From 8b4c58d99ad0ebe5c10a0ad7b44f9eff0feff746 Mon Sep 17 00:00:00 2001
From: Matthew Chum <mchum@securitycompass.com>
Date: Tue, 25 May 2021 21:10:53 -0400
Subject: [PATCH] Addressing findings

---
 Dockerfile              |  4 ++--
 README.md               |  4 ++--
 hardening_manifest.yaml | 10 +++++-----
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index cc013d6..51b7bc4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,7 +5,7 @@ ARG BASE_TAG=14.16.0
 # Friends don't let friends bloat containers
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as extractor
 
-ARG sde_version=5.13.35
+ARG sde_version=5.13.38
 
 COPY /"sde-reporting-${sde_version}.tgz" /
 
@@ -16,7 +16,7 @@ RUN set -x \
 
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
-ARG sde_version=5.13.35
+ARG sde_version=5.13.38
 
 COPY --from=extractor /sde/package/environmentVariables.js /reporting/environmentVariables.js
 COPY --from=extractor /sde/package/index.js /reporting/index.js
diff --git a/README.md b/README.md
index 18b20db..86096a0 100644
--- a/README.md
+++ b/README.md
@@ -10,14 +10,14 @@ This container hosts the SDElements Reporting module using CubeJS to serve repor
 
     ```bash
     # SDE
-    wget --http-user=user --ask-password https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.35.tgz
+    wget --http-user=user --ask-password https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.38.tgz
     ```
 
 2. Use this command to build locally:
 
     ```bash
     clear && \
-    export sde_version='5.13.35' && \
+    export sde_version='5.13.38' && \
     docker build . -t localhost/security-compass/sd-elements/reporting:"local" \
         --build-arg sde_version="${sde_version}"
     ```
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index b62796c..1954129 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -8,7 +8,7 @@ name: "security-compass/sd-elements/mod_wsgi"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dsop.io
 tags:
-- "5.13.35"
+- "5.13.38"
 - "latest"
 
 # Build args passed to Dockerfile ARGs
@@ -29,7 +29,7 @@ labels:
   # Name of the distributing entity, organization or individual
   org.opencontainers.image.vendor: "Security Compass Ltd."
   # Authoritative version of the software
-  org.opencontainers.image.version: "5.13.35"
+  org.opencontainers.image.version: "5.13.38"
   # Keywords to help with search (ex. "cicd,gitops,golang")
   mil.dso.ironbank.image.keywords: "webserver,cubejs,nodejs,security,appsec,code,secure"
   # This value can be "opensource" or "commercial"
@@ -39,11 +39,11 @@ labels:
 
 # List of resources to make available to the offline build context
 resources:
-  - url: "https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.35.tgz"
-    filename: "sde-reporting-5.13.35.tgz"
+  - url: "https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.38.tgz"
+    filename: "sde-reporting-5.13.38.tgz"
     validation:
       type: sha256
-      value: "5c5b372d9a116b101efca03604c7b905cabf528f9458f4c44be4bbbe88eb736f"
+      value: "3ed328fd4f9ebafc01cb44b91abc29466af9bd8c42c6069bbaa6d142d878bf11"
     auth:
       type: "basic"
       id: "scompass-credential"
-- 
GitLab