From c66535c3b50217b048385dfcf6fb1830527be8e8 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 10 Jun 2026 04:32:22 +0000
Subject: [PATCH 1/2] Update all non-major dependencies

---
 postfix-relay-operator/requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/postfix-relay-operator/requirements.txt b/postfix-relay-operator/requirements.txt
index b7bb769..d072e65 100644
--- a/postfix-relay-operator/requirements.txt
+++ b/postfix-relay-operator/requirements.txt
@@ -1,8 +1,8 @@
 charmlibs-apt==1.0.0.post0
 charmlibs-snap==1.0.1
-charmlibs-interfaces-tls-certificates==1.8.1
+charmlibs-interfaces-tls-certificates==1.8.3
 cosl==1.9.1
-cryptography==48.0.0
+cryptography==48.0.1
 email-validator==2.3.0
 jinja2==3.1.6
 ops==3.7.1

From 3a597e2ac191e6073ade86b4557c800106b471d4 Mon Sep 17 00:00:00 2001
From: "Sebastien Georget (charmkeeper)"
 <sebastien.georget+charmkeeper@canonical.com>
Date: Fri, 12 Jun 2026 15:48:57 +0200
Subject: [PATCH 2/2] ci: add pull-requests: write permission to
 bot_pr_approval workflow

The bot_pr_approval job was failing with HTTP 403 because the default
GITHUB_TOKEN only had read permissions. The reusable workflow needs
`pull-requests: write` to approve bot-authored PRs via the GitHub API.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .github/workflows/bot_pr_approval.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/bot_pr_approval.yaml b/.github/workflows/bot_pr_approval.yaml
index f284fd7..638e931 100644
--- a/.github/workflows/bot_pr_approval.yaml
+++ b/.github/workflows/bot_pr_approval.yaml
@@ -6,5 +6,7 @@ on:
 jobs:
   bot_pr_approval:
     uses: canonical/operator-workflows/.github/workflows/bot_pr_approval.yaml@main
+    permissions:
+      pull-requests: write
     secrets: inherit