Bump github/gh-aw from 0.50.4 to 0.53.3

[dependabot]

Bumps github/gh-aw from 0.50.4 to 0.53.3.

Release notes

Sourced from github/gh-aw's releases.

v0.53.3

🌟 Release Highlights

This release focuses on reliability and correctness — eliminating workflow toggle loops, hardening enterprise compatibility, and improving the gh aw upgrade experience so lock files stay consistent across commands.

✨ What's New

• Concurrency safety for conclusion jobs — The conclusion job now uses a concurrency group keyed to the workflow run ID, preventing race conditions when multiple workflow runs finish simultaneously (#19616).
• Enterprise GitHub Server support in safe outputs — Hardcoded github.com references in the safe output JavaScript layer have been replaced with GITHUB_SERVER_URL, enabling correct behavior in GitHub Enterprise Cloud environments (#19621).

🐛 Bug Fixes & Improvements

• gh aw upgrade / gh aw compile no longer produce divergent lock files — A long-standing issue where running both commands in sequence caused files to toggle between two states is now fixed (#19681).
• gh aw upgrade no longer corrupts SHA-pinned uses: lines — The upgrader was wrapping the entire uses: value (including the inline # vX.Y.Z comment) in quotes; this is now corrected (#19679).
• Conclusion job survives API failures — The handle_create_pr_error function now degrades gracefully when GitHub API calls fail, preventing conclusion job crashes (#19683).
• Audit command surfaces activation errors — gh aw audit now correctly surfaces errors from the activation job even when no agent artifacts were uploaded, giving clearer diagnostics on early failures (#19678).
• No more duplicate No-Op Runs issues — Transient search failures no longer cause the workflow to create duplicate [aw] No-Op Runs issues (#19613).
• Label constraint messages are unambiguous — Label names containing spaces are now quoted in compiler constraint messages, eliminating parsing ambiguity (#19682).
• Correct pull request history links — History links now use type=pullrequests for accurate navigation (#19676).
• Version-pinning fix applied to install script source — The version-pinning correction is now applied directly to install-gh-aw.sh, the source of truth, rather than a generated copy (#19686).

📚 Documentation

Documentation for the CentralRepoOps pattern has been expanded with trigger file and workflow_call usage examples, and the compilation process guide has been trimmed by ~20% for clarity (#19693, #19664).

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @srgibbs99 for Bug: gh aw upgrade wraps uses value in quotes, including the inline comment (#19640)
• @srgibbs99 for Bug: gh aw upgrade and gh aw compile produce different lock files — toggle endlessly (#19622)
• @samuelkahessay for handle_create_pr_error: unhandled exceptions on API calls crash conclusion job (#19605)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• fix: prevent duplicate [aw] No-Op Runs issues on transient search failure by @​Copilot in github/gh-aw#19613
• fix: add agentic-workflows label to recompile-needed issues by @​Copilot in github/gh-aw#19612
• [WIP] Rewrite changes and review tests from pull request 19591 by @​Copilot in github/gh-aw#19609
• feat: add concurrency group to conclusion job using workflow ID by @​Copilot in github/gh-aw#19616
• Fix failing JS test: sync expected labels with implementation in check_workflow_recompile_needed by @​Copilot in github/gh-aw#19628
• chore(deps): bump svgo from 4.0.0 to 4.0.1 in /docs in the npm_and_yarn group across 1 directory by @​dependabot[bot] in github/gh-aw#19665
• [docs] docs: reduce compilation-process.md by ~20% by removing redundant content by @​github-actions[bot] in github/gh-aw#19664

... (truncated)

Commits

• a0ed2f4 docs: add trigger file + workflow_call pattern to CentralRepoOps (#19693)
• 6dc2fa2 fix: gh aw upgrade and gh aw compile produce identical lock files (#19681)
• 39cf121 [docs] Update documentation for features from 2026-03-05 (#19690)
• bc9fa0c fix: gh aw upgrade wraps SHA-pinned uses: value in quotes, including inline...
• c35ab22 fix: migrate version-pinning fix to source file install-gh-aw.sh (#19686)
• ff85170 fix: graceful degradation in handle_create_pr_error when API calls fail (#1...
• 87fd0f4 Quote label names in constraint messages to eliminate ambiguity with spaces (...
• e3da5a3 fix: use type=pullrequests for pull request history links (#19676)
• 35001cf fix(audit): surface activation job errors when no agent artifacts were upload...
• d5160e8 [jsweep] Clean add_reviewer.cjs (#19680)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Superseded by #503.