diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
index 66c16b7..56993bb 100644
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -19,7 +19,7 @@ jobs:
     steps:
       # Pinned to commit SHA — floating tags are unsafe on pull_request_target
       # with write permissions (supply chain attack surface). v2 = 21025c7
-      - uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a
+      - uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98
         id: meta
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}