chore(github,workflows): edit configuration

sheeeng · sheeeng · commit 8e1e121a8f57 · 2026-01-04T15:18:18.000+01:00
Signed-off-by: Leonard Sheng Sheng Lee &lt;305414+sheeeng@users.noreply.github.com&gt;
diff --git a/.github/workflows/approve-dependabot-pull-request.yml b/.github/workflows/approve-dependabot-pull-request.yml
@@ -1,20 +1,22 @@
 name: Approve Dependabot Pull Request
 on: pull_request
 
-permissions:
-  pull-requests: write
+permissions: {}
 
 jobs:
   dependabot:
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
     if: ${{ github.actor == 'dependabot[bot]' }}
     steps:
       - name: Fetch Metadata
         id: metadata
-        uses: dependabot/fetch-metadata@v2
+        uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b # v2.4.0
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
       - name: Approve Pull Request
+        if: ${{ steps.metadata.outputs.update-type != 'version-update:semver-major' }}
         run: gh pr review --approve "${PR_URL}"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
