Bump ruby/setup-ruby from 1.288.0 to 1.289.0

[dependabot]

Bumps ruby/setup-ruby from 1.288.0 to 1.289.0.

Release notes

Sourced from ruby/setup-ruby's releases.

v1.289.0

What's Changed

• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in ruby/setup-ruby#874
• Bump fast-xml-parser from 5.3.3 to 5.3.4 by @​dependabot[bot] in ruby/setup-ruby#869
• Document the role of the setup-ruby release team and maintainers by @​eregon in ruby/setup-ruby#876
• Bump fast-xml-parser from 5.3.4 to 5.3.6 by @​dependabot[bot] in ruby/setup-ruby#877
• Bump minimatch from 3.1.2 to 3.1.4 by @​dependabot[bot] in ruby/setup-ruby#878
• Bump fast-xml-parser from 5.3.6 to 5.4.1 by @​dependabot[bot] in ruby/setup-ruby#879
• Add jruby-10.0.4.0 by @​ruby-builder-bot in ruby/setup-ruby#881

Full Changelog: ruby/setup-ruby@v1.288.0...v1.289.0

Commits

• 19a43a6 Add jruby-10.0.4.0
• 896e71e Bump fast-xml-parser from 5.3.6 to 5.4.1
• 0fa9651 Bump minimatch from 3.1.2 to 3.1.4
• 19a9bab Bump fast-xml-parser from 5.3.4 to 5.3.6
• 7f562e2 Update Credits in README
• 0fc657d Document the role of the setup-ruby release team and maintainers
• 9fd324a Bump fast-xml-parser from 5.3.3 to 5.3.4
• 0f5cc21 Use actions/checkout@v6 in README too
• 2a50164 Bump actions/checkout from 4 to 6
• 14a4f5d looks -> is
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/ruby/setup-ruby	19a43a6a2428d455dbd1b85344698725179c9d8c	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 5 Found 11/20 approved changesets -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• .github/workflows/pullrequest.yml