diff --git a/.gitlab/merge_request_templates/new_feature.md b/.gitlab/merge_request_templates/new_feature.md
index 74abae94c94dc0768bb5c51fe51ad253fce113fe..491b7f98ded7e0da03d18c95978eafcb7d86619f 100644
--- a/.gitlab/merge_request_templates/new_feature.md
+++ b/.gitlab/merge_request_templates/new_feature.md
@@ -8,8 +8,8 @@ Closes #999
 ## Checklist
 
 * General:
-    * [ ] use [rules](https://docs.gitlab.com/ee/ci/yaml/#rules) instead of [only/except](https://docs.gitlab.com/ee/ci/yaml/#onlyexcept-advanced)
-    * [ ] optimized [cache](https://docs.gitlab.com/ee/ci/caching/) configuration (wherever applicable)
+    * [ ] use [rules](https://docs.gitlab.com/ci/yaml/#rules) instead of [only/except](https://docs.gitlab.com/ci/yaml/#onlyexcept-advanced)
+    * [ ] optimized [cache](https://docs.gitlab.com/ci/caching/) configuration (wherever applicable)
 * Publicly usable:
     * [ ] untagged runners
     * [ ] no proxy configuration but support `http_proxy`/`https_proxy`/`no_proxy`
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d426dfca9b4c333f7ba9e5d95fd492fdfeffad0f..5f01a106b8cb039bd9f76690670d181dd0fc9d5c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,39 @@
-# [3.12.0](https://git.code.tecnalia.dev/smartdatalab/public/ci-cd-components/semantic-release/compare/3.11.5...3.12.0) (2025-01-29)
+## [3.14.2](https://gitlab.com/to-be-continuous/semantic-release/compare/3.14.1...3.14.2) (2025-04-09)
+
+
+### Bug Fixes
+
+* prevent sem-rel from running in scheduled pipelines ([e872dc7](https://gitlab.com/to-be-continuous/semantic-release/commit/e872dc7b99b9a02d26e7994062a7d14978d60d6e))
+
+## [3.14.1](https://gitlab.com/to-be-continuous/semantic-release/compare/3.14.0...3.14.1) (2025-04-04)
+
+
+### Bug Fixes
+
+* **ca:** install ca-certs before importing custom CA certificates ([43e285f](https://gitlab.com/to-be-continuous/semantic-release/commit/43e285f57e203a0ac1b092731f5cdcbbecb291f3)), closes [#51](https://gitlab.com/to-be-continuous/semantic-release/issues/51)
+
+# [3.14.0](https://gitlab.com/to-be-continuous/semantic-release/compare/3.13.1...3.14.0) (2025-04-01)
+
+
+### Features
+
+* add inputs to overwrite plugins used in default config ([b7b2e0a](https://gitlab.com/to-be-continuous/semantic-release/commit/b7b2e0a468354b5c3190b8334b7ba06f449127c2))
+
+## [3.13.1](https://gitlab.com/to-be-continuous/semantic-release/compare/3.13.0...3.13.1) (2025-03-23)
+
+
+### Bug Fixes
+
+* unset vault variables for semrel ([712331d](https://gitlab.com/to-be-continuous/semantic-release/commit/712331d42158dc9611ea11755f486da8e5d4f8e6)), closes [#54](https://gitlab.com/to-be-continuous/semantic-release/issues/54)
+
+# [3.13.0](https://gitlab.com/to-be-continuous/semantic-release/compare/3.12.0...3.13.0) (2025-02-09)
+
+
+### Features
+
+* add extra CLI options to be passed to semantic-release ([090646b](https://gitlab.com/to-be-continuous/semantic-release/commit/090646b6844932fee4cad9fa05a216f007358b35))
+
+# [3.12.0](https://gitlab.com/to-be-continuous/semantic-release/compare/3.11.5...3.12.0) (2025-01-27)
 
 
 ### Features
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 1f8f9ed09a33b90b94e2ad78ee1ef3abeb05faca..32602a009e1b719a9e9573712b774afeabf9038c 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -61,7 +61,7 @@ To contribute:
 
 1. Create an issue describing the bug or enhancement you want to propose (select the right issue template).
 2. Make sure the issue has been reviewed and agreed.
-3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html) documentation).
