From 05bfa2b4139e39ec7de907e017c5f76eba30b84b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Mar 2026 14:15:10 +0900
Subject: [PATCH 1/2] Bump step-security/harden-runner from 2.15.0 to 2.15.1
 (#1640)

Bumps
[step-security/harden-runner](https://github.com/step-security/harden-runner)
from 2.15.0 to 2.15.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.15.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Fixes <a
href="https://redirect.github.com/step-security/harden-runner/issues/642">step-security/harden-runner#642</a>
bug due to which post step was failing on Windows ARM runners</li>
<li>Updates npm packages</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.15.0...v2.15.1">https://github.com/step-security/harden-runner/compare/v2.15.0...v2.15.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/step-security/harden-runner/commit/58077d3c7e43986b6b15fba718e8ea69e387dfcc"><code>58077d3</code></a>
Release v2.15.1 (<a
href="https://redirect.github.com/step-security/harden-runner/issues/641">#641</a>)</li>
<li>See full diff in <a
href="https://github.com/step-security/harden-runner/compare/a90bcbc6539c36a85cdfeb73f7e2f433735f215b...58077d3c7e43986b6b15fba718e8ea69e387dfcc">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner&package-manager=github_actions&previous-version=2.15.0&new-version=2.15.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/push_gem.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/push_gem.yml b/.github/workflows/push_gem.yml
index f7870bda28..075bde3558 100644
--- a/.github/workflows/push_gem.yml
+++ b/.github/workflows/push_gem.yml
@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
+        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
         with:
           egress-policy: audit
 

From 4a681303873a6cba16844906e23b0403c3fa637e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Mar 2026 14:15:22 +0900
Subject: [PATCH 2/2] Bump ruby/setup-ruby from 1.288.0 to 1.290.0 (#1641)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.288.0
to 1.290.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ruby/setup-ruby/releases">ruby/setup-ruby's
releases</a>.</em></p>
<blockquote>
<h2>v1.290.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Improve Windows version detection and HOME variable export by <a
href="https://github.com/jbaiza"><code>@​jbaiza</code></a> in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/883">ruby/setup-ruby#883</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jbaiza"><code>@​jbaiza</code></a> made
their first contribution in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/883">ruby/setup-ruby#883</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.289.0...v1.290.0">https://github.com/ruby/setup-ruby/compare/v1.289.0...v1.290.0</a></p>
<h2>v1.289.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump actions/checkout from 4 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/874">ruby/setup-ruby#874</a></li>
<li>Bump fast-xml-parser from 5.3.3 to 5.3.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/869">ruby/setup-ruby#869</a></li>
<li>Document the role of the setup-ruby release team and maintainers by
<a href="https://github.com/eregon"><code>@​eregon</code></a> in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/876">ruby/setup-ruby#876</a></li>
<li>Bump fast-xml-parser from 5.3.4 to 5.3.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/877">ruby/setup-ruby#877</a></li>
<li>Bump minimatch from 3.1.2 to 3.1.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/878">ruby/setup-ruby#878</a></li>
<li>Bump fast-xml-parser from 5.3.6 to 5.4.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/879">ruby/setup-ruby#879</a></li>
<li>Add jruby-10.0.4.0 by <a
href="https://github.com/ruby-builder-bot"><code>@​ruby-builder-bot</code></a>
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/881">ruby/setup-ruby#881</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.288.0...v1.289.0">https://github.com/ruby/setup-ruby/compare/v1.288.0...v1.289.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ruby/setup-ruby/commit/6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c"><code>6ca151f</code></a>
Leave only basic comment about env variable change</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/74138471e3c4801ce302719e775c6c819efef635"><code>7413847</code></a>
Set HOME variable from OS information</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/b3cff1b264a48b6f34a126e47067b110b6c9a170"><code>b3cff1b</code></a>
Add support for Windows Server Standard Evaluation</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/19a43a6a2428d455dbd1b85344698725179c9d8c"><code>19a43a6</code></a>
Add jruby-10.0.4.0</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/896e71e063dc0933bb442a54e949d75291991ecb"><code>896e71e</code></a>
Bump fast-xml-parser from 5.3.6 to 5.4.1</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/0fa965176eabbb494a5778ac04477b260840ef45"><code>0fa9651</code></a>
Bump minimatch from 3.1.2 to 3.1.4</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/19a9babd0096de1a2aa716cac395f01253934999"><code>19a9bab</code></a>
Bump fast-xml-parser from 5.3.4 to 5.3.6</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/7f562e2882f42fe3ccc6f67a86ec4d551fdfcaf1"><code>7f562e2</code></a>
Update Credits in README</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/0fc657d48d91c89e71dcdae4cb167087c9dd021e"><code>0fc657d</code></a>
Document the role of the setup-ruby release team and maintainers</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/9fd324aef7833fd93a27a99d47de9af8b8425b4c"><code>9fd324a</code></a>
Bump fast-xml-parser from 5.3.3 to 5.3.4</li>
<li>Additional commits viewable in <a
href="https://github.com/ruby/setup-ruby/compare/09a7688d3b55cf0e976497ff046b70949eeaccfd...6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ruby/setup-ruby&package-manager=github_actions&previous-version=1.288.0&new-version=1.290.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/cloudflare-preview.yml | 2 +-
 .github/workflows/gh-pages.yml           | 2 +-
 .github/workflows/lint.yml               | 2 +-
 .github/workflows/push_gem.yml           | 2 +-
 .github/workflows/ri-backward-compat.yml | 2 +-
 .github/workflows/ruby-core.yml          | 2 +-
 .github/workflows/test.yml               | 4 ++--
 7 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/cloudflare-preview.yml b/.github/workflows/cloudflare-preview.yml
index a44cf2b3ee..767852e821 100644
--- a/.github/workflows/cloudflare-preview.yml
+++ b/.github/workflows/cloudflare-preview.yml
@@ -19,7 +19,7 @@ jobs:
           ref: ${{ github.event.client_payload.pr_head_sha }}
 
