chore: fix various security vulnerabilities in argo-workflows, cap-app-proxy, cf-argocd-extras, codefresh-gitops-operator, gitops-runtime-installer

vadim-kharin-codefresh · vadim-kharin-codefresh · commit 9ede062eac78 · 2026-05-15T12:17:49.000+03:00
diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml
@@ -25,7 +25,7 @@ dependencies:
     version: 9.5.11
   - name: argo-workflows
     repository: https://codefresh-io.github.io/argo-helm
-    version: 0.45.21-v3.6.7-cap-CR-38757
+    version: 0.45.22-v3.6.7-cap-CR-39681
     condition: argo-workflows.enabled
   - name: sealed-secrets
     repository: https://bitnami-labs.github.io/sealed-secrets/
diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml
@@ -136,7 +136,7 @@ global:
     image:
       registry: quay.io
       repository: codefresh/cf-argocd-extras
-      tag: "06801ec"
+      tag: "7d96f83"
     nodeSelector: {}
     tolerations: []
     affinity: {}
@@ -459,14 +459,14 @@ app-proxy:
           tag: 1.1.27-main
   image:
     repository: quay.io/codefresh/cap-app-proxy
-    tag: 1.4092.0
+    tag: 1.4093.0
     pullPolicy: IfNotPresent
   # -- Extra volume mounts for main container
   extraVolumeMounts: []
   initContainer:
     image:
       repository: quay.io/codefresh/cap-app-proxy-init
-      tag: 1.4092.0
+      tag: 1.4093.0
       pullPolicy: IfNotPresent
     command:
       - ./init.sh
@@ -647,7 +647,7 @@ gitops-operator:
   image:
     registry: quay.io
     repository: codefresh/codefresh-gitops-operator
-    tag: bc5c4eb
+    tag: 79a7f3b
   env:
     !!merge <<:
       - *otel-config
@@ -679,7 +679,7 @@ argo-gateway:
   image:
     registry: quay.io
     repository: codefresh/cf-argocd-extras
-    tag: "06801ec"
+    tag: "7d96f83"
   nodeSelector: {}
   tolerations: []
   affinity: {}
diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile
@@ -1,17 +1,17 @@
 # syntax=docker/dockerfile:1
 
 # DHI source: https://hub.docker.com/repository/docker/octopusdeploy/dhi-golang/tags/1.25-debian13-dev
-FROM octopusdeploy/dhi-golang:1.25-debian13-dev@sha256:b2c03c829a4df4f724712501d18321e46a2ac770377f0b6e2f383bc9d02b99d3 AS build
+FROM octopusdeploy/dhi-golang:1.25-debian13-dev@sha256:6ab2431d046a2e21dbcbcb5111e94bec59650d302ec0ac34e696e7e44f708044 AS build
 ARG TARGETARCH
-ARG CF_CLI_VERSION=v1.0.2
+ARG CF_CLI_VERSION=v1.0.3
 RUN go install github.com/davidrjonas/semver-cli@latest \
   && cp $GOPATH/bin/semver-cli /tmp/semver-cli
 RUN apt-get update && apt-get install -y --no-install-recommends sed && rm -rf /var/lib/apt/lists/*
 ADD --unpack=true --chown=nonroot:nonroot --chmod=755 https://github.com/codefresh-io/cli-v2/releases/download/${CF_CLI_VERSION}/cf-linux-${TARGETARCH}.tar.gz /tmp/cf/
 
 
 # DHI source: https://hub.docker.com/repository/docker/octopusdeploy/dhi-debian-base/customizations/8106437942896324135
-FROM octopusdeploy/dhi-debian-base:trixie_cf-gitops-runtime-installer-debian13@sha256:ab35aedc53ad95d3a95094d6f2c9d052c2cdb43b605ce1f9a4ea677911373b99 AS production
+FROM octopusdeploy/dhi-debian-base:trixie_cf-gitops-runtime-installer-debian13@sha256:3c5a8f5bf49a3777527797677b3c8c426b0a38a466f3a79f5e059b6adc21943d AS production
 ARG TARGETARCH
 COPY --from=build --chown=nonroot:nonroot --chmod=755 /tmp/cf/cf-linux-${TARGETARCH} /usr/local/bin/cf
 COPY --from=build --chown=nonroot:nonroot --chmod=755 /tmp/semver-cli /usr/local/bin/semver-cli