+3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/user/project/repository/forking_workflow/) documentation).
    Don't hesitate to mark your MR as `Draft` as long as you think it's not ready to be reviewed.
 
 ### Git Commit Conventions
diff --git a/README.md b/README.md
index c54f041ac95c4ee0745400568b46190afe7e805a..7570e00947680cf06ba8832092fb05eb476bdc95 100644
--- a/README.md
+++ b/README.md
@@ -6,12 +6,12 @@ This project implements a GitLab CI/CD template to automate your versioning and
 * generate the changelog,
 * commit any changed resource to the Git repository,
 * create and push the Git tag,
-* publish the packages (in [GitLab](https://docs.gitlab.com/ee/user/project/releases/index.html) or any other package repository of your choice),
+* publish the packages (in [GitLab](https://docs.gitlab.com/user/project/releases/) or any other package repository of your choice),
 * any additional custom behavior you are able to script, triggered on the [release steps](https://semantic-release.gitbook.io/semantic-release/#release-steps).
 
 ## Usage
 
-This template can be used both as a [CI/CD component](https://docs.gitlab.com/ee/ci/components/#use-a-component) or using the legacy [`include:project`](https://docs.gitlab.com/ee/ci/yaml/index.html#includeproject) syntax.
+This template can be used both as a [CI/CD component](https://docs.gitlab.com/ci/components/#use-a-component) or using the legacy [`include:project`](https://docs.gitlab.com/ci/yaml/#includeproject) syntax.
 
 ### Use as a CI/CD component
 
@@ -20,7 +20,7 @@ Add the following to your `.gitlab-ci.yml`:
 ```yaml
 include:
   # 1: include the component
-  - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.12.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.14.2
     # 2: set/override component inputs
     inputs:
       changelog-enabled: true # ⚠ this is only an example
@@ -34,7 +34,7 @@ Add the following to your `.gitlab-ci.yml`:
 include:
   # 1: include the template
   - project: 'to-be-continuous/semantic-release'
-    ref: '3.12.0'
+    ref: '3.14.2'
     file: '/templates/gitlab-ci-semrel.yml'
 
 variables:
@@ -48,12 +48,12 @@ The semantic-release template uses some global configuration used throughout all
 
 | Input / Variable                                         | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | Default value                                 |
 | -------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- |
-| `image` / `SEMREL_IMAGE`                                 | The Docker image used to run semantic-release                                                                                                                                                                                                                                                                                                                                                                                                                                                        | `registry.hub.docker.com/library/node:lts-slim` |
+| `image` / `SEMREL_IMAGE`                                 | The Docker image used to run semantic-release                                                                                                                                                                                                                                                                                                                                                                                                                                                        | `registry.hub.docker.com/library/node:lts-slim` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-SEMREL_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-SEMREL_IMAGE) |
 | `version` / `SEMREL_VERSION`                             | The [semantic-release](https://www.npmjs.com/package/semantic-release) version to use                                                                                                                                                                                                                                                                                                                                                                                                                | `latest`                                      |
 | `exec-version` / `SEMREL_EXEC_VERSION`                   | The [@semantic-release/exec](https://www.npmjs.com/package/@semantic-release/exec) version to use                                                                                                                                                                                                                                                                                                                                                                                                    | `latest`                                      |
-| :lock: `GITLAB_TOKEN`                                    | A GitLab [project access token](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html) or [personal access token](https://docs.gitlab.com/ce/user/profile/personal_access_tokens.html) with `api`, `read_repository` and `write repository` scopes. :warning: This variable is **mandatory** and [defined by `semantic-release`](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/ci-configuration.md#push-access-to-the-remote-repository) itself. | _none_                                        |
-| :lock: `GIT_AUTHOR_EMAIL`                                | A Git author email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#verify-users) enabled for the project          | _none_                                        |
-| :lock: `GIT_COMMITTER_EMAIL`                             | A Git committer email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html#verify-users) enabled for the project       | _none_                                        |
+| :lock: `GITLAB_TOKEN`                                    | A GitLab [project access token](https://docs.gitlab.com/user/project/settings/project_access_tokens/) or [personal access token](https://docs.gitlab.com/user/profile/personal_access_tokens/) with `api`, `read_repository` and `write repository` scopes. :warning: This variable is **mandatory** and [defined by `semantic-release`](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/ci-configuration.md#push-access-to-the-remote-repository) itself. | _none_                                        |
+| :lock: `GIT_AUTHOR_EMAIL`                                | A Git author email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/user/project/settings/project_access_tokens/#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/user/project/repository/push_rules/#verify-users) enabled for the project          | _none_                                        |
+| :lock: `GIT_COMMITTER_EMAIL`                             | A Git committer email address associated with the `GITLAB_TOKEN` [bot user](https://docs.gitlab.com/user/project/settings/project_access_tokens/#bot-users-for-projects). This is [defined by `semantic-release`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#git-environment-variables) itself, and **required if** the [verify-user push rules](https://docs.gitlab.com/user/project/repository/push_rules/#verify-users) enabled for the project       | _none_                                        |
 | `config-dir` / `SEMREL_CONFIG_DIR`                       | directory containing your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#configuration-file)                                                                                                                                                                                                                                                                                                                                              | `.`                                           |
 | `required-plugins-file` / `SEMREL_REQUIRED_PLUGINS_FILE` | An optional file for additional npm packages to install                                                                                                                                                                                                                                                                                                                                                                                                                                              | `semrel-required-plugins.txt`                 |
 
@@ -85,18 +85,25 @@ If no configuration is found, the template will generate one with the following
 
 As specified in the previous chapter, these variables are only used to generated a `.releaserc` when no configuration is found in the repository.
 
-| Input / Variable                                       | Description                                                                                                                                                                                                                         | Default value                                                                                                                         |
-| ------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
-| `changelog-enabled` / `SEMREL_CHANGELOG_ENABLED`       | Add the [@semantic-release/changelog](https://github.com/semantic-release/changelog) plugin which will commit a changelog file in the repository if set to `true`.                                                                  | _none_                                                                                                                                |
-| `changelog-file` / `SEMREL_CHANGELOG_FILE`             | [changelogFile @semantic-release/changelog option](https://github.com/semantic-release/changelog#options).                                                                                                                          | _none_ (use the plugin default value which is `CHANGELOG.md`).                                                                        |
-| `changelog-title` / `SEMREL_CHANGELOG_TITLE`           | [changelogTitle @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). You might want to use markdown format (for example `# MyApp Changelog`).                                                | _none_                                                                                                                                |
-| `dry-run` / `SEMREL_DRY_RUN`                           | Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present.                                                                      | _none_                                                                                                                                |
-| `auto-release-enabled` / `SEMREL_AUTO_RELEASE_ENABLED` | When set to `true` the job start automatically. When not set (default), the job is manual.                                                                                                                                          | _none_                                                                                                                                |
-| `branches-ref` / `SEMREL_BRANCHES_REF`                 | Regular expression pattern matching branches from which releases should happen (should match your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#branches))              | `/^(master\|main)$/` |
-| `tag-format` / `SEMREL_TAG_FORMAT`                     | [tagFormat semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat). :warning: don't forget to double the `$` character so it is not interpreted by GitLab. | `$${version}`                                                                                                                         |
-| `hooks-dir` / `SEMREL_HOOKS_DIR`                       | [Hook scripts](#hook_scripts) folder.                                                                                                                                                                                               | `.`                                                                                                                                   |
-| `commit-message` / `SEMREL_COMMIT_MESSAGE`             | Add a custom commit message based on [semantic-release/git option](https://github.com/semantic-release/git#message).                                                                                                                | _none_ (uses semantic-release default commit message)                                                                                 |
-| `release-disabled` / `SEMREL_RELEASE_DISABLED`         | Disable this job.                                                                                                                                                                                                                   | _none_                                                                                                                                |
+| Input / Variable                                                           | Description                                                                                                                                                                                                                         | Default value                                                                                                                         |
+| -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
+| `changelog-enabled` / `SEMREL_CHANGELOG_ENABLED`                           | Add the [@semantic-release/changelog](https://github.com/semantic-release/changelog) plugin which will commit a changelog file in the repository if set to `true`.                                                                  | _none_                                                                                                                                |
