diff --git a/.github/workflows/self-test.yml b/.github/workflows/self-test.yml
index 621eaf51..e2b1f54f 100644
--- a/.github/workflows/self-test.yml
+++ b/.github/workflows/self-test.yml
@@ -2,7 +2,7 @@ name: Self test action
 
 on:
   push:
-    branches: main
+    branches: [main]
     paths:
       - 'action.yml'
       - 'requirements.txt'
@@ -15,9 +15,19 @@ on:
       - 'requirements.txt'
       - 'docs/examples/demo/**'
       - '.github/workflows/self-test.yml'
+  pull_request_target:
+    branches: main
+    paths:
+      - 'action.yml'
+      - 'requirements.txt'
+      - 'docs/examples/demo/**'
+      - '.github/workflows/self-test.yml'
 
 jobs:
   test:
+    permissions:
+      contents: write
+      pull-requests: write
     strategy:
       matrix:
         os: [ ubuntu-latest, macos-latest, windows-latest ]
@@ -61,7 +71,8 @@ jobs:
         # if: steps.linter.outputs.checks-failed > 0
         run: |
           echo "some linter checks failed"
-          echo "${{ steps.linter.outputs.checks-failed }}"
-          echo "${{ env.checks-failed }}"
+          echo "total checks-failed: ${{ steps.linter.outputs.checks-failed }}"
+          echo "clang-tidy checks-failed: ${{ steps.linter.outputs.clang-tidy-checks-failed }}"
+          echo "clang-format checks-failed: ${{ steps.linter.outputs.clang-format-checks-failed }}"
         # for actual deployment
         # run: exit 1
diff --git a/action.yml b/action.yml
index cdd9c15b..03dfff39 100644
--- a/action.yml
+++ b/action.yml
@@ -191,6 +191,13 @@ inputs:
       > The [`no-lgtm`](#no-lgtm) option is applicable to Pull Request reviews.
     required: false
     default: false
+  jobs:
+    description: |
+      The number of jobs to run in parallel.
+      If less than or equal to 0, the number of jobs is set to
+      use the number of all available CPU cores.
+    required: false
+    default: 0
 outputs:
   checks-failed:
     description: An integer that can be used as a boolean value to indicate if any checks failed by clang-tidy and clang-format.
@@ -260,7 +267,8 @@ runs:
          --file-annotations=${{ inputs.file-annotations }} \
          --extra-arg="${{ inputs.extra-args }}" \
          --tidy-review="${{ inputs.tidy-review }}" \
-         --format-review="${{ inputs.format-review }}"
+         --format-review="${{ inputs.format-review }}" \
+         --jobs=${{ inputs.jobs }}
 
     - name: Setup python venv (Windows)
       if: runner.os == 'Windows'
@@ -295,6 +303,7 @@ runs:
         ' --file-annotations=${{ inputs.file-annotations }}' +
         ' --extra-arg="${{ inputs.extra-args }}"' +
         ' --tidy-review="${{ inputs.tidy-review }}"' +
-        ' --format-review="${{ inputs.format-review }}"'
+        ' --format-review="${{ inputs.format-review }}"' +
+        ' --jobs=${{ inputs.jobs }}'
 
         Invoke-Expression -Command $app
diff --git a/docs/action.yml b/docs/action.yml
index cd3b6322..40b65cd3 100644
--- a/docs/action.yml
+++ b/docs/action.yml
@@ -14,15 +14,15 @@ inputs:
     minimum-version: '1.3.0'
   lines-changed-only:
     minimum-version: '1.5.0'
-    required-permission: 'content: read #file-changes'
+    required-permission: 'contents: read #file-changes'
   files-changed-only:
     minimum-version: '1.3.0'
-    required-permission: 'content: read #file-changes'
+    required-permission: 'contents: read #file-changes'
   ignore:
     minimum-version: '1.3.0'
   thread-comments:
     minimum-version: '2.6.2'
-    required-permission: 'issues: write #thread-comments'
+    required-permission: 'contents: write #thread-comments'
   no-lgtm:
     minimum-version: '2.6.2'
   step-summary:
@@ -36,10 +36,12 @@ inputs:
   tidy-review:
     experimental: true
     minimum-version: '2.9.0'
-    required-permission: 'pull_request: write #pull-request-reviews'
+    required-permission: 'pull-requests: write #pull-request-reviews'
   format-review:
     minimum-version: '2.9.0'
-    required-permission: 'pull_request: write #pull-request-reviews'
+    required-permission: 'pull-requests: write #pull-request-reviews'
+  jobs:
+    minimum-version: '2.11.0'
 outputs:
   checks-failed:
     minimum-version: '1.2.0'
diff --git a/docs/examples/index.md b/docs/examples/index.md
index 61e361fe..2191f192 100644
--- a/docs/examples/index.md
+++ b/docs/examples/index.md
@@ -31,6 +31,7 @@ Here are some example workflows to get started quickly.
     --8<-- "docs/examples/only-PR-comments.yml"
     ```
 
