From ad7813961fe775adeaf2c4f52ce3bb43c50dfae0 Mon Sep 17 00:00:00 2001 From: Bolo Michelin Date: Fri, 28 Apr 2023 12:26:44 -0400 Subject: [PATCH 1/3] Setup Brakeman --- .gitignore | 2 ++ Gemfile | 1 + Gemfile.lock | 26 ++++++++++++++++++++++++++ 3 files changed, 29 insertions(+) diff --git a/.gitignore b/.gitignore index fc84d3c74..293571ffe 100644 --- a/.gitignore +++ b/.gitignore @@ -27,6 +27,8 @@ cdxapi/ebin cdxapi/log VERSION +.overcommit.yml + /etc/shapes/* /public/polygons/* /public/nndd diff --git a/Gemfile b/Gemfile index 5ff64d8f5..efd810539 100644 --- a/Gemfile +++ b/Gemfile @@ -110,6 +110,7 @@ group :development do gem 'spring-commands-rspec' gem 'spring-watcher-listen', '~> 2.0.0' gem 'web-console', '< 4.0' # last version to support ruby 2.4 / rails 5 + gem 'brakeman-lib' end group :development, :test do diff --git a/Gemfile.lock b/Gemfile.lock index 558592b29..fc36a9aa5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -110,6 +110,17 @@ GEM bindex (0.8.1) binding_of_caller (0.8.0) debug_inspector (>= 0.0.1) + brakeman-lib (4.6.1) + erubis (~> 2.6) + haml (>= 3.0, < 5.0) + highline (~> 2.0) + ruby2ruby (~> 2.4.0) + ruby_parser (~> 3.13) + ruby_parser-legacy (~> 1.0) + safe_yaml (>= 1.0) + sexp_processor (~> 4.7) + slim (>= 1.3.6, <= 4.0.1) + terminal-table (~> 1.4) builder (3.2.4) byebug (11.1.3) capybara (3.17.0) @@ -272,6 +283,7 @@ GEM railties (>= 4.0.1) hashdiff (1.0.1) hashie (5.0.0) + highline (2.1.0) html2haml (2.3.0) erubis (~> 2.7.0) haml (>= 4.0) @@ -479,11 +491,17 @@ GEM rspec-mocks (~> 3.9.0) rspec-support (~> 3.9.0) rspec-support (3.9.4) + ruby2ruby (2.4.4) + ruby_parser (~> 3.1) + sexp_processor (~> 4.6) ruby_parser (3.19.2) sexp_processor (~> 4.16) + ruby_parser-legacy (1.0.0) + ruby_parser (~> 3.13) rubyzip (2.3.2) rufus-scheduler (3.8.2) fugit (~> 1.1, >= 1.1.6) + safe_yaml (1.0.5) sass (3.7.4) sass-listen (~> 4.0.0) sass-listen (4.0.0) @@ -518,6 +536,9 @@ GEM capybara (~> 3.15) site_prism-all_there (>= 0.3.1, < 1.0) site_prism-all_there (0.3.2) + slim (4.0.1) + temple (>= 0.7.6, < 0.9) + tilt (>= 2.0.6, < 2.1) spring (2.1.1) spring-commands-parallel-tests (1.0.1) spring (>= 0.9.1) @@ -533,6 +554,9 @@ GEM actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) + temple (0.8.2) + terminal-table (1.8.0) + unicode-display_width (~> 1.1, >= 1.1.1) thor (1.2.1) thread_safe (0.3.6) tilt (2.0.11) @@ -549,6 +573,7 @@ GEM unf (0.1.4) unf_ext unf_ext (0.0.8.2) + unicode-display_width (1.8.0) warden (1.2.9) rack (>= 2.0.9) web-console (3.7.0) @@ -575,6 +600,7 @@ DEPENDENCIES aws-sdk (~> 1.6) barby (~> 0.6) base58 (~> 0.1) + brakeman-lib capybara (~> 3.17.0) capybara-screenshot (~> 1.0) cdx! From 6b25e63e605c08bc46f685a0aebe01cfbba641c7 Mon Sep 17 00:00:00 2001 From: Bolo Michelin Date: Fri, 26 May 2023 09:32:49 -0400 Subject: [PATCH 2/3] Add Brakeman Action --- .github/workflows/test.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1c32b677c..9c64e7abe 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -94,3 +94,14 @@ jobs: name: | unit_tests_coverage integration_tests_coverage + + brakeman: + runs-on: ubuntu-latest + needs: setup + steps: + - uses: actions/checkout@v3 + - run: docker compose build web + - uses: ./.github/actions/gems-cache + + - name: Security audit application code + run: docker compose run --rm -- From 019305e5aa05881fda5ca6efabcfe1863c78a1a2 Mon Sep 17 00:00:00 2001 From: Bolo Michelin Date: Fri, 26 May 2023 11:45:40 -0400 Subject: [PATCH 3/3] Update Gem --- Gemfile.lock | 722 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 722 insertions(+) create mode 100644 Gemfile.lock diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 000000000..a32a46496 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,722 @@ +GIT + remote: https://github.com/instedd/cdx-sync-server.git + revision: 2e453e4e0c71b42fdf82d0893cd4950b3638ea5e + branch: master + specs: + cdx-sync-server (0.0.0) + filewatcher (= 0.3.6) + +GIT + remote: https://github.com/instedd/geojson_import + revision: 322cf11df38a4e4a625bc41bfbf9f16b0c0ffde8 + branch: master + specs: + geojson_import (0.0.4) + +GIT + remote: https://github.com/instedd/paperclip + revision: 909ed091f80c763f9da8ae6cca4f2a93e49d7a69 + branch: fix/v4.3.6-no-mimemagic + specs: + paperclip (4.3.6) + activemodel (>= 3.2.0) + activesupport (>= 3.2.0) + cocaine (~> 0.5.5) + mime-types + +GIT + remote: https://github.com/instedd/ruby-location_service.git + revision: 736ca8174c37e1eda94f5573d614a92b6d742ab9 + branch: master + specs: + location_service (0.1.0) + rest-client (~> 2.0) + +GIT + remote: https://github.com/manastech/rails-view_components.git + revision: 59861a6e716944441b4cd5e584bb3f36d0a7c37e + branch: master + specs: + view_components (0.1.0) + rails + +PATH + remote: . + specs: + cdx (0.0.1) + activesupport + cdx-api-elasticsearch (0.0.1) + activesupport + cdx + elasticsearch + +GEM + remote: https://rubygems.org/ + remote: https://rails-assets.org/ + specs: + actioncable (5.0.7.2) + actionpack (= 5.0.7.2) + nio4r (>= 1.2, < 3.0) + websocket-driver (~> 0.6.1) + actionmailer (5.0.7.2) + actionpack (= 5.0.7.2) + actionview (= 5.0.7