build(deps): bump the github-actions-minor-patch group across 1 directory with 3 updates

[dependabot]

Bumps the github-actions-minor-patch group with 3 updates in the / directory: github/gh-aw/actions/setup, actions/upload-artifact and actions/download-artifact.

Updates github/gh-aw/actions/setup from 0.51.6 to 0.80.9

Release notes

Sourced from github/gh-aw/actions/setup's releases.

v0.80.9

🌟 Release Highlights

This release focuses on reliability and correctness — squashing noisy error conditions in the MCP server and agentic workflows, hardening security, and keeping the observability pipeline complete.

🐛 Bug Fixes & Improvements

• MCP stdio error handling — handleMessage now correctly serialises plain-object throws (not just Error instances), eliminating the cryptic -32603 [object Object] failures that blocked submit_pull_request_review on the stdio transport path. (#40715)

• Issue Monster noise reduction — Agent-availability errors ("copilot coding agent is not available for this repository") are now treated as transient and silently skipped, so the issue tracker is no longer spammed with failure issues on every 30-minute poll cycle. (#40716)

• Observability report completeness — The daily observability report now explicitly requests agent and detection artifact sets alongside usage metrics, preventing incomplete/noop outcomes caused by missing telemetry inputs. (#40705)

• Task session data fetch — Fixed a failing agent GitHub Actions job caused by a stale data-fetch pattern in task session handling. (#40728)

🔒 Security

• Atomic temp-file writes — Replaced direct fs.writeFileSync calls in the safe-output evaluations script with an atomic write helper, closing a CWE-377 insecure-temporary-file vulnerability flagged by CodeQL. (#40721)

🔧 Internal

• Safe Outputs conformance checker — Added MCE-006 check verifying that mcp_server_core.cjs enforces valid JSON-RPC 2.0 error codes (spec §8.2); split spec/script version comments for clarity. (#40737)

• Maintenance workflow header — agentics-maintenance.yml now carries an explicit, purpose-specific header describing the maintenance schedule and how to disable it, replacing the generic compiled-workflow boilerplate. (#40706)

Generated by 🚀 Release · 31.3 AIC · ⊞ 8.2K

---

What's Changed

• fix(daily-observability-report): request agent+detection artifacts in logs fetches by @​pelikhan with @​Copilot in github/gh-aw#40705
• Make agentics-maintenance.yml header maintenance-specific by @​pelikhan with @​Copilot in github/gh-aw#40706
• fix: handleMessage avoids [object Object] errors and enforces valid JSON-RPC error codes for thrown plain objects by @​pelikhan with @​Copilot in github/gh-aw#40715
• Update task session data fetch by @​mnkiefer with @​Copilot in github/gh-aw#40728
• fix(issue-monster): gracefully skip agent availability errors with ignore-if-error by @​pelikhan with @​Copilot in github/gh-aw#40716
• [spec-review] Update Safe Outputs conformance checker for recent spec changes by @​github-actions[bot] in github/gh-aw#40737
• [blog] Weekly blog post – 2026-06-22 by @​github-actions[bot] in github/gh-aw#40724
• [code-scanning-fix] Fix js/insecure-temporary-file: use atomic write to prevent symlink attacks by @​github-actions[bot] in github/gh-aw#40721

Full Changelog: github/gh-aw@v0.80.8...v0.80.9

v0.80.8

🌟 Release Highlights

This release brings a meaningful performance win, improved slash-command UX, a new Go linter, and a wave of reliability and documentation improvements.

⚡ Performance

... (truncated)

Commits

• a362436 [code-scanning-fix] Fix js/insecure-temporary-file: use atomic write to preve...
• 8d48d89 docs: add weekly blog post for 2026-06-22 (#40724)
• 75f540e feat: add MCE-006 conformance check for JSON-RPC error code validity (#40737)
• 592d420 fix(issue-monster): gracefully skip agent availability errors with ignore-if-...
• a15c5b4 Update task session data fetch (#40728)
• 48f9e0c fix: handleMessage avoids [object Object] errors and enforces valid JSON-RPC ...
• b720e39 Update agentic maintenance workflow header content (#40706)
• 1af3c5f fix(daily-observability-report): request agent+detection artifacts in logs fe...
• a401853 Reduce ambient prompt surface in high-traffic workflows (#40695)
• 4bb6180 Allow Daily Safe Output Integrator to inspect compiler safe-output tests (#40...
• Additional commits viewable in compare view

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

• Update the readme with direct upload details by @​danwkennedy in actions/upload-artifact#795
• Readme: bump all the example versions to v7 by @​danwkennedy in actions/upload-artifact#796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits

• 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
• 634250c Include changes in typespec/ts-http-runtime 0.3.5
• e454baa Readme: bump all the example versions to v7 (#796)
• 74fad66 Update the readme with direct upload details (#795)
• See full diff in compare view

Updates actions/download-artifact from 8.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

• Support for CJK characters in the artifact name by @​danwkennedy in actions/download-artifact#471
• Add a regression test for artifact name + content-type mismatches by @​danwkennedy in actions/download-artifact#472

Full Changelog: actions/download-artifact@v8...v8.0.1

Commits

• 3e5f45b Add regression tests for CJK characters (#471)
• e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions