60 days for lock-threads to ensure that issues and PRs get more or less a full month in stable release in case somebody would like to add something to them
While floating tags are nice to use and fancy, we already had situations where the fixed source code did not result in the same deterministic build as the one built e.g. a week ago due to non-pinned versions that resulted in a different set of dependencies than originally.
Since GitHub actions follow similar pattern, we want to do our best to ensure that if CI in given fixed version passed on a fixed source, then it should also result in the same deterministic output. Of course this is impossible to achieve in 100% (e.g. resources no longer being available over the network), but this is something we can do.
It wasn't like that before renovate since we didn't have a standarized bot that could handle bumping those versions for us.
