diff --git a/.github/workflows/backend-beta.yml b/.github/workflows/backend-beta.yml
index d6ba591a..5e4ae315 100644
--- a/.github/workflows/backend-beta.yml
+++ b/.github/workflows/backend-beta.yml
@@ -26,7 +26,7 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.ACCESS_TOKEN }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to Docker Hub
         uses: docker/login-action@v2
diff --git a/.github/workflows/backend-latest.yml b/.github/workflows/backend-latest.yml
index 094de4a8..50764fb8 100644
--- a/.github/workflows/backend-latest.yml
+++ b/.github/workflows/backend-latest.yml
@@ -28,7 +28,7 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.ACCESS_TOKEN }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to Docker Hub
         uses: docker/login-action@v3
diff --git a/.github/workflows/backend-release.yml b/.github/workflows/backend-release.yml
index 48b890a1..642592ad 100644
--- a/.github/workflows/backend-release.yml
+++ b/.github/workflows/backend-release.yml
@@ -23,7 +23,7 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.ACCESS_TOKEN }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to Docker Hub
         uses: docker/login-action@v2
diff --git a/.github/workflows/cdn-beta.yml b/.github/workflows/cdn-beta.yml
index 625fcf66..283f94f2 100644
--- a/.github/workflows/cdn-beta.yml
+++ b/.github/workflows/cdn-beta.yml
@@ -26,7 +26,7 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.ACCESS_TOKEN }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to Docker Hub
         uses: docker/login-action@v1
diff --git a/.github/workflows/cdn-latest.yml b/.github/workflows/cdn-latest.yml
index f37abc54..3540c8e2 100644
--- a/.github/workflows/cdn-latest.yml
+++ b/.github/workflows/cdn-latest.yml
@@ -26,7 +26,7 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.ACCESS_TOKEN }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to Docker Hub
         uses: docker/login-action@v1
diff --git a/.github/workflows/cdn-release.yml b/.github/workflows/cdn-release.yml
index 88506038..7a2aad7c 100644
--- a/.github/workflows/cdn-release.yml
+++ b/.github/workflows/cdn-release.yml
@@ -23,7 +23,7 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.ACCESS_TOKEN }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to Docker Hub
         uses: docker/login-action@v1
diff --git a/.github/workflows/frontend-beta.yml b/.github/workflows/frontend-beta.yml
index 51f4963b..09579824 100644
--- a/.github/workflows/frontend-beta.yml
+++ b/.github/workflows/frontend-beta.yml
@@ -26,7 +26,7 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.ACCESS_TOKEN }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to Docker Hub
         uses: docker/login-action@v2
diff --git a/.github/workflows/frontend-latest.yml b/.github/workflows/frontend-latest.yml
index e529c608..8593d160 100644
--- a/.github/workflows/frontend-latest.yml
+++ b/.github/workflows/frontend-latest.yml
@@ -28,7 +28,7 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.ACCESS_TOKEN }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to Docker Hub
         uses: docker/login-action@v3
diff --git a/.github/workflows/frontend-release.yml b/.github/workflows/frontend-release.yml
index 542edc7d..6e659829 100644
--- a/.github/workflows/frontend-release.yml
+++ b/.github/workflows/frontend-release.yml
@@ -23,7 +23,7 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.ACCESS_TOKEN }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to Docker Hub
         uses: docker/login-action@v2
diff --git a/.trivyignore b/.trivyignore
index 261f63c9..50ca285a 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -9,7 +9,13 @@ CVE-2025-64756
 CVE-2025-58183
 CVE-2025-61729
 
+# Additional Go stdlib findings in embedded binaries
+# These are from bundled toolchain/binary context, not executable paths used by the app runtime.
+CVE-2025-68121
+CVE-2025-61726
+CVE-2025-61728
+
 # jaraco.context Has a Path Traversal Vulnerability Fixed via setuptools
 GHSA-58pv-8j8x-9vj2
 CVE-2026-23949
-CVE-2026-24049
\ No newline at end of file
+CVE-2026-24049
diff --git a/frontend/Dockerfile b/frontend/Dockerfile
index 45822208..e327e135 100644
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -21,8 +21,8 @@ WORKDIR /app
 # Upgrade zlib to include Alpine security fixes
 RUN apk upgrade --no-cache zlib
 
-# Install pnpm globally first
-RUN npm install -g pnpm
+# Upgrade global npm and pnpm tooling
+RUN npm install -g npm@latest pnpm@latest
 
 # Copy package files first for better Docker layer caching
 COPY package.json pnpm-lock.yaml* ./