Dependabot PRs and Workflow Secrets

As per GitHub Actions: Workflows triggered by Dependabot PRs will run with read-only permissions - GitHub Changelog

Starting March 1st, 2021 workflow runs that are triggered by a pull request from Dependabot will be treated as if they were opened from a repository fork. This means they will receive a read-only GITHUB_TOKEN and will not have access to any secrets available in the repository.

Is there a workaround for workflows that need access to secrets (e.g. publishing code coverage data to another service, access to paid services like saucelab)?