diff --git a/deploy-renku/Dockerfile b/deploy-renku/Dockerfile
index 1855370..414239a 100644
--- a/deploy-renku/Dockerfile
+++ b/deploy-renku/Dockerfile
@@ -1,10 +1,8 @@
-FROM alpine/k8s:1.23.17
+FROM alpine/k8s:1.24.16
 
 # install dependencies
 COPY requirements.txt /
-RUN apk add --no-cache python3 docker jq && \
-    wget -O /usr/bin/yq "https://github.com/mikefarah/yq/releases/download/3.1.1/yq_linux_amd64" && \
-    chmod a+x /usr/bin/yq && \
+RUN apk add python3 docker jq yq && \
     pip3 install -r /requirements.txt
 
 COPY deploy-dev-renku.py entrypoint.sh /
diff --git a/deploy-renku/entrypoint.sh b/deploy-renku/entrypoint.sh
index 397a001..0d8090c 100755
--- a/deploy-renku/entrypoint.sh
+++ b/deploy-renku/entrypoint.sh
@@ -12,8 +12,14 @@ echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin
 # set up kube context and values file
 echo "$RENKUBOT_KUBECONFIG" > "$KUBECONFIG" && chmod 400 "$KUBECONFIG"
 
-# set up the values file
-printf "%s" "$RENKU_VALUES" | sed "s/<replace>/${RENKU_RELEASE}/" > $RENKU_VALUES_FILE
+export RENKU_VALUES_FILE="/renku-values.yaml"
+
+# merge the secret and clear value files
+printf "%s" "$RENKU_SECRET_VALUES" > $RENKU_VALUES_FILE
+yq eval-all --inplace '. as $item ireduce ({}; . * $item )' $RENKU_VALUES_FILE $RENKU_CLEAR_VALUES_FILE
+
+# replace the release name
+sed --in-place "s/<replace>/${RENKU_RELEASE}/" $RENKU_VALUES_FILE
 
 # register the GitLab app
 if test -n "$GITLAB_TOKEN" ; then
@@ -22,12 +28,12 @@ if test -n "$GITLAB_TOKEN" ; then
                         --data "name=${RENKU_RELEASE}" \
                         --data "redirect_uri=https://${RENKU_RELEASE}.dev.renku.ch/auth/realms/Renku/broker/dev-renku/endpoint https://${RENKU_RELEASE}.dev.renku.ch/api/auth/gitlab/token" \
                         --data "scopes=api read_user read_repository read_registry openid")
-  APP_ID=$(echo $gitlab_app | jq -r '.application_id')
-  APP_SECRET=$(echo $gitlab_app | jq -r '.secret')
+  export APP_ID=$(echo $gitlab_app | jq -r '.application_id')
+  export APP_SECRET=$(echo $gitlab_app | jq -r '.secret')
 
   # gateway gitlab app/secret
-  yq w -i $RENKU_VALUES_FILE "gateway.gitlabClientId" "$APP_ID"
-  yq w -i $RENKU_VALUES_FILE "gateway.gitlabClientSecret" "$APP_SECRET"
+  yq eval --inplace '.gateway.gitlabClientId = strenv(APP_ID)' $RENKU_VALUES_FILE
+  yq eval --inplace '.gateway.gitlabClientSecret = strenv(APP_SECRET)' $RENKU_VALUES_FILE
 fi
 
 # create namespace and ignore error in case it already exists
diff --git a/publish-chartpress-images/Dockerfile b/publish-chartpress-images/Dockerfile
index ea2d0f2..48d894a 100644
--- a/publish-chartpress-images/Dockerfile
+++ b/publish-chartpress-images/Dockerfile
@@ -1,10 +1,7 @@
 FROM docker:24.0.6-git
 
 # install dependencies
-# Note: Chartpress 0.7.0 is the latest version compatible until https://github.com/jupyterhub/chartpress/issues/118 is fixed
-RUN apk add python3 py-pip py3-ruamel.yaml && \
-    wget -O /usr/bin/yq "https://github.com/mikefarah/yq/releases/download/3.1.1/yq_linux_amd64" && \
-    chmod 0755 /usr/bin/yq && \
+RUN apk add python3 py-pip && \
     pip3 install -U pip chartpress==2.1.0 && \
     wget -O /tmp/helm.tar.gz "https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz" && \
     tar -xf /tmp/helm.tar.gz --strip-components=1 -C /usr/bin/ && \
diff --git a/rollout-renku-version/Dockerfile b/rollout-renku-version/Dockerfile
index 28ebd99..3773b63 100644
--- a/rollout-renku-version/Dockerfile
+++ b/rollout-renku-version/Dockerfile
@@ -1,11 +1,8 @@
-FROM python:3.7-alpine3.10
+FROM alpine:3.18
 
 # install dependencies
-RUN apk add --no-cache git bash && \
-    apk add --no-cache --virtual .build-deps gcc g++ make && \
-    wget -O /usr/bin/yq "https://github.com/mikefarah/yq/releases/download/v4.27.5/yq_linux_amd64" && \
-    chmod a+x /usr/bin/yq && \
-    apk del .build-deps
+RUN apk update && \
+    apk add --no-cache git bash yq
 
 COPY rollout-renku-deployment.sh /
 RUN chmod +x /rollout-renku-deployment.sh
diff --git a/rollout-renku-version/README.md b/rollout-renku-version/README.md
index 45e22f7..c214365 100644
--- a/rollout-renku-version/README.md
+++ b/rollout-renku-version/README.md
@@ -1,6 +1,6 @@
 # Action for updating component version
 
-This is a docker action that will update the Renku version (rollout) in the deployments managed by terraform.
+This is a docker action that will update the Renku version (rollout) in the deployments managed by Terraform.
 
 ## Sample usage
 
diff --git a/rollout-renku-version/rollout-renku-deployment.sh b/rollout-renku-version/rollout-renku-deployment.sh
index 9c1b90f..073aa80 100644
--- a/rollout-renku-version/rollout-renku-deployment.sh
+++ b/rollout-renku-version/rollout-renku-deployment.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-set -xe
+set -e
 
 if [ -z "$GITHUB_TOKEN" ]
 then
@@ -47,7 +47,7 @@ do
     # update renku version and push
     git checkout -b auto-update/${CHART_NAME}-${CHART_VERSION}-${cluster} ${UPSTREAM_BRANCH}
 
-    yq -i '.spec.chart.spec.version = strenv(CHART_VERSION)' $cluster_dir/main/charts/renku.yaml
+    yq eval --inplace '.spec.chart.spec.version = strenv(CHART_VERSION)' $cluster_dir/main/charts/renku.yaml
     sed -i "/Renku version/c\            ### Renku version $CHART_VERSION ($DATE)" $cluster_dir/main/charts/renku.yaml
     sed -i "/Release Notes/c\            See the [Release Notes](https://github.com/${GITHUB_REPOSITORY}/releases/tag/$CHART_VERSION)" $cluster_dir/main/charts/renku.yaml
 
diff --git a/update-component-version/Dockerfile b/update-component-version/Dockerfile
index 8579e27..ee320e3 100644
--- a/update-component-version/Dockerfile
+++ b/update-component-version/Dockerfile
@@ -1,12 +1,11 @@
-FROM python:3.7-alpine3.10
+FROM python:3.9-alpine3.18
 
 # install dependencies
-RUN apk add --no-cache git bash && \
-    apk add --no-cache --virtual .build-deps gcc g++ make && \
-    wget -O /usr/bin/yq "https://github.com/mikefarah/yq/releases/download/3.1.1/yq_linux_amd64" && \
-    chmod a+x /usr/bin/yq && \
-    pip install -U pip chartpress==2.1.0 six==1.16.0 && \
-    apk del .build-deps
+RUN apk add --no-cache git bash yq && \
+    pip install -U pip \
+    chartpress==2.1.0 \
+    'ruamel.yaml<0.17.10' \
+    'ruamel.yaml.clib<0.2.4'
 
 COPY update-upstream.sh /
 ENTRYPOINT [ "/update-upstream.sh" ]
diff --git a/update-component-version/update-upstream.sh b/update-component-version/update-upstream.sh
index e9f940c..53a8eb0 100755
--- a/update-component-version/update-upstream.sh
+++ b/update-component-version/update-upstream.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-set -xe
+set -e
 
 if [ -z "$GITHUB_TOKEN" ]
 then
@@ -21,7 +21,7 @@ COMPONENT_NAME=${COMPONENT_NAME:=$(echo $GITHUB_REPOSITORY | cut -d/ -f2)}
 
 # build this chart to get the version
 chartpress --skip-build $COMPONENT_TAG
-COMPONENT_VERSION=$(yq r helm-chart/${COMPONENT_NAME}/Chart.yaml version)
+COMPONENT_VERSION=$(yq eval '.version' helm-chart/${COMPONENT_NAME}/Chart.yaml)
 
 git clone --depth=1 --branch=${UPSTREAM_BRANCH} https://${GITHUB_TOKEN}@github.com/${UPSTREAM_REPO} upstream-repo
 
@@ -34,7 +34,7 @@ git config --global user.name "$GIT_USER"
 
 # update the chart requirements and push
 git checkout -b auto-update/${COMPONENT_NAME}-${COMPONENT_VERSION} ${UPSTREAM_BRANCH}
-yq m -x -i helm-chart/renku/values.yaml ../helm-chart/${COMPONENT_NAME}/values.yaml
+yq eval-all --inplace '. as $item ireduce ({}; . * $item )' helm-chart/renku/values.yaml ../helm-chart/${COMPONENT_NAME}/values.yaml
 
 git add helm-chart/renku/values.yaml
 git commit -m "chore: updating ${COMPONENT_NAME} version to ${COMPONENT_VERSION}"
diff --git a/update-renku-actions/Dockerfile b/update-renku-actions/Dockerfile
index d9edf3f..a4b9754 100644
--- a/update-renku-actions/Dockerfile
+++ b/update-renku-actions/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.15
+FROM alpine:3.18
 
 RUN apk add --no-cache yq
 COPY entrypoint.sh /