chgl · chgl · Sep 11, 2024 · Sep 11, 2024
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -14,10 +14,10 @@ concurrency:
 jobs:
   lint:
     runs-on: ubuntu-22.04
-    container: ghcr.io/chgl/kube-powertools:v2.3.16@sha256:b6a3c4e90c464625993680560780f2888f6df75b6564066cc51aea7a67c67074
+    container: ghcr.io/chgl/kube-powertools:v2.3.21@sha256:9595148518325737dc2a05a536759686cdec656ae5c0d63c46e6dacd3bb04c8b
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
         with:
           egress-policy: audit # change to 'egress-policy: block' after couple of runs
           disable-sudo: true
@@ -84,7 +84,7 @@ jobs:
         k8s-version: [1.28.9, 1.29.4, 1.30.2]
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
         with:
           egress-policy: audit # change to 'egress-policy: block' after couple of runs
           disable-sudo: true
@@ -124,7 +124,7 @@ jobs:
     if: ${{ false }}
     needs:
       - test
-    container: ghcr.io/chgl/kube-powertools:v2.3.16@sha256:b6a3c4e90c464625993680560780f2888f6df75b6564066cc51aea7a67c67074
+    container: ghcr.io/chgl/kube-powertools:v2.3.21@sha256:9595148518325737dc2a05a536759686cdec656ae5c0d63c46e6dacd3bb04c8b
     permissions:
       pull-requests: write
       contents: write

diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -51,7 +51,7 @@ jobs:
       # Upload MegaLinter artifacts
       - name: Archive production artifacts
         if: ${{ always() }}
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: MegaLinter reports
           path: |

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -12,7 +12,7 @@ permissions: read-all
 jobs:
   release:
     runs-on: ubuntu-22.04
-    container: ghcr.io/chgl/kube-powertools:v2.3.16@sha256:b6a3c4e90c464625993680560780f2888f6df75b6564066cc51aea7a67c67074
+    container: ghcr.io/chgl/kube-powertools:v2.3.21@sha256:9595148518325737dc2a05a536759686cdec656ae5c0d63c46e6dacd3bb04c8b
     permissions:
       contents: write
       packages: write
@@ -46,7 +46,7 @@ jobs:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
+        uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
 
       - name: Login to GitHub Container Registry
         run: |

diff --git a/.github/workflows/scorecards.yaml b/.github/workflows/scorecards.yaml
@@ -59,14 +59,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
         with:
           sarif_file: results.sarif
diff --git a/README.md b/README.md
@@ -39,7 +39,7 @@ helm repo update
 1. Mount the folder in the [kube-powertools](https://github.com/chgl/kube-powertools) container to easily run linters and checks
 
    ```sh
-   docker run --rm -it -v $PWD:/root/workspace ghcr.io/chgl/kube-powertools:v2.3.16@sha256:b6a3c4e90c464625993680560780f2888f6df75b6564066cc51aea7a67c67074
+   docker run --rm -it -v $PWD:/root/workspace ghcr.io/chgl/kube-powertools:v2.3.21@sha256:9595148518325737dc2a05a536759686cdec656ae5c0d63c46e6dacd3bb04c8b
    ```
 
 1. Run chart-testing and the `chart-powerlint.sh` script to lint the chart
@@ -51,7 +51,7 @@ helm repo update
 1. (Optional) View the results of the [polaris audit check](https://github.com/FairwindsOps/polaris) in your browser
 
    ```sh
-   $ docker run --rm -it -p 9090:8080 -v $PWD:/root/workspace ghcr.io/chgl/kube-powertools:v2.3.16@sha256:b6a3c4e90c464625993680560780f2888f6df75b6564066cc51aea7a67c67074
+   $ docker run --rm -it -p 9090:8080 -v $PWD:/root/workspace ghcr.io/chgl/kube-powertools:v2.3.21@sha256:9595148518325737dc2a05a536759686cdec656ae5c0d63c46e6dacd3bb04c8b
    bash-5.0: helm template charts/fhir-server/ | polaris dashboard --config=.polaris.yaml --audit-path=-
    ```
 

