From db3684cc50ab87d8bedc1ffd9a23c878fc05cfe9 Mon Sep 17 00:00:00 2001
From: "codefresh-v2-pipelines[bot]"
 <109073600+codefresh-v2-pipelines[bot]@users.noreply.github.com>
Date: Thu, 9 Apr 2026 10:18:41 +0000
Subject: [PATCH 1/2] [cf-argocd-extras]chore: security fix

---
 charts/gitops-runtime/values.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml
index 30a2b6cb..c24ea892 100644
--- a/charts/gitops-runtime/values.yaml
+++ b/charts/gitops-runtime/values.yaml
@@ -136,7 +136,7 @@ global:
     image:
       registry: quay.io
       repository: codefresh/cf-argocd-extras
-      tag: "3190219"
+      tag: "06801ec"
     nodeSelector: {}
     tolerations: []
     affinity: {}
@@ -679,7 +679,7 @@ argo-gateway:
   image:
     registry: quay.io
     repository: codefresh/cf-argocd-extras
-    tag: "3190219"
+    tag: "06801ec"
   nodeSelector: {}
   tolerations: []
   affinity: {}

From 6f32707caafaac303caf51d5fc838e06e45adade Mon Sep 17 00:00:00 2001
From: andrii-codefresh <andrii@codefresh.io>
Date: Fri, 10 Apr 2026 17:25:29 +0300
Subject: [PATCH 2/2] fix high vulnerabilities in glibc, dpkg

---
 installer-image/Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile
index f35fe9f4..26a431a5 100644
--- a/installer-image/Dockerfile
+++ b/installer-image/Dockerfile
@@ -1,6 +1,7 @@
 # syntax=docker/dockerfile:1
 
-FROM octopusdeploy/dhi-golang:1.25-debian13-dev AS build
+# DHI source: https://hub.docker.com/repository/docker/octopusdeploy/dhi-golang/tags/1.25-debian13-dev
+FROM octopusdeploy/dhi-golang:1.25-debian13-dev@sha256:b2c03c829a4df4f724712501d18321e46a2ac770377f0b6e2f383bc9d02b99d3 AS build
 ARG TARGETARCH
 ARG CF_CLI_VERSION=v1.0.2
 RUN go install github.com/davidrjonas/semver-cli@latest \
@@ -9,7 +10,7 @@ ADD --unpack=true --chown=nonroot:nonroot --chmod=755 https://github.com/codefre
 
 
 # DHI source: https://hub.docker.com/repository/docker/octopusdeploy/dhi-debian-base/customizations/8106437942896324135
-FROM octopusdeploy/dhi-debian-base:trixie_cf-gitops-runtime-installer-debian13@sha256:e72836b4e4c408f04caf8ac6e34824d90e192b7cecedab9aeed647e14d0cd599 AS production
+FROM octopusdeploy/dhi-debian-base:trixie_cf-gitops-runtime-installer-debian13@sha256:ab35aedc53ad95d3a95094d6f2c9d052c2cdb43b605ce1f9a4ea677911373b99 AS production
 ARG TARGETARCH
 COPY --from=build --chown=nonroot:nonroot --chmod=755 /tmp/cf/cf-linux-${TARGETARCH} /usr/local/bin/cf
 COPY --from=build --chown=nonroot:nonroot --chmod=755 /tmp/semver-cli /usr/local/bin/semver-cli