From a8fb4d0fa4145ab9bbb04aa904c57832dc7c3cd8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 22 May 2026 08:26:09 +0000
Subject: [PATCH 1/3] build(deps): bump the github-actions group across 1
 directory with 2 updates

Bumps the github-actions group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `github/codeql-action` from 4.35.4 to 4.35.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...9e0d7b8d25671d64c341c19c0152d693099fb5ba)

Updates `actions/create-github-app-token` from 3.1.1 to 3.2.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/create-github-app-token/compare/1b10c78c7865c340bc4f6099eb2f838309f1e8c3...bcd2ba49218906704ab6c1aa796996da409d3eb1)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/create-github-app-token
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/actionlint.yml      | 2 +-
 .github/workflows/codeql-analysis.yml | 4 ++--
 .github/workflows/vendor-gems.yml     | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
index e3441e8832252..e8c37d270135e 100644
--- a/.github/workflows/actionlint.yml
+++ b/.github/workflows/actionlint.yml
@@ -101,7 +101,7 @@ jobs:
           path: results.sarif
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
+        uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
         with:
           sarif_file: results.sarif
           category: zizmor
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 47d71e3100a00..bd424d2d4f895 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -27,7 +27,7 @@ jobs:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
+        uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
         with:
           languages: ruby
           config: |
@@ -35,4 +35,4 @@ jobs:
               - Library/Homebrew/vendor
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
+        uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
diff --git a/.github/workflows/vendor-gems.yml b/.github/workflows/vendor-gems.yml
index ebffd47fe0fa6..54a636d10763f 100644
--- a/.github/workflows/vendor-gems.yml
+++ b/.github/workflows/vendor-gems.yml
@@ -122,7 +122,7 @@ jobs:
           fi
 
       - name: Generate push token
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
         id: app-token
         if: github.event_name == 'workflow_dispatch'
         with:

From 95c3dad6f3ab124f9827ad82a75f25bc84793a19 Mon Sep 17 00:00:00 2001
From: Mike McQuaid <mike@mikemcquaid.com>
Date: Fri, 22 May 2026 12:29:05 +0100
Subject: [PATCH 2/3] Fix vendor-gems generated commits

- `git diff` ignored untracked generated files, so workflow
  dispatch could skip new RBI or licence metadata files.
- Use `git status --porcelain` in both generated commit guards
  to match the pull request sync check.
---
 .github/workflows/vendor-gems.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/vendor-gems.yml b/.github/workflows/vendor-gems.yml
index 54a636d10763f..8df67b0fe9d4f 100644
--- a/.github/workflows/vendor-gems.yml
+++ b/.github/workflows/vendor-gems.yml
@@ -98,7 +98,7 @@ jobs:
           GEM_NAME: ${{ steps.checkout.outputs.gem_name }}
         working-directory: ${{ steps.set-up-homebrew.outputs.repository-path }}
         run: |
-          if ! git diff --stat --exit-code ".licenses"
+          if [[ -n "$(git status --porcelain -- ".licenses")" ]]
           then
             git add ".licenses"
             git commit -m "Update RubyGems licence metadata for ${GEM_NAME}." \
@@ -114,7 +114,7 @@ jobs:
           GEM_NAME: ${{ steps.checkout.outputs.gem_name }}
         working-directory: ${{ steps.set-up-homebrew.outputs.repository-path }}
         run: |
-          if ! git diff --stat --exit-code "Library/Homebrew/sorbet"
+          if [[ -n "$(git status --porcelain -- "Library/Homebrew/sorbet")" ]]
           then
             git add "Library/Homebrew/sorbet"
             git commit -m "Update RBI files for ${GEM_NAME}." \

From 4fa866331e5da863c989430093e321f7cda9afc8 Mon Sep 17 00:00:00 2001
From: BrewTestBot <1589480+BrewTestBot@users.noreply.github.com>
Date: Fri, 22 May 2026 11:32:46 +0000
Subject: [PATCH 3/3] Update RBI files for github-actions.

Autogenerated by the [vendor-gems](https://github.com/Homebrew/brew/blob/HEAD/.github/workflows/vendor-gems.yml) workflow.
---
 .../sorbet/rbi/dsl/homebrew/cmd/as_console_user.rbi | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 Library/Homebrew/sorbet/rbi/dsl/homebrew/cmd/as_console_user.rbi

diff --git a/Library/Homebrew/sorbet/rbi/dsl/homebrew/cmd/as_console_user.rbi b/Library/Homebrew/sorbet/rbi/dsl/homebrew/cmd/as_console_user.rbi
new file mode 100644
index 0000000000000..03c24b42ee5cf
--- /dev/null
+++ b/Library/Homebrew/sorbet/rbi/dsl/homebrew/cmd/as_console_user.rbi
@@ -0,0 +1,13 @@
+# typed: true
+
+# DO NOT EDIT MANUALLY
+# This is an autogenerated file for dynamic methods in `Homebrew::Cmd::AsConsoleUser`.
+# Please instead update this file by running `bin/tapioca dsl Homebrew::Cmd::AsConsoleUser`.
+
+
+class Homebrew::Cmd::AsConsoleUser
+  sig { returns(Homebrew::Cmd::AsConsoleUser::Args) }
+  def args; end
+end
+
+class Homebrew::Cmd::AsConsoleUser::Args < Homebrew::CLI::Args; end