+| `changelog-file` / `SEMREL_CHANGELOG_FILE`                                 | [changelogFile @semantic-release/changelog option](https://github.com/semantic-release/changelog#options).                                                                                                                          | _none_ (use the plugin default value which is `CHANGELOG.md`).                                                                        |
+| `changelog-title` / `SEMREL_CHANGELOG_TITLE`                               | [changelogTitle @semantic-release/changelog option](https://github.com/semantic-release/changelog#options). You might want to use markdown format (for example `# MyApp Changelog`).                                                | _none_                                                                                                                                |
+| `dry-run` / `SEMREL_DRY_RUN`                                               | Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present.                                                                      | _none_                                                                                                                                |
+| `extra-args` / `SEMREL_EXTRA_ARGS`                                         | [Extra options](https://semantic-release.gitbook.io/semantic-release/usage/configuration#options) to pass to semantic-release.                                                                                                      | _none_                                                                                                                                |
+| `auto-release-enabled` / `SEMREL_AUTO_RELEASE_ENABLED`                     | When set to `true` the job start automatically. When not set (default), the job is manual.                                                                                                                                          | _none_                                                                                                                                |
+| `branches-ref` / `SEMREL_BRANCHES_REF`                                     | Regular expression pattern matching branches from which releases should happen (should match your [semantic-release configuration](https://semantic-release.gitbook.io/semantic-release/usage/configuration#branches))              | `/^(master\|main)$/`                                                                                                                  |
+| `tag-format` / `SEMREL_TAG_FORMAT`                                         | [tagFormat semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat). :warning: don't forget to double the `$` character so it is not interpreted by GitLab. | `$${version}`                                                                                                                         |
+| `hooks-dir` / `SEMREL_HOOKS_DIR`                                           | [Hook scripts](#hook_scripts) folder.                                                                                                                                                                                               | `.`                                                                                                                                   |
+| `commit-message` / `SEMREL_COMMIT_MESSAGE`                                 | Add a custom commit message based on [semantic-release/git option](https://github.com/semantic-release/git#message).                                                                                                                | _none_ (uses semantic-release default commit message)                                                                                 |
+| `release-disabled` / `SEMREL_RELEASE_DISABLED`                             | Disable this job.                                                                                                                                                                                                                   | _none_                                                                                                                                |
+| `commit-analyzer-plugin` / `SEMREL_COMMIT_ANALYZER_PLUGIN`                 | NPM plugin name for the [commit-analyzer](https://github.com/semantic-release/commit-analyzer#commit-analyzer) plugin                                                                                                               | `@semantic-release/commit-analyzer`                                                                                                   |
+| `release-notes-generator-plugin` / `SEMREL_RELEASE_NOTES_GENERATOR_PLUGIN` | NPM plugin name for the [release-notes-generator](https://github.com/semantic-release/release-notes-generator#release-notes-generator) plugin                                                                                       | `@semantic-release/release-notes-generator`                                                                                           |
+| `gitlab-plugin` / `SEMREL_GITLAB_PLUGIN`                                   | NPM plugin name for the [gitlab](https://github.com/semantic-release/gitlab#semantic-releasegitlab) plugin                                                                                                                          | `@semantic-release/gitlab`                                                                                                            |
+| `changelog-plugin` / `SEMREL_CHANGELOG_PLUGIN`                             | NPM plugin name for the [changelog](https://github.com/semantic-release/changelog#semantic-releasechangelog) plugin                                                                                                                 | `@semantic-release/changelog`                                                                                                         |
+| `git-plugin` / `SEMREL_GIT_PLUGIN`                                         | NPM plugin name for the [git](https://github.com/semantic-release/git#semantic-releasegit) plugin                                                                                                                                   | `@semantic-release/git`                                                                                                               |
+| `exec-plugin` / `SEMREL_EXEC_PLUGIN`                                       | NPM plugin name for the [exec](https://github.com/semantic-release/exec#semantic-releaseexec) plugin                                                                                                                                | `@semantic-release/exec`                                                                                                              |
 | `semantic-release-job-tags` / `SEMANTIC_RELEASE_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]`            |
 
 #### Hook scripts
@@ -161,17 +168,17 @@ Parameters:
 
 #### Signing release commits with GPG
 
-For an introduction on commit signing, see [GitLab documentation](https://docs.gitlab.com/ee/user/project/repository/signed_commits/gpg.html).
