From 4cb17b9c295814811dee8f3a73e7f00351c8e045 Mon Sep 17 00:00:00 2001
From: cf-ci-bot-v2 <cf-ci-bot-v2@codefresh.io>
Date: Fri, 31 Oct 2025 15:14:09 +0000
Subject: [PATCH] Update Chart.yaml and changelog for
 0.24/CR-31388-security-fix.0 release

---
 charts/gitops-runtime/Chart.yaml  | 138 +++++++++++++++++++++++++++++-
 charts/gitops-runtime/README.md   |  10 +--
 charts/gitops-runtime/values.yaml |   2 +-
 3 files changed, 143 insertions(+), 7 deletions(-)

diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml
index d06865cd..ce25607d 100644
--- a/charts/gitops-runtime/Chart.yaml
+++ b/charts/gitops-runtime/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.1.75
 description: A Helm chart for Codefresh gitops runtime
 name: gitops-runtime
-version: '0.25.0'
+version: '0.24/CR-31388-security-fix.0'
 home: https://github.com/codefresh-io/gitops-runtime-helm
 icon: https://avatars1.githubusercontent.com/u/11412079?v=3
 keywords:
@@ -14,8 +14,144 @@ maintainers:
 annotations:
   artifacthub.io/alternativeName: "codefresh-gitops-runtime"
   artifacthub.io/changes: |-
+    - kind: changed
+      description: '[gitops-operator]fix(CR-31388): security fixes'
+    - kind: changed
+      description: bumps argo helm chart to image that fixes validateDestination (#874)
+    - kind: changed
+      description: 'prepare-version(0.24.7): prepare chart content for release (#870)'
     - kind: changed
       description: 'fix(app-proxy): added missing eventbus list permissions (#865)'
+    - kind: changed
+      description: 'prepare-version(0.24.6): prepare chart content for release (#861)'
+    - kind: changed
+      description: upd cap-app-proxy (#864)
+    - kind: changed
+      description: 'chore(CR-31388): upd gitops-operator with security fixes (#859)'
+    - kind: changed
+      description: 'prepare-version(0.24.5): prepare chart content for release (#813)'
+    - kind: changed
+      description: bumps argo-helm chart to the version that bumps redis version to 8.2.2 (#844)
+    - kind: changed
+      description: upd cli-v2 , debian for installer (#850)
+    - kind: changed
+      description: use explicit app-proxy config.cors value if exist (#847)
+    - kind: changed
+      description: 'chore: update argocd-extras (#807)'
+    - kind: changed
+      description: 'chore[app-proxy]: bumps app-proxy to version 9621fba (#811)'
+    - kind: changed
+      description: 'chore[app-proxy]: bumps app-proxy to version 0eb07df (#810)'
+    - kind: changed
+      description: 'chore[app-proxy]: bumps app-proxy to version 5aaaae7 (#809)'
+    - kind: changed
+      description: 'prepare-version(0.24.4): prepare chart content for release (#783)'
+    - kind: changed
+      description: 'chore: bump app-proxy to 788a8d5 (#782)'
+    - kind: changed
+      description: 'fix: update image-enrichment images (#779)'
+    - kind: changed
+      description: 'feat: added runtime label to codefresh cm (#781)'
+    - kind: changed
+      description: 'prepare-version(0.24.3): prepare chart content for release (#748)'
+    - kind: changed
+      description: backport redis bump fix 0.24 (#770)
+    - kind: changed
+      description: 'fix: component-test gitea deployment (#766)'
+    - kind: changed
+      description: 'fix: app-proxy fails to report new and closed pr to product-components (#761)'
+    - kind: changed
+      description: '[gitops-operator]fix: promotions using pull requests do not resume after the pr has been merged (#753)'
+    - kind: changed
+      description: '[app-proxy]fix: git-source permissions are not being calculated for fine-grained tokens (#6683) (#749)'
+    - kind: changed
+      description: 'chore(CR-30960): update enrichment images tag (#747)'
+    - kind: changed
+      description: 'prepare-version(0.24.2): prepare chart content for release (#721)'
+    - kind: changed
+      description: Chore-30961 security argocd-exstras (#729)
+    - kind: changed
+      description: bump argo-rollouts (#731)
+    - kind: changed
+      description: Chore/cr 29689 argo events workflow update with security fixes (#727)
+    - kind: changed
+      description: 'fix: security vulnerability CVE-2025-55190 (#733)'
