Switch to offical GitHub action for managing app tokens

Improve security by switching to the official GitHub action for managing app tokens. More [details](tibdex/github-app-token#99 (comment)). The default scope is limited to only this repo per the [docs](https://github.com/actions/create-github-app-token?tab=readme-ov-file#repositories): > If owner and repositories are empty, access will be scoped to only the current repository.
dependabot · Mar 21, 2024 · bd92246 · bd92246
1 parent 522f500
commit bd92246
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/.github/workflows/gems-bump-version.yml b/.github/workflows/gems-bump-version.yml
@@ -19,10 +19,10 @@ jobs:
     steps:
       - name: Generate token
         id: generate_token
-        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+        uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
         with:
-          app_id: ${{ secrets.DEPENDABOT_CORE_ACTION_AUTOMATION_APP_ID }}
-          private_key: ${{ secrets.DEPENDABOT_CORE_ACTION_AUTOMATION_PRIVATE_KEY }}
+          app-id: ${{ secrets.DEPENDABOT_CORE_ACTION_AUTOMATION_APP_ID }}
+          private-key: ${{ secrets.DEPENDABOT_CORE_ACTION_AUTOMATION_PRIVATE_KEY }}
 
       - uses: actions/checkout@v4
         with: