Chore(deps): Bump fastlane from 2.235.0 to 2.236.0

[dependabot]

Bumps fastlane from 2.235.0 to 2.236.0.

Release notes

Sourced from fastlane's releases.

2.236.0 Improvements

• [ci] fix: add 'multi_json' as direct dep due to upstream googleapis bug. (#30062) via Connor Tumbleson (@​iBotPeaches)
• Fix --copy_to_clipboard flag for spaceauth command (#29888) via owurman (@​owurman)
• [transporter] Decode Base64 key content for .p8 file generation in Al… (#30057) via Kaan Çembertaş (@​kaancembertas)
• [ci] remove xcode 16.3 as CircleCI dropped it (#30058) via Connor Tumbleson (@​iBotPeaches)
• [action] Add update_app_age_rating action for standalone age rating updates (#30025) via Pratik Patil (@​PratikPatil131)
• [core] Set ruby-jwt gem to v2.10.3 minimum. (#30056) via Nakshatra Singh (@​nakshatrasinghh)
• [snapshot] run simulator using Rosetta2 for Apple Silicon (#21559) via Iceman (@​sidepelican)
• [snapshot] use simulator UDIDs for destinations (#30054) via Philip Niedertscheider (@​philprime)
• [spaceship] remove dots from names (#30052) via Tim Shedor (@​tshedor)
• [docs] keep docs assets moving along during update_docs (#30051) via Connor Tumbleson (@​iBotPeaches)

Commits

• 0c70b67 Version bump to 2.236.0 (#30064)
• 4a6c792 [core] fix: add 'multi_json' as direct dep due to upstream googleapis bug. (#...
• e979ad4 [spaceauth] Fix --copy_to_clipboard flag for spaceauth command (#29888)
• 274a470 [transporter] Decode Base64 key content for .p8 file generation in (#30057)
• efa4cab [ci] remove xcode 16.3 as CircleCI dropped it (#30058)
• 3f73c21 [action] Add update_app_age_rating action for standalone age rating updates (...
• c30e449 [core] Set ruby-jwt gem to v2.10.3 minimum. (#30056)
• 57a2d0d [snapshot] run simulator using Rosetta2 for Apple Silicon (#21559)
• 43dc4fa [snapshot] use simulator UDIDs for destinations (#30054)
• 5f94ef3 [spaceship] remove dots (.) from names (#30052)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Note

Low Risk
Dependency-only bump for build/CI tooling with no product code changes; validate CI lanes if you rely on snapshot, transporter, or App Store Connect flows affected in 2.236.0.

Overview
Bumps the pinned fastlane dependency from 2.235.0 to 2.236.0 in Gemfile and refreshes Gemfile.lock.

The lockfile also moves along fastlane’s dependency tree (e.g. tighter jwt minimum, explicit multi_json, and patch bumps for AWS SDK, Google API clients, googleauth, signet, json, retriable). No application or lane source changes—only the Ruby toolchain used for CI/release automation.

^{Reviewed by Cursor Bugbot for commit 2d3a11d. Bugbot is set up for automated code reviews on this repo. Configure here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	fastlane@​2.236.0

View full report