diff --git a/.github/workflows/build-windows.yaml b/.github/workflows/build-windows.yaml
index 443e6e29f29..bfa6cfebbfd 100644
--- a/.github/workflows/build-windows.yaml
+++ b/.github/workflows/build-windows.yaml
@@ -23,7 +23,7 @@ concurrency:
 
 env:
   GO_VERSION: ''
-  GOSEC_VERSION: '2.16.0'
+  GOSEC_VERSION: '2.17.0'
 
 jobs:
   filter:
diff --git a/.github/workflows/build-x86-image.yaml b/.github/workflows/build-x86-image.yaml
index 718ab0c6149..cdff3209803 100644
--- a/.github/workflows/build-x86-image.yaml
+++ b/.github/workflows/build-x86-image.yaml
@@ -22,8 +22,8 @@ concurrency:
 
 env:
   GO_VERSION: ''
-  GOSEC_VERSION: '2.16.0'
-  HELM_VERSION: v3.12.2
+  GOSEC_VERSION: '2.17.0'
+  HELM_VERSION: v3.12.3
   SUBMARINER_VERSION: '0.14.6'
 
 jobs:
diff --git a/.github/workflows/scheduled-e2e.yaml b/.github/workflows/scheduled-e2e.yaml
index 3f75593b9fb..786153763e2 100644
--- a/.github/workflows/scheduled-e2e.yaml
+++ b/.github/workflows/scheduled-e2e.yaml
@@ -11,7 +11,7 @@ concurrency:
 
 env:
   GO_VERSION: ''
-  HELM_VERSION: v3.12.2
+  HELM_VERSION: v3.12.3
   SUBMARINER_VERSION: '0.14.6'
 
 jobs:
diff --git a/Makefile b/Makefile
index 2765549fc7d..8c4f92bbaa5 100644
--- a/Makefile
+++ b/Makefile
@@ -37,10 +37,10 @@ KUBEVIRT_OPERATOR_YAML = https://github.com/kubevirt/kubevirt/releases/download/
 KUBEVIRT_CR_YAML = https://github.com/kubevirt/kubevirt/releases/download/$(KUBEVIRT_VERSION)/kubevirt-cr.yaml
 KUBEVIRT_TEST_YAML = https://kubevirt.io/labs/manifests/vm.yaml
 
-CILIUM_VERSION = 1.13.4
+CILIUM_VERSION = 1.14.1
 CILIUM_IMAGE_REPO = quay.io/cilium/cilium
 
-CERT_MANAGER_VERSION = v1.12.2
+CERT_MANAGER_VERSION = v1.12.3
 CERT_MANAGER_CONTROLLER = quay.io/jetstack/cert-manager-controller:$(CERT_MANAGER_VERSION)
 CERT_MANAGER_CAINJECTOR = quay.io/jetstack/cert-manager-cainjector:$(CERT_MANAGER_VERSION)
 CERT_MANAGER_WEBHOOK = quay.io/jetstack/cert-manager-webhook:$(CERT_MANAGER_VERSION)
@@ -59,7 +59,7 @@ DEEPFLOW_CHART_REPO = https://deepflow-ce.oss-cn-beijing.aliyuncs.com/chart/stab
 DEEPFLOW_IMAGE_REPO = registry.cn-beijing.aliyuncs.com/deepflow-ce
 DEEPFLOW_GRAFANA_PORT = 30080
 
-KWOK_VERSION = v0.3.0
+KWOK_VERSION = v0.4.0
 KWOK_IMAGE = registry.k8s.io/kwok/kwok:$(KWOK_VERSION)
 
 VPC_NAT_GW_IMG = $(REGISTRY)/vpc-nat-gateway:$(VERSION)
diff --git a/pkg/ovs/ovn-nb-acl.go b/pkg/ovs/ovn-nb-acl.go
index dc66cc90260..77f8b359829 100644
--- a/pkg/ovs/ovn-nb-acl.go
+++ b/pkg/ovs/ovn-nb-acl.go
@@ -734,6 +734,7 @@ func (c *ovnNbClient) GetAcl(parent, direction, priority, match string, ignoreNo
 		return nil, fmt.Errorf("more than one acl with same 'parent %s direction %s priority %s match %s'", parent, direction, priority, match)
 	}
 
+	// #nosec G602
 	return &aclList[0], nil
 }
 
diff --git a/pkg/ovs/ovn-nb-load_balancer.go b/pkg/ovs/ovn-nb-load_balancer.go
index bcca458657b..00a184bb5bf 100644
--- a/pkg/ovs/ovn-nb-load_balancer.go
+++ b/pkg/ovs/ovn-nb-load_balancer.go
@@ -211,6 +211,7 @@ func (c *ovnNbClient) GetLoadBalancer(lbName string, ignoreNotFound bool) (*ovnn
 		return nil, fmt.Errorf("more than one load balancer with same name %q", lbName)
 	}
 
+	// #nosec G602
 	return &lbList[0], nil
 }
 
diff --git a/pkg/ovs/ovn-nb-logical_router.go b/pkg/ovs/ovn-nb-logical_router.go
index 26ef2288534..f092431e2be 100644
--- a/pkg/ovs/ovn-nb-logical_router.go
+++ b/pkg/ovs/ovn-nb-logical_router.go
@@ -109,6 +109,7 @@ func (c *ovnNbClient) GetLogicalRouter(lrName string, ignoreNotFound bool) (*ovn
 		return nil, fmt.Errorf("more than one logical router with same name %q", lrName)
 	}
 
+	// #nosec G602
 	return &lrList[0], nil
 }
 
diff --git a/pkg/ovs/ovn-nb-logical_switch.go b/pkg/ovs/ovn-nb-logical_switch.go
index b5714b8d94a..ea0e2502cac 100644
--- a/pkg/ovs/ovn-nb-logical_switch.go
+++ b/pkg/ovs/ovn-nb-logical_switch.go
@@ -210,6 +210,7 @@ func (c *ovnNbClient) GetLogicalSwitch(lsName string, ignoreNotFound bool) (*ovn
 		return nil, fmt.Errorf("more than one logical switch with same name %q", lsName)
 	}
 
+	// #nosec G602
 	return &lsList[0], nil
 }
 
diff --git a/pkg/ovs/ovn-sb-chassis.go b/pkg/ovs/ovn-sb-chassis.go
index 804bc04ad06..55f9ed1e592 100644
--- a/pkg/ovs/ovn-sb-chassis.go
+++ b/pkg/ovs/ovn-sb-chassis.go
@@ -121,6 +121,8 @@ func (c *ovnSbClient) GetChassisByHost(nodeName string) (*ovnsb.Chassis, error)
 		klog.Error(err)
 		return nil, err
 	}
+
+	// #nosec G602
 	return &chassisList[0], nil
 }
 
diff --git a/pkg/util/net.go b/pkg/util/net.go
index a800a9519f2..7503aba45b6 100644
--- a/pkg/util/net.go
+++ b/pkg/util/net.go
@@ -17,7 +17,8 @@ import (
 	kubeovnv1 "github.com/kubeovn/kube-ovn/pkg/apis/kubeovn/v1"
 )
 
-var vpcExternalNet = "ovn-vpc-external-network"
+// #nosec G101
+const vpcExternalNet = "ovn-vpc-external-network"
 
 const (
 	IPv4Multicast        = "224.0.0.0/4"