Skip to content

Bump security-framework from 2.9.1 to 2.9.2 #311

Bump security-framework from 2.9.1 to 2.9.2

Bump security-framework from 2.9.1 to 2.9.2 #311

Workflow file for this run

name: Dependabot Auto Merge
on:
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests
# could and should work, at least for public repos;
# tracking issue for this action's issue:
# https://github.com/ahmadnassri/action-dependabot-auto-merge/issues/60
pull_request_target:
types: [labeled]
jobs:
auto:
if: github.actor == 'dependabot[bot]'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
- uses: ahmadnassri/action-dependabot-auto-merge@v2
with:
target: minor
# Note: This needs to be a PAT with (public) repo rights,
# PAT-owning user needs to have write access to this repo
# (dependabot needs to recognize the comment as coming from an allowed reviewer)
github-token: ${{ secrets.PAT_REPO_ADMIN }}
name: Auto approve pull request, then squash and merge