Use pull_request_target for better security with forked PRs (#22024)

2026-01-06 15:01:04 -05:00 · 2021-10-08 10:00:33 -05:00
parent 4df9db6cd5
commit 7fba77dfe6
1 changed files with 1 additions and 1 deletions
--- a/.github/workflows/automerge-dependencies.yml
+++ b/.github/workflows/automerge-dependencies.yml
@@ -9,7 +9,7 @@ name: Auto Merge Dependency Updates
 # **Who does it impact**: It helps docs engineering focus on higher value work.

 on:
-  pull_request:
+  pull_request_target:
    paths:
      - 'package*.json'
      - 'Gemfile*'