From 2cf21772294849e1a62ef6fa7798ca2d2b55d9be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Roaldseth?= <andre.roaldseth@nav.no>
Date: Wed, 21 Aug 2024 09:01:01 +0200
Subject: [PATCH] Endre hvordan vi sjekker at PRs kommer fra dependabot

https://www.synacktiv.com/en/publications/github-actions-exploitation-dependabot
---
 .github/workflows/dependabot-auto-merge.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml
index 3d732c5..128daf8 100644
--- a/.github/workflows/dependabot-auto-merge.yaml
+++ b/.github/workflows/dependabot-auto-merge.yaml
@@ -8,7 +8,7 @@ permissions:
 jobs:
   dependabot:
     runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
     steps:
       - name: Dependabot metadata
         id: metadata