Currently the readme points users to install the pre-commit hook like this:

repos:
  - repo: https://github.com/aws-cloudformation/cloudformation-guard
    rev: pre-commit-v0.0.1
# [...]

however, when running pre-commit autoupdate, this becomes (today)

repos:
  - repo: https://github.com/aws-cloudformation/cloudformation-guard
    rev: action-v0.0.4
# [...]

because pre-commit autoupdate "update[s] to latest tag on [the] default branch".

This means, that depending on what happened latest, it might update to:

• the latest release of the guard rust code (e.g tag 3.1.1)
• the latest release of the github action (e.g tag action-v0.0.4)
• the latest release of the pre-commit hook (e.g tag pre-commit-v0.0.1).

It would be better if there was one release tag for all three systems, if they stay in one repository.

(note: there might be a similar problem with the github action and dependabot, I have not looked into how that determines when updates are needed. See https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot)