chore: bump actions/create-github-app-token from 1 to 3

[dependabot]

Bumps actions/create-github-app-token from 1 to 3.

Release notes

Sourced from actions/create-github-app-token's releases.

v3.0.0

3.0.0 (2026-03-14)

• feat!: node 24 support (#275) (2e564a0)
• fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (4451bcb)

Bug Fixes

• remove custom proxy handling (#143) (dce0ab0)

BREAKING CHANGES

• Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.
• Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

• deps: bump @​actions/core from 1.11.1 to 3.0.0 (#337) (b044133)
• deps: bump minimatch from 9.0.5 to 9.0.9 (#335) (5cbc656)
• deps: bump the production-dependencies group with 4 updates (#336) (6bda5bc)
• deps: bump undici from 7.16.0 to 7.18.2 (#323) (b4f638f)

v3.0.0-beta.5

3.0.0-beta.5 (2026-03-13)

• fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (d53a1cd)

BREAKING CHANGES

• Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

v3.0.0-beta.4

3.0.0-beta.4 (2026-03-13)

Bug Fixes

• deps: bump @​octokit/auth-app from 7.2.1 to 8.0.1 (#257) (bef1eaf)
• deps: bump @​octokit/request from 9.2.3 to 10.0.2 (#256) (5d7307b)
• deps: bump glob from 10.4.5 to 10.5.0 (#305) (5480f43)
• deps: bump p-retry from 6.2.1 to 7.1.0 (#294) (dce3be8)

... (truncated)

Commits

• 1b10c78 build(release): 3.1.1 [skip ci]
• 07e2b76 fix: improve error message when app identifier is empty (#362)
• ea01216 ci: remove publish-immutable-action workflow (#361)
• 7bd0371 build(release): 3.1.0 [skip ci]
• e6bd4e6 feat: add client-id input and deprecate app-id (#353)
• 076e948 feat: update permission inputs (#358)
• 3bbe07d fix(deps): bump p-retry from 7.1.1 to 8.0.0 (#357)
• 28a99e3 build(deps-dev): bump c8 from 10.1.3 to 11.0.0
• 4df5060 build(deps-dev): bump open-cli from 8.0.0 to 9.0.0
• 4843c53 build(deps-dev): bump the development-dependencies group with 3 updates
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cursor]

PR Summary

Medium Risk
Updates a release/publish workflow step that generates a GitHub App token; misconfigured inputs/secrets could break kit mirroring or release publishing. Otherwise it’s a small, scoped CI dependency bump.

Overview
Updates the Release – Publish GitHub Actions workflow to use actions/create-github-app-token v3.1.1 (pinned by commit SHA) instead of v1.

Adjusts the token generation step inputs to use client-id (via SDK_RELEASE_GITHUB_CLIENT_ID) rather than app-id, keeping the same private key/owner/repo/permissions for mirroring and releasing kits.

^{Reviewed by Cursor Bugbot for commit c08bc0c. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

📦 SDK Size Impact Report

Measures how much the SDK adds to an app's size (with-SDK minus without-SDK).

Metric	Target Branch	This PR	Change
App Bundle Impact	1.75 MB	1.75 MB	+N/A
Executable Impact	848 bytes	848 bytes	+N/A
XCFramework Size	6.38 MB	6.38 MB	+N/A

➡️ SDK size impact change is minimal.

Raw measurements

Target branch (main):

{"baseline_app_size_kb":84,"baseline_executable_size_bytes":75464,"with_sdk_app_size_kb":1876,"with_sdk_executable_size_bytes":76312,"sdk_impact_kb":1792,"sdk_executable_impact_bytes":848,"xcframework_size_kb":6528}

This PR:

{"baseline_app_size_kb":84,"baseline_executable_size_bytes":75464,"with_sdk_app_size_kb":1876,"with_sdk_executable_size_bytes":76312,"sdk_impact_kb":1792,"sdk_executable_impact_bytes":848,"xcframework_size_kb":6528}

[nickolas-dimitrakas]

Need to lock to a commit SHA in v3