From 64198118043a403124afa43e766606428fe83d8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Raimondas=20Rimkevi=C4=8Dius?= Date: Fri, 27 Mar 2026 01:03:05 +0200 Subject: [PATCH 1/2] Potential fix for code scanning alert no. 3: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/dependabot.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml index 6dc91e3..25d0c92 100644 --- a/.github/workflows/dependabot.yml +++ b/.github/workflows/dependabot.yml @@ -17,6 +17,9 @@ jobs: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' && github.actor == 'dependabot[bot]' + permissions: + contents: read + pull-requests: write steps: - name: "Approve pull request" uses: "juliangruber/approve-pull-request-action@v2" From c7923aad5aaea731242d9688670c5a7e2fcd91f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Raimondas=20Rimkevi=C4=8Dius=20=28aka=20MekDrop=29?= Date: Fri, 27 Mar 2026 01:05:20 +0200 Subject: [PATCH 2/2] chore: set dependabot workflow contents permission to write --- .github/workflows/dependabot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml index 25d0c92..3c9b390 100644 --- a/.github/workflows/dependabot.yml +++ b/.github/workflows/dependabot.yml @@ -18,7 +18,7 @@ jobs: github.event.workflow_run.conclusion == 'success' && github.actor == 'dependabot[bot]' permissions: - contents: read + contents: write pull-requests: write steps: - name: "Approve pull request" @@ -39,4 +39,4 @@ jobs: owner: repository.owner, pull_number: pullRequest.number, repo: repository.repo, - }) \ No newline at end of file + })