From 8c9696ba9a0ec27b11fbb1e24991b9e0a871d24b Mon Sep 17 00:00:00 2001
From: TangRufus <tangrufus@gmail.com>
Date: Sat, 11 Apr 2026 19:49:49 +0100
Subject: [PATCH] Dependabot Auto-merge: Fix code injection alert

---
 .github/workflows/dependabot-auto-merge.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
index fe7f0c8..f920c93 100644
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -46,7 +46,7 @@ jobs:
           (inputs.major && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major') 
           || (inputs.minor && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor')
           || (inputs.patch && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch')
-        run: gh pr merge --auto --${{ inputs.strategy }} "$PR_URL"
+        run: gh pr merge --auto "--${{ inputs.strategy }}" "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
           GH_TOKEN: ${{secrets.GITHUB_TOKEN}}