From 04b4b8818fdf305947f4bde6c0fed64430a13cad Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 11 Feb 2023 03:21:37 +0000
Subject: [PATCH 1/2] Bump traitlets from 5.8.1 to 5.9.0

Bumps [traitlets](https://github.com/ipython/traitlets) from 5.8.1 to 5.9.0.
- [Release notes](https://github.com/ipython/traitlets/releases)
- [Changelog](https://github.com/ipython/traitlets/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ipython/traitlets/compare/v5.8.1...v5.9.0)

---
updated-dependencies:
- dependency-name: traitlets
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 test-requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test-requirements.txt b/test-requirements.txt
index a65044dd89..2ea1640ff0 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -123,7 +123,7 @@ sortedcontainers==2.4.0
     # via -r test-requirements.in
 tomlkit==0.11.6
     # via pylint
-traitlets==5.8.1
+traitlets==5.9.0
     # via
     #   ipython
     #   matplotlib-inline

From 4ed59c327baa646662e1662295c8184e4a4c341a Mon Sep 17 00:00:00 2001
From: EXPLOSION <git@helvetica.moe>
Date: Sat, 11 Feb 2023 03:33:09 +0000
Subject: [PATCH 2/2] GITHUB_TOKEN needs `contents` for `git push`

---
 .github/workflows/ci.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0b650fc520..55cd0bbf4a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,12 +6,6 @@ on:
       - "dependabot/**"
   pull_request:
 
-# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#changing-github_token-permissions
-permissions:
-  pull-requests: write
-  issues: write
-  repository-projects: write
-
 jobs:
   Windows:
     name: 'Windows (${{ matrix.python }}, ${{ matrix.arch }}${{ matrix.extra_name }})'
@@ -77,6 +71,12 @@ jobs:
     name: 'Ubuntu (${{ matrix.python }}${{ matrix.extra_name }})'
     timeout-minutes: 10
     runs-on: 'ubuntu-latest'
+    # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#changing-github_token-permissions
+    permissions:
+      pull-requests: write
+      issues: write
+      repository-projects: write
+      contents: write
     strategy:
       fail-fast: false
       matrix: