diff --git a/.github/workflows/security-pr.yml b/.github/workflows/security-pr.yml
index 9d9cee01..cdfabb5c 100644
--- a/.github/workflows/security-pr.yml
+++ b/.github/workflows/security-pr.yml
@@ -234,7 +234,7 @@ jobs:
       - name: Upload Trivy SARIF to GitHub Security
         if: steps.check-artifact.outputs.artifact_exists == 'true'
         # github/codeql-action v4
-        uses: github/codeql-action/upload-sarif@f959778b39f110f7919139e242fa5ac47393c877
+        uses: github/codeql-action/upload-sarif@7deb0a15d3029449bc515a36324b0b21d24f6e27
         with:
           sarif_file: 'trivy-binary-results.sarif'
           category: ${{ steps.pr-info.outputs.is_push == 'true' && format('security-scan-{0}', github.event.workflow_run.head_branch) || format('security-scan-pr-{0}', steps.pr-info.outputs.pr_number) }}
diff --git a/Dockerfile b/Dockerfile
index 774ce016..d9fbf537 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -35,7 +35,7 @@ FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.9.0@sha256:c64defb9ed5a91eacb37f9
 # CVEs fixed: CVE-2023-24531, CVE-2023-24540, CVE-2023-29402, CVE-2023-29404,
 #             CVE-2023-29405, CVE-2024-24790, CVE-2025-22871, and 15 more
 # renovate: datasource=docker depName=golang
-FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:0032c99f1682c40dca54932e2fe0156dc575ed12c6a4fdec94df9db7a0c17ab0 AS gosu-builder
+FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:f6a22bdb1d575b3f71c3d11b6ab09aef8f8ca3b0f1324ad944d80c14cc3fbe96 AS gosu-builder
 COPY --from=xx / /
 
 WORKDIR /tmp/gosu
@@ -89,7 +89,7 @@ RUN --mount=type=cache,target=/app/frontend/node_modules/.cache \
 
 # ---- Backend Builder ----
 # renovate: datasource=docker depName=golang
-FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:0032c99f1682c40dca54932e2fe0156dc575ed12c6a4fdec94df9db7a0c17ab0 AS backend-builder
+FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:f6a22bdb1d575b3f71c3d11b6ab09aef8f8ca3b0f1324ad944d80c14cc3fbe96 AS backend-builder
 # Copy xx helpers for cross-compilation
 COPY --from=xx / /
 
@@ -162,7 +162,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
 # Build Caddy from source to ensure we use the latest Go version and dependencies
 # This fixes vulnerabilities found in the pre-built Caddy images (e.g. CVE-2025-59530, stdlib issues)
 # renovate: datasource=docker depName=golang
-FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:0032c99f1682c40dca54932e2fe0156dc575ed12c6a4fdec94df9db7a0c17ab0 AS caddy-builder
+FROM --platform=$BUILDPLATFORM golang:1.25-trixie@sha256:f6a22bdb1d575b3f71c3d11b6ab09aef8f8ca3b0f1324ad944d80c14cc3fbe96 AS caddy-builder
 ARG TARGETOS
 ARG TARGETARCH
 ARG CADDY_VERSION
@@ -227,7 +227,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
 # Build CrowdSec from source to ensure we use Go 1.25.5+ and avoid stdlib vulnerabilities
 # (CVE-2025-58183, CVE-2025-58186, CVE-2025-58187, CVE-2025-61729)
 # renovate: datasource=docker depName=golang versioning=docker
-FROM --platform=$BUILDPLATFORM golang:1.25.6-trixie@sha256:0032c99f1682c40dca54932e2fe0156dc575ed12c6a4fdec94df9db7a0c17ab0 AS crowdsec-builder
+FROM --platform=$BUILDPLATFORM golang:1.25.7-trixie@sha256:86d4bd34f4ca0536082637663aa6959c562ceb0161b289dc7592112228735272 AS crowdsec-builder
 COPY --from=xx / /
 
 WORKDIR /tmp/crowdsec
diff --git a/frontend/package-lock.json b/frontend/package-lock.json
index e1698be1..bf4e4670 100644
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
@@ -19,7 +19,7 @@
         "class-variance-authority": "^0.7.1",
         "clsx": "^2.1.1",
         "date-fns": "^4.1.0",
-        "i18next": "^25.8.2",
+        "i18next": "^25.8.3",
         "i18next-browser-languagedetector": "^8.2.0",
         "lucide-react": "^0.563.0",
         "react": "^19.2.4",
@@ -5383,9 +5383,9 @@
       }
     },
     "node_modules/i18next": {
-      "version": "25.8.2",
-      "resolved": "https://registry.npmjs.org/i18next/-/i18next-25.8.2.tgz",
-      "integrity": "sha512-7KyJnG9n1nXXVqyOV/TAcp6/4QFgqMoob5y1xTPnWRU5wnrsDYRUvWEmF6RV98EY72ET+nUGkLQsmmO6T1l94Q==",
+      "version": "25.8.3",
+      "resolved": "https://registry.npmjs.org/i18next/-/i18next-25.8.3.tgz",
+      "integrity": "sha512-IC/pp2vkczdu1sBheq1eC92bLavN6fM5jH61c7Xa23PGio5ePEd+EP+re1IkO7KEM9eyeJHUxvIRxsaYTlsSyQ==",
       "funding": [
         {
           "type": "individual",
diff --git a/frontend/package.json b/frontend/package.json
index e5e44bc0..117578d2 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -38,7 +38,7 @@
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "date-fns": "^4.1.0",
-    "i18next": "^25.8.2",
+    "i18next": "^25.8.3",
     "i18next-browser-languagedetector": "^8.2.0",
     "lucide-react": "^0.563.0",
     "react": "^19.2.4",