From a063781ab257174a4e23936da754b282b2bacb5d Mon Sep 17 00:00:00 2001
From: William Woodruff <william@astral.sh>
Date: Mon, 22 Sep 2025 16:41:25 -0400
Subject: [PATCH] ci: disable persist-credentials for dependabot too

I misread this; the GITHUB_TOKEN is used for auth
instead of the persisted credential.

Signed-off-by: William Woodruff <william@astral.sh>
---
 .github/workflows/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
index 2991f3b..87b07aa 100644
--- a/.github/workflows/dependabot.yml
+++ b/.github/workflows/dependabot.yml
@@ -21,7 +21,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 2
-          persist-credentials: true
+          persist-credentials: false
         if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
       - name: Check if package-lock.json has been changed
         if: steps.metadata.outputs.update-type == 'version-update:semver-patch'