+    - kind: changed
+      description: Fix/svc-acc-pre-uninstall-hook (#728)
+    - kind: changed
+      description: updated sealed-secrets-controller (#723) (#724)
+    - kind: changed
+      description: 'fix: security fix: upgrade cli-v2 and debian versions (#718)'
+    - kind: changed
+      description: 'feat: update cap-app-proxy image tags to 1.3750.0 (#720)'
+    - kind: changed
+      description: 'prepare-version(0.24.1): prepare chart content for release (#715)'
+    - kind: changed
+      description: Chore/security 0 24 1 (#713)
+    - kind: changed
+      description: 'prepare-version(0.24.0): prepare chart content for release (#699)'
+    - kind: changed
+      description: 'Feat: OSS-522 cherry-pick sec advisory-ghsa-786q-9hcg-v9ff (#705)'
+    - kind: changed
+      description: 'feat: support single-namespaced runtime installation (#617)'
+    - kind: changed
+      description: 'prepare-version(0.23.3): prepare chart content for release (#695)'
+    - kind: changed
+      description: 'chore: update app-proxy image tags to 1.3727.0 and bump version to 0.23.3'
+    - kind: changed
+      description: update cli-v2 in installer - fix token validation code (#696)
+    - kind: changed
+      description: 'chore(app-proxy): update cap-app-proxy image tags to 1.3727.0 (#692)'
+    - kind: changed
+      description: ran prepare-release script
+    - kind: changed
+      description: updated changes
+    - kind: changed
+      description: updated nginx (#662)
+    - kind: changed
+      description: updated cli-v2, kubectl in runtime-installer (#661)
+    - kind: changed
+      description: using bitnamilegacy instead of bitnami (#653)
+    - kind: changed
+      description: 'chore(CR-30232): updated oauth2, golang.org/x/net, github.com/cloudflare (#639)'
+    - kind: changed
+      description: updated cspd enrichers (#652)
+    - kind: changed
+      description: updated changes
+    - kind: changed
+      description: 'fix(app-proxy): update cap-app-proxy image tags to 1.3718.0 (#678)'
+    - kind: changed
+      description: 'fix(app-proxy): update cap-app-proxy image tags to 1.3709.0 - simplify user cache (#673)'
+    - kind: changed
+      description: update Chart.yaml
+    - kind: changed
+      description: bumped app-proxy to 1.3707.0 closed ha gaps (#667)
+    - kind: changed
+      description: 'fix: remove checksum tests as they fail when chart version changes (#670)'
+    - kind: changed
+      description: 'chore: fix artifacthub changes'
+    - kind: changed
+      description: fix lint
+    - kind: changed
+      description: cleanup in changes
+    - kind: changed
+      description: create release 0.23 draft
+    - kind: changed
+      description: 'chore(app-proxy): update cap-app-proxy image tags to 1.3702.0 (#659)'
+    - kind: changed
+      description: 'chore(app-proxy): update cap-app-proxy image tags to 1.3701.0 (#654)'
+    - kind: changed
+      description: 'fix: support failing release if app sync fails (#645)'
+    - kind: changed
+      description: Updated gitops operator not to requeue on known release creation failures (#655)
+    - kind: changed
+      description: re-order Chart.yaml changes
+    - kind: changed
+      description: 'fix: update leader elector image tag to remove version prefix ''v'' (#651)'
+    - kind: changed
+      description: create release 0.23 draft
+    - kind: changed
+      description: create release 0.23 draft
 dependencies:
   - name: argo-cd
     repository: https://codefresh-io.github.io/argo-helm
diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md
index 7ff0d40d..77cfab45 100644
--- a/charts/gitops-runtime/README.md
+++ b/charts/gitops-runtime/README.md
@@ -1,5 +1,5 @@
 ## Codefresh gitops runtime
-![Version: 0.25.0](https://img.shields.io/badge/Version-0.25.0-informational?style=flat-square) ![AppVersion: 0.1.75](https://img.shields.io/badge/AppVersion-0.1.75-informational?style=flat-square)
+![Version: 0.24/CR-31388-security-fix.0](https://img.shields.io/badge/Version-0.24/CR--31388--security--fix.0-informational?style=flat-square) ![AppVersion: 0.1.75](https://img.shields.io/badge/AppVersion-0.1.75-informational?style=flat-square)
 