-    1. See also [`style`][style]
-    2. See also [`tidy-checks`][tidy-checks]
-    3. See also [`thread-comments`][thread-comments]
+    1. See also our [token permissions document](../permissions.md)
+    2. See also [`style`][style]
+    3. See also [`tidy-checks`][tidy-checks]
+    4. See also [`thread-comments`][thread-comments]
diff --git a/docs/examples/only-PR-comments.yml b/docs/examples/only-PR-comments.yml
index 1fc890b8..389248e4 100644
--- a/docs/examples/only-PR-comments.yml
+++ b/docs/examples/only-PR-comments.yml
@@ -10,6 +10,8 @@ on:
 jobs:
   cpp-linter:
     runs-on: ubuntu-latest
+    permissions: # (1)!
+      pull-requests: write
     steps:
       - uses: actions/checkout@v4
 
@@ -20,9 +22,9 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          style: 'file'  # Use .clang-format config file. (1)
-          tidy-checks: '' # Use .clang-tidy config file. (2)
-          # only 'update' a single comment in a pull request's thread. (3)
+          style: 'file'  # Use .clang-format config file. (2)
+          tidy-checks: '' # Use .clang-tidy config file. (3)
+          # only 'update' a single comment in a pull request's thread. (4)
           thread-comments: ${{ github.event_name == 'pull_request' && 'update' }}
 
       - name: Fail fast?!
diff --git a/docs/permissions.md b/docs/permissions.md
index f0beb03b..d10163f5 100644
--- a/docs/permissions.md
+++ b/docs/permissions.md
@@ -14,26 +14,61 @@ When using [`files-changed-only`](inputs-outputs.md#files-changed-only) or
 [`lines-changed-only`](inputs-outputs.md#lines-changed-only) to get the list
 of file changes for a CI event, the following permissions are needed:
 
-```yaml
-    permissions:
-      contents: read # (1)!
-```
+=== "`#!yaml on: push`"
+
+    For [push events](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push)
+
+    ```yaml
+        permissions:
+          contents: read # (1)!
+    ```
+
+    1. This permission is also needed to download files if the repository is not
+       checked out before running cpp-linter.
+
+=== "`#!yaml on: pull_request`"
+
+    For [pull_request events](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request)
+
+    ```yaml
+        permissions:
+          contents: read # (1)!
+          pull-requests: read # (2)!
+    ```
 
-1. This permission is also needed to download files if the repository is not checked out before
-    running cpp-linter (for both push and pull_request events).
+    1. For pull requests, this permission is only needed to download files if
+       the repository is not checked out before running cpp-linter.
+    2. Specifying `#!yaml write` is also sufficient as that is required for
+
+        * posting [thread comments](#thread-comments) on pull requests
+        * posting [pull request reviews](#pull-request-reviews)
 
 ## Thread Comments
 
 The [`thread-comments`](inputs-outputs.md#thread-comments) feature requires the following permissions:
 
-```yaml
-    permissions:
-      issues: write # (1)!
-      pull_requests: write # (2)!
-```
+=== "`#!yaml on: push`"
+
+    For [push events](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push)
+
+    ```yaml
+        permissions:
+          metadata: read # (1)!
+          contents: write # (2)!
+    ```
+
+    1. needed to fetch existing comments
+    2. needed to post or update a commit comment. This also allows us to delete
+       an outdated comment if needed.
+
+=== "`#!yaml on: pull_request`"
+
+    For [pull_request events](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request)
 
-1. for [push events](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push)
-2. for [pull_request events](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request)
+    ```yaml
+        permissions:
+          pull-requests: write
+    ```
 
 ## Pull Request Reviews
 
@@ -41,5 +76,5 @@ The [`tidy-review`](inputs-outputs.md#tidy-review) and [`format-review`](inputs-
 
 ```yaml
     permissions:
-      pull_requests: write
+      pull-requests: write
 ```
diff --git a/docs/stylesheets/extra.css b/docs/stylesheets/extra.css
index 6651c6f7..65f1ada6 100644
--- a/docs/stylesheets/extra.css
+++ b/docs/stylesheets/extra.css
@@ -204,3 +204,25 @@ th {
     display: block;
     max-height: none
 }
+
+/* annotation buttons' pulse animation */
+a.md-annotation__index {
+    border-radius: 2.2ch;
+}
+
+@keyframes pulse {
+    0% {
+        box-shadow: 0 0 0 0 var(--md-accent-fg-color);
+        transform: scale(.95)
+    }
+
+    75% {
+        box-shadow: 0 0 0 .625em transparent;
+        transform: scale(1)
+    }
+
+    to {
+        box-shadow: 0 0 0 0 transparent;
+        transform: scale(.95)
+    }
+}
diff --git a/requirements.txt b/requirements.txt
index 21db7481..de7ed9f7 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,7 @@
 # Install clang-tools binaries (clang-format, clang-tidy)
 # For details please see: https://github.com/cpp-linter/clang-tools-pip
-clang-tools==0.12.0
+clang-tools==0.12.1
 
 # cpp-linter core Python executable package
 # For details please see: https://github.com/cpp-linter/cpp-linter
-cpp-linter==1.7.4
+cpp-linter==1.8.1