From c51f1c067d4740ba86c7711a423d17fc5fa5d041 Mon Sep 17 00:00:00 2001
From: Kirill Sudarushkin <kirill.su@miro.com>
Date: Thu, 7 Sep 2023 11:49:27 +0200
Subject: [PATCH] Fix dependabot auto-merge (#245)

`fastify/github-action-merge-dependabot` filters out PRs triggered not
by `pull_request` event. After creating a ticket to the action repo,
developers answered me that probably there is no need to use
`pull_request_target`:
https://github.com/fastify/github-action-merge-dependabot/pull/474#pullrequestreview-1611390215.

And it seems we don't: the workflow is targeted on dependabot PRs only,
which are internal (not from forked repos), so for the `pull_request`
event the workflow will have all required write permissions.
---
 .github/workflows/dependabot-auto-merge.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
index baa5c047f..c5d470cd2 100644
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -1,5 +1,5 @@
 name: Dependabot
-on: pull_request_target
+on: pull_request
 
 permissions:
   pull-requests: write