diff --git a/charts/fhir-server-exporter/Chart.lock b/charts/fhir-server-exporter/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.21.0
-digest: sha256:fa5421cd14dfb0777043fe7cf2ffd8c39732d6ed3b5561625565324233a3c602
-generated: "2024-08-06T12:28:31.742032583Z"
+  version: 2.22.0
+digest: sha256:e7943933f1fa37825f9ace8d83ecf7a67e6a7a62bf643bfe7a829c3c73f723fb
+generated: "2024-09-11T16:24:37.936995771Z"
diff --git a/charts/fhir-server-exporter/Chart.yaml b/charts/fhir-server-exporter/Chart.yaml
@@ -16,8 +16,8 @@ kubeVersion: ">= 1.19.0"
 dependencies:
   - name: common
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 2.21.0
-version: 1.1.2
+    version: 2.22.0
+version: 1.1.3
 appVersion: 2.x
 annotations:
   artifacthub.io/license: Apache-2.0

diff --git a/charts/fhir-server-exporter/values.yaml b/charts/fhir-server-exporter/values.yaml
@@ -27,7 +27,7 @@ replicaCount: 1
 image: # +doc-gen:ignore
   registry: ghcr.io
   repository: chgl/fhir-server-exporter
-  tag: v2.3.7@sha256:3a368d8e8ca496b3a5347c4a52e789806252c232efd38746a55fbc2780756ed7
+  tag: v2.3.11@sha256:a29bb6ea53f6b5b78ca0797991327b46deae9db755a995dbbbc3a6ee2051e9f3
   pullPolicy: IfNotPresent
 
 imagePullSecrets: []
@@ -130,7 +130,7 @@ curl: # +doc-gen:ignore
   image:
     registry: docker.io
     repository: curlimages/curl
-    tag: 8.9.1@sha256:8addc281f0ea517409209f76832b6ddc2cabc3264feb1ebbec2a2521ffad24e4
+    tag: 8.10.0@sha256:a3838a5cf24fe940ec63e98fc37ce1dbe1d43286dc2b803c5bc5e9f067c7ad6d
 
 podDisruptionBudget:
   # create a PodDisruptionBudget resource for the pods

diff --git a/charts/fhir-server/Chart.lock b/charts/fhir-server/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.21.0
-digest: sha256:fa5421cd14dfb0777043fe7cf2ffd8c39732d6ed3b5561625565324233a3c602
-generated: "2024-08-06T12:28:20.62309043Z"
+  version: 2.22.0
+digest: sha256:e7943933f1fa37825f9ace8d83ecf7a67e6a7a62bf643bfe7a829c3c73f723fb
+generated: "2024-09-11T16:24:39.31425694Z"
diff --git a/charts/fhir-server/Chart.yaml b/charts/fhir-server/Chart.yaml
@@ -10,12 +10,12 @@ maintainers:
 sources:
   - https://github.com/microsoft/fhir-server
 type: application
-version: 0.11.1
+version: 0.11.2
 deprecated: false
 dependencies:
   - name: common
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 2.21.0
+    version: 2.22.0
 annotations:
   artifacthub.io/changes: |-
     # When using the list of objects option the valid supported kinds are

diff --git a/charts/fhir-server/values.yaml b/charts/fhir-server/values.yaml
@@ -7,7 +7,7 @@ replicaCount: 1
 image: # +doc-gen:ignore
   registry: mcr.microsoft.com
   repository: healthcareapis/r4-fhir-server
-  tag: 4.0.218@sha256:d3f817db5215bd99df6e0285c1e7d295391622f0b0a4aa5723a2733c23cd6ab0
+  tag: 4.0.242@sha256:ce7f41002f6f3e28b249bf8f6cdc27129575daf783c9ffbbf8067806d5519a7d
   pullPolicy: IfNotPresent
 
