From 9e2d9d6cc8f11550c8abcff2119855e9ec5d5577 Mon Sep 17 00:00:00 2001
From: skye rogers <skyero@amazon.com>
Date: Thu, 27 Mar 2025 09:31:10 -0700
Subject: [PATCH] added cvss level check

---
 .github/workflows/maven.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 6b20c29e..908151df 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -22,9 +22,11 @@ jobs:
         id: metadata
         uses: dependabot/fetch-metadata@v2
         with:
+          alert-lookup: true
           github-token: "${{ secrets.GITHUB_TOKEN }}"
       - name: Enable auto-merge for Dependabot PRs
-        if: steps.metadata.outputs.update-type != 'version-update:semver-major' # && cvss level > 0
+        # if: steps.metadata.outputs.update-type != 'version-update:semver-major' && cvss level > 0
+        if: steps.metadata.outputs.update-type != 'version-update:semver-major' && steps.dependabot-metadata.outputs.cvss != 0
         run: gh pr merge --auto --merge "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}