diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
new file mode 100644
index 00000000..9c0a9994
--- /dev/null
+++ b/.github/workflows/dependency-updates.yml
@@ -0,0 +1,59 @@
+name: dependency-updates
+on:
+  push:
+  schedule:
+    - cron: "0 */6 * * *"
+  workflow_dispatch:
+jobs:
+  cs-nginx-bouncer-update:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: update cs-nginx-bouncer version
+        id: update
+        run: |
+          CSNB_VER="$(
+          git ls-remote --tags https://github.com/crowdsecurity/cs-nginx-bouncer \
+              | cut -d/ -f3 \
+              | sort -V \
+              | tail -1 \
+              | sed -E "s/\^\{\}//"
+          )"
+          sed -i "s|ARG CSNB_VER=.*|ARG CSNB_VER=$CSNB_VER|" Dockerfile
+          echo "version=$CSNB_VER" >> $GITHUB_OUTPUT
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v5
+        with:
+          signoff: true
+          delete-branch: true
+          commit-message: update cs-nginx-bouncer version to ${{ steps.update.outputs.version }}
+          branch: update-cs-nginx-bouncer-version
+          title: update cs-nginx-bouncer version to ${{ steps.update.outputs.version }}
+          body: update cs-nginx-bouncer version to ${{ steps.update.outputs.version }}
+  coreruleset-update:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: update coreruleset version
+        id: update
+        run: |
+          CRS_VER="$(
+          git ls-remote --tags https://github.com/coreruleset/coreruleset \
+              | cut -d/ -f3 \
+              | sort -V \
+              | tail -1 \
+              | sed -E "s/\^\{\}//"
+          )"
+          sed -i "s|ARG CRS_VER=.*|ARG CRS_VER=$CRS_VER|" Dockerfile
+          echo "version=$CRS_VER" >> $GITHUB_OUTPUT
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v5
+        with:
+          signoff: true
+          delete-branch: true
+          commit-message: update coreruleset version to ${{ steps.update.outputs.version }}
+          branch: update-coreruleset-version
+          title: update coreruleset version to ${{ steps.update.outputs.version }}
+          body: update coreruleset version to ${{ steps.update.outputs.version }}
diff --git a/Dockerfile b/Dockerfile
index d867680e..6b9d360a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -32,7 +32,7 @@ RUN apk add --no-cache ca-certificates nodejs-current yarn && \
 
 FROM --platform="$BUILDPLATFORM" alpine:3.19.0 as crowdsec
 
-ARG CSNB_VER=v1.0.5
+ARG CSNB_VER=v1.0.6
 
 WORKDIR /src
 RUN apk add --no-cache ca-certificates git build-base && \
@@ -48,9 +48,7 @@ RUN apk add --no-cache ca-certificates git build-base && \
     sed -i "s|BAN_TEMPLATE_PATH=.*|BAN_TEMPLATE_PATH=/data/etc/crowdsec/ban.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \
     sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/captcha.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
 
-FROM zoeyvid/certbot-docker:17 as certbot
-
-FROM zoeyvid/nginx-quic:230
+FROM zoeyvid/nginx-quic:234
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 
 ARG CRS_VER=v4.0/dev
@@ -72,15 +70,15 @@ RUN apk add --no-cache ca-certificates tzdata tini \
     yarn global add nginxbeautifier && \
     apk del --no-cache luarocks5.1 wget lua5.1-dev build-base git yarn
 
-COPY --from=backend  /build/backend                                             /app
-COPY --from=frontend /build/frontend/dist                                       /app/frontend
-COPY --from=certbot  /usr/local/certbot                                         /usr/local/certbot
-COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins            /usr/local/nginx/lib/lua/plugins
-COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua       /usr/local/nginx/lib/lua/crowdsec.lua
-COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html     /usr/local/nginx/conf/conf.d/include/ban.html
-COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html
-COPY --from=crowdsec /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf    /usr/local/nginx/conf/conf.d/include/crowdsec.conf
-COPY --from=crowdsec /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf      /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf
+COPY --from=backend                    /build/backend                                             /app
+COPY --from=frontend                   /build/frontend/dist                                       /app/frontend
+COPY --from=zoeyvid/certbot-docker:18  /usr/local/certbot                                         /usr/local/certbot
+COPY --from=crowdsec                   /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins            /usr/local/nginx/lib/lua/plugins
+COPY --from=crowdsec                   /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua       /usr/local/nginx/lib/lua/crowdsec.lua
+COPY --from=crowdsec                   /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html     /usr/local/nginx/conf/conf.d/include/ban.html
+COPY --from=crowdsec                   /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html
+COPY --from=crowdsec                   /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf    /usr/local/nginx/conf/conf.d/include/crowdsec.conf
+COPY --from=crowdsec                   /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf      /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf
 
