diff --git a/.builder-image-version.txt b/.builder-image-version.txt
index 4e036596..be5b4c7b 100644
--- a/.builder-image-version.txt
+++ b/.builder-image-version.txt
@@ -1 +1 @@
-1.1.19
+1.1.20
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 281d36f1..6bd57e15 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -83,7 +83,7 @@ jobs:
 
       # Import GitHub's cache build to docker cache
       - name: Copy cso Golang cache to docker cache
-        uses: docker/build-push-action@31159d49c0d4756269a0940a750801a1ea5d7003 # v6.1.0
+        uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6.2.0
         with:
           provenance: false
           context: /tmp/.cache/cso
@@ -93,7 +93,7 @@ jobs:
           target: import-cache
 
       - name: Build and push cso image
-        uses: docker/build-push-action@31159d49c0d4756269a0940a750801a1ea5d7003 # v6
+        uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6
         id: docker_build_release_cso
         with:
           provenance: false
@@ -129,7 +129,7 @@ jobs:
       # Store docker's golang's cache build locally only on the main branch
       - name: Store cso Golang cache build locally
         if: ${{ steps.cache.outputs.cache-hit != 'true' }}
-        uses: docker/build-push-action@31159d49c0d4756269a0940a750801a1ea5d7003 # v6.1.0
+        uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6.2.0
         with:
           provenance: false
           context: .
diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml
index 3ce2ff3b..5948ca99 100644
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -21,7 +21,7 @@ jobs:
     if: github.event_name != 'pull_request' || !github.event.pull_request.draft
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/sovereigncloudstack/cso-builder:1.1.19
+      image: ghcr.io/sovereigncloudstack/cso-builder:1.1.20
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.github_token }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 60d9076f..f4aec3ce 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -61,7 +61,7 @@ jobs:
           echo 'EOF' >> $GITHUB_ENV
 
       - name: Build and push cso image
-        uses: docker/build-push-action@31159d49c0d4756269a0940a750801a1ea5d7003 # v6
+        uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6
         id: docker_build_release_cso
         with:
           provenance: false
diff --git a/.github/workflows/schedule-scan-image.yml b/.github/workflows/schedule-scan-image.yml
index d41f1fb1..a84565ac 100644
--- a/.github/workflows/schedule-scan-image.yml
+++ b/.github/workflows/schedule-scan-image.yml
@@ -9,7 +9,7 @@ jobs:
     name: Trivy
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/sovereigncloudstack/cso-builder:1.1.19
+      image: ghcr.io/sovereigncloudstack/cso-builder:1.1.20
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.github_token }}
diff --git a/.github/workflows/schedule-update-bot.yaml b/.github/workflows/schedule-update-bot.yaml
index 9ec9afb2..494699c3 100644
--- a/.github/workflows/schedule-update-bot.yaml
+++ b/.github/workflows/schedule-update-bot.yaml
@@ -33,7 +33,7 @@ jobs:
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Generate Token
-        uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1
+        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1
         id: generate-token
         with:
           app-id: ${{ secrets.SCS_APP_ID }}