diff --git a/.github/workflows/dual-approval.yaml b/.github/workflows/dual-approval.yaml
index ea7cbc3..6b7966c 100644
--- a/.github/workflows/dual-approval.yaml
+++ b/.github/workflows/dual-approval.yaml
@@ -15,20 +15,15 @@ jobs:
   promotion-gate:
     name: Promotion Gate
     runs-on: ubuntu-latest
-    container: ubuntu:latest
     timeout-minutes: 5
 
     steps:
-      - name: Install dependencies
-        run: apt-get update -qq && apt-get install -y --no-install-recommends ca-certificates curl jq
-
       - name: Check promotion approval
         env:
           GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
           REPO: ${{ github.repository }}
           BASE_REF: ${{ github.base_ref }}
-          HEAD_REF: ${{ github.head_ref }}
         run: |
           if [ -z "${PR_NUMBER}" ] || [ "${PR_NUMBER}" = "null" ]; then
             echo "::notice::No PR number in context. Skipping promotion gate."
@@ -60,7 +55,10 @@ jobs:
               GATE_NAME="QA"
               # For plugin repos (Pipeline A), UAT approval is needed for uat→main
               # Check if the source branch is uat
-              SOURCE_REF="${HEAD_REF}"
+              SOURCE_REF=$(curl -sf \
+                -H "Authorization: token ${GITEA_TOKEN}" \
+                -H "Accept: application/json" \
+                "https://git.farh.net/api/v1/repos/${REPO}/pulls/${PR_NUMBER}" | jq -r '.head.ref')
 
               if [ "${SOURCE_REF}" = "uat" ]; then
                 REQUIRED_REVIEWER="pe_patty"
@@ -85,7 +83,8 @@ jobs:
           REVIEWS=$(curl -sf \
             -H "Authorization: token ${GITEA_TOKEN}" \
             -H "Accept: application/json" \
-            "https://git.farh.net/api/v1/repos/${REPO}/pulls/${PR_NUMBER}/reviews")
+            "https://git.farh.net/api/v1/repos/${REPO}/pulls/${PR_NUMBER}/reviews" \
+            | python3 -c 'import sys,json; json.dump(json.load(sys.stdin),sys.stdout)')
 
           if [ -z "${REVIEWS}" ] || [ "${REVIEWS}" = "null" ]; then
             echo "::warning::Could not fetch reviews for PR #${PR_NUMBER}."
@@ -111,4 +110,4 @@ jobs:
           else
             echo "Promotion gate failed: waiting for ${GATE_NAME} approval from ${REQUIRED_REVIEWER}."
             exit 1
-          fi
+          fi
\ No newline at end of file
diff --git a/artifacthub-pkg.yml b/artifacthub-pkg.yml
index 0b1fd2e..517b9c8 100644
--- a/artifacthub-pkg.yml
+++ b/artifacthub-pkg.yml
@@ -1,30 +1,28 @@
-version: "1.0.0"
+version: 1.0.1
 name: headlamp-polaris
 displayName: Polaris
-createdAt: "2026-02-05T19:00:00Z"
-description: >-
-  Surfaces Fairwinds Polaris audit results inside the Headlamp UI.
-  Shows cluster score, check summary, and per-namespace drill-downs
-  with per-resource pass/warning/danger breakdowns. Data is fetched
-  read-only via the Kubernetes service proxy to the Polaris dashboard.
-  Requires a Role granting `get` on `services/proxy` for the
-  `polaris-dashboard` service in the `polaris` namespace.
+createdAt: '2026-05-20T00:00:00Z'
+description: Surfaces Fairwinds Polaris audit results inside the Headlamp UI. Shows
+  cluster score, check summary, and per-namespace drill-downs with per-resource pass/warning/danger
+  breakdowns. Data is fetched read-only via the Kubernetes service proxy to the Polaris
+  dashboard. Requires a Role granting `get` on `services/proxy` for the `polaris-dashboard`
+  service in the `polaris` namespace.
 license: Apache-2.0
-homeURL: "https://github.com/privilegedescalation/headlamp-polaris-plugin"
-appVersion: "10.1.6"
+homeURL: https://github.com/privilegedescalation/headlamp-polaris-plugin
+appVersion: 10.1.6
 category: security
 keywords:
-  - polaris
-  - fairwinds
-  - security
-  - audit
-  - headlamp
-  - kubernetes
+- polaris
+- fairwinds
+- security
+- audit
+- headlamp
+- kubernetes
 links:
-  - name: Source
-    url: "https://github.com/privilegedescalation/headlamp-polaris-plugin"
-  - name: Polaris
-    url: "https://polaris.docs.fairwinds.com/"
+- name: Source
+  url: https://github.com/privilegedescalation/headlamp-polaris-plugin
+- name: Polaris
+  url: https://polaris.docs.fairwinds.com/
 install: |
   ## Installation
 
