diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml
index f8880f6f..a808a895 100644
--- a/.github/workflows/check-dist.yml
+++ b/.github/workflows/check-dist.yml
@@ -22,7 +22,7 @@ jobs:
   check-dist:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - name: Set Node.js 24.x
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
index 0263efa0..72aff3c7 100644
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -13,7 +13,7 @@ jobs:
       contents: write
       pull-requests: read
     steps:
-      - uses: release-drafter/release-drafter@563bf132657a13ded0b01fcb723c5a58cdd824e2 # v7.2.1
+      - uses: release-drafter/release-drafter@693d20e7c1ce1a81d3a41962f85914253b518449 # v7.3.1
         with:
           config-name: release-drafter.yaml
         env:
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 0e67e14d..5521064e 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -13,7 +13,7 @@ jobs:
     name: Test Javascript
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - name: Set Node.js 24.x
@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Git Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - name: Install Updatecli
diff --git a/.github/workflows/typos.yaml b/.github/workflows/typos.yaml
index 8763c79f..a4c16db0 100644
--- a/.github/workflows/typos.yaml
+++ b/.github/workflows/typos.yaml
@@ -12,10 +12,10 @@ jobs:
       contents: read
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
       - name: Run typos
-        uses: crate-ci/typos@bbaefadf97b0ec5fdc942684b647f1a6ab250274 # v1.46.0
+        uses: crate-ci/typos@44e2070e6017f834bf069503acb35ca0ca0b75f2 # v1.47.1
         with:
           config: _typos.toml
diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml
index 85c750a1..0ffa398e 100644
--- a/.github/workflows/updatecli.yaml
+++ b/.github/workflows/updatecli.yaml
@@ -11,11 +11,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout"
-        uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2
+        uses: "actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10" # v6.0.3
         with:
           persist-credentials: false
       - name: "Setup updatecli"
-        uses: "updatecli/updatecli-action@e71be7554f3f940bc439cf720b3e4e379823c562" # v3.2.0
+        uses: "updatecli/updatecli-action@5bda7da77bf4d181bce5f807d73d832b62062acf" # v3.3.0
         with:
           version: "v0.118.0"
       - name: "Run updatecli"
diff --git a/.github/workflows/updatecli_release.yaml b/.github/workflows/updatecli_release.yaml
index b11b5315..11967f23 100644
--- a/.github/workflows/updatecli_release.yaml
+++ b/.github/workflows/updatecli_release.yaml
@@ -14,11 +14,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout"
-        uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2
+        uses: "actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10" # v6.0.3
         with:
           persist-credentials: false
       - name: "Setup updatecli"
-        uses: "updatecli/updatecli-action@e71be7554f3f940bc439cf720b3e4e379823c562" # v3.2.0
+        uses: "updatecli/updatecli-action@5bda7da77bf4d181bce5f807d73d832b62062acf" # v3.3.0
         with:
           version: "v0.118.0"
       - name: "Run updatecli only on Updatecli release event"
diff --git a/.github/workflows/updatecli_test.yaml b/.github/workflows/updatecli_test.yaml
index 9887077c..099f0f75 100644
--- a/.github/workflows/updatecli_test.yaml
+++ b/.github/workflows/updatecli_test.yaml
@@ -9,11 +9,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout"
-        uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2
+        uses: "actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10" # v6.0.3
         with:
           persist-credentials: false
       - name: "Setup updatecli"
-        uses: "updatecli/updatecli-action@e71be7554f3f940bc439cf720b3e4e379823c562" # v3.2.0
+        uses: "updatecli/updatecli-action@5bda7da77bf4d181bce5f807d73d832b62062acf" # v3.3.0
         with:
           version: "v0.118.0"
       - name: "Test updatecli in dry-run mode"
diff --git a/.github/workflows/updatecli_update.yaml b/.github/workflows/updatecli_update.yaml
index 155e15b6..56a95b3e 100644
--- a/.github/workflows/updatecli_update.yaml
+++ b/.github/workflows/updatecli_update.yaml
@@ -14,11 +14,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout"
-        uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2
+        uses: "actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10" # v6.0.3
         with:
           persist-credentials: false
       - name: "Setup updatecli"
-        uses: "updatecli/updatecli-action@e71be7554f3f940bc439cf720b3e4e379823c562" # v3.2.0
+        uses: "updatecli/updatecli-action@5bda7da77bf4d181bce5f807d73d832b62062acf" # v3.3.0
         with:
           version: "v0.118.0"
       - name: "Run updatecli only on monitored pipelines"
diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml
index 1045e1fd..e52b8a19 100644
--- a/.github/workflows/zizmor.yaml
+++ b/.github/workflows/zizmor.yaml
@@ -1,13 +1,10 @@
-name: GitHub Actions Security Analysis with zizmor 🌈
-
+name: "GitHub Actions Security Analysis with zizmor \U0001F308"
 on:
   push:
     branches: ["main"]
   pull_request:
     branches: ["**"]
-
 permissions: {}
-
 jobs:
   zizmor:
     runs-on: ubuntu-latest
@@ -15,12 +12,11 @@ jobs:
       security-events: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
-
-      - name: Run zizmor 🌈
-        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
+      - name: "Run zizmor \U0001F308"
+        uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
         with:
           # intentionally not scanning the entire repository,
           inputs: ./.github/