GitHub Actions: Workflows triggered by Dependabot PRs will run with read-only permissions actionssecurity February 19, 2021 Starting March 1st, 2021 workflow runs that are triggered by Dependabot from push, pull_request, pull_request_review, or pull_request_review_comment events will be treated as if they were opened from a repository fork. This means they will receive a read-only GITHUB_TOKEN and
![GitHub Actions: Workflows triggered by Dependabot PRs will run with read-only permissions](https://cdn-ak-scissors.b.st-hatena.com/image/square/912bb1e7f2ca8e2f98cc813c91412e64c8461717/height=288;version=1;width=512/https%3A%2F%2Fgithub.blog%2Fwp-content%2Fuploads%2F2022%2F04%2FEngineering-Security.png%3Ffit%3D1200%252C630)