Merge branch 'resolve-cve' into 'development'

Resolve CVE

See merge request !22

Dockerfile

@@ -3,7 +3,9 @@ ARG BASE_IMAGE=ironbank/google/distroless/static
 ARG BASE_TAG=nonroot
 
 FROM gcr.io/kaniko-project/executor:v1.6.0-debug as upstream
-FROM registry1.dso.mil/ironbank/redhat/ubi/ubi8:8.3 AS shell
+FROM registry1.dso.mil/ironbank/redhat/ubi/ubi8-minimal:8.4 AS shell
+
+RUN microdnf update -y
 
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 

renovate.json

 {
-  "assignees": [
-    "@vickie.shen"
-  ],
-  "baseBranches": [
-    "development"
-  ],
+  "extends": ["config:base"],
+  "baseBranches": ["development"],
   "regexManagers": [
     {
-      "fileMatch": [
-        "^Dockerfile$"
-      ],
-      "matchStrings": [
-        "version=\"(?<currentValue>.*?)\""
-      ],
-      "depNameTemplate": "gcr.io/kaniko-project/executor",
-      "datasourceTemplate": "docker"
-    },
-    {
-      "fileMatch": [
-        "^hardening_manifest.yaml$"
-      ],
-      "matchStrings": [
-        "org\\.opencontainers\\.image\\.version:\\s+\"(?<currentValue>.+?)\""
-      ],
-      "depNameTemplate": "gcr.io/kaniko-project/executor",
-      "datasourceTemplate": "docker"
-    },
-    {
-      "fileMatch": [
-        "^hardening_manifest.yaml$"
-      ],
+      "fileMatch": ["^hardening_manifest.yaml$"],
       "matchStrings": [
-        "tags:\\s+-\\s+\"(?<currentValue>.+?)\""
+        "tags:\\s+-\\s+\"(?<currentValue>.+?)\"",
+        "tag: .*:(?<currentValue>.*?)$",
+        "org\\.opencontainers\\.image\\.version:\\s+\"(?<currentValue>.+?)\"",
+        "url: docker://.*@(?<currentDigest>sha256:[a-f0-9]+)"
       ],
       "depNameTemplate": "gcr.io/kaniko-project/executor",
       "datasourceTemplate": "docker"