diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
index 43d92c94fd6..fce19297203 100644
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -11,7 +11,7 @@ permissions:
 jobs:
   dependabot:
     runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' && github.event.pull_request.auto_merge == null }}
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.event.pull_request.auto_merge == null }}
     steps:
       - name: Dependabot metadata
         id: metadata
diff --git a/.github/workflows/reuse-compliance.yml b/.github/workflows/reuse-compliance.yml
index 3dbdbb22ff9..77a0723bd80 100644
--- a/.github/workflows/reuse-compliance.yml
+++ b/.github/workflows/reuse-compliance.yml
@@ -18,4 +18,4 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Execute REUSE Compliance Check
-      uses: fsfe/reuse-action@v5
+      uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0
diff --git a/.npmrc b/.npmrc
index 3eeeab4e326..f5bb40b0e47 100644
--- a/.npmrc
+++ b/.npmrc
@@ -2,3 +2,4 @@
 registry=https://registry.npmjs.org/
 lockfile-version=3
 ignore-scripts=true
+allow-git=none