Starting March 1st, 2021 workflow runs that are triggered by a pull request from Dependabot will be treated as if they were opened from a repository fork. This means they will receive a read-only
GITHUB_TOKENand will not have access to any secrets available in the repository.
Is there a workaround for workflows that need access to secrets (e.g. publishing code coverage data to another service, access to paid services like saucelab)?