diff --git a/.github/workflows/changelog-deps.yml b/.github/workflows/changelog-deps.yml
index 4e20a6d04..e6e829b17 100644
--- a/.github/workflows/changelog-deps.yml
+++ b/.github/workflows/changelog-deps.yml
@@ -7,6 +7,10 @@ jobs:
   changelog-update:
     runs-on: ubuntu-latest
 
+    permissions:
+      # Give the default GITHUB_TOKEN write permission to commit and push the changed files back to the repository.
+      contents: write
+
     # TODO: feat: try to use author of the commit(s) to see if it's dependabot
     # ${{ any(contains(commit.author.username, 'dependabot') for commit in github.event.commits) }}
     if: contains(github.event.pull_request.labels.*.name, 'dependabot')
@@ -14,7 +18,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          token: ${{ secrets.NIBIBOT_GIT_TOKEN }}
           # to avoid checking out the repo in a detached state
           ref: ${{ github.head_ref }}
       # Helps keep your repository up-to-date when Dependabot updates your dependencies.