diff --git a/.github/workflows/upload.yaml b/.github/workflows/upload.yaml
index a12d563..2447a22 100644
--- a/.github/workflows/upload.yaml
+++ b/.github/workflows/upload.yaml
@@ -36,6 +36,24 @@ jobs:
     - run: mkdir -p dist-server && cp compact.cirru dist-server && cp package.json dist-server/
       name: Copy server scripts
 
+    - name: Check deploy key availability
+      run: |
+        if [ -z "$DEPLOY_KEY" ]; then
+          echo "ERROR: DEPLOY_KEY (rsync_private_key) is empty or not available."
+          echo ""
+          echo "This is likely because this workflow was triggered by Dependabot."
+          echo "Dependabot PRs can only access Dependabot secrets, not regular repository secrets."
+          echo "See: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#accessing-secrets"
+          echo ""
+          echo "To fix: either add 'rsync_private_key' under Settings > Secrets > Dependabot,"
+          echo "or restrict deploy steps to push events only (not pull_request)."
+          exit 1
+        else
+          echo "DEPLOY_KEY is present. Proceeding with deployment."
+        fi
+      env:
+        DEPLOY_KEY: ${{secrets.rsync_private_key}}
+
     - name: Upload web assets
       id: deploy
       uses: Pendect/action-rsyncer@v2.0.0
diff --git a/.pnp.cjs b/.pnp.cjs
index 2c2be27..8ff0de4 100644
--- a/.pnp.cjs
+++ b/.pnp.cjs
@@ -617,7 +617,7 @@ const RAW_RUNTIME_STATE =
         "packageLocation": "../../.yarn/berry/cache/glob-npm-13.0.6-864eb0cece-10c0.zip/node_modules/glob/",\
         "packageDependencies": [\
           ["glob", "npm:13.0.6"],\
-          ["minimatch", "npm:10.2.2"],\
+          ["minimatch", "npm:10.2.5"],\
           ["minipass", "npm:7.1.3"],\
           ["path-scurry", "npm:2.0.2"]\
         ],\
@@ -890,11 +890,11 @@ const RAW_RUNTIME_STATE =
       }]\
     ]],\
     ["minimatch", [\
-      ["npm:10.2.2", {\
-        "packageLocation": "../../.yarn/berry/cache/minimatch-npm-10.2.2-834cf8d1d1-10c0.zip/node_modules/minimatch/",\
+      ["npm:10.2.5", {\
+        "packageLocation": "../../.yarn/berry/cache/minimatch-npm-10.2.5-f1c8297822-10c0.zip/node_modules/minimatch/",\
         "packageDependencies": [\
           ["brace-expansion", "npm:5.0.5"],\
-          ["minimatch", "npm:10.2.2"]\
+          ["minimatch", "npm:10.2.5"]\
         ],\
         "linkType": "HARD"\
       }]\
diff --git a/yarn.lock b/yarn.lock
index 689891c..9feb2c1 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -271,7 +271,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"brace-expansion@npm:^5.0.2":
+"brace-expansion@npm:^5.0.5":
   version: 5.0.5
   resolution: "brace-expansion@npm:5.0.5"
   dependencies:
@@ -720,11 +720,11 @@ __metadata:
   linkType: hard
 
 "minimatch@npm:^10.2.2":
-  version: 10.2.2
-  resolution: "minimatch@npm:10.2.2"
+  version: 10.2.5
+  resolution: "minimatch@npm:10.2.5"
   dependencies:
-    brace-expansion: "npm:^5.0.2"
-  checksum: 10c0/098831f2f542cb802e1f249c809008a016e1fef6b3a9eda9cf9ecb2b3d7979083951bd47c0c82fcf34330bd3b36638a493d4fa8e24cce58caf5b481de0f4e238
+    brace-expansion: "npm:^5.0.5"
+  checksum: 10c0/6bb058bd6324104b9ec2f763476a35386d05079c1f5fe4fbf1f324a25237cd4534d6813ecd71f48208f4e635c1221899bef94c3c89f7df55698fe373aaae20fd
   languageName: node
   linkType: hard