 imagePullSecrets: []
@@ -186,7 +186,7 @@ curl: # +doc-gen:ignore
   image:
     registry: docker.io
     repository: curlimages/curl
-    tag: 8.9.1@sha256:8addc281f0ea517409209f76832b6ddc2cabc3264feb1ebbec2a2521ffad24e4
+    tag: 8.10.0@sha256:a3838a5cf24fe940ec63e98fc37ce1dbe1d43286dc2b803c5bc5e9f067c7ad6d
 
 tests:
   automountServiceAccountToken: false

diff --git a/charts/magnifhir/Chart.lock b/charts/magnifhir/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.21.0
-digest: sha256:fa5421cd14dfb0777043fe7cf2ffd8c39732d6ed3b5561625565324233a3c602
-generated: "2024-08-06T12:28:11.68708045Z"
+  version: 2.22.0
+digest: sha256:e7943933f1fa37825f9ace8d83ecf7a67e6a7a62bf643bfe7a829c3c73f723fb
+generated: "2024-09-11T16:24:40.641350181Z"
diff --git a/charts/magnifhir/Chart.yaml b/charts/magnifhir/Chart.yaml
@@ -17,8 +17,8 @@ deprecated: false
 dependencies:
   - name: common
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 2.21.0
-version: 1.3.1
+    version: 2.22.0
+version: 1.3.2
 appVersion: 1.x
 annotations:
   artifacthub.io/license: Apache-2.0

diff --git a/charts/magnifhir/values.yaml b/charts/magnifhir/values.yaml
@@ -192,7 +192,7 @@ curl: # +doc-gen:ignore
   image:
     registry: docker.io
     repository: curlimages/curl
-    tag: 8.9.1@sha256:8addc281f0ea517409209f76832b6ddc2cabc3264feb1ebbec2a2521ffad24e4
+    tag: 8.10.0@sha256:a3838a5cf24fe940ec63e98fc37ce1dbe1d43286dc2b803c5bc5e9f067c7ad6d
 
 tests:
   automountServiceAccountToken: false

diff --git a/charts/ohdsi/Chart.lock b/charts/ohdsi/Chart.lock
@@ -1,9 +1,9 @@
 dependencies:
 - name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 15.5.20
+  version: 15.5.29
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.21.0
-digest: sha256:539525341a172f753f4a618d822f93ef57850da313e2aa530b3b53b81d357eee
-generated: "2024-08-06T12:28:02.557387211Z"
+  version: 2.22.0
+digest: sha256:d059c425c43273232c511d931f30d74c2208a323bff6663be534c83848248e68
+generated: "2024-09-11T16:24:41.366476083Z"
diff --git a/charts/ohdsi/Chart.yaml b/charts/ohdsi/Chart.yaml
@@ -15,16 +15,16 @@ maintainers:
   - name: chgl
 dependencies:
   - name: postgresql
-    version: 15.5.20
+    version: 15.5.29
     repository: oci://registry-1.docker.io/bitnamicharts
     condition: postgresql.enabled
   - name: common
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 2.21.0
+    version: 2.22.0
 icon: https://avatars.githubusercontent.com/u/6570077
 deprecated: false
 kubeVersion: ">= 1.19.0"
-version: 0.24.1
+version: 0.24.2
 annotations:
   artifacthub.io/license: Apache-2.0
   artifacthub.io/containsSecurityUpdates: "false"

diff --git a/charts/ohdsi/values.yaml b/charts/ohdsi/values.yaml
@@ -51,12 +51,12 @@
        #       GRANT ohdsi_admin TO ohdsi_admin_user;
        #       GRANT ALL ON DATABASE ${POSTGRES_DB} TO GROUP ohdsi_admin;
        #   EOSQL
    # extraEnvVars:
    #   - name: OHDSI_ADMIN_PASSWORD
    #     value: admin1

 # container security context applied to init containers and the Helm test pods
 restrictedContainerSecurityContext: # +doc-gen:ignore
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: true
  privileged: false
@@ -75,7 +75,7 @@
  # number of pod replicas for the WebAPI
  replicaCount: 1
  # the WebAPI image
  image: # +doc-gen:ignore
    registry: docker.io
    repository: ohdsi/webapi
    tag: 2.14.0@sha256:582b59b186fde5936081c1df6e41cba53e45e112d5b4875ddfda1e4dee4b2981
@@ -84,10 +84,10 @@
  waitForDatabaseInitContainer:
    # image to use for the init container which waits until the database
    # is ready to accept connections
     image: # +doc-gen:ignore
       registry: docker.io
       repository: bitnami/postgresql
-      tag: 16.3.0-debian-12-r23@sha256:865e341baf49006e32b3e72254a15a81c939178cb9c48fcd9faf1c0ac4b49664
+      tag: 16.4.0-debian-12-r8@sha256:ea86e5cf1702db4c1d2ce3e03dd4463274d96f83aa81f583352b6c88385be8b5
       pullPolicy: IfNotPresent
 
   serviceAccount:
@@ -188,7 +188,7 @@
    # fsGroup: 2000

  # security context for the WebAPI container
  securityContext: # +doc-gen:ignore
    allowPrivilegeEscalation: false
    capabilities:
      drop:
@@ -201,7 +201,7 @@
      type: RuntimeDefault

  # the service used to expose the WebAPI web port
  service: # +doc-gen:break
    type: ClusterIP
    port: 8080

@@ -226,14 +226,14 @@
  #   memory: 128Mi

  # readiness probe
  readinessProbe: # +doc-gen:ignore
    failureThreshold: 5
    initialDelaySeconds: 10
    periodSeconds: 15
    successThreshold: 1
    timeoutSeconds: 15
  # startup probe
  startupProbe: # +doc-gen:ignore
    failureThreshold: 10
    initialDelaySeconds: 60
    periodSeconds: 20
@@ -638,7 +638,7 @@
   image:
     registry: docker.io
     repository: curlimages/curl
-    tag: 8.9.1@sha256:8addc281f0ea517409209f76832b6ddc2cabc3264feb1ebbec2a2521ffad24e4
+    tag: 8.10.0@sha256:a3838a5cf24fe940ec63e98fc37ce1dbe1d43286dc2b803c5bc5e9f067c7ad6d
 
 tests:
   automountServiceAccountToken: false

diff --git a/charts/pathling-server/Chart.lock b/charts/pathling-server/Chart.lock
@@ -1,9 +1,9 @@
 dependencies:
 - name: minio
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 14.6.32
+  version: 14.7.7
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.21.0
-digest: sha256:ab434ae5ffa1351e5536615eb5982afea14166e2312a21b93e4f74c7d21c4416
-generated: "2024-08-06T12:27:52.310707703Z"
+  version: 2.22.0
+digest: sha256:7023ff091a91da611950e8043d8cac1bdb71f1eca189053f3eeb338fd12ce2c8
+generated: "2024-09-11T16:24:42.895058125Z"
diff --git a/charts/pathling-server/Chart.yaml b/charts/pathling-server/Chart.yaml
@@ -10,13 +10,13 @@ maintainers:
     url: https://github.com/chgl
 dependencies:
   - name: minio
-    version: 14.6.32
+    version: 14.7.7
     repository: oci://registry-1.docker.io/bitnamicharts
     condition: minio.enabled
   - name: common
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 2.21.0
-version: 0.8.1
+    version: 2.22.0
+version: 0.8.2
 appVersion: "7.x"
 annotations:
   artifacthub.io/license: Apache-2.0

diff --git a/charts/pathling-server/values.yaml b/charts/pathling-server/values.yaml
@@ -242,11 +242,11 @@
      podTemplate: {}

 # @ignored
 curl: # +doc-gen:ignore
   image:
     registry: docker.io
     repository: curlimages/curl
-    tag: 8.9.1@sha256:8addc281f0ea517409209f76832b6ddc2cabc3264feb1ebbec2a2521ffad24e4
+    tag: 8.10.0@sha256:a3838a5cf24fe940ec63e98fc37ce1dbe1d43286dc2b803c5bc5e9f067c7ad6d
 
 # -- container security context applied to init containers and the Helm test pods
 # @ignored