       - name: Setup Ruby
-        uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
+        uses: ruby/setup-ruby@6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c # v1.290.0
         with:
           ruby-version: '3.4'
           bundler-cache: true
diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml
index 543334d054..57902f3c2b 100644
--- a/.github/workflows/gh-pages.yml
+++ b/.github/workflows/gh-pages.yml
@@ -22,7 +22,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Setup Ruby
-        uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
+        uses: ruby/setup-ruby@6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c # v1.290.0
         with:
           ruby-version: '3.2'
           bundler-cache: true
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index eb008f86f5..f4585e75f5 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -21,7 +21,7 @@ jobs:
     - if: ${{ matrix.os == 'ubuntu-latest' }}
       run: sudo apt install libyaml-dev
     - name: Set up Ruby
-      uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
+      uses: ruby/setup-ruby@6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c # v1.290.0
       with:
         ruby-version: 3.3
         bundler-cache: true
diff --git a/.github/workflows/push_gem.yml b/.github/workflows/push_gem.yml
index 075bde3558..0a20b621d0 100644
--- a/.github/workflows/push_gem.yml
+++ b/.github/workflows/push_gem.yml
@@ -30,7 +30,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set up Ruby
-        uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
+        uses: ruby/setup-ruby@6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c # v1.290.0
         with:
           bundler-cache: true
           ruby-version: ruby
diff --git a/.github/workflows/ri-backward-compat.yml b/.github/workflows/ri-backward-compat.yml
index ec8002aafe..0474c3125a 100644
--- a/.github/workflows/ri-backward-compat.yml
+++ b/.github/workflows/ri-backward-compat.yml
@@ -23,7 +23,7 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Set up Ruby
-        uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
+        uses: ruby/setup-ruby@6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c # v1.290.0
         with:
           # Must use Ruby 3.x — on Ruby 4.0, Heading is always a Class while old
           # RDoc versions serialized it as a Struct, so the test would always fail
diff --git a/.github/workflows/ruby-core.yml b/.github/workflows/ruby-core.yml
index 1da94b9846..57093a11b0 100644
--- a/.github/workflows/ruby-core.yml
+++ b/.github/workflows/ruby-core.yml
@@ -22,7 +22,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Set up latest ruby head
-        uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
+        uses: ruby/setup-ruby@6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c # v1.290.0
         with:
           ruby-version: head
           bundler: none
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 08110ca7b8..675e108141 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -43,7 +43,7 @@ jobs:
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
     - name: Set up Ruby
-      uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
+      uses: ruby/setup-ruby@6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c # v1.290.0
       with:
         ruby-version: ${{ matrix.ruby }}
         bundler-cache: true # 'bundle install' and cache
@@ -76,7 +76,7 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Set up Ruby
-        uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
+        uses: ruby/setup-ruby@6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c # v1.290.0
         with:
           ruby-version: ${{ fromJson(needs.ruby-versions.outputs.latest) }}
           bundler-cache: true