diff --git a/.builder-image-version.txt b/.builder-image-version.txt
index 73a29c94..13fec672 100644
--- a/.builder-image-version.txt
+++ b/.builder-image-version.txt
@@ -1 +1 @@
-1.1.34
+1.1.35
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 1b30251a..cef1f9ea 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -54,7 +54,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
+        uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1
 
       - name: Setup Env
         run: |
diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml
index e62fbc02..ca4f5b37 100644
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -21,7 +21,7 @@ jobs:
     if: github.event_name != 'pull_request' || !github.event.pull_request.draft
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/sovereigncloudstack/cso-builder:1.1.34
+      image: ghcr.io/sovereigncloudstack/cso-builder:1.1.35
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.github_token }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index fea7bc43..758994a1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -44,7 +44,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
+        uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1
 
       - name: Install Bom
         shell: bash
diff --git a/.github/workflows/schedule-scan-image.yml b/.github/workflows/schedule-scan-image.yml
index 386428ac..b9c7be42 100644
--- a/.github/workflows/schedule-scan-image.yml
+++ b/.github/workflows/schedule-scan-image.yml
@@ -9,7 +9,7 @@ jobs:
     name: Trivy
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/sovereigncloudstack/cso-builder:1.1.34
+      image: ghcr.io/sovereigncloudstack/cso-builder:1.1.35
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.github_token }}
diff --git a/.github/workflows/schedule-update-bot.yaml b/.github/workflows/schedule-update-bot.yaml
index 6f4c4ec9..cff88e35 100644
--- a/.github/workflows/schedule-update-bot.yaml
+++ b/.github/workflows/schedule-update-bot.yaml
@@ -46,7 +46,7 @@ jobs:
           echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" >> "$GITHUB_ENV"
 
       - name: Renovate
-        uses: renovatebot/github-action@f8af9272cd94a4637c29f60dea8731afd3134473 # v43.0.12
+        uses: renovatebot/github-action@ea850436a5fe75c0925d583c7a02c60a5865461d # v43.0.20
         env:
           RENOVATE_HOST_RULES: '[{"hostType": "docker", "matchHost": "ghcr.io", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}" }]'
           RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS: '[".*"]'