diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index f033397..02309eb 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -15,6 +15,7 @@ jobs:
         with:
           egress-policy: audit
           uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+          disable-telemetry: true
       - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
       - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 52bbb4d..cb29f9b 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -58,13 +58,13 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
+        uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
         with:
           sarif_file: results.sarif
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 732a3a4..ba89b06 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,32 +1,32 @@
 repos:
-  - hooks:
+  - repo: https://github.com/commitizen-tools/commitizen
+    rev: v3.24.0
+    hooks:
       - id: commitizen
         stages:
           - commit-msg
-    repo: https://github.com/commitizen-tools/commitizen
-    rev: v3.22.0
-  - hooks:
+  - repo: https://github.com/doublify/pre-commit-rust
+    rev: v1.0
+    hooks:
       - id: fmt
       - id: cargo-check
       - id: clippy
-    repo: https://github.com/doublify/pre-commit-rust
-    rev: v1.0
-  - hooks:
-      - id: gitleaks
-    repo: https://github.com/gitleaks/gitleaks
+  - repo: https://github.com/gitleaks/gitleaks
     rev: v8.18.2
-  - hooks:
-      - id: yamlfmt
-    repo: https://github.com/google/yamlfmt
+    hooks:
+      - id: gitleaks
+  - repo: https://github.com/google/yamlfmt
     rev: v0.11.0
-  - hooks:
-      - args:
+    hooks:
+      - id: yamlfmt
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: trailing-whitespace
+        args:
           - --markdown-linebreak-ext=md
-        id: trailing-whitespace
       - id: end-of-file-fixer
       - id: check-yaml
-      - exclude: .vscode
-        id: check-json
+      - id: check-json
+        exclude: .vscode
       - id: no-commit-to-branch
-    repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0