diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 503d659..86285bb 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,16 +1,15 @@
 ---
 name: Bug report
 about: Create a report to help us improve
-title: 'issue title'
-labels: 'bug'
-assignees: ''
-
+title: "issue title"
+labels: "bug"
+assignees: ""
 ---
 
 <!-- Thanks for filing an issue!
 Before hitting the button, please answer these questions.
 It's helpful to search the existing GitHub issues first.
-It's likely that another user has already reported the issue you're facing, or it's a known issue that we're already aware o. 
+It's likely that another user has already reported the issue you're facing, or it's a known issue that we're already aware o.
 
 Fill in as much of the template below as you can.
 The more information we have the better we can help you.
@@ -41,13 +40,10 @@ please put the output of it here
 
 **Which version of the chart**:
 
-
 **What happened**:
 
-
 **What you expected to happen**:
 
-
 **How to reproduce it** (as minimally and precisely as possible):
 
 <!--
@@ -63,5 +59,4 @@ helm install my-release kong-z/name-of-chart --version version --values values.y
 ```
 -->
 
-
 **Anything else we need to know**:
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 53d0618..ccea2e2 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -29,13 +29,15 @@ We would like these checks to pass before we even continue reviewing your change
 
 # Which issue this PR fixes
 
-*(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*
+_(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)_
 
 - fixes #
 
 # Special notes for your reviewer
 
 # Checklist
+
 <!-- [Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
+
 - [ ] [DCO](https://github.com/KongZ/charts/blob/main/CONTRIBUTING.md#sign-off-your-work) signed
 - [ ] Chart Version bumped
diff --git a/.github/workflows/chart-testing.yaml b/.github/workflows/chart-testing.yaml
index fb406ee..39dec24 100644
--- a/.github/workflows/chart-testing.yaml
+++ b/.github/workflows/chart-testing.yaml
@@ -2,20 +2,34 @@ name: Lint and Test Charts
 
 on: pull_request
 
+permissions:
+  actions: read
+  attestations: none
+  checks: write
+  contents: write
+  deployments: read
+  id-token: none
+  issues: none
+  packages: none
+  pages: write
+  pull-requests: read
+  security-events: read
+  statuses: read
+
 jobs:
   lint-test:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Fetch history
         run: git fetch --prune --unshallow
 
       - name: Set up Helm
-        uses: azure/setup-helm@v1.1
+        uses: azure/setup-helm@v4.3.0
         with:
-          version: v3.5.1
+          version: v3.13.3
 
       - name: Add dependency chart repos
         run: |
@@ -24,12 +38,12 @@ jobs:
           helm repo add kongz https://charts.kong-z.com
           helm repo add opensearch https://opensearch-project.github.io/helm-charts/
 
-      - uses: actions/setup-python@v2.2.2
+      - uses: actions/setup-python@v5
         with:
-          python-version: 3.7
+          python-version: "3.13"
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.1.0
+        uses: helm/chart-testing-action@v2.7.0
 
       - name: Run chart-testing (list-changed)
         id: list-changed
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 61d0adf..6c23536 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -5,17 +5,31 @@ name: Lint Code Base
 
 on: pull_request
 
+permissions:
+  actions: read
+  attestations: none
+  checks: write
+  contents: write
+  deployments: none
+  id-token: none
+  issues: none
+  packages: none
+  pages: write
+  pull-requests: read
+  security-events: read
+  statuses: read
+
 jobs:
   build:
     name: Lint Code Base
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Lint Code Base
-        uses: github/super-linter@v4
+        uses: github/super-linter@v7
         env:
           VALIDATE_ALL_CODEBASE: false
           VALIDATE_YAML: false
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 7740fc2..9ada921 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -5,6 +5,20 @@ on:
     branches:
       - main
 
+permissions:
+  actions: read
+  attestations: none
+  checks: write
+  contents: write
+  deployments: write
+  id-token: none
+  issues: none
+  packages: none
+  pages: write
+  pull-requests: read
+  security-events: read
+  statuses: read
+
 jobs:
   release:
     # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
@@ -14,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -24,9 +38,9 @@ jobs:
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
       - name: Install Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@v4.3.0
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.2.1
+        uses: helm/chart-releaser-action@v1.7.0
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/sync-readme.yaml b/.github/workflows/sync-readme.yaml
index fe85f1c..cba3a67 100644
--- a/.github/workflows/sync-readme.yaml
+++ b/.github/workflows/sync-readme.yaml
@@ -1,17 +1,32 @@
 on:
   push:
     branches:
-      - 'main'
+      - "main"
     paths:
-      - 'README.md'
+      - "README.md"
+
+permissions:
+  actions: read
+  attestations: none
+  checks: write
+  contents: write
+  deployments: read
+  id-token: none
+  issues: none
+  packages: none
+  pages: write
+  pull-requests: read
+  security-events: read
+  statuses: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - run: |
           cp -f README.md ${{ runner.temp }}/README.md
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           ref: gh-pages
       - run: |
@@ -20,4 +35,4 @@ jobs:
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
           git add README.md
           git commit --signoff -m "Sync README from main"
-          git push
\ No newline at end of file
+          git push