 ## Prerequisites
 
@@ -206,7 +206,7 @@ We have created a helper utility to resolve this issue:
 The utility is packaged in a container image. Below are instructions on executing the utility using Docker:
 
 ```
-docker run -v <output_dir>:/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.25.0 <local_registry>
+docker run -v <output_dir>:/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.24/CR-31388-security-fix.0 <local_registry>
 ```
 `output_dir` - is a local directory where the utility will output files. <br>
 `local_registry` - is your local registry where you want to mirror the images to
@@ -219,7 +219,7 @@ The utility will output 4 files into the folder:
 
 For usage with external ArgoCD run the utility with `EXTERNAL_ARGOCD` environment variable set to `true`.
 ```
-docker run -e EXTERNAL_ARGOCD=true  -v <output_dir>:/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.25.0 <local_registry>
+docker run -e EXTERNAL_ARGOCD=true  -v <output_dir>:/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.24/CR-31388-security-fix.0 <local_registry>
 ```
 
 ## Openshift
@@ -323,7 +323,7 @@ gitops-operator:
 | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use |
 | app-proxy.image.pullPolicy | string | `"IfNotPresent"` |  |
 | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` |  |
-| app-proxy.image.tag | string | `"9621fba"` |  |
+| app-proxy.image.tag | string | `"ac9a365"` |  |
 | app-proxy.imagePullSecrets | list | `[]` |  |
 | app-proxy.initContainer.command[0] | string | `"./init.sh"` |  |
 | app-proxy.initContainer.env | object | `{}` |  |
@@ -491,7 +491,7 @@ gitops-operator:
 | gitops-operator.enabled | bool | `true` |  |
 | gitops-operator.env.GITOPS_OPERATOR_VERSION | string | `"0.10.1"` |  |
 | gitops-operator.fullnameOverride | string | `""` |  |
-| gitops-operator.image | object | `{"registry":"quay.io","repository":"codefresh/codefresh-gitops-operator","tag":"8cbca33"}` | GitOps operator image |
+| gitops-operator.image | object | `{"registry":"quay.io","repository":"codefresh/codefresh-gitops-operator","tag":"e83eef7"}` | GitOps operator image |
 | gitops-operator.imagePullSecrets | list | `[]` |  |
 | gitops-operator.nameOverride | string | `""` |  |
 | gitops-operator.nodeSelector | object | `{}` |  |
diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml
index 7d85960a..af0918c8 100644
--- a/charts/gitops-runtime/values.yaml
+++ b/charts/gitops-runtime/values.yaml
@@ -235,7 +235,7 @@ sealed-secrets:
       cpu: 200m
       memory: 512Mi
 # *********************************************************************************************************************
-# DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-cd-8.0.6-10-cap-3.0.2-2025-10-24-afba3263/charts/argo-cd
+# DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-cd-8.0.6-14-cap-v3.1.5-2025-10-30-b969c2d8/charts/argo-cd
 # *********************************************************************************************************************
 argo-cd:
   enabled: true