Security fix for dependabot auto merge #479

	name: Auto-merge Dependabot PR

	on: [pull_request_target]

	permissions:
	pull-requests: write
	contents: write

	jobs:
	auto-merge:
	if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'scala-steward-org/scala-steward-action' }}
	runs-on: ubuntu-latest
	steps:
	- name: Auto-merge Dependabot PRs
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	PR_URL: ${{ github.event.pull_request.html_url }}
	run: gh pr merge --auto --squash "$PR_URL"

Provide feedback