diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index edad5d2..4a9e5cd 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -11,26 +11,26 @@ jobs:
 
     steps:
       - name: checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       # https://github.com/docker/setup-qemu-action
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       # https://github.com/docker/setup-buildx-action
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to registry
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Docker meta
         id: meta_id
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v5
         with:
           # list of Docker images to use as base name for tags
           images: |
@@ -46,7 +46,7 @@ jobs:
             type=sha
 
       - name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: .
           platforms: linux/amd64,linux/arm64
diff --git a/Dockerfile b/Dockerfile
index 4bd7ad9..997201a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,8 @@
 # Globals and input args
-FROM python:3.11.5-alpine3.18
+FROM python:3.12.5-alpine3.20
 WORKDIR /app
-
+# CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
+RUN apk --no-cache upgrade libexpat
 # Prepare our app requirements and install it...
 COPY requirements.txt ./
 RUN pip install --no-cache-dir -r requirements.txt && \