From 5dbed59e388aac4e07e66e4412a4bf6229ad63fd Mon Sep 17 00:00:00 2001
From: Mathieu Benoit <mathieu-benoit@hotmail.fr>
Date: Tue, 17 Mar 2026 22:42:46 -0400
Subject: [PATCH] Update permissions in dependabot-auto-merge.yaml

Change permissions for Dependabot auto-merge workflow.

Signed-off-by: Mathieu Benoit <mathieu-benoit@hotmail.fr>
---
 .github/workflows/dependabot-auto-merge.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml
index 3f6a2a1..f5abc37 100644
--- a/.github/workflows/dependabot-auto-merge.yaml
+++ b/.github/workflows/dependabot-auto-merge.yaml
@@ -1,12 +1,14 @@
 name: Dependabot auto-merge
 on: pull_request
 permissions:
-  contents: write
-  pull-requests: write
+  contents: read
 jobs:
   dependabot-auto-merge:
     runs-on: ubuntu-latest
     if: ${{ github.actor == 'dependabot[bot]' && !github.event.pull_request.auto_merge }}
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - name: Approve a PR
         run: gh pr review --approve "$PR_URL"