commercetools-paypal-plus-integration is currently using dependabot to update dependencies
Problem
Github actions introduces a new security feature that treats dependabot PRs as forked PRs and doesn't allow them to have access to secrets. As commercetools-paypal-plus-integration uses secrets, tests will fail for PRs from dependabot.
Resolution
Replace dependabot with renovate. Dependabot is already being used in other Java repos, for example commercetools-payone-integration
Situation
commercetools-paypal-plus-integration is currently using dependabot to update dependencies
Problem
Github actions introduces a new security feature that treats dependabot PRs as forked PRs and doesn't allow them to have access to secrets. As commercetools-paypal-plus-integration uses secrets, tests will fail for PRs from dependabot.
Resolution
Replace dependabot with renovate. Dependabot is already being used in other Java repos, for example commercetools-payone-integration