agent gh CLI custom steps by @​Copilot in github/gh-aw#22563
• fix: safe-outputs prompt says "exactly one" even when config allows multiple calls by @​Copilot in github/gh-aw#22576
• fix: add missing SARIF upload step for create-code-scanning-alert safe output by @​Copilot in github/gh-aw#22574
• [docs] docs: unbloat editing-workflows guide (22% reduction) by @​github-actions[bot] in github/gh-aw#22583
• Add aw_context parsing from aw_info.json to logs and audit JSON output by @​Copilot in github/gh-aw#22577
• fix: surface engine failure reason in conclusion job when agent_output.json is missing by @​Copilot in github/gh-aw#22575
• Fix go/unsafe-quoting (CWE-78/89/94) in expression deprecation warning by @​Copilot in github/gh-aw#22582
• Improve compiler error messages for YAML syntax errors and permission scope validation by @​Copilot in github/gh-aw#22581
• Update MCP Gateway (gh-aw-mcpg) v0.2.2 → v0.2.3 by @​Copilot in github/gh-aw#22591
• [jsweep] Clean check_skip_if_match.cjs by @​github-actions[bot] in github/gh-aw#22596
• skip-if-check-failing: ignore checks from current workflow run by @​Copilot in github/gh-aw#22598
• Fix Upload Safe Output Items capitalization and DIFC filtered summary formatting by @​Copilot in github/gh-aw#22602
• Add proxy.golang.org and sum.golang.org to jsweep network allowlist by @​Copilot in github/gh-aw#22603
• Update content-moderation.yml by @​pelikhan in github/gh-aw#22611
• docs: document --action-tag and --actions-repo compile flags for testing against alternate actions repos by @​Copilot in github/gh-aw#22607
• Convert qmd-docs.md and qmd.md to use tools.qmd with GPU runner; remove standalone indexer by @​Copilot in github/gh-aw#22605
• Fix untrusted_checkout_exec poutine finding in smoke-workflow-call workflows by @​Copilot in github/gh-aw#22608
• Rephrase aw_context input description by @​Copilot in github/gh-aw#22614
• ci-doctor: remove workflow_run, stop-after, and if by @​Copilot in github/gh-aw#22615
• [docs] docs: remove duplicate MCP config from web-search guide by @​github-actions[bot] in github/gh-aw#22617
• fix(create-discussion): prevent double-posting when GraphQL mutation partially succeeds by @​Copilot in github/gh-aw#22601
• [code-simplifier] refactor: extract writePromptBashStep helper to deduplicate poutine-suppressed steps (#22608) by @​github-actions[bot] in github/gh-aw#22618
• fix: add labels as a valid update field for update_discussion by @​Copilot in github/gh-aw#22613
• Remove sandbox.mcp.container from smoke workflows by @​Copilot in github/gh-aw#22616
• fix: exclude .git from push_repo_memory size calculation by @​Copilot in github/gh-aw#22610
• feat: wrap qmd documentation index step summary in details/summary HTML section by @​Copilot in github/gh-aw#22623
• [instructions] Sync github-agentic-workflows.md with release v0.40.1 by @​github-actions[bot] in github/gh-aw#22649
• [ca] fix: update wasm golden files for aw_context description change by @​github-actions[bot] in github/gh-aw#22624
• [docs] Update glossary - daily scan by @​github-actions[bot] in github/gh-aw#22644
• [docs] Update Astro dependencies - 2026-03-24 by @​github-actions[bot] in github/gh-aw#22650
• [community] Update community contributions in README by @​github-actions[bot] in github/gh-aw#22646
• [docs] Consolidate developer specs into dev.md v4.2 by @​github-actions[bot] in github/gh-aw#22653
• build(deps-dev): bump @​vitest/coverage-v8 from 4.0.18 to 4.1.1 in /actions/setup/js by @​dependabot[bot] in github/gh-aw#22643
• [fp-enhancer] Improve pkg/cli: replace imperative loops with sliceutil.Map/Filter by @​github-actions[bot] in github/gh-aw#22632
• Add diagnostic logging to qmd_index.cjs for empty index debugging by @​Copilot in github/gh-aw#22665
• fix(safe-outputs): add 🎭 emoji to staged mode preview in PR review handlers (USE-003) by @​Copilot in github/gh-aw#22621
• fix: add standardized error codes (USE-001) to four safe-output handlers by @​Copilot in github/gh-aw#22620
• fix(sec-004): sanitize body field in assign_to_agent.cjs by @​Copilot in github/gh-aw#22619
• Improve glossary-maintainer: allow any bash command and leverage qmd search by @​Copilot in github/gh-aw#22660
• refactor: rename codemod_permissions functions for discoverability by @​Copilot in github/gh-aw#22658
• [docs] docs: reduce bloat in safe-outputs reference by @​github-actions[bot] in github/gh-aw#22672
• fix: align qmd_index test assertion with ERR_CONFIG error message prefix by @​Copilot in github/gh-aw#22671
• fix: better diagnostics and messaging in the update command by @​Copilot in github/gh-aw#22669

... (truncated)

Commits

• f0a8321 feat: update DIFC proxying to also proxy actions/github-script (#22712)
• 78171cb Fix filterJobLevelPermissions dropping explicit empty permissions block (#22720)
• 6762bfb fix: resolve CLI help text consistency issues across 7 commands (#22714)
• a47905e Fix: vulnerability-alerts incorrectly emitted as job-level workflow permissio...
• 382924e fix: update wasm golden files for mcpg v0.2.4 (#22710)
• 7a41931 Never suggest tools.github mode: remote in agent prompts (#22709)
• 09f7104 Remove dual path safe output config generation (#22687)
• 420129c qmd: replace paths array with pattern string and add ignore for exclude...
• 0d9a571 chore: bump MCP Gateway v0.2.3→v0.2.4, APM v0.8.4→v0.8.5 (#22693)
• 5fe53c0 fix: surface full error message in agent failure issue comments (#22689)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)