+For an introduction on commit signing, see [GitLab documentation](https://docs.gitlab.com/user/project/repository/signed_commits/gpg/).
 
 To make semantic-release sign its commits, use the following variable.
 
 | Input / Variable            | Description                                                                                                                                                                                              | Default value |
 | --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
-| :lock: `SEMREL_GPG_SIGNKEY` | Path to the GPG signkey exported with `gpg --armor --export-secret-key`<br/>:warning: Declare as a masked [project variable of File type](https://docs.gitlab.com/ee/ci/variables/#cicd-variable-types). | _none_        |
+| :lock: `SEMREL_GPG_SIGNKEY` | Path to the GPG signkey exported with `gpg --armor --export-secret-key`<br/>:warning: Declare as a masked [project variable of File type](https://docs.gitlab.com/ci/variables/#cicd-variable-types). | _none_        |
 
 ### `semantic-release-info` job
 
-This job (disabled by default) runs `semantic-release` with `dry-run` mode in `.pre` stage to save the following variables as [dotenv artifact](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportsdotenv) making them available for the next pipeline stages:
+This job (disabled by default) runs `semantic-release` with `dry-run` mode in `.pre` stage to save the following variables as [dotenv artifact](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportsdotenv) making them available for the next pipeline stages:
 
 * `SEMREL_INFO_LAST_VERSION`: latest released version
 * `SEMREL_INFO_NEXT_VERSION`: next release version (based on actual commits and comments)
@@ -213,12 +220,12 @@ If the version of Semantic Release is pinned using [`SEMREL_VERSION`](#global-co
 
 Here are some advices about your **secrets** (variables marked with a :lock:):
 
-1. Manage them as [project or group CI/CD variables](https://docs.gitlab.com/ee/ci/variables/#for-a-project):
-    * [**masked**](https://docs.gitlab.com/ee/ci/variables/#mask-a-cicd-variable) to prevent them from being inadvertently
+1. Manage them as [project or group CI/CD variables](https://docs.gitlab.com/ci/variables/#for-a-project):
+    * [**masked**](https://docs.gitlab.com/ci/variables/#mask-a-cicd-variable) to prevent them from being inadvertently
       displayed in your job logs,
-    * [**protected**](https://docs.gitlab.com/ee/ci/variables/#protected-cicd-variables) if you want to secure some secrets
+    * [**protected**](https://docs.gitlab.com/ci/variables/#protected-cicd-variables) if you want to secure some secrets
       you don't want everyone in the project to have access to (for instance production secrets).
-2. In case a secret contains [characters that prevent it from being masked](https://docs.gitlab.com/ee/ci/variables/#mask-a-cicd-variable),
+2. In case a secret contains [characters that prevent it from being masked](https://docs.gitlab.com/ci/variables/#mask-a-cicd-variable),
   simply define its value as the [Base64](https://en.wikipedia.org/wiki/Base64) encoded value prefixed with `@b64@`:
   it will then be possible to mask it and the template will automatically decode it prior to using it.
 3. Don't forget to escape special characters (ex: `$` -> `$$`).
@@ -360,7 +367,7 @@ In order to be able to communicate with the Vault server, the variant requires t
 | :lock: `VAULT_ROLE_ID`              | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID                                                             | _none_                                                                     |
 | :lock: `VAULT_SECRET_ID`            | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID                                                           | _none_                                                                     |
 
-By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables.
+By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ci/secrets/id_token_authentication/). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables.
 
 #### Usage
 
@@ -382,9 +389,9 @@ With:
 ```yaml
 include:
   # main template
-  - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.12.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.14.2
   # Vault variant
-  - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel-vault@3.12.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel-vault@3.14.2
     inputs:
       vault-base-url: "https://vault.acme.host/v1"
       # audience claim for JWT
diff --git a/kicker.json b/kicker.json
index 1fc4dc569c109f5fef82a4ec293ade9404b58be3..71c08dd60bff47e228c7f6d7bba69007871a9d00 100644
--- a/kicker.json
+++ b/kicker.json
@@ -78,6 +78,11 @@
           "type": "boolean",
           "advanced": true
         },
+        {
+          "name": "SEMREL_EXTRA_ARGS",
+          "description": "[Extra options](https://semantic-release.gitbook.io/semantic-release/usage/configuration#options) to pass to semantic-release.",
+          "advanced": true
+        },
         {
           "name": "SEMREL_AUTO_RELEASE_ENABLED",
           "description": "When set the job start automatically. When not set (default), the job is manual.",
@@ -119,6 +124,42 @@
           "values": ["angular","codemirror","conventionalcommits","ember","eslint","express","jquery","jshint"],
           "default": "angular",          
           "advanced": true
+        },
+        {
+          "name": "SEMREL_COMMIT_ANALYZER_PLUGIN",
+          "description": "NPM plugin name for the commit-analyzer plugin.",
+          "default": "@semantic-release/commit-analyzer",
+          "advanced": true
+        },
+        {
+          "name": "SEMREL_RELEASE_NOTES_GENERATOR_PLUGIN",
+          "description": "NPM plugin name for the release-notes-generator plugin.",
+          "default": "@semantic-release/release-notes-generator",
+          "advanced": true
+        },
+        {
+          "name": "SEMREL_GITLAB_PLUGIN",
+          "description": "NPM plugin name for the gitlab plugin.",
+          "default": "@semantic-release/gitlab",
+          "advanced": true
+        },
+        {
+          "name": "SEMREL_CHANGELOG_PLUGIN",
+          "description": "NPM plugin name for the changelog plugin.",
+          "default": "@semantic-release/changelog",
+          "advanced": true
+        },
+        {
+          "name": "SEMREL_GIT_PLUGIN",
+          "description": "NPM plugin name for the git plugin.",
+          "default": "@semantic-release/git",
+          "advanced": true
+        },
+        {
+          "name": "SEMREL_EXEC_PLUGIN",
+          "description": "NPM plugin name for the exec plugin.",
+          "default": "@semantic-release/exec",
+          "advanced": true
         }
       ]
     },
diff --git a/templates/gitlab-ci-semrel-vault.yml b/templates/gitlab-ci-semrel-vault.yml
index ba9e553b6b82a621d2b1e9c822319c62d99c4c64..7947a846e77fa9304d66e441ed8212e151eba3ad 100644
--- a/templates/gitlab-ci-semrel-vault.yml
+++ b/templates/gitlab-ci-semrel-vault.yml
@@ -22,7 +22,7 @@ variables:
 .semrel-base:
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "semrel", "3.12.0"]
+      command: ["--service", "semrel", "3.14.2"]
     - name: "$TBC_VAULT_IMAGE"
       alias: "vault-secrets-provider"
   variables:
diff --git a/templates/gitlab-ci-semrel.yml b/templates/gitlab-ci-semrel.yml
index 1a2871462509ece3654b73d560c56acac3f8aae9..738d2645ff904f8537a736f652c7fe61791bf147 100644
--- a/templates/gitlab-ci-semrel.yml
+++ b/templates/gitlab-ci-semrel.yml
@@ -55,6 +55,9 @@ spec:
       description: For generated `.releaserc` file only. Activate the [dryRun semantic-release option](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) if present.
       type: boolean
       default: false
+    extra-args:
+      description: "[Extra options](https://semantic-release.gitbook.io/semantic-release/usage/configuration#options) to pass to semantic-release."
