chore: Update dependencies without external action

.github/workflows/merge-dependencies.yml

@@ -1,23 +1,26 @@
 name: 'Merge Dependencies'
 
 # https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/
-# https://github.com/ahmadnassri/action-dependabot-auto-merge/issues/60#issuecomment-806027389
 on: [pull_request_target]
 
+permissions:
+  pull-requests: write
+  contents: write
+
 jobs:
   auto-merge:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest]
-        node-version: [16.x]
-    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
     steps:
-      - name: 'Checkout repository'
-        uses: actions/checkout@v2.4.0
-      - name: 'Automerge dependency updates from Dependabot'
-        uses: ahmadnassri/action-dependabot-auto-merge@v2.6
-        # Guarantee that commit comes from Dependabot (don't blindly trust external GitHub Actions)
-        if: github.actor == 'dependabot[bot]'
-        with:
-          github-token: ${{ secrets.GH_TOKEN }}
+      # https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request#about-auto-merge
+      - name: 'Enable auto-merge on PR'
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: 'Approve PR'
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}