Bump github/gh-aw from 0.50.4 to 0.50.6

[dependabot]

Bumps github/gh-aw from 0.50.4 to 0.50.6.

Release notes

Sourced from github/gh-aw's releases.

v0.50.6

🌟 Release Highlights

This release focuses on cross-repository and fork reliability, delivering a wave of targeted bug fixes that make gh-aw more robust in complex multi-repo and private-repo scenarios, alongside new platform support and improved tooling.

✨ What's New

• Android arm64 support — Workflows can now run on android-arm64 architecture, expanding platform coverage for mobile-native CI environments. (#18609)
• Fork support reference page — New documentation covering how to use gh-aw in forked repositories, including checkout behavior and token configuration. (Learn more)
• Improved gh aw add-wizard resilience — The wizard now skips secrets configuration when the user lacks write access (#18490), preserves existing files and shows recovery instructions on commit failure (#18489), and no longer corrupts frontmatter when the engine is a block mapping (#18486).
• Better fallback instructions on PR failure — When pull request creation fails, agents now receive clearer guidance to open an issue instead. (#18536)

🐛 Bug Fixes & Improvements

• shell(dotnet) no longer blocked — Workflows listing shell(dotnet) in allowed tools no longer hit a spurious "denied" error requiring the env dotnet workaround. (#18612)
• Fork PR checkout fixed — pull_request events in forked repositories now correctly use gh pr checkout instead of failing to resolve the branch. (#18591)
• Private repo PR branch access — In private repositories, workflows triggered by PR comments can now correctly access the PR branch. (#18578)
• Cross-repo base branch resolution — Base branch detection is now accurate for cross-repository PRs and PR comment events. (#18614, #18581)
• Cross-repo audit log download — gh run download now correctly passes owner/repo for cross-repo audits. (#18603)
• safe_outputs checkout for pull_request_review events — Checkout no longer fails when a workflow is triggered by a pull request review. (#18552)
• Duplicate env vars eliminated — When an imported workflow and the main workflow reference the same repository variable, env vars are now deduplicated in the interpolation step. (#18548)
• allowed-domains propagated to safe outputs — Allowlisted domains are now correctly passed through to the Process Safe Outputs step, preventing unintended URL redaction. (#18538)
• "Copilot is not a user" error fixed — compute_text.cjs no longer fails when processing PRs created by GitHub Apps. (#18592)

📚 Documentation

• New Fork Support reference page covering fork workflows end-to-end.
• Improved Cross-Repository Operations reference with checkout: guidance. (#18553)
• Pre-filled PAT creation link added to COPILOT_GITHUB_TOKEN docs to streamline initial setup. (#18594)

🌍 Community Contributions

A huge thank you to the community members who reported issues resolved in this release:

• @BrandonLewis for Add support for the android-arm64 architecture (#18263)
• @ViktorHofer for shell(dotnet) tool denied despite being in allowed tools (#18340)
• @dsyme for PR branch not accessible in private repo comment events (#18574)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• [WIP] Migrate 50% of agentic workflows to use copilot-requests feature by @​Copilot in github/gh-aw#18531
• docs: Add fork support reference page by @​Copilot in github/gh-aw#18537

... (truncated)

Commits

• fa00c21 Update report.md: recommend safe-outputs filtering for mentions and backlinks...
• 8d6d854 fix: add missing repo_helpers.cjs and glob_pattern_helpers.cjs to safe-output...
• a040b83 fix(ci): guard golangci-lint download against silent HTTP failures (#18619)
• a5b22ba fix: pass owner/repo to gh run download for cross-repo audit (#18603)
• 3cd98e2 chore(deps): bump minimatch (#18579)
• a768de0 chore(deps): bump fast-xml-parser (#18580)
• 4f14974 Improve base branch resolution for cross-repo PRs (#18614)
• a3f1727 Add android-arm64 architecture support (#18609)
• 032de09 Fix shell(dotnet) denied despite being in allowed tools (#18340) (#18612)
• e0bade6 fix: use gh pr checkout for fork PRs in pull_request events (#18591)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud