diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index db380e60..8ee4b01a 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -67,6 +67,15 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: downgrade helm
+        shell: bash
+        run: |
+          rm /usr/local/bin/helm
+          curl -fsSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 > /tmp/helm.sh
+          chmod +x /tmp/helm.sh
+          /tmp/helm.sh --version v3.12.3
+          helm version
+
       - name: Set up chart-testing
         uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
 
diff --git a/.github/workflows/megalinter.yaml b/.github/workflows/megalinter.yaml
index da0d646c..7cd715b1 100644
--- a/.github/workflows/megalinter.yaml
+++ b/.github/workflows/megalinter.yaml
@@ -1,12 +1,14 @@
 ---
 # MegaLinter GitHub Action configuration file
-# More info at https://megalinter.io
+# More info at https://oxsecurity.github.io/megalinter
 name: MegaLinter
 
 on:
   # Trigger mega-linter at every push. Action will also be visible from Pull Requests to master
   pull_request:
-    branches: [master, main]
+    branches: [master]
+
+permissions: read-all
 
 env: # Comment env block if you do not want to apply fixes
   # Apply linter fixes configuration
@@ -18,39 +20,40 @@ concurrency:
   group: ${{ github.ref }}-${{ github.workflow }}
   cancel-in-progress: true
 
-permissions: read-all
-
 jobs:
   build:
     name: MegaLinter
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: write
     steps:
       # Git Checkout
       - name: Checkout Code
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
         with:
-          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
-          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+          fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances
 
       # MegaLinter
       - name: MegaLinter
         id: ml
         # You can override MegaLinter flavor used to have faster performances
-        # More info at https://megalinter.io/flavors/
-        uses: oxsecurity/megalinter@0d014ffdef3307ca4a4cd1ddf482fc4f05733d7c # tag=v7.0.4
+        # More info at https://oxsecurity.github.io/megalinter/flavors/
+        uses: oxsecurity/megalinter@a87b2872713c6bdde46d2473c5d7ed23e5752dc2 # v7.4.0
         env:
           # All available variables are described in documentation
-          # https://megalinter.io/configuration/
-          VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
+          # https://oxsecurity.github.io/megalinter/configuration/
+          VALIDATE_ALL_CODEBASE: "true"
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
 
       # Upload MegaLinter artifacts
       - name: Archive production artifacts
-        if: ${{ success() }} || ${{ failure() }}
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3
+        if: ${{ always() }}
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: MegaLinter reports
           path: |
-            report
+            megalinter-reports
             mega-linter.log
diff --git a/.mega-linter.yml b/.mega-linter.yml
index 3b45eb38..528d63c7 100644
--- a/.mega-linter.yml
+++ b/.mega-linter.yml
@@ -14,12 +14,13 @@ DISABLE_LINTERS:
   - REPOSITORY_DEVSKIM
   - SPELL_CSPELL
   - REPOSITORY_KICS
+  - SPELL_LYCHEE
 
 SHOW_ELAPSED_TIME: true
 FILEIO_REPORTER: false
 # DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass
 REPOSITORY_TRIVY_ARGUMENTS:
-  - "--severity='MEDIUM,HIGH,CRITICAL'"
+  - "--severity=MEDIUM,HIGH,CRITICAL"
 
 YAML_YAMLLINT_CONFIG_FILE: .yamllint.yaml
 
diff --git a/charts/fhir-pseudonymizer/Chart.yaml b/charts/fhir-pseudonymizer/Chart.yaml
index 7db964fb..ff38d774 100644
--- a/charts/fhir-pseudonymizer/Chart.yaml
+++ b/charts/fhir-pseudonymizer/Chart.yaml
@@ -10,7 +10,7 @@ dependencies:
     version: 1.2.7
     repository: oci://ghcr.io/miracum/charts
     condition: vfps.enabled
-version: 0.5.5
+version: 0.5.6
 annotations:
   artifacthub.io/license: Apache-2.0
   artifacthub.io/containsSecurityUpdates: "false"
@@ -22,4 +22,4 @@ annotations:
   # added, changed, deprecated, removed, fixed and security.
   artifacthub.io/changes: |
     - kind: changed
-      description: update vfps sub-chart to 1.2.7
+      description: update ghcr.io/miracum/fhir-pseudonymizer docker tag to v2.21.0
diff --git a/charts/fhir-pseudonymizer/values.yaml b/charts/fhir-pseudonymizer/values.yaml
index 9ee39bdf..9a4e4ce4 100644
--- a/charts/fhir-pseudonymizer/values.yaml
+++ b/charts/fhir-pseudonymizer/values.yaml
@@ -34,7 +34,7 @@ gpas:
 image: # +doc-gen:ignore
   registry: ghcr.io
   repository: miracum/fhir-pseudonymizer
-  tag: v2.20.0@sha256:8128ddc10f3abfcd59a32e2f90ddfa622b58ac6bda95182d056aa0c98411efa2
+  tag: v2.21.0@sha256:42a49e389f52f52ea8edad38ea276038681b4a317eca628c58f96894805d6a94
   pullPolicy: IfNotPresent
 
 metrics: