diff --git a/Dockerfile b/Dockerfile
index f43bb825..9bc5aa5f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,9 +23,9 @@ ARG CROWDSEC_RELEASE_SHA256=704e37121e7ac215991441cef0d8732e33fa3b1a2b2b88b53a0b
 
 # ---- Shared Go Security Patches ----
 # renovate: datasource=go depName=github.com/expr-lang/expr
-ARG EXPR_LANG_VERSION=1.17.7
+ARG EXPR_LANG_VERSION=1.17.8
 # renovate: datasource=go depName=golang.org/x/net
-ARG XNET_VERSION=0.51.0
+ARG XNET_VERSION=0.52.0
 # renovate: datasource=npm depName=npm
 ARG NPM_VERSION=11.11.1
 
diff --git a/frontend/package-lock.json b/frontend/package-lock.json
index e0ff21d2..748cad81 100644
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
@@ -69,7 +69,7 @@
         "eslint-plugin-unicorn": "^63.0.0",
         "eslint-plugin-unused-imports": "^4.4.1",
         "jsdom": "29.0.0",
-        "knip": "^5.86.0",
+        "knip": "^5.87.0",
         "postcss": "^8.5.8",
         "tailwindcss": "^4.2.1",
         "typescript": "^6.0.1-rc",
@@ -7446,9 +7446,9 @@
       }
     },
     "node_modules/knip": {
-      "version": "5.86.0",
-      "resolved": "https://registry.npmjs.org/knip/-/knip-5.86.0.tgz",
-      "integrity": "sha512-tGpRCbP+L+VysXnAp1bHTLQ0k/SdC3M3oX18+Cpiqax1qdS25iuCPzpK8LVmAKARZv0Ijri81Wq09Rzk0JTl+Q==",
+      "version": "5.87.0",
+      "resolved": "https://registry.npmjs.org/knip/-/knip-5.87.0.tgz",
+      "integrity": "sha512-oJBrwd4/Mt5E6817vcdQLaPpejxZTxpASauYLkp6HaT0HN1seHnpF96KEjza9O8yARvHEQ9+So9AFUjkPci7dQ==",
       "dev": true,
       "funding": [
         {
diff --git a/frontend/package.json b/frontend/package.json
index fb204786..a32d4a89 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -88,7 +88,7 @@
     "eslint-plugin-unicorn": "^63.0.0",
     "eslint-plugin-unused-imports": "^4.4.1",
     "jsdom": "29.0.0",
-    "knip": "^5.86.0",
+    "knip": "^5.87.0",
     "postcss": "^8.5.8",
     "tailwindcss": "^4.2.1",
     "typescript": "^6.0.1-rc",