From 6a0656e92ce7ccffeb245ddcdedc0f54f86f4a57 Mon Sep 17 00:00:00 2001
From: Huan Jiang <billjh@users.noreply.github.com>
Date: Mon, 6 Jan 2025 10:00:39 +0800
Subject: [PATCH] Security fix for dependabot auto merge

---
 .github/workflows/auto-merge-dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml
index ef03409e..41917dea 100644
--- a/.github/workflows/auto-merge-dependabot.yml
+++ b/.github/workflows/auto-merge-dependabot.yml
@@ -8,7 +8,7 @@ permissions:
 
 jobs:
   auto-merge:
-    if: github.actor == 'dependabot[bot]'
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'scala-steward-org/scala-steward-action' }}
     runs-on: ubuntu-latest
     steps:
       - name: Auto-merge Dependabot PRs