Release Notes Action Items for awf 0.27.9 → 0.27.13
This issue summarizes upstream release notes for the awf dependency between the previously pinned version (0.27.9) and the new pinned version (0.27.13), highlighting items that may need follow-up in ado-aw.
The companion version-bump PR is titled chore(deps): update AWF_VERSION to 0.27.13.
Releases analyzed
Security fixes
- v0.27.11:
fix: eliminate catastrophic regex backtracking in postprocess script (release) — A ReDoS (Regular Expression Denial of Service) vulnerability was patched in the AWF postprocess script. No consumer action required; included here for awareness.
Notable features for ado-aw to adopt
- v0.27.12:
fix: propagate apiProxy.auth OIDC config fields to all layers (release) — OIDC auth config fields in apiProxy.auth were previously not propagated correctly to all proxy layers. Deployments using OIDC authentication for the AWF API proxy may have been silently misconfigured. Verify that any ado-aw pipelines relying on apiProxy OIDC auth behave correctly after this upgrade.
- v0.27.13:
fix: only count inference calls against maxRuns limit (release) — The maxRuns limit now counts only LLM inference calls, not all agent tool calls. This changes the semantics of maxRuns/max-runs — ado-aw users who tuned engine: { ... } max-runs based on total tool-call counts may need to re-evaluate their values.
- v0.27.13:
fix: return 429 instead of 403 when max turns exceeded (release) — AWF now returns HTTP 429 (Too Many Requests) instead of HTTP 403 (Forbidden) when the agent's maxRuns limit is exceeded. Any ado-aw pipeline logic or documentation that references HTTP 403 as the indicator for a max-turns-exceeded condition should be updated to expect 429 instead.
This issue was opened automatically by the dependency version updater workflow.
Generated by Dependency Version Updater · 749.3 AIC · ⌖ 44.6 AIC · ⊞ 40K · ◷
Release Notes Action Items for
awf0.27.9→0.27.13This issue summarizes upstream release notes for the
awfdependency between the previously pinned version (0.27.9) and the new pinned version (0.27.13), highlighting items that may need follow-up in ado-aw.The companion version-bump PR is titled
chore(deps): update AWF_VERSION to 0.27.13.Releases analyzed
Security fixes
fix: eliminate catastrophic regex backtracking in postprocess script(release) — A ReDoS (Regular Expression Denial of Service) vulnerability was patched in the AWF postprocess script. No consumer action required; included here for awareness.Notable features for ado-aw to adopt
fix: propagate apiProxy.auth OIDC config fields to all layers(release) — OIDC auth config fields inapiProxy.authwere previously not propagated correctly to all proxy layers. Deployments using OIDC authentication for the AWF API proxy may have been silently misconfigured. Verify that any ado-aw pipelines relying onapiProxyOIDC auth behave correctly after this upgrade.fix: only count inference calls against maxRuns limit(release) — ThemaxRunslimit now counts only LLM inference calls, not all agent tool calls. This changes the semantics ofmaxRuns/max-runs— ado-aw users who tunedengine: { ... }max-runsbased on total tool-call counts may need to re-evaluate their values.fix: return 429 instead of 403 when max turns exceeded(release) — AWF now returns HTTP 429 (Too Many Requests) instead of HTTP 403 (Forbidden) when the agent'smaxRunslimit is exceeded. Any ado-aw pipeline logic or documentation that references HTTP 403 as the indicator for a max-turns-exceeded condition should be updated to expect 429 instead.This issue was opened automatically by the dependency version updater workflow.