diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml
index d5af102e..ab24db12 100644
--- a/.github/workflows/actions.yml
+++ b/.github/workflows/actions.yml
@@ -7,12 +7,18 @@ permissions:
 
 jobs:
   dependabot:
+    permissions:
+      pull-requests: read
     runs-on: ubuntu-latest
     if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo'
     steps:
       - name: Dependabot metadata
         id: dependabot-metadata
         uses: dependabot/fetch-metadata@v2
+        with:
+          alert-lookup: true
+          compat-lookup: true
+          github-token: "${{ secrets.PAT_TOKEN }}"
       - name: Enable auto-merge for Dependabot PRs
         if: (steps.dependabot-metadata.outputs.cvss == true && update_types == 'minor' || 'patch')
         run: gh pr merge --auto --merge "$PR_URL"