You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ci: auto-merge minor and patch GitHub Actions Dependabot updates
Enable auto-merge only for github_actions minor/patch bumps; majors and
other ecosystems still need a human. The default GITHUB_TOKEN lacks the
workflows scope and is refused on PRs that touch .github/workflows, so use
the dunglas-release app token scoped to contents/pull-requests/workflows,
run from an unprotected dependabot environment. zizmor ignores the
required pull_request_target trigger for this guarded workflow.
0 commit comments