diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index bb7d3a7..c5d1230 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,13 +10,13 @@ on:
 
 jobs:
   pre-commit:
-    uses: coatl-dev/workflows/.github/workflows/pre-commit.yml@v6
+    uses: coatl-dev/workflows/.github/workflows/pre-commit.yml@8d3c0aba2a053986bce9382063facccf1fd98247 # v7.0.0
     with:
       checkout-ref: ${{ github.ref }}
       skip-hooks: 'pylint'
 
   pylint:
-    uses: coatl-dev/workflows/.github/workflows/pylint.yml@v6
+    uses: coatl-dev/workflows/.github/workflows/pylint.yml@8d3c0aba2a053986bce9382063facccf1fd98247 # v7.0.0
     with:
       path: src
       checkout-ref: ${{ github.ref }}
diff --git a/.github/workflows/pip-compile-upgrade.yml b/.github/workflows/pip-compile-upgrade.yml
index b3bab1d..04200d8 100644
--- a/.github/workflows/pip-compile-upgrade.yml
+++ b/.github/workflows/pip-compile-upgrade.yml
@@ -14,17 +14,17 @@ jobs:
       fail-fast: false
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v6
+        uses: actions/checkout@9f698171ed81b15d1823a05fc7211befd50c8ae0 # v6.0.3
         with:
           ref: ${{ matrix.branch }}
 
       - name: Upgrade package requirements
-        uses: coatl-dev/actions/pip-compile-upgrade@v5
+        uses: coatl-dev/actions/pip-compile-upgrade@208567f6e604baf94c6e867ec7f345ec9ad36eb4 # v7.0.0
         with:
           path: requirements.txt
 
       - name: Upgrade stubs requirements
-        uses: coatl-dev/actions/uv-pip-compile-upgrade@v5
+        uses: coatl-dev/actions/uv-pip-compile-upgrade@208567f6e604baf94c6e867ec7f345ec9ad36eb4 # v7.0.0
         with:
           path: requirements.txt
           python-version: '3.12'
@@ -32,13 +32,13 @@ jobs:
 
       - name: Detect changes
         id: git-diff
-        uses: coatl-dev/actions/simple-git-diff@v5
+        uses: coatl-dev/actions/simple-git-diff@208567f6e604baf94c6e867ec7f345ec9ad36eb4 # v7.0.0
         with:
           path: ${{ github.workspace }}
 
       - name: Import GPG key
         if: ${{ steps.git-diff.outputs.diff == 'true' }}
-        uses: coatl-dev/actions/gpg-import@v5
+        uses: coatl-dev/actions/gpg-import@208567f6e604baf94c6e867ec7f345ec9ad36eb4 # v7.0.0
         with:
           passphrase: ${{ secrets.COATL_BOT_GPG_PASSPHRASE }}
           private-key: ${{ secrets.COATL_BOT_GPG_PRIVATE_KEY }}
@@ -63,7 +63,7 @@ jobs:
 
       - name: Create pull request
         if: ${{ steps.git-diff.outputs.diff == 'true' }}
-        uses: coatl-dev/actions/pr-create@v5
+        uses: coatl-dev/actions/pr-create@208567f6e604baf94c6e867ec7f345ec9ad36eb4 # v7.0.0
         with:
           gh-token: ${{ secrets.COATL_BOT_GH_TOKEN }}
-          additional-args: '--base ${{ matrix.branch }}'
+          base-branch:  '${{ matrix.branch }}'
diff --git a/.github/workflows/pre-commit-autoupdate.yml b/.github/workflows/pre-commit-autoupdate.yml
index 1b3a3bc..98881d0 100644
--- a/.github/workflows/pre-commit-autoupdate.yml
+++ b/.github/workflows/pre-commit-autoupdate.yml
@@ -11,11 +11,11 @@ jobs:
       matrix:
         branch: ['8.1', '8.3']
       fail-fast: false
-    uses: coatl-dev/workflows/.github/workflows/pre-commit-autoupdate.yml@v6
+    uses: coatl-dev/workflows/.github/workflows/pre-commit-autoupdate.yml@8d3c0aba2a053986bce9382063facccf1fd98247 # v7.0.0
     with:
+      autoupdate-branch:  '${{ matrix.branch }}'
       checkout-ref: ${{ matrix.branch }}
-      pr-create-additional-args: '--base ${{ matrix.branch }}'
-      pr-branch: coatl-dev-pre-commit-autoupdate-${{ matrix.branch }}
+      pr-branch: ${{ matrix.branch }}-coatl-dev-pre-commit-autoupdate
     secrets:
       gh-token: ${{ secrets.COATL_BOT_GH_TOKEN }}
       gpg-sign-passphrase: ${{ secrets.COATL_BOT_GPG_PASSPHRASE }}
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 594169b..46c4a43 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -15,17 +15,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v6
+        uses: actions/checkout@9f698171ed81b15d1823a05fc7211befd50c8ae0 # v6.0.3
         with:
           ref: ${{ github.event.release.tag_name }}
 
       - name: Upload package to PyPI
-        uses: coatl-dev/actions/pypi-upload@v5
+        uses: coatl-dev/actions/pypi-upload@208567f6e604baf94c6e867ec7f345ec9ad36eb4 # v7.0.0
         with:
           password: ${{ secrets.PYPI_API_TOKEN_IGNITION_API_PKG }}
 
       - name: Upload stubs to PyPI
-        uses: coatl-dev/actions/pypi-upload@v5
+        uses: coatl-dev/actions/pypi-upload@208567f6e604baf94c6e867ec7f345ec9ad36eb4 # v7.0.0
         with:
           python-version: '3.12'
           password: ${{ secrets.PYPI_API_TOKEN_IGNITION_API_STUBS }}
diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml
index 196a313..1e7ff7a 100644
--- a/.github/workflows/tox.yml
+++ b/.github/workflows/tox.yml
@@ -7,12 +7,12 @@ on:
 
 jobs:
   tox-package:
-    uses: coatl-dev/workflows/.github/workflows/tox-docker.yml@v6
+    uses: coatl-dev/workflows/.github/workflows/tox-docker.yml@8d3c0aba2a053986bce9382063facccf1fd98247 # v7.0.0
     with:
       checkout-ref: ${{ inputs.checkout-ref }}
 
   tox-stubs:
-    uses: coatl-dev/workflows/.github/workflows/tox.yml@v6
+    uses: coatl-dev/workflows/.github/workflows/tox.yml@8d3c0aba2a053986bce9382063facccf1fd98247 # v7.0.0
     with:
       python-versions: |
         3.9