diff --git a/.clang-tidy b/.clang-tidy
index b4167b1a3..d4fe03828 100644
--- a/.clang-tidy
+++ b/.clang-tidy
@@ -15,7 +15,8 @@ Checks: >-
   -bugprone-narrowing-conversions,
   -performance-no-int-to-ptr,
   -clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,
-  -readability-avoid-unconditional-preprocessor-if
+  -readability-avoid-unconditional-preprocessor-if,
+  -readability-suspicious-call-argument
 HeaderFilterRegex: '.*'
 ExtraArgs:
   - -Wno-unknown-warning-option
diff --git a/.github/workflows/pr-ci.yml b/.github/workflows/pr-ci.yml
index 499baf7bd..7ee64b044 100644
--- a/.github/workflows/pr-ci.yml
+++ b/.github/workflows/pr-ci.yml
@@ -3,6 +3,9 @@
 
 name: Pull request CI
 on: pull_request
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
 
 jobs:
   pr-head-ci:
@@ -47,13 +50,13 @@ jobs:
     runs-on: ubuntu-22.04
     needs: [ generate-matrix ]
     strategy:
+      fail-fast: false
       matrix: ${{ fromJSON(needs.generate-matrix.outputs.matrix) }}
     if: needs.generate-matrix.outputs.matrix != ''
     steps:
       - name: Clone the repo
         uses: actions/checkout@v4
         with:
-          submodules: recursive
           fetch-depth: 0
           ref: ${{ github.event.pull_request.base.sha }}
 
@@ -66,6 +69,7 @@ jobs:
         run: |
           git fetch origin ${{ matrix.commit }} ${{ github.event.pull_request.merge_commit_sha }}
           git merge --no-ff --no-edit ${{ matrix.commit }}
+          git submodule update --init --recursive
           git log -1 --format="Head %H, Parents %P"
           # Since the workflow definition is taken from the pull request merge commit, we need to
           # get the .ci scripts from there as well.
diff --git a/src/u2f.c b/src/u2f.c
index 7615a2115..2f1ea1d04 100644
--- a/src/u2f.c
+++ b/src/u2f.c
@@ -696,7 +696,8 @@ static void _authenticate_continue(const USB_APDU* apdu, Packet* out_packet)
     size_t auth_packet_len = sizeof(U2F_AUTHENTICATE_RESP) - U2F_MAX_EC_SIG_SIZE + der_len;
 
     // Append success bytes
-    memcpy(buf + auth_packet_len, "\x90\x00", 2);
+    uint8_t success_bytes[] = {0x90, 0x00};
+    memcpy(buf + auth_packet_len, success_bytes, sizeof(success_bytes));
 
     _fill_message(buf, auth_packet_len + 2, out_packet);
 }