diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 90c19c9..6387ea0 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -1,7 +1,12 @@
 name: Lint
 
 on: pull_request
-permissions: read-all
+
+permissions:
+  actions: read
+  checks: write
+  contents: read
+  pull-requests: read
 
 jobs:
   lint:
diff --git a/.trunk/.gitignore b/.trunk/.gitignore
index 695b519..1e24652 100644
--- a/.trunk/.gitignore
+++ b/.trunk/.gitignore
@@ -2,7 +2,7 @@
 *logs
 *actions
 *notifications
+*tools
 plugins
 user_trunk.yaml
 user.yaml
-tools
diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
index a81d0bc..2b24879 100644
--- a/.trunk/trunk.yaml
+++ b/.trunk/trunk.yaml
@@ -1,20 +1,21 @@
 version: 0.1
 cli:
-  version: 1.12.3
+  version: 1.17.1
 plugins:
   sources:
     - id: trunk
-      ref: v0.0.22
+      ref: v1.2.1
       uri: https://github.com/trunk-io/plugins
 lint:
   enabled:
-    - checkov@2.3.335
-    - trivy@0.43.1
+    - actionlint@1.6.26
+    - checkov@3.0.12
+    - trivy@0.46.0
     - yamllint@1.32.0
     - git-diff-check
-    - markdownlint@0.35.0
-    - prettier@3.0.0
-    - trufflehog@3.44.0
+    - markdownlint@0.37.0
+    - prettier@3.0.3
+    - trufflehog@3.60.4
 runtimes:
   enabled:
     - node@18.12.1