Remove actions-lock.json references from dependabot and agent docs

[Copilot]

actions-lock.json is no longer part of the Dependabot PR fix workflow, but references to it persisted in two documentation files.

Changes

• .github/aw/dependabot.md: Removed actions-lock.json from the "never directly merge" warning, deleted the background paragraph describing it as a compiler-managed file, and removed it from the PR filter criteria.
• .github/agents/agentic-workflows.agent.md: Removed the actions-lock.json URL from both the dispatcher bullet and the "Fix Dependabot PRs" section's load condition.

Original prompt

Remove actions-locks.json references from dependabot.md and agentic-workflows.agent.md

Fix dependabot PRs.

Custom agent used: agentic-workflows
GitHub Agentic Workflows (gh-aw) - Create, debug, and upgrade AI-powered workflows with intelligent prompt routing

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Pull request overview

Removes outdated references to .github/aw/actions-lock.json from Dependabot-fix guidance now that it’s no longer part of the Dependabot PR fix workflow.

Changes:

• Updates the Dependabot fixing instructions to drop actions-lock.json from warnings/background and PR-filter criteria.
• Updates the agent dispatcher documentation to drop the actions-lock.json URL from routing and load conditions.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
.github/aw/dependabot.md	Removes actions-lock.json mentions from generated-file warnings and Dependabot PR filtering guidance.
.github/agents/agentic-workflows.agent.md	Removes actions-lock.json references from the dispatcher “Fix Dependabot PRs” bullet and load condition.

Comments suppressed due to low confidence (2)

.github/aw/dependabot.md:46

• This filter criteria omits .github/workflows/package-lock.json, which is listed earlier as a generated manifest alongside package.json. If Dependabot opens PRs that update the lockfile, this guidance will miss them; consider adding package-lock.json here (or remove it from the earlier generated-manifest list if it’s not relevant).

Filter for PRs affecting generated workflow manifests (title contains `Bump` or similar, files include `.github/workflows/package.json`, `.github/workflows/requirements.txt`, or `.github/workflows/go.mod`).

.github/agents/agentic-workflows.agent.md:101

• The “Load when” condition omits .github/workflows/package-lock.json, which is commonly the file Dependabot updates for npm. Align this condition with the dependabot prompt by including package-lock.json (or clarify elsewhere that it’s intentionally excluded).

**Load when**: User needs to close or fix open Dependabot PRs that update dependencies in generated manifest files (`.github/workflows/package.json`, `.github/workflows/requirements.txt`, `.github/workflows/go.mod`)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The warning list omits .github/workflows/package-lock.json, but this doc later describes package-lock.json as part of the generated npm manifests. For consistency (and to avoid folks directly merging Dependabot PRs that touch the lockfile), include package-lock.json in this “never directly merge” list (or adjust the later background/table if it’s no longer generated).

This issue also appears on line 46 of the same file.

Suggested change

	> **Never directly merge Dependabot PRs that modify generated files** such as `.github/workflows/package.json`, `.github/workflows/requirements.txt`, or `.github/workflows/go.mod`. These files are generated by the `gh aw` compiler and any direct changes will be overwritten on the next compilation.
	> **Never directly merge Dependabot PRs that modify generated files** such as `.github/workflows/package.json`, `.github/workflows/package-lock.json`, `.github/workflows/requirements.txt`, or `.github/workflows/go.mod`. These files are generated by the `gh aw` compiler and any direct changes will be overwritten on the next compilation.

[Copilot]

This list of generated manifests omits .github/workflows/package-lock.json. Since the Dependabot fix prompt treats package-lock.json as generated alongside package.json, consider including it here as well so the dispatcher guidance matches the detailed instructions.

This issue also appears on line 101 of the same file.

Suggested change

- **Fixing Dependabot PRs**: Routes to `dependabot` prompt — use this when Dependabot opens PRs that modify generated manifest files (`.github/workflows/package.json`, `.github/workflows/requirements.txt`, `.github/workflows/go.mod`). Never merge those PRs directly; instead update the source `.md` files and rerun `gh aw compile --dependabot` to bundle all fixes

- **Fixing Dependabot PRs**: Routes to `dependabot` prompt — use this when Dependabot opens PRs that modify generated manifest files (`.github/workflows/package.json`, `.github/workflows/package-lock.json`, `.github/workflows/requirements.txt`, `.github/workflows/go.mod`). Never merge those PRs directly; instead update the source `.md` files and rerun `gh aw compile --dependabot` to bundle all fixes