diff --git a/README.md b/README.md
index f2b57c7e6a32167a75071680078dae428de60c4d..0ba4d21b8a830883099445aeb549b351166b3ba6 100644
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@ The semantic-release template uses some global configuration used throughout all
 
 | Input / Variable                                         | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | Default value                                 |
 | -------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- |
-| `image` / `SEMREL_IMAGE`                                 | The Docker image used to run semantic-release                                                                                                                                                                                                                                                                                                                                                                                                                                                        | `registry.hub.docker.com/library/node:latest` |
+| `image` / `SEMREL_IMAGE`                                 | The Docker image used to run semantic-release                                                                                                                                                                                                                                                                                                                                                                                                                                                        | `registry.hub.docker.com/library/node:lts-slim` |
 | `version` / `SEMREL_VERSION`                             | The [semantic-release](https://www.npmjs.com/package/semantic-release) version to use                                                                                                                                                                                                                                                                                                                                                                                                                | `latest`                                      |
 | `exec-version` / `SEMREL_EXEC_VERSION`                   | The [@semantic-release/exec](https://www.npmjs.com/package/@semantic-release/exec) version to use                                                                                                                                                                                                                                                                                                                                                                                                    | `latest`                                      |
 | :lock: `GITLAB_TOKEN`                                    | A GitLab [project access token](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html) or [personal access token](https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html) with `api`, `read_repository` and `write repository` scopes. :warning: This variable is **mandatory** and [defined by `semantic-release`](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/ci-configuration.md#push-access-to-the-remote-repository) itself. | _none_                                        |
diff --git a/kicker.json b/kicker.json
index ade2ed373106d43273c5cde2685161009689255a..bb36841be5a515ecab3123f733e32d2f1122d790 100644
--- a/kicker.json
+++ b/kicker.json
@@ -10,7 +10,7 @@
     {
       "name": "SEMREL_IMAGE",
       "description": "The Docker image used to run semantic-release",
-      "default": "registry.hub.docker.com/library/node:latest"
+      "default": "registry.hub.docker.com/library/node:lts-slim"
     },
     {
       "name": "SEMREL_VERSION",
diff --git a/templates/gitlab-ci-semrel.yml b/templates/gitlab-ci-semrel.yml
index cf99a2a6648d02167ca894368dd3475eaeb5ac1b..477ecd39e9c3b5ada1a6bd0e509ec5044db34e71 100644
--- a/templates/gitlab-ci-semrel.yml
+++ b/templates/gitlab-ci-semrel.yml
@@ -18,7 +18,7 @@ spec:
   inputs:
     image:
       description: The Docker image used to run semantic-release
-      default: registry.hub.docker.com/library/node:latest
+      default: registry.hub.docker.com/library/node:lts-slim
     version:
       description: The [semantic-release](https://www.npmjs.com/package/semantic-release) version to use
       default: latest
@@ -378,6 +378,55 @@ stages:
     done
   }
 
+  function download_file() {
+    if command -v wget &> /dev/null
+    then
+      wget "$1" -O "$2"
+    elif command -v curl &> /dev/null
+    then
+      curl -sfL "$1" -o "$2"
+    elif command -v node &> /dev/null
+    then
+      node -e "const fs=require('fs'),https=require('https');function dlFile(url,file,maxRedir=5){return new Promise((resolve,reject)=>{let redirCount=0;const req=https.get(url,res=>{res.statusCode>=300&&res.statusCode<400&&res.headers.location&&redirCount<maxRedir?(redirCount++,console.log('Follow redirect ('+redirCount+'): '+res.headers.location),dlFile(res.headers.location,file,maxRedir).then(resolve).catch(reject)):200===res.statusCode?(res.pipe(fs.createWriteStream(file)).on('finish',()=>resolve()),res.on('error',reject)):reject(new Error('HTTP error: '+res.statusCode))});req.on('error',reject)})}dlFile('$1','$2').then(()=>{console.log('Download complete'),process.exit(0)}).catch(e=>{console.error('Error:',e),process.exit(1)});"
+    else
+      fail "wget, curl or node required"
+    fi
+  }
+
+  function github_get_latest_version() {
+    if command -v curl &> /dev/null
+    then
+      curl -sSf -I "https://github.com/$1/releases/latest" | awk -F '/' -v RS='\r\n' '/location:/ {print $NF}'
+    elif command -v node &> /dev/null
+    then
+      node -e "const https=require('https'); const options={hostname:'github.com', path:'/$1/releases/latest', method:'HEAD'}; https.request(options, (res) => {tokens=res.headers.location.split('/'); console.log(tokens[tokens.length-1]); res.req.destroy()}).end();"
+    else
+      fail "curl or node required"
+    fi
+  }
+
+  function maybe_install_packages() {
+    if command -v apt-get > /dev/null
+    then
+      # Debian
+      if ! dpkg --status "$@" > /dev/null
+      then
+        apt-get update
+        apt-get install --no-install-recommends --yes --quiet "$@"
+      fi
+    elif command -v apk > /dev/null
+    then
+      # Alpine
+      if ! apk info --installed "$@" > /dev/null
+      then
+        apk add --no-cache "$@"
+      fi
+    else
+      log_error "... didn't find any supported package manager to install $*"
+      exit 1
+    fi
+  }
+
   function extract_release_config_from_package_json() {
     package_json="./package.json"
     if [[ -f "${package_json}" ]]; then
@@ -556,13 +605,16 @@ stages:
     fi
   }
 
-  function install_yq() {
+  function maybe_install_yq() {
     if ! command -v yq > /dev/null
     then
-      yq_binary=$1
-      yq_version=$2
+      yq_version=$(github_get_latest_version mikefarah/yq)
+      yq_binary=yq_linux_amd64
       yq_url="https://github.com/mikefarah/yq/releases/download/${yq_version}/${yq_binary}.tar.gz"
-      wget -q "${yq_url}" -O - | tar xz && mv "${yq_binary}" /usr/bin/yq
+      log_info "Download latest jq version: \\e[32m$yq_url\\e[0m"
+      download_file "${yq_url}" "${yq_binary}.tar.gz"
+      tar xvf "${yq_binary}.tar.gz"
+      mv "${yq_binary}" /usr/bin/yq
     fi
   }
 
@@ -687,8 +739,10 @@ stages:
   before_script:
     - !reference [.semrel-scripts]
     - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
+    # install git and OpenSSH
+    - maybe_install_packages ca-certificates git openssh-client
+    - maybe_install_yq
     - cd "${SEMREL_CONFIG_DIR}"
-    - install_yq "yq_linux_amd64" "v4.21.1"
     - prepare_semantic_release
     - install_semantic_release_plugins
   cache: