diff --git a/.github/workflows/add_issue_to_project.yaml b/.github/workflows/add_issue_to_project.yaml
index cf539c84..09faf705 100644
--- a/.github/workflows/add_issue_to_project.yaml
+++ b/.github/workflows/add_issue_to_project.yaml
@@ -8,7 +8,7 @@ jobs:
     name: Add issue to Updatecli project
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
+      - uses: actions/add-to-project@5afcf98fcd03f1c2f92c3c83f58ae24323cc57fd # v2.0.0
         with:
           project-url: https://github.com/orgs/updatecli/projects/2
           github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 718d83f4..85ebfbc1 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -14,7 +14,7 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Use Node.js
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
           node-version: 24
       - name: Install dependencies
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index 3eb33e49..a511e2fc 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -13,25 +13,25 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
       - name: Login to Docker Hub
-        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
       - name: Login to GitHub Docker Registry
-        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build and push
-        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
         with:
           context: .
           platforms: linux/amd64,linux/arm64
           push: true
           tags: updatecli/udash-front:${{ github.event.release.tag_name }}
       - name: Build and push on ghcr.io
-        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
         with:
           context: .
           platforms: linux/amd64,linux/arm64
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
index 4bebaf52..bc8a331b 100644
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -5,9 +5,7 @@ on:
     # branches to consider in the event; optional, defaults to all
     branches:
       - main
-
 permissions: {}
-
 jobs:
   update_release_draft:
     runs-on: ubuntu-latest
@@ -15,7 +13,7 @@ jobs:
       contents: write
       pull-requests: read
     steps:
-      - uses: release-drafter/release-drafter@139054aeaa9adc52ab36ddf67437541f039b88e2 # v7.1.1
+      - uses: release-drafter/release-drafter@c2e2804cc59f45f57076a99af580d0fedb697927 # v7.3.0
         with:
           config-name: release-drafter.yaml
         env:
diff --git a/.github/workflows/typos.yaml b/.github/workflows/typos.yaml
index ae2254a7..b770934f 100644
--- a/.github/workflows/typos.yaml
+++ b/.github/workflows/typos.yaml
@@ -11,4 +11,4 @@ jobs:
       - name: Checkout Actions Repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Check spelling of file.txt
-        uses: crate-ci/typos@631208b7aac2daa8b707f55e7331f9112b0e062d # v1.44.0
+        uses: crate-ci/typos@5374cbf686e897b15713110e233094e2874de7ef # v1.46.1
diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml
index f8e766e0..6fe5d2f6 100644
--- a/.github/workflows/updatecli.yaml
+++ b/.github/workflows/updatecli.yaml
@@ -15,7 +15,7 @@ jobs:
         with:
           persist-credentials: false
       - name: "Setup updatecli"
-        uses: "updatecli/updatecli-action@7aab164eed4ee3bb279611182ba1e62a3a867640" # v3.1.1
+        uses: "updatecli/updatecli-action@2c3221bc5f4499a99fec2c87d9de4a83cb30e990" # v3.1.3
         with:
           version: "v0.116.2"
       - name: "Run updatecli"
diff --git a/.github/workflows/updatecli_release.yaml b/.github/workflows/updatecli_release.yaml
index c3475107..1892034c 100644
--- a/.github/workflows/updatecli_release.yaml
+++ b/.github/workflows/updatecli_release.yaml
@@ -18,7 +18,7 @@ jobs:
         with:
           persist-credentials: false
       - name: "Setup updatecli"
-        uses: "updatecli/updatecli-action@7aab164eed4ee3bb279611182ba1e62a3a867640" # v3.1.1
+        uses: "updatecli/updatecli-action@2c3221bc5f4499a99fec2c87d9de4a83cb30e990" # v3.1.3
         with:
           version: "v0.116.2"
       - name: "Run updatecli only on Updatecli release event"
diff --git a/.github/workflows/updatecli_test.yaml b/.github/workflows/updatecli_test.yaml
index 8e4a5f66..3023f306 100644
--- a/.github/workflows/updatecli_test.yaml
+++ b/.github/workflows/updatecli_test.yaml
@@ -13,7 +13,7 @@ jobs:
         with:
           persist-credentials: false
       - name: "Setup updatecli"
-        uses: "updatecli/updatecli-action@7aab164eed4ee3bb279611182ba1e62a3a867640" # v3.1.1
+        uses: "updatecli/updatecli-action@2c3221bc5f4499a99fec2c87d9de4a83cb30e990" # v3.1.3
         with:
           version: "v0.116.2"
       - name: "Test updatecli in dry-run mode"
diff --git a/.github/workflows/updatecli_update.yaml b/.github/workflows/updatecli_update.yaml
index 62f409dc..bdf4ddcf 100644
--- a/.github/workflows/updatecli_update.yaml
+++ b/.github/workflows/updatecli_update.yaml
@@ -18,7 +18,7 @@ jobs:
         with:
           persist-credentials: false
       - name: "Setup updatecli"
-        uses: "updatecli/updatecli-action@7aab164eed4ee3bb279611182ba1e62a3a867640" # v3.1.1
+        uses: "updatecli/updatecli-action@2c3221bc5f4499a99fec2c87d9de4a83cb30e990" # v3.1.3
         with:
           version: "v0.116.2"
       - name: "Run updatecli only on monitored pipelines"
diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml
index e5f64886..c6402d7c 100644
--- a/.github/workflows/zizmor.yaml
+++ b/.github/workflows/zizmor.yaml
@@ -1,13 +1,10 @@
-name: GitHub Actions Security Analysis with zizmor 🌈
-
+name: "GitHub Actions Security Analysis with zizmor \U0001F308"
 on:
   push:
     branches: ["main"]
   pull_request:
     branches: ["**"]
-
 permissions: {}
-
 jobs:
   zizmor:
     runs-on: ubuntu-latest
@@ -18,9 +15,8 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
-
-      - name: Run zizmor 🌈
-        uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2
+      - name: "Run zizmor \U0001F308"
+        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
         with:
           # intentionally not scanning the entire repository,
           inputs: ./.github/