diff --git a/.github/renovate.json5 b/.github/renovate.json5
index ecb22e42fa..2dfcc82498 100644
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -1,46 +1,15 @@
 {
-  extends: ['config:base'],
-  timezone: 'Europe/Zurich',
-  schedule: 'after 5pm on the first day of the month',
-  labels: ['dependencies'],
-  separateMajorMinor: true,
-  separateMinorPatch: true,
-  prHourlyLimit: 0,
-  prConcurrentLimit: 0,
-  lockFileMaintenance: {
-    enabled: true,
-    automerge: true,
-    schedule: 'after 5pm on the first day of the month',
-  },
-  vulnerabilityAlerts: {
-    schedule: ['at any time'],
-    automerge: true,
-  },
-  'pre-commit': { enabled: true },
-  customManagers: [
-    /** Do update on the schema present in the ci/config.yaml */
-    {
-      fileMatch: ['^ci/config\\.yaml$'],
-      matchStrings: [
-        '.*https://raw\\.githubusercontent\\.com/(?<depName>[^\\s]+)/(?<currentValue>[0-9\\.]+)/.*',
-      ],
-      datasourceTemplate: 'github-tags',
-      customType: 'regex',
-    },
-    /** Do updates on pre-commit additional dependencies */
-    {
-      fileMatch: ['^\\.pre\\-commit\\-config\\.yaml$'],
-      matchStrings: [" +- '?(?<depName>[^' @=]+)(@|==)(?<currentValue>[^' @=]+)'? # (?<datasource>.+)"],
-      customType: 'regex',
-    },
-    /** Python version in actions/setup-python action */
-    {
-      fileMatch: ['^\\.github/workflows/.*\\.yaml$'],
-      matchStrings: [' python-version: [\'"](?<currentValue>[0-9\\.]+)[\'"]'],
-      datasourceTemplate: 'python-version',
-      depNameTemplate: 'python',
-      customType: 'regex',
-    },
+  extends: [
+    'github>camptocamp/gs-renovate-config-preset:base.json5#0.8.1',
+    'github>camptocamp/gs-renovate-config-preset:group.json5#0.8.1',
+    'github>camptocamp/gs-renovate-config-preset:ci.json5#0.8.1',
+    'github>camptocamp/gs-renovate-config-preset:preset.json5#0.8.1',
+    'github>camptocamp/gs-renovate-config-preset:pre-commit.json5#0.8.1',
+    'github>camptocamp/gs-renovate-config-preset:python.json5#0.8.1',
+    'github>camptocamp/gs-renovate-config-preset:security.json5#0.8.1',
+    'github>camptocamp/gs-renovate-config-preset:own.json5#0.8.1',
+    'github>camptocamp/gs-renovate-config-preset:json-schema.json5#0.8.1',
+    'github>camptocamp/gs-renovate-config-preset:shellcheck.json5#0.8.1',
   ],
   packageRules: [
     /** Automerge the patch, the minor and the dev dependency */
@@ -48,41 +17,6 @@
       matchUpdateTypes: ['minor', 'patch'],
       automerge: true,
     },
-    /** Auto merge the dev dependency update */
-    {
-      matchDepTypes: ['devDependencies'],
-      automerge: true,
-    },
-    /** Group and auto merge the patch updates */
-    {
-      matchUpdateTypes: ['patch'],
-      groupName: 'all patch versions',
-      automerge: true,
-    },
-    /** Group and auto merge the minor updates */
-    {
-      matchUpdateTypes: ['minor'],
-      groupName: 'all minor versions',
-      automerge: true,
-    },
-    /** Group Poetry packages */
-    {
-      groupName: 'Poetry',
-      automerge: true,
-      matchDepNames: ['poetry', 'pip'],
-      matchPackageNames: ['/^poetry\\-.*/'],
-    },
-    /** Support the 4 parts of shellcheck-py version with a v prefix */
-    {
-      versioning: 'regex:^v(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)\\.(?<build>\\d+)$',
-      matchDepNames: ['shellcheck-py/shellcheck-py'],
-    },
-    /** Group and auto merge the CI dependencies */
-    {
-      matchFileNames: ['.github/**', '.pre-commit-config.yaml', 'ci/**'],
-      groupName: 'CI dependencies',
-      automerge: true,
-    },
     /** Disable upgrading the supported Python version */
     {
       matchFileNames: ['pyproject.toml'],
@@ -95,10 +29,5 @@
       enabled: false,
       matchDepNames: ['ubuntu'],
     },
-    /** Ungroup Python dependencies */
-    {
-      matchDepNames: ['python'],
-      groupName: 'Python',
-    },
   ],
 }
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index 7cd75d07ca..3d940d30d0 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -13,6 +13,8 @@ permissions:
   contents: write
   packages: write
 
