diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index fdc4569..5649ad2 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -19,7 +19,7 @@ jobs:
       IMAGE_NAME: ${{ github.repository }}
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           fetch-depth: 0
       - name: Git Fetch
@@ -28,7 +28,7 @@ jobs:
         uses: actions/setup-go@v6
         with:
           go-version: stable
-      - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+      - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: |
             ~/.cache/go-build
@@ -36,7 +36,7 @@ jobs:
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
-      - uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
+      - uses: anchore/sbom-action/download-syft@fbfd9c6c189226748411491745178e0c2017392d # v0.20.10
 
       - name: Set Up Docker Buildx
         uses: docker/setup-buildx-action@v3
diff --git a/Dockerfile b/Dockerfile
index a6f5098..0980e1e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.21
+FROM alpine:3.22
 
 RUN apk --no-cache add ca-certificates
 
diff --git a/go.mod b/go.mod
index e9b1086..ed15d3e 100644
--- a/go.mod
+++ b/go.mod
@@ -3,11 +3,11 @@ module github.com/stackitcloud/fake-jwt-server
 go 1.22.2
 
 require (
-	github.com/golang-jwt/jwt/v5 v5.2.2
-	github.com/lestrrat-go/jwx/v2 v2.1.4
-	github.com/spf13/cobra v1.9.1
-	github.com/spf13/pflag v1.0.6
-	github.com/spf13/viper v1.20.1
+	github.com/golang-jwt/jwt/v5 v5.3.0
+	github.com/lestrrat-go/jwx/v2 v2.1.6
+	github.com/spf13/cobra v1.10.1
+	github.com/spf13/pflag v1.0.10
+	github.com/spf13/viper v1.21.0
 )
 
 require (