diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 0350cecc..5d1441b4 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -3,6 +3,3 @@
   -
   - Before sending a pull request that fixes a security issue please report it via our HackerOne page (https://hackerone.com/nextcloud) following our security policy (https://nextcloud.com/security/). This allows us to coordinate the fix and release without potentially exposing all Nextcloud servers and users in the meantime.
 -->
-
-* Resolves: # <!-- related github issue -->
-* [Sign-off message](https://github.com/src-d/guide/blob/master/developer-community/fix-DCO.md) is added to all commits
diff --git a/.github/workflows/fail-on-prerelease.yml b/.github/workflows/fail-on-prerelease.yml
index 12a288bb..a5b876c3 100644
--- a/.github/workflows/fail-on-prerelease.yml
+++ b/.github/workflows/fail-on-prerelease.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "Check latest published release isn't a prerelease"
-        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v6
         with:
           script: |
             const tags = await github.rest.repos.listTags({
diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index e36b8f4c..789ca0e0 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -36,7 +36,7 @@ jobs:
             line-length: warning
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
+        uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1
 
       - name: Check GitHub actions
         run: uvx zizmor --min-severity medium .github/workflows/*.yml