diff --git a/.github/workflows/bump-ff-version.yml b/.github/workflows/bump-ff-version.yml
index d84ec63..4853507 100644
--- a/.github/workflows/bump-ff-version.yml
+++ b/.github/workflows/bump-ff-version.yml
@@ -12,7 +12,7 @@ on:
 
 jobs:
   bump-ff-version:
-    uses: wearefrank/ci-cd-templates/.github/workflows/ff-version-auto-bumper.yml@b9f96c7bb6abc6e4c1e1bece97435c71485e1aac # 1.0.11
+    uses: wearefrank/ci-cd-templates/.github/workflows/ff-version-auto-bumper.yml@bdd980ea3327366c72f021c09685abc676b74585 # 1.0.12
     secrets:
       token: ${{ secrets.WEAREFRANK_BOT_PAT }}
       dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1288d42..ecaa267 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,7 +15,7 @@ jobs:
       version-next: ${{ steps.reference.outputs.next-reference }}
       version-next-strict: ${{ steps.reference.outputs.next-reference }}
     steps:
-      - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           disable-sudo: true
           egress-policy: block
@@ -27,10 +27,10 @@ jobs:
 
       - name: Next Reference
         id: reference
-        uses: wearefrank/ci-cd-templates/next-reference@b9f96c7bb6abc6e4c1e1bece97435c71485e1aac #1.0.11
+        uses: wearefrank/ci-cd-templates/next-reference@bdd980ea3327366c72f021c09685abc676b74585 #1.0.12
 
   ci:
-    uses: wearefrank/ci-cd-templates/.github/workflows/ci-generic.yml@b9f96c7bb6abc6e4c1e1bece97435c71485e1aac #1.0.11
+    uses: wearefrank/ci-cd-templates/.github/workflows/ci-generic.yml@bdd980ea3327366c72f021c09685abc676b74585 #1.0.12
     needs:
       - version-next
     secrets:
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index c763c0f..2b200e8 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -43,7 +43,7 @@ jobs:
       # multi-platform images and export cache
       # https://github.com/docker/setup-buildx-action
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
@@ -59,7 +59,7 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+        uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
@@ -71,7 +71,7 @@ jobs:
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 111c77b..01e337c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -14,7 +14,7 @@ jobs:
       version-next-tag: ${{ steps.next-version.outputs.release-tag }}
       version-next-type: ${{ steps.next-version.outputs.release-type }}
     steps:
-      - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           disable-sudo: true
           egress-policy: audit
@@ -40,7 +40,7 @@ jobs:
           GH_TOKEN: ${{ secrets.WEAREFRANK_BOT_PAT }}
 
   ci:
-    uses: wearefrank/ci-cd-templates/.github/workflows/ci-generic.yml@b9f96c7bb6abc6e4c1e1bece97435c71485e1aac #1.0.11
+    uses: wearefrank/ci-cd-templates/.github/workflows/ci-generic.yml@bdd980ea3327366c72f021c09685abc676b74585 #1.0.12
     needs: analyze-commits
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}
@@ -54,7 +54,7 @@ jobs:
       - analyze-commits
       - ci
     steps:
-      - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
 
@@ -90,7 +90,7 @@ jobs:
           GH_TOKEN: ${{ secrets.WEAREFRANK_BOT_PAT }}
 
   docker-release:
-    uses: wearefrank/ci-cd-templates/.github/workflows/docker-release-generic.yml@b9f96c7bb6abc6e4c1e1bece97435c71485e1aac #1.0.11
+    uses: wearefrank/ci-cd-templates/.github/workflows/docker-release-generic.yml@bdd980ea3327366c72f021c09685abc676b74585 #1.0.12
     needs: 
       - analyze-commits
       - release
@@ -110,4 +110,4 @@ jobs:
       - release
     # Set to true to enable Docusaurus publishing to GitHub Pages
     if: false
-    uses: wearefrank/ci-cd-templates/.github/workflows/docusaurus-release.yml@b9f96c7bb6abc6e4c1e1bece97435c71485e1aac #1.0.11
+    uses: wearefrank/ci-cd-templates/.github/workflows/docusaurus-release.yml@bdd980ea3327366c72f021c09685abc676b74585 #1.0.12