Don't know if it's flaw with GitHub itself or the way Dependabot creates PR to update dependencies but the user @sadikkuzu has been able to approve this PR without access rights to the repository:

I also also noticed he approves a lot of them in other repositories within few minutes:

Ok after digging, it can be done in the Files changed tab. For example with this PR without being a contributor or requested:

Looking at this doc, it seems to be the expected behavior 🤔

@crazy-max yeah I think that's expected behaviour for public repos but looks like the approved review check is greyed out due the user not having write access to the repo.

@feelepxyz Yes that's it. I think it would be nice if GitHub could allow a limitation or at least postpone abuse.

@crazy-max yes the user has been reported a few times already, will look into it.