 RUN ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \
     ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \
diff --git a/README.md b/README.md
index 1d0b0d27..2cbacddd 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ running at home or otherwise, including free TLS, without having to know too muc
 **Note: If you don't use network mode host, which I don't recommend, don't forget to expose port 443 on tcp AND udp (http3/quic needs udp).** <br>
 **Note: If you don't use network mode host, which I don't recommend, don't forget to enable IPv6 in Docker, see [here](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md), you only need to edit the daemon.json and restart docker, if you use the bridge network, otherwise please enable IPv6 in your custom docker network!** <br>
 **Note: Don't forget to open Port 80 (tcp) and 443 (tcp AND udp, http3/quic needs udp) in your firewall (because of network mode host, you also need to open this ports in ufw, if you use ufw).** <br>
-**Note: ModSecurity overblocking (403 Error)? Please see `/data/etc/modsecurity`, if you also use CRS please see [here](https://coreruleset.org/docs/concepts/false_positives_tuning).** <br>
+**Note: ModSecurity overblocking (403 Error)? Please see `/opt/npm/etc/modsecurity`, if you also use CRS please see [here](https://coreruleset.org/docs/concepts/false_positives_tuning).** <br>
 **Note: Internal Instance? Please disable `must-staple` in `/opt/npm/tls/certbot/config.ini`.** <br>
 **Note: Other Databases like MariaDB may work, but are unsupported.** <br>
 
@@ -81,7 +81,7 @@ so that the barrier for entry here is low.
 - Automatic database vacuum (only sqlite)
 - Automatic cleaning of old certbot certs (set FULLCLEAN to true)
 - Password reset (only sqlite) using `docker exec -it npmplus password-reset.js USER_EMAIL PASSWORD`
-- Supports TLS for MariaDB/MySQL; set `DB_MYSQL_TLS` env to true. Self-signed certificates can be uploaded to `/data/etc/npm/ca.crt` and `DB_MYSQL_CA` set to `/data/etc/npm/ca.crt` (not tested, unsupported)
+- Supports TLS for MariaDB/MySQL; set `DB_MYSQL_TLS` env to true. Self-signed certificates can be uploaded to `/opt/npm/etc/npm/ca.crt` and `DB_MYSQL_CA` set to `/data/etc/npm/ca.crt` (not tested, unsupported)
 - Supports PUID/PGID in network mode host; add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf`
 - Option to set IP bindings for multiple instances in network mode host
 - Option to change backend port
@@ -103,7 +103,7 @@ so that the barrier for entry here is low.
 1. Install crowdsec using this compose file: https://github.com/ZoeyVid/NPMplus/blob/develop/compose.crowdsec.yaml
 2. make sure to use `network_mode: host` in your compose file
 3. run `docker exec crowdsec cscli bouncers add npmplus -o raw` and save the output
-4. open `/data/etc/crowdsec/crowdsec.conf`
+4. open `/opt/npm/etc/crowdsec/crowdsec.conf`
 5. set `ENABLED` to `true`
 6. use the output of step 4 as `API_KEY`
 7. make sure `API_URL` is set to `http://127.0.0.1:8080`
diff --git a/backend/package.json b/backend/package.json
index ab7570d5..16640567 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -16,7 +16,7 @@
     "gravatar": "1.8.2",
     "jsonwebtoken": "9.0.2",
     "knex": "3.1.0",
-    "liquidjs": "10.9.4",
+    "liquidjs": "10.10.0",
     "lodash": "4.17.21",
     "moment": "2.29.4",
     "mysql": "2.18.1",
@@ -29,7 +29,7 @@
   "author": "Jamie Curnow <jc@jc21.com> and ZoeyVid <zoeyvid@zvcdn.de>",
   "license": "MIT",
   "devDependencies": {
-    "eslint": "8.55.0",
+    "eslint": "8.56.0",
     "eslint-plugin-align-assignments": "1.1.2"
   }
 }
diff --git a/frontend/package.json b/frontend/package.json
index 65b4681c..909a43a8 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -4,7 +4,7 @@
   "description": "A beautiful interface for creating Nginx endpoints",
   "main": "js/index.js",
   "dependencies": {
-    "@babel/core": "7.23.5",
+    "@babel/core": "7.23.6",
     "babel-core": "6.26.3",
     "babel-loader": "8.3.0",
     "babel-preset-env": "1.7.0",
@@ -30,7 +30,7 @@
     "node-sass": "7.0.3",
     "nodemon": "3.0.2",
     "numeral": "2.0.6",
-    "sass-loader": "10.5.0",
+    "sass-loader": "10.5.1",
     "style-loader": "3.3.3",
     "tabler-ui": "git+https://github.com/tabler/tabler.git#00f78ad823311bc3ad974ac3e5b0126198f0a813",
     "underscore": "1.13.6",