+      default: ''
     auto-release-enabled:
       description: When set the job start automatically. When not set (default), the job is manual.
       type: boolean
@@ -86,6 +89,24 @@ spec:
       - protected
       - all
       default: ''
+    commit-analyzer-plugin:
+      description: The npm plugin name for the commit-analyzer plugin. The default is `@semantic-release/commit-analyzer`
+      default: '@semantic-release/commit-analyzer'
+    release-notes-generator-plugin:
+      description: The npm plugin name for the release-notes-generator plugin. The default is `@semantic-release/release-notes-generator`
+      default: '@semantic-release/release-notes-generator'
+    gitlab-plugin:
+      description: The npm plugin name for the gitlab plugin. The default is `@semantic-release/gitlab`
+      default: '@semantic-release/gitlab'
+    changelog-plugin: 
+      description: The npm plugin name for the changelog plugin. The default is `@semantic-release/changelog`
+      default: '@semantic-release/changelog'
+    git-plugin:
+      description: The npm plugin name for the git plugin. The default is `@semantic-release/git`
+      default: '@semantic-release/git'
+    exec-plugin:
+      description: The npm plugin name for the exec plugin. The default is `@semantic-release/exec`
+      default: '@semantic-release/exec'
     semantic-release-job-tags:
       description: Tags to be used for selecting runners for the job
       type: array
@@ -139,12 +160,20 @@ variables:
   SEMREL_CHANGELOG_FILE: $[[ inputs.changelog-file ]]
   SEMREL_CHANGELOG_TITLE: $[[ inputs.changelog-title ]]
   SEMREL_DRY_RUN: $[[ inputs.dry-run ]]
+  SEMREL_EXTRA_ARGS: $[[ inputs.extra-args ]]
   SEMREL_AUTO_RELEASE_ENABLED: $[[ inputs.auto-release-enabled ]]
   SEMREL_COMMIT_MESSAGE: $[[ inputs.commit-message ]]
   SEMREL_RELEASE_DISABLED: $[[ inputs.release-disabled ]]
   SEMREL_INFO_ON: $[[ inputs.info-on ]]
   SEMREL_COMMIT_SPEC: $[[ inputs.commit-spec ]]
 
+  SEMREL_COMMIT_ANALYZER_PLUGIN: $[[ inputs.commit-analyzer-plugin ]]
+  SEMREL_RELEASE_NOTES_GENERATOR_PLUGIN: $[[ inputs.release-notes-generator-plugin ]]
+  SEMREL_GITLAB_PLUGIN: $[[ inputs.gitlab-plugin ]]
+  SEMREL_CHANGELOG_PLUGIN: $[[ inputs.changelog-plugin ]]
+  SEMREL_GIT_PLUGIN: $[[ inputs.git-plugin ]]
+  SEMREL_EXEC_PLUGIN: $[[ inputs.exec-plugin ]]
+
   # default production ref name (pattern)
   PROD_REF: /^(master|main)$/
   SEMREL_BRANCHES_REF: $[[ inputs.branches-ref ]]
@@ -507,11 +536,11 @@ stages:
           echo "tagFormat: '${SEMREL_TAG_FORMAT}'"
           echo ""
           echo "plugins: "
-          echo "  - - '@semantic-release/commit-analyzer'"
+          echo "  - - '${SEMREL_COMMIT_ANALYZER_PLUGIN}'"
           echo "${commitPresetConfig}"
-          echo "  - - '@semantic-release/release-notes-generator'"
+          echo "  - - '${SEMREL_RELEASE_NOTES_GENERATOR_PLUGIN}'"
           echo "${commitPresetConfig}"
-          echo "  - '@semantic-release/gitlab'"
+          echo "  - '${SEMREL_GITLAB_PLUGIN}'"
           echo "${changelogPluginConfig}"
           echo "${execPluginConfig}"
           echo "${gitPluginConfig}"
@@ -584,10 +613,10 @@ stages:
         if [[ -n "${SEMREL_CHANGELOG_TITLE}" ]]; then
           changeLogConfig=$(echo -e "${changeLogConfig:+${changeLogConfig}\n      }changelogTitle: '${SEMREL_CHANGELOG_TITLE}'")
         fi
-        echo "  - - '@semantic-release/changelog'"
+        echo "  - - '${SEMREL_CHANGELOG_PLUGIN}'"
         echo "    - ${changeLogConfig}"
       else
-        echo "  - '@semantic-release/changelog'"
+        echo "  - '${SEMREL_CHANGELOG_PLUGIN}'"
       fi
