diff --git a/.github/workflows/gt-update.yml b/.github/workflows/gt-update.yml
index 2e958278..0df0370f 100644
--- a/.github/workflows/gt-update.yml
+++ b/.github/workflows/gt-update.yml
@@ -5,19 +5,29 @@
 #  \__/\__/\_, /\___/_//_/\_,_/_/         It is licensed under European Union Public License v. 1.2
 #         /___/                           Please report bugs and contribute back your improvements
 #
-#                                         Version: v1.4.4
+#                                         Version: v1.5.2
 ###################################
 name: "gt update"
+
+#gt-placeholder-trigger-start
 on:
   schedule:
     - cron: '0 4 * * MON'
   workflow_dispatch:
+#gt-placeholder-trigger-end
+
+permissions:
+  contents: read
 
 jobs:
   determine_remotes:
     name: Determine Remotes
     runs-on: ubuntu-latest
+
+    # gt-placeholder-owner-start
     if: github.repository_owner == 'tegonal'
+    # gt-placeholder-owner-end
+
     outputs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
@@ -32,21 +42,28 @@ jobs:
         run: |
           set -e
           # see install.doc.sh in https://github.com/tegonal/gt, MODIFY THERE NOT HERE (please report bugs)
-          currentDir=$(pwd) && \
-          tmpDir=$(mktemp -d -t gt-download-install-XXXXXXXXXX) && cd "$tmpDir" && \
-          wget "https://raw.githubusercontent.com/tegonal/gt/main/.gt/signing-key.public.asc" && \
-          wget "https://raw.githubusercontent.com/tegonal/gt/main/.gt/signing-key.public.asc.sig" && \
-          gpg --verify ./signing-key.public.asc.sig ./signing-key.public.asc && \
-          echo "public key trusted" && \
-          mkdir ./gpg && \
-          gpg --homedir ./gpg --import ./signing-key.public.asc && \
-          wget "https://raw.githubusercontent.com/tegonal/gt/v1.4.4/install.sh" && \
-          wget "https://raw.githubusercontent.com/tegonal/gt/v1.4.4/install.sh.sig" && \
-          gpg --homedir ./gpg --verify ./install.sh.sig ./install.sh && \
-          chmod +x ./install.sh && \
-          echo "verification successful" || (printf >&2 "\033[0;31mERROR\033[0m: verification failed, don't continue !!\n"; exit 1) && \
-          ./install.sh && result=true || (echo >&2 "installation failed"; exit 1) && \
-          false || cd "$currentDir" && rm -r "$tmpDir" && "${result:-false}"
+          #!/usr/bin/env bash
+          currentDir=$(pwd) &&
+          	tmpDir=$(mktemp -d -t gt-download-install-XXXXXXXXXX) && cd "$tmpDir" &&
+          	wget "https://raw.githubusercontent.com/tegonal/gt/main/.gt/signing-key.public.asc" &&
+          	wget "https://raw.githubusercontent.com/tegonal/gt/main/.gt/signing-key.public.asc.sig" &&
+          	gpg --verify ./signing-key.public.asc.sig ./signing-key.public.asc &&
+          	echo "public key trusted" &&
+          	mkdir ./gpg &&
+          	gpg --homedir ./gpg --import ./signing-key.public.asc &&
+          	wget "https://raw.githubusercontent.com/tegonal/gt/v1.4.4/install.sh" &&
+          	wget "https://raw.githubusercontent.com/tegonal/gt/v1.4.4/install.sh.sig" &&
+          	gpg --homedir ./gpg --verify ./install.sh.sig ./install.sh &&
+          	chmod +x ./install.sh &&
+          	echo "verification successful" ||
+          	{
+          		printf >&2 "\033[0;31mERROR\033[0m: verification failed, don't continue !!\n"
+          		exit 1
+          	} && ./install.sh && result=true ||
+          	{
+          		echo >&2 "installation failed"
+          		exit 1
+          	} && false || cd "$currentDir" && rm -r "$tmpDir" && "${result:-false}"
           # end install.doc.sh
       - uses: actions/checkout@v5
       - id: set-matrix
@@ -71,21 +88,28 @@ jobs:
         run: |
           set -e
           # see install.doc.sh in https://github.com/tegonal/gt, MODIFY THERE NOT HERE (please report bugs)