@@ -50,27 +48,34 @@ install: |
 
   For more information, see the [README](https://github.com/privilegedescalation/headlamp-polaris-plugin/blob/main/README.md).
 changes:
-  - kind: security
-    description: Patched 8 npm audit vulnerabilities via pnpm.overrides
-  - kind: added
-    description: Dual-approval required CI check — PRs must be approved by both CTO and QA before merge
-  - kind: added
-    description: ExemptionManager test suite — full coverage of annotation-based exemption flows
-  - kind: fixed
-    description: E2E infrastructure overhauled — ConfigMap volume mount replaces Dockerfile-based approach, tests run in privilegedescalation-dev namespace
-  - kind: fixed
-    description: E2E workflow uses token auth and waits for HTTP reachability before running tests
-  - kind: fixed
-    description: Added explicit direct devDependencies (typescript, eslint, prettier, @headlamp-k8s/eslint-config) to prevent phantom dep failures
-  - kind: changed
-    description: pnpm version pinned via packageManager field; GitHub Actions SHA-pinned via Renovate pinDigests
-  - kind: changed
-    description: v1.0.0 stable release — plugin API (routes, sidebar, settings schema, app bar action) is stable and will not change without a major version bump
+- kind: security
+  description: Patched 8 npm audit vulnerabilities via pnpm.overrides
+- kind: added
+  description: Dual-approval required CI check — PRs must be approved by both CTO
+    and QA before merge
+- kind: added
+  description: ExemptionManager test suite — full coverage of annotation-based exemption
+    flows
+- kind: fixed
+  description: E2E infrastructure overhauled — ConfigMap volume mount replaces Dockerfile-based
+    approach, tests run in privilegedescalation-dev namespace
+- kind: fixed
+  description: E2E workflow uses token auth and waits for HTTP reachability before
+    running tests
+- kind: fixed
+  description: Added explicit direct devDependencies (typescript, eslint, prettier,
+    @headlamp-k8s/eslint-config) to prevent phantom dep failures
+- kind: changed
+  description: pnpm version pinned via packageManager field; GitHub Actions SHA-pinned
+    via Renovate pinDigests
+- kind: changed
+  description: v1.0.0 stable release — plugin API (routes, sidebar, settings schema,
+    app bar action) is stable and will not change without a major version bump
 maintainers:
-  - name: privilegedescalation
-    email: "chris@farhood.org"
+- name: privilegedescalation
+  email: chris@farhood.org
 annotations:
-  headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.0/headlamp-polaris-1.0.0.tar.gz"
-  headlamp/plugin/version-compat: ">=0.26"
-  headlamp/plugin/archive-checksum: sha256:a165e871b40f11a44950aa9f10eb7f7883276f749026ae7a4f886278ecd9bd7d
-  headlamp/plugin/distro-compat: "in-cluster,web,desktop"
+  headlamp/plugin/archive-url: https://git.farh.net/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.1/headlamp-polaris-1.0.1.tar.gz
+  headlamp/plugin/version-compat: '>=0.26'
+  headlamp/plugin/archive-checksum: sha256:1e05d079c7032cf55ebde85e116cb65b686d207f4b6a3b0f716f0af93f933e7e
+  headlamp/plugin/distro-compat: in-cluster,web,desktop