diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml
index 9070a7f..488e8cd 100644
--- a/.github/workflows/checks.yaml
+++ b/.github/workflows/checks.yaml
@@ -1,20 +1,27 @@
 ---
 name: 'checks'
-
+permissions:
+  contents: read
+  pull-requests: read
 'on':
   pull_request:
     branches:
       - 'main'
 
 jobs:
-  pre-commit:
-    uses: broadinstitute/shared-workflows/.github/workflows/pre-commit.yaml@v4.0.0
+  conventional-commits:
+    permissions:
+      contents: read
+      pull-requests: write
+    uses: broadinstitute/shared-workflows/.github/workflows/conventional-commit.yaml@v4.0.0
   linting:
     uses: broadinstitute/shared-workflows/.github/workflows/python-lint.yaml@v4.0.0
     with:
       ruff_version: '0.8.6'
       use_pylama: false
       use_ruff: true
+  pre-commit:
+    uses: broadinstitute/shared-workflows/.github/workflows/pre-commit.yaml@v2.7.0
   unit-tests:
     uses: broadinstitute/shared-workflows/.github/workflows/python-unit-test.yaml@v4.0.0
     with:
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index adaef48..16a5fb4 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -1,6 +1,8 @@
 ---
 name: 'deploy'
-
+permissions:
+  contents: read
+  pull-requests: read
 'on':
   push:
     tags:
diff --git a/.github/workflows/test_deploy.yaml b/.github/workflows/test_deploy.yaml
index 4932d73..bf27898 100644
--- a/.github/workflows/test_deploy.yaml
+++ b/.github/workflows/test_deploy.yaml
@@ -1,6 +1,8 @@
 ---
 name: 'test_deploy'
-
+permissions:
+  contents: read
+  pull-requests: read
 'on':
   push:
     branches:
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index cdc8439..96df88c 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -27,16 +27,16 @@ repos:
           - -b main
       - id: trailing-whitespace
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.9.6
+    rev: v0.12.7
     hooks:
       - id: ruff
         args: [--fix, --exit-non-zero-on-fix]
   - repo: https://github.com/abravalheri/validate-pyproject
-    rev: v0.23
+    rev: v0.24.1
     hooks:
       - id: validate-pyproject
   - repo: https://github.com/adrienverge/yamllint.git
-    rev: v1.35.1
+    rev: v1.37.1
     hooks:
       - id: yamllint
         args: