chore(deps): bump github/gh-aw-actions from 0.74.4 to 0.74.9

[dependabot]

Bumps github/gh-aw-actions from 0.74.4 to 0.74.9.

Release notes

Sourced from github/gh-aw-actions's releases.

v0.74.9

Sync of actions from gh-aw at v0.74.9.

v0.74.8

Sync of actions from gh-aw at v0.74.8.

v0.74.7

Sync of actions from gh-aw at v0.74.7.

v0.74.6

Sync of actions from gh-aw at v0.74.6.

v0.74.5

Sync of actions from gh-aw at v0.74.5.

Commits

• 318d7f4 chore: sync actions from gh-aw@v0.74.9 (#111)
• efa5584 chore: sync actions from gh-aw@v0.74.8 (#110)
• b33de57 chore: sync actions from gh-aw@v0.74.7 (#109)
• 8c8a264 chore: sync actions from gh-aw@v0.74.6 (#108)
• 3360552 Sync agent compatibility matrix from gh-aw (#103)
• 1fd109a chore: sync actions from gh-aw@v0.74.5 (#107)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: copilot, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

🔍 Dependency Update Risk Assessment

Package: github/gh-aw-actions
Bump: 0.74.4 → 0.74.9 (PATCH)
Risk Level: 🟢 LOW

Breaking Changes

None detected in release notes.

Suggested Test Focus

• Run the full test suite before merging.
• Check CI passes on this PR before merging.

CVE Context

No CVE referenced in this PR.

---

Generated by dependency-update-advisor. Review before merging.

[github-actions]

⚠️ Secret Scanning — Findings Detected

Gitleaks found 14 potential secret(s) in this PR.

This check is WARN-ONLY and does NOT block merging.
Review findings before merging to production.

Next steps

1. Download gitleaks-report.json from the workflow artifacts.
2. If real secret: see docs/security/SECRET_SCANNING.md → runbook.
3. If false positive: add an allowlist entry to .gitleaks.toml.

---

Config: .gitleaks.toml · Workflow: secret-scan.yml

[ibuyspy]

Closing this in prod by policy. Internal work/PRs must be created in IBuySpy-Shared/basecoat only.

[dependabot]

A newer version of github/gh-aw-actions exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[ibuyspy]

Closing: ivegamsft/basecoat is a production mirror of IBuySpy-Shared/basecoat. Dependency updates must be made in the source repo and will be reflected here on the next publish. Please open a corresponding dependabot PR or update in IBuySpy-Shared/basecoat.

[github-actions]

PR flow hygiene nudge

This PR was flagged during the weekly hygiene sweep. Please address the following to avoid backlog drift:

• No assignee is set for ownership handoff.
• No requested reviewer/team found.

Suggested next actions:

• Confirm or assign an owner.
• Request reviewers (or a reviewer team).
• If this work is paused, close or convert to draft with a status note.

Automated by BaseCoat PR flow hygiene workflow.