---
title: Adding read and write permissions for Dependabot secrets to Shopify’s GitHub app - Shopify developer changelog
description: Shopify’s developer changelog documents all changes to Shopify’s platform. Find the latest news and learn about new platform opportunities.
source_url:
  html: https://shopify.dev/changelog/adding-read-and-write-permissions-for-dependabot-secrets-to-shopify-s-github-app
  md: https://shopify.dev/changelog/adding-read-and-write-permissions-for-dependabot-secrets-to-shopify-s-github-app.md
---

[Back to Developer changelog](https://shopify.dev/changelog)

May 12, 2023

Tags:

* Tools

# Adding read and write permissions for Dependabot secrets to Shopify’s GitHub app

Shopify’s GitHub app now requests read and write permissions for [Dependabot secrets](https://docs.github.com/en/rest/overview/permissions-required-for-github-apps#dependabot-secrets). This update supports improvements to the developer experience for [Hydrogen](https://hydrogen.shopify.dev/) headless storefronts hosted on Oxygen.

Currently, deployments to Oxygen are triggered by pushes or merges to a GitHub repo. However, Dependabot, GitHub’s dependency management service, doesn’t have access to the API tokens required to create a deployment. By adding these new permissions, Dependabot will be able to trigger preview deployments on Oxygen when creating pull requests that bump package versions. This change will let developers more quickly validate that automated updates can be safely merged.

Learn more about [Shopify’s GitHub integration](https://shopify.dev/themes/tools/github).