diff --git a/Dockerfile b/Dockerfile
index ada8db28..8b4aef00 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,7 +23,7 @@ ARG CADDY_VERSION=2.11.0-beta.2
 ## Using trixie (Debian 13 testing) for faster security updates - bookworm
 ## packages marked "wont-fix" are actively maintained in trixie.
 # renovate: datasource=docker depName=debian versioning=docker
-ARG CADDY_IMAGE=debian:trixie-slim@sha256:bfc1a095aef012070754f61523632d1603d7508b4d0329cd5eb36e9829501290
+ARG CADDY_IMAGE=debian:trixie-slim@sha256:f6e2cfac5cf956ea044b4bd75e6397b4372ad88fe00908045e9a0d21712ae3ba
 
 # ---- Cross-Compilation Helpers ----
 # renovate: datasource=docker depName=tonistiigi/xx
@@ -35,7 +35,7 @@ FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.9.0@sha256:c64defb9ed5a91eacb37f9
 # CVEs fixed: CVE-2023-24531, CVE-2023-24540, CVE-2023-29402, CVE-2023-29404,
 #             CVE-2023-29405, CVE-2024-24790, CVE-2025-22871, and 15 more
 # renovate: datasource=docker depName=golang
-FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:c7aa67236d35587d6e4f2578ebeda2164ab043e7437181a69ac12664dce2aae5 AS gosu-builder
+FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:ff83f3762390c2cccb53618ccc18af23e556aff9b1db4428637e9f63287c8171 AS gosu-builder
 COPY --from=xx / /
 
 WORKDIR /tmp/gosu
@@ -65,7 +65,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
 # ---- Frontend Builder ----
 # Build the frontend using the BUILDPLATFORM to avoid arm64 musl Rollup native issues
 # renovate: datasource=docker depName=node
-FROM --platform=$BUILDPLATFORM node:24.13.0-slim@sha256:12cdbb6b2b9d4616eb1f6146ce4902fba7cef72ab972285b48e4b355e838460d AS frontend-builder
+FROM --platform=$BUILDPLATFORM node:24.13.0-slim@sha256:4660b1ca8b28d6d1906fd644abe34b2ed81d15434d26d845ef0aced307cf4b6f AS frontend-builder
 WORKDIR /app/frontend
 
 # Copy frontend package files
@@ -89,7 +89,7 @@ RUN --mount=type=cache,target=/app/frontend/node_modules/.cache \
 
 # ---- Backend Builder ----
 # renovate: datasource=docker depName=golang
-FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:c7aa67236d35587d6e4f2578ebeda2164ab043e7437181a69ac12664dce2aae5 AS backend-builder
+FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:ff83f3762390c2cccb53618ccc18af23e556aff9b1db4428637e9f63287c8171 AS backend-builder
 # Copy xx helpers for cross-compilation
 COPY --from=xx / /
 
@@ -162,7 +162,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
 # Build Caddy from source to ensure we use the latest Go version and dependencies
 # This fixes vulnerabilities found in the pre-built Caddy images (e.g. CVE-2025-59530, stdlib issues)
 # renovate: datasource=docker depName=golang
-FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:c7aa67236d35587d6e4f2578ebeda2164ab043e7437181a69ac12664dce2aae5 AS caddy-builder
+FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:ff83f3762390c2cccb53618ccc18af23e556aff9b1db4428637e9f63287c8171 AS caddy-builder
 ARG TARGETOS
 ARG TARGETARCH
 ARG CADDY_VERSION
@@ -227,7 +227,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
 # Build CrowdSec from source to ensure we use Go 1.25.5+ and avoid stdlib vulnerabilities
 # (CVE-2025-58183, CVE-2025-58186, CVE-2025-58187, CVE-2025-61729)
 # renovate: datasource=docker depName=golang versioning=docker
-FROM --platform=$BUILDPLATFORM golang:1.25.6-trixie@sha256:c7aa67236d35587d6e4f2578ebeda2164ab043e7437181a69ac12664dce2aae5 AS crowdsec-builder
+FROM --platform=$BUILDPLATFORM golang:1.25.6-trixie@sha256:ff83f3762390c2cccb53618ccc18af23e556aff9b1db4428637e9f63287c8171 AS crowdsec-builder
 COPY --from=xx / /
 
 WORKDIR /tmp/crowdsec
@@ -286,7 +286,7 @@ RUN mkdir -p /crowdsec-out/config && \
 
 # ---- CrowdSec Fallback (for architectures where build fails) ----
 # renovate: datasource=docker depName=debian
-FROM debian:trixie-slim@sha256:bfc1a095aef012070754f61523632d1603d7508b4d0329cd5eb36e9829501290 AS crowdsec-fallback
+FROM debian:trixie-slim@sha256:f6e2cfac5cf956ea044b4bd75e6397b4372ad88fe00908045e9a0d21712ae3ba AS crowdsec-fallback
 
 WORKDIR /tmp/crowdsec
 
diff --git a/frontend/package-lock.json b/frontend/package-lock.json
index 87a95278..a00494c2 100644
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
@@ -19,7 +19,7 @@
         "class-variance-authority": "^0.7.1",
         "clsx": "^2.1.1",
         "date-fns": "^4.1.0",
-        "i18next": "^25.8.0",
+        "i18next": "^25.8.1",
         "i18next-browser-languagedetector": "^8.2.0",
         "lucide-react": "^0.563.0",
         "react": "^19.2.4",
@@ -5383,9 +5383,9 @@
       }
     },
     "node_modules/i18next": {
-      "version": "25.8.0",
-      "resolved": "https://registry.npmjs.org/i18next/-/i18next-25.8.0.tgz",
-      "integrity": "sha512-urrg4HMFFMQZ2bbKRK7IZ8/CTE7D8H4JRlAwqA2ZwDRFfdd0K/4cdbNNLgfn9mo+I/h9wJu61qJzH7jCFAhUZQ==",
+      "version": "25.8.1",
+      "resolved": "https://registry.npmjs.org/i18next/-/i18next-25.8.1.tgz",
+      "integrity": "sha512-nFFxhwcRNggIrkv2hx/xMYVMG7Z8iMUA4ZuH4tgcbZiI0bK1jn3kSDIXNWuQDt1xVAu7mb7Qn82TpH7ZAk/okA==",
       "funding": [
         {
           "type": "individual",
diff --git a/frontend/package.json b/frontend/package.json
index c0715dc2..b197401f 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -38,7 +38,7 @@
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "date-fns": "^4.1.0",
-    "i18next": "^25.8.0",
+    "i18next": "^25.8.1",
     "i18next-browser-languagedetector": "^8.2.0",
     "lucide-react": "^0.563.0",
     "react": "^19.2.4",