Bump the actions-minor group across 1 directory with 2 updates

[dependabot]

Bumps the actions-minor group with 2 updates in the /.github/workflows directory: ruby/setup-ruby and actions/create-github-app-token.

Updates ruby/setup-ruby from 1.295.0 to 1.300.0

Release notes

Sourced from ruby/setup-ruby's releases.

v1.300.0

What's Changed

• Refactor matrix script by @​ntkme in ruby/setup-ruby#897
• Add jruby-10.0.5.0 by @​ruby-builder-bot in ruby/setup-ruby#900

Full Changelog: ruby/setup-ruby@v1.299.0...v1.300.0

v1.299.0

What's Changed

• Update CRuby releases on Windows by @​ruby-builder-bot in ruby/setup-ruby#896

Full Changelog: ruby/setup-ruby@v1.298.0...v1.299.0

v1.298.0

What's Changed

• Add ruby-3.2.11 by @​ruby-builder-bot in ruby/setup-ruby#895

Full Changelog: ruby/setup-ruby@v1.297.0...v1.298.0

v1.297.0

What's Changed

• Update CRuby releases on Windows by @​ruby-builder-bot in ruby/setup-ruby#894

Full Changelog: ruby/setup-ruby@v1.296.0...v1.297.0

v1.296.0

What's Changed

• Add ruby-3.3.11 by @​ruby-builder-bot in ruby/setup-ruby#893

Full Changelog: ruby/setup-ruby@v1.295.0...v1.296.0

Commits

• 4c56a21 Darwin-x86_64 is no longer supported on TruffleRuby 34+
• 5d9c71d Add truffleruby-34.0.0,truffleruby+graalvm-34.0.0
• e65c17d Add jruby-10.0.5.0
• ba696ad Refactor matrix script
• 2327de0 TruffleRuby 34+ does not support macOS Intel
• 3ff19f5 Update CRuby releases on Windows
• 4dc28cf Add ruby-3.2.11
• c515ec1 Update CRuby releases on Windows
• eab2afb Add ruby-3.3.11
• 97b3338 Mention all maintainers in check-new-windows-versions for consistency
• See full diff in compare view

Updates actions/create-github-app-token from 3.0.0 to 3.1.1

Release notes

Sourced from actions/create-github-app-token's releases.

v3.1.1

3.1.1 (2026-04-11)

Bug Fixes

• improve error message when app identifier is empty (#362) (07e2b76), closes #249

v3.1.0

3.1.0 (2026-04-11)

Bug Fixes

• deps: bump p-retry from 7.1.1 to 8.0.0 (#357) (3bbe07d)

Features

• add client-id input and deprecate app-id (#353) (e6bd4e6)
• update permission inputs (#358) (076e948)

Commits

• 1b10c78 build(release): 3.1.1 [skip ci]
• 07e2b76 fix: improve error message when app identifier is empty (#362)
• ea01216 ci: remove publish-immutable-action workflow (#361)
• 7bd0371 build(release): 3.1.0 [skip ci]
• e6bd4e6 feat: add client-id input and deprecate app-id (#353)
• 076e948 feat: update permission inputs (#358)
• 3bbe07d fix(deps): bump p-retry from 7.1.1 to 8.0.0 (#357)
• 28a99e3 build(deps-dev): bump c8 from 10.1.3 to 11.0.0
• 4df5060 build(deps-dev): bump open-cli from 8.0.0 to 9.0.0
• 4843c53 build(deps-dev): bump the development-dependencies group with 3 updates
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Pushed a commit to rebuild the Action. Please mark the PR as ready for review to trigger PR checks.

[henrymercer]

We're actually bumping ruby/setup-ruby to 1.301.0, but that is fine.

[Copilot]

Pull request overview

This PR updates GitHub Actions used by the repo’s CI/release automation workflows and PR-check templates, primarily bumping ruby/setup-ruby and actions/create-github-app-token to newer minor versions.

Changes:

• Bump ruby/setup-ruby used by the RuboCop multi-language PR check template (and its generated workflow).
• Bump actions/create-github-app-token from v3.0.0 to v3.1.1 in release-related workflows.

Show a summary per file

File	Description
pr-checks/checks/rubocop-multi-language.yml	Updates the pinned ruby/setup-ruby ref used by the PR-check template.
.github/workflows/update-release-branch.yml	Updates actions/create-github-app-token version used for release-branch backport automation.
.github/workflows/rollback-release.yml	Updates actions/create-github-app-token version used for rollback release automation.
.github/workflows/post-release-mergeback.yml	Updates actions/create-github-app-token version used for tagging/mergeback automation.
.github/workflows/__rubocop-multi-language.yml	Generated workflow updated from the PR-check template change (not reviewed as source-of-truth).

Copilot's findings

Comments suppressed due to low confidence (3)

.github/workflows/update-release-branch.yml:100

• actions/create-github-app-token@v3.1.1 deprecates the app-id input in favor of client-id (per the release notes). To avoid relying on a deprecated input (and potential future breakage), update this step to use the new input name (and ensure the value provided is the correct identifier type).

      uses: actions/create-github-app-token@v3.1.1
      id: app-token
      with:
        app-id: ${{ vars.AUTOMATION_APP_ID }}
        private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/rollback-release.yml:143

• actions/create-github-app-token@v3.1.1 deprecates the app-id input in favor of client-id (per the release notes). To avoid relying on a deprecated input (and potential future breakage), update this step to use the new input name (and ensure the value provided is the correct identifier type).

        uses: actions/create-github-app-token@v3.1.1
        id: app-token
        with:
          app-id: ${{ vars.AUTOMATION_APP_ID }}
          private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/post-release-mergeback.yml:138

• actions/create-github-app-token@v3.1.1 deprecates the app-id input in favor of client-id (per the release notes). To avoid relying on a deprecated input (and potential future breakage), update this step to use the new input name (and ensure the value provided is the correct identifier type).

        uses: actions/create-github-app-token@v3.1.1
        id: app-token
        with:
          app-id: ${{ vars.AUTOMATION_APP_ID }}
          private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

• Files reviewed: 4/5 changed files
• Comments generated: 1

[Copilot]

The pinned ruby/setup-ruby SHA is annotated as # v1.301.0, but this PR’s stated bump is to v1.300.0. Please verify which release this SHA corresponds to and update the inline version comment (and/or the pinned ref) to match, so future audits aren’t misled.