diff --git a/.builder-image-version.txt b/.builder-image-version.txt
index 63b41b20..ad7bb75d 100644
--- a/.builder-image-version.txt
+++ b/.builder-image-version.txt
@@ -1 +1 @@
-1.1.28
\ No newline at end of file
+1.1.29
diff --git a/.github/actions/setup-go/action.yaml b/.github/actions/setup-go/action.yaml
index ced986be..d0a580a0 100644
--- a/.github/actions/setup-go/action.yaml
+++ b/.github/actions/setup-go/action.yaml
@@ -4,9 +4,9 @@ runs:
   using: "composite"
   steps:
     - name: Install go
-      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+      uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
       with:
-        go-version: "1.22"
+        go-version: "1.24"
         go-version-file: "go.mod"
         cache: true
         cache-dependency-path: go.sum
@@ -16,14 +16,14 @@ runs:
         echo "::set-output name=go-build::$(go env GOCACHE)"
         echo "::set-output name=go-mod::$(go env GOMODCACHE)"
     - name: Go Mod Cache
-      uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4
       with:
         path: ${{ steps.go-cache-paths.outputs.go-mod }}
         key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }}
         restore-keys: |
           ${{ runner.os }}-go-mod-
     - name: Go Build Cache
-      uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4
       with:
         path: ${{ steps.go-cache-paths.outputs.go-build }}
         key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 31436f32..26136d44 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -83,7 +83,7 @@ jobs:
 
       # Import GitHub's cache build to docker cache
       - name: Copy cso Golang cache to docker cache
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
         with:
           provenance: false
           context: /tmp/.cache/cso
@@ -93,7 +93,7 @@ jobs:
           target: import-cache
 
       - name: Build and push cso image
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6
         id: docker_build_release_cso
         with:
           provenance: false
@@ -129,7 +129,7 @@ jobs:
       # Store docker's golang's cache build locally only on the main branch
       - name: Store cso Golang cache build locally
         if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
         with:
           provenance: false
           context: .
diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml
index fd2e46ba..d254787c 100644
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -21,7 +21,7 @@ jobs:
     if: github.event_name != 'pull_request' || !github.event.pull_request.draft
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/sovereigncloudstack/cso-builder:1.1.28
+      image: ghcr.io/sovereigncloudstack/cso-builder:1.1.29
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.github_token }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index afa04eb9..ce2ecac6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -61,7 +61,7 @@ jobs:
           echo 'EOF' >> $GITHUB_ENV
 
       - name: Build and push cso image
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6
         id: docker_build_release_cso
         with:
           provenance: false
@@ -155,7 +155,7 @@ jobs:
           make release-notes
 
       - name: Release
-        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2
+        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2
         with:
           draft: true
           files: out/*
diff --git a/.github/workflows/schedule-scan-image.yml b/.github/workflows/schedule-scan-image.yml
index 4d6192a7..8b398923 100644
--- a/.github/workflows/schedule-scan-image.yml
+++ b/.github/workflows/schedule-scan-image.yml
@@ -9,7 +9,7 @@ jobs:
     name: Trivy
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/sovereigncloudstack/cso-builder:1.1.28
+      image: ghcr.io/sovereigncloudstack/cso-builder:1.1.29
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.github_token }}
diff --git a/.github/workflows/schedule-update-bot.yaml b/.github/workflows/schedule-update-bot.yaml
index 35368815..91539fe3 100644
--- a/.github/workflows/schedule-update-bot.yaml
+++ b/.github/workflows/schedule-update-bot.yaml
@@ -33,7 +33,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Generate Token
-        uses: actions/create-github-app-token@21cfef2b496dd8ef5b904c159339626a10ad380e # v1
+        uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1
         id: generate-token
         with:
           app-id: ${{ secrets.SCS_APP_ID }}