     else
       echo ""
@@ -598,7 +627,7 @@ stages:
   function generate_git_plugin_conf() {
     # git plugin has default changelog file as asset by default so
     # we need to add it explicitly if the user configured a custom changelogFile
-    echo "  - - '@semantic-release/git'"
+    echo "  - - '${SEMREL_GIT_PLUGIN}'"
     if [[ "${SEMREL_CHANGELOG_ENABLED}" = "true" ]] && [[ -n "${SEMREL_CHANGELOG_FILE}" ]]; then
       echo "    - assets:"
       echo "      - '${SEMREL_CHANGELOG_FILE}'"
@@ -656,7 +685,7 @@ stages:
       tabs="      "
     fi
     if [[ -n "${scriptsConfig}" ]]; then
-      echo "  - - '@semantic-release/exec'"
+      echo "  - - '${SEMREL_EXEC_PLUGIN}'"
       echo "${scriptsConfig}"
     else
       echo ""
@@ -730,9 +759,9 @@ stages:
       echo "# injected (replace your plugins) plugins by the template to generate dotenv"
       echo ""
       echo "plugins:"
-      echo "  - - '@semantic-release/commit-analyzer'"
+      echo "  - - '${SEMREL_COMMIT_ANALYZER_PLUGIN}'"
       echo "${commitPresetConfig}"
-      echo "  - - '@semantic-release/exec'"
+      echo "  - - '${SEMREL_EXEC_PLUGIN}'"
       echo "    - analyzeCommitsCmd: '\"${export_last_version_hook_script}\" \"\${lastRelease.version}\"'"
       echo "      verifyReleaseCmd: '\"${export_next_version_hook_script}\" \"\${nextRelease.version}\" \"\${nextRelease.type}\"'"
       echo ""
@@ -745,7 +774,7 @@ stages:
       cat ".releaserc"
     fi
 
-    npm install --global "semantic-release@${SEMREL_VERSION}" "@semantic-release/exec@${SEMREL_EXEC_VERSION}"
+    npm install --global "semantic-release@${SEMREL_VERSION}" "${SEMREL_EXEC_PLUGIN}@${SEMREL_EXEC_VERSION}"
     semantic-release --dry-run
 
     # Rollback temporary semantic-release configuration
@@ -791,6 +820,12 @@ stages:
     log_info "Commit signing setup complete."
   }
 
+  function clear_vault_env() {
+    # unset service container env when Vault variant is enabled (SemRel censors them all due to 'SECRET' in the name)
+    # shellcheck disable=SC2046
+    unset $(env | awk -F '=' '/^VAULT_SECRETS_PROVIDER_/{print $1}' | xargs)
+  }
+
   unscope_variables
   eval_all_secrets
 
@@ -800,16 +835,17 @@ stages:
   image: $SEMREL_IMAGE
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "semrel", "3.12.0"]
+      command: ["--service", "semrel", "3.14.2"]
   before_script:
     - !reference [.semrel-scripts]
-    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
     # install git and OpenSSH
     - maybe_install_packages ca-certificates git openssh-client gpg gpg-agent
+    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
     - maybe_install_yq
     - cd "${SEMREL_CONFIG_DIR}"
     - prepare_semantic_release
     - install_semantic_release_plugins
+    - clear_vault_env
   variables:
     # download cache
     XDG_CACHE_HOME: "$CI_PROJECT_DIR/.cache"
@@ -835,6 +871,8 @@ semantic-release-info:
     reports:
       dotenv: "${SEMREL_CONFIG_DIR}/semrel.out.env"
   rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+      when: never
     - if: $CI_COMMIT_TAG
       when: never
     - if: '$SEMREL_INFO_ON == "prod" && $CI_COMMIT_REF_NAME =~ $PROD_REF'
@@ -848,9 +886,11 @@ semantic-release:
   script:
     - configure_commit_signing
     - if [[ "$SEMREL_DRY_RUN" == "true" ]]; then dry_run_opt="--dry-run"; fi
-    - semantic-release ${TRACE:+--debug} --ci $dry_run_opt
+    - semantic-release ${TRACE:+--debug} --ci $dry_run_opt $SEMREL_EXTRA_ARGS
   dependencies: []
   rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+      when: never
     - if: '$SEMREL_RELEASE_DISABLED == "true"'
       when: never
     - if: $CI_COMMIT_TAG