From 2284b0bdd0420e6ab7a73025ed9ce00176f5dff6 Mon Sep 17 00:00:00 2001
From: Frazer Smith <frazer.dev@icloud.com>
Date: Wed, 24 Sep 2025 12:40:30 +0100
Subject: [PATCH] ci: check dependabot prs originate from repo

---
 .github/workflows/ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b0f1060..1e29add 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -135,6 +135,7 @@ jobs:
     name: Automerge Dependabot PRs
     if: >
         github.event_name == 'pull_request' &&
+        github.event.pull_request.head.repo.full_name == github.repository &&
         github.event.pull_request.user.login == 'dependabot[bot]'
     needs: [browsers, lint, test, typescript]
     permissions: