Skip to content

build(deps): bump fastlane from 2.235.0 to 2.236.0#3570

Merged
tonidero merged 1 commit into
mainfrom
dependabot/bundler/fastlane-2.236.0
Jun 9, 2026
Merged

build(deps): bump fastlane from 2.235.0 to 2.236.0#3570
tonidero merged 1 commit into
mainfrom
dependabot/bundler/fastlane-2.236.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 9, 2026

Copy link
Copy Markdown
Contributor

Bumps fastlane from 2.235.0 to 2.236.0.

Release notes

Sourced from fastlane's releases.

2.236.0 Improvements

Commits
  • 0c70b67 Version bump to 2.236.0 (#30064)
  • 4a6c792 [core] fix: add 'multi_json' as direct dep due to upstream googleapis bug. (#...
  • e979ad4 [spaceauth] Fix --copy_to_clipboard flag for spaceauth command (#29888)
  • 274a470 [transporter] Decode Base64 key content for .p8 file generation in (#30057)
  • efa4cab [ci] remove xcode 16.3 as CircleCI dropped it (#30058)
  • 3f73c21 [action] Add update_app_age_rating action for standalone age rating updates (...
  • c30e449 [core] Set ruby-jwt gem to v2.10.3 minimum. (#30056)
  • 57a2d0d [snapshot] run simulator using Rosetta2 for Apple Silicon (#21559)
  • 43dc4fa [snapshot] use simulator UDIDs for destinations (#30054)
  • 5f94ef3 [spaceship] remove dots (.) from names (#30052)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Low Risk
Lockfile-only dependency bump for release automation; no application code changes, though JWT/google auth stack versions shift slightly with fastlane.

Overview
Bumps fastlane from 2.235.0 to 2.236.0 in Gemfile.lock, along with the usual transitive updates (AWS SDK gems, Google API/auth clients, json, retriable, signet, etc.).

The new fastlane release tightens jwt to >= 2.10.3, adds multi_json as a direct dependency (workaround for a googleapis issue), and pulls in upstream changes such as transporter .p8 Base64 handling, snapshot/simulator behavior, and a new update_app_age_rating action—none of which alter this repo’s own source, only the CI/release tooling bundle.

Reviewed by Cursor Bugbot for commit 939e3d6. Bugbot is set up for automated code reviews on this repo. Configure here.

Bumps [fastlane](https://github.com/fastlane/fastlane) from 2.235.0 to 2.236.0.
- [Release notes](https://github.com/fastlane/fastlane/releases)
- [Changelog](https://github.com/fastlane/fastlane/blob/master/CHANGELOG.latest.md)
- [Commits](fastlane/fastlane@fastlane/2.235.0...fastlane/2.236.0)

---
updated-dependencies:
- dependency-name: fastlane
  dependency-version: 2.236.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jun 9, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 9, 2026 13:22
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jun 9, 2026
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedgem/​fastlane@​2.235.0 ⏵ 2.236.071 +1100100100100

View full report

@tonidero tonidero enabled auto-merge June 9, 2026 13:28
@tonidero tonidero added this pull request to the merge queue Jun 9, 2026
@codecov

codecov Bot commented Jun 9, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.28%. Comparing base (85b12f9) to head (939e3d6).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #3570   +/-   ##
=======================================
  Coverage   80.28%   80.28%           
=======================================
  Files         377      377           
  Lines       15386    15386           
  Branches     2134     2134           
=======================================
  Hits        12353    12353           
  Misses       2174     2174           
  Partials      859      859           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
Merged via the queue into main with commit dd728df Jun 9, 2026
38 checks passed
@tonidero tonidero deleted the dependabot/bundler/fastlane-2.236.0 branch June 9, 2026 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

1 participant