diff --git a/.github/renovate.json5 b/.github/renovate.json5
index 6bc6e790..48e87871 100644
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -95,5 +95,10 @@
       groupName: 'CI dependencies',
       automerge: true,
     },
+    /** For security reason don't takes the too early packages on stabilization branches */
+    {
+      matchBaseBranches: ['/^[0-9]+\\.[0-9]+$/', '/release_.*/'],
+      minimumReleaseAge: '7 days',
+    },
   ],
 }
diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml
index 2dcb18fb..1e5f89b7 100644
--- a/.github/workflows/audit.yaml
+++ b/.github/workflows/audit.yaml
@@ -54,8 +54,3 @@ jobs:
         uses: andstor/file-existence-action@v3
         with:
           files: ci/dpkg-versions.yaml
-      - name: Update dpkg packages versions
-        run: ~/.venv/bin/c2cciutils-docker-versions-update --branch=${{ matrix.branch }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
-        if: steps.dpkg-versions.outputs.files_exists == 'true'
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 5fa74f34..70464616 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -89,11 +89,7 @@ repos:
     hooks:
       - id: jsonschema-validator
         files: ^ci/config\.yaml$
-ci:
-  autoupdate_schedule: quarterly
-  skip:
-    - copyright
-    - poetry-check
-    - poetry-lock
-    - ripsecrets
-    - jsonschema-validator
+  - repo: https://github.com/renovatebot/pre-commit-hooks
+    rev: 37.428.1
+    hooks:
+      - id: renovate-config-validator