+  id-token: write
+
 env:
   HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
 
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 8a7cc1de59..35029b5d11 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -26,9 +26,6 @@ repos:
   - repo: https://github.com/sbrunner/hooks
     rev: 1.1.2
     hooks:
-      - id: poetry-check
-        additional_dependencies:
-          - poetry==2.0.1 # pypi
       - id: poetry-lock
         additional_dependencies:
           - poetry==2.0.1 # pypi
@@ -61,9 +58,6 @@ repos:
         args:
           - --builtin-schema
           - github-workflows-require-timeout
-      - id: check-renovate
-        additional_dependencies:
-          - pyjson5==1.6.8 # pypi
   - repo: https://github.com/sirwart/ripsecrets
     rev: v0.1.8
     hooks:
@@ -76,11 +70,21 @@ repos:
           - --tool=ruff
           - --die-on-tool-error
           - --output-format=pylint
-          - --profile=.prospector-fix.yaml
+          - --profile=.prospector.yaml
+          - --profile=utils:autofix
         additional_dependencies:
           - prospector-profile-duplicated==1.8.1 # pypi
           - prospector-profile-utils==1.11.1 # pypi
           - ruff==0.7.4 # pypi
+      - id: prospector
+        args:
+          - --die-on-tool-error
+          - --output-format=pylint
+          - --profile=utils:tests
+          - --profile=utils:autofix
+        additional_dependencies:
+          - prospector-profile-utils==1.20.2 # pypi
+          - ruff==0.9.6 # pypi
   - repo: https://github.com/camptocamp/jsonschema-gentypes
     rev: 2.8.1
     hooks:
@@ -167,11 +171,14 @@ repos:
       - id: jsonschema-validator
         files: |-
           (?x)^(
-            ci/config\.yaml
-            |github_app_geo_project/project-schema\.json
+            github_app_geo_project/project-schema\.json
             |github_app_geo_project/application-schema\.json
             |github_app_geo_project/module/.*/schema\.json
             |github_app_geo_project/module/.*/.*-schema\.json
+            |\.github/publish\.yaml
+            |jsonschema\-gentypes\.yaml
+            |docker/test\-app/config\.yaml
+            |example/changelog\-config\.yaml
           )$
   - repo: https://github.com/mheap/json-schema-spell-checker
     rev: main
diff --git a/.prospector.yaml b/.prospector.yaml
index 58fcc9a6eb..2a7a06914d 100644
--- a/.prospector.yaml
+++ b/.prospector.yaml
@@ -4,6 +4,7 @@ inherits:
   - utils:no-design-checks
   - utils:c2cwsgiutils
 
+  - utils:fix
 ignore-paths:
   - github_app_geo_project/project_configuration.py
   - github_app_geo_project/application_configuration.py
diff --git a/pyproject.toml b/pyproject.toml
index 1d9f26861b..3216458687 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -104,8 +104,10 @@ enable = true
 vcs = "git"
 pattern = "^(?P<base>\\d+(\\.\\d+)*)"
 format-jinja = """
-{%- if env.get("VERSION_TYPE") == "version_branch" -%}
-{{serialize_pep440(bump_version(base, 1 if env.get("IS_MASTER") == "TRUE" else 2), dev=distance)}}
+{%- if env.get("VERSION_TYPE") == "default_branch" -%}
+{{serialize_pep440(bump_version(base, 1), dev=distance)}}
+{%- elif env.get("VERSION_TYPE") == "stabilization_branch" -%}
+{{serialize_pep440(bump_version(base, 2), dev=distance)}}
 {%- elif distance == 0 -%}
 {{serialize_pep440(base)}}
 {%- else -%}