From 6a6389a0c8b40ff045cf84f145942f7f2df9e548 Mon Sep 17 00:00:00 2001
From: skye rogers <skyero@amazon.com>
Date: Tue, 25 Mar 2025 10:04:41 -0700
Subject: [PATCH] added alert-lookup and github-token; removed cvss checker
 from auto merge if statement

---
 .github/workflows/maven.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index bd9f5e27..0e825ac6 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -19,8 +19,12 @@ jobs:
       - name: Dependabot metadata
         id: dependabot-metadata
         uses: dependabot/fetch-metadata@v2
+        with:
+          alert-lookup: true
+          github-token: "${{ secrets.PAT_TOKEN }}"
       - name: Enable auto-merge for Dependabot PRs
-        if: ${{steps.dependabot-metadata.outputs.cvss == 'true' || (steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor')}}
+        #if: ${{steps.dependabot-metadata.outputs.cvss == 'true' || (steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor')}}
+        if: steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'
         run: gh pr merge --auto --merge "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}