Merge branch 'master' into dependabot/github_actions/bufbuild/buf-set…

…up-action-1.28.1

.github/workflows/changelog-deps.yml

@@ -7,14 +7,17 @@ jobs:
   changelog-update:
     runs-on: ubuntu-latest
 
+    permissions:
+      # Give the default GITHUB_TOKEN write permission to commit and push the changed files back to the repository.
+      contents: write
+
     # TODO: feat: try to use author of the commit(s) to see if it's dependabot
     # ${{ any(contains(commit.author.username, 'dependabot') for commit in github.event.commits) }}
     if: contains(github.event.pull_request.labels.*.name, 'dependabot')
 
     steps:
       - uses: actions/checkout@v4
         with:
-          token: ${{ secrets.NIBIBOT_GIT_TOKEN }}
           # to avoid checking out the repo in a detached state
           ref: ${{ github.head_ref }}
       # Helps keep your repository up-to-date when Dependabot updates your dependencies.