-          currentDir=$(pwd) && \
-          tmpDir=$(mktemp -d -t gt-download-install-XXXXXXXXXX) && cd "$tmpDir" && \
-          wget "https://raw.githubusercontent.com/tegonal/gt/main/.gt/signing-key.public.asc" && \
-          wget "https://raw.githubusercontent.com/tegonal/gt/main/.gt/signing-key.public.asc.sig" && \
-          gpg --verify ./signing-key.public.asc.sig ./signing-key.public.asc && \
-          echo "public key trusted" && \
-          mkdir ./gpg && \
-          gpg --homedir ./gpg --import ./signing-key.public.asc && \
-          wget "https://raw.githubusercontent.com/tegonal/gt/v1.4.4/install.sh" && \
-          wget "https://raw.githubusercontent.com/tegonal/gt/v1.4.4/install.sh.sig" && \
-          gpg --homedir ./gpg --verify ./install.sh.sig ./install.sh && \
-          chmod +x ./install.sh && \
-          echo "verification successful" || (printf >&2 "\033[0;31mERROR\033[0m: verification failed, don't continue !!\n"; exit 1) && \
-          ./install.sh && result=true || (echo >&2 "installation failed"; exit 1) && \
-          false || cd "$currentDir" && rm -r "$tmpDir" && "${result:-false}"
+          #!/usr/bin/env bash
+          currentDir=$(pwd) &&
+          	tmpDir=$(mktemp -d -t gt-download-install-XXXXXXXXXX) && cd "$tmpDir" &&
+          	wget "https://raw.githubusercontent.com/tegonal/gt/main/.gt/signing-key.public.asc" &&
+          	wget "https://raw.githubusercontent.com/tegonal/gt/main/.gt/signing-key.public.asc.sig" &&
+          	gpg --verify ./signing-key.public.asc.sig ./signing-key.public.asc &&
+          	echo "public key trusted" &&
+          	mkdir ./gpg &&
+          	gpg --homedir ./gpg --import ./signing-key.public.asc &&
+          	wget "https://raw.githubusercontent.com/tegonal/gt/v1.4.4/install.sh" &&
+          	wget "https://raw.githubusercontent.com/tegonal/gt/v1.4.4/install.sh.sig" &&
+          	gpg --homedir ./gpg --verify ./install.sh.sig ./install.sh &&
+          	chmod +x ./install.sh &&
+          	echo "verification successful" ||
+          	{
+          		printf >&2 "\033[0;31mERROR\033[0m: verification failed, don't continue !!\n"
+          		exit 1
+          	} && ./install.sh && result=true ||
+          	{
+          		echo >&2 "installation failed"
+          		exit 1
+          	} && false || cd "$currentDir" && rm -r "$tmpDir" && "${result:-false}"
           # end install.doc.sh
       - uses: actions/checkout@v5
       - name: reset gpg keys
@@ -123,7 +147,6 @@ jobs:
         uses: peter-evans/create-pull-request@v7
         with:
           branch: 'gt/update/${{ matrix.remote }}'
-          base: main
           title: 'update files of remote ${{ matrix.remote }} to version ${{steps.gt_update.outputs.remote_version}} via gt'
           commit-message: 'update files of remote ${{ matrix.remote }} to version ${{steps.gt_update.outputs.remote_version}} via gt'
           body: "following the changes after running `gt update -r \"${{ matrix.remote }}\"` and reset gpg keys"
diff --git a/.gt/remotes/gt/pulled.tsv b/.gt/remotes/gt/pulled.tsv
index 6875b4b4..ac2ffcfd 100644
--- a/.gt/remotes/gt/pulled.tsv
+++ b/.gt/remotes/gt/pulled.tsv
@@ -1,3 +1,3 @@
-#@ Version: 1.1.0
-tag	file	relativeTarget	tagFilter	sha512
-v1.4.4	.github/workflows/gt-update.yml	../.github/workflows/gt-update.yml	.*	7098d4d692a9f105399e2d26c4a77573b87de2cd5dc34c5e0af23fc0b1d99babec513ff995906a118e5b44fb055ff4da13f4ba4b57f12e4e415cb26198083dce
+#@ Version: 1.2.0
+tag	file	relativeTarget	tagFilter	hasPlaceholder	sha512
+v1.5.2	.github/workflows/gt-update.yml	../.github/workflows/gt-update.yml	.*	true	fec1718358a3dc04f0d70ebb4c04c22a10ada6188da25a3dcf2f5c87b67ca2f9e27c77d7c938db20b79c75c003e36fa36e1b7af373b82544774f8968e25d5eae