diff --git a/.secrets.baseline b/.secrets.baseline
index 46125ed1..3f7fda78 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "go.*|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-09-07T15:29:15Z",
+  "generated_at": "2024-05-01T16:13:08Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -116,7 +116,7 @@
         "hashed_secret": "2fcdc9b030c9199335a70152a475676b0413cb5c",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 12,
+        "line_number": 10,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -1170,7 +1170,7 @@
       }
     ]
   },
-  "version": "0.13.1+ibm.48.dss",
+  "version": "0.13.1+ibm.56.dss",
   "word_list": {
     "file": null,
     "hash": null
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4a758ba6..e998db92 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,11 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## v-next
 
+## v0.13.14
+
+* github.com/docker/docker update for CVE-2024-29018
+* golang.org/x/net update for CVE-2023-45288
+
 ## v0.13.13
 
 * start with go=toolset:1.20.12 also for the installer (consistency)
diff --git a/Makefile b/Makefile
index 57ca64dd..97fa69cd 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 GOFILES=$(shell find . -type f -name '*.go' -not -path "./code-generator/*" -not -path "./pkg/apis/*")
 GOPACKAGES=$(shell go list ./... | grep -v test/ | grep -v pkg/apis/)
 
-VERSION=v0.13.13
+VERSION=v0.13.14
 TAG=$(VERSION)
 GOTAGS='containers_image_openpgp'
 
@@ -125,5 +125,3 @@ code-generator:
 
 regenerate:
 	bash $(GOPATH)/pkg/mod/k8s.io/code-generator@v0.24.0/generate-groups.sh all github.com/IBM/portieris/pkg/apis/portieris.cloud.ibm.com/client github.com/IBM/portieris/pkg/apis portieris.cloud.ibm.com:v1
-
-
diff --git a/go.mod b/go.mod
index bdd390bc..11c86414 100644
--- a/go.mod
+++ b/go.mod
@@ -42,7 +42,7 @@ require (
 	github.com/containers/storage v1.40.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/distribution/reference v0.5.0 // indirect
-	github.com/docker/docker v24.0.7+incompatible // indirect
+	github.com/docker/docker v25.0.5+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.6.4 // indirect
 	github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
@@ -106,7 +106,7 @@ require (
 	github.com/ulikunitz/xz v0.5.10 // indirect
 	github.com/vbatts/tar-split v0.11.2 // indirect
 	go.mongodb.org/mongo-driver v1.11.2 // indirect
-	golang.org/x/net v0.22.0 // indirect
+	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
 	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/term v0.18.0 // indirect
diff --git a/go.sum b/go.sum
index e3e08da0..cca82ef5 100644
--- a/go.sum
+++ b/go.sum
@@ -340,6 +340,8 @@ github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r
 github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM=
 github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v25.0.5+incompatible h1:UmQydMduGkrD5nQde1mecF/YnSbTOaPeFIeP5C4W+DE=
+github.com/docker/docker v25.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
 github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o=
 github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
@@ -1266,6 +1268,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
 golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
diff --git a/helm/portieris/Chart.yaml b/helm/portieris/Chart.yaml
index a3099602..7c6a4ce1 100644
--- a/helm/portieris/Chart.yaml
+++ b/helm/portieris/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: portieris
-version: v0.13.13
+version: v0.13.14
 description: Admission Controller webhook for enforcing image trust in your cluster
 maintainers:
   - name: Stuart Hayton
diff --git a/helm/portieris/values.yaml b/helm/portieris/values.yaml
index 0490c3d3..212a87d5 100644
--- a/helm/portieris/values.yaml
+++ b/helm/portieris/values.yaml
@@ -15,7 +15,7 @@ image:
   host: icr.io/portieris
   pullSecret:
   image: portieris
-  tag: v0.13.13
+  tag: v0.13.14
   pullPolicy: Always
 
 service:
diff --git a/scripts/env.sh b/scripts/env.sh
index 61707a78..e471507e 100644
--- a/scripts/env.sh
+++ b/scripts/env.sh
@@ -2,15 +2,14 @@
 export PORTIERIS_PULL_APIKEY=
 export PORTIERIS_TESTIMAGE_APIKEY=
 # charts to test
-export VERSION=v0.13.13
-# image tag to test e.g. prep-v0.13.13
+export VERSION=v0.13.14
+# image tag to test e.g. prep-v0.13.14
 export TAG=
 
 # name of the secret used to pull portieris made from $REG and $PORTIERIS_PULL_APIKEY
-export PULLSECRET=portieris-test 
+export PULLSECRET=portieris-test
 export REG=icr.io
 export HUB=${REG}/registry-deploy
 
 # points to kube tests cluster (docker)
 export KUBECONFIG=~/.kube/config
-
diff --git a/test/e2e/testdata/deployment/dockerhub-nginx-unsigned.yaml b/test/e2e/testdata/deployment/dockerhub-nginx-unsigned.yaml
index 07e1ef4f..75843bf7 100644
--- a/test/e2e/testdata/deployment/dockerhub-nginx-unsigned.yaml
+++ b/test/e2e/testdata/deployment/dockerhub-nginx-unsigned.yaml
@@ -17,6 +17,6 @@ spec:
     spec:
       containers:
       - name: nginx
-        image: nginx:1.7.9
+        image: nginx:1.26.0
         ports:
-        - containerPort: 80
\ No newline at end of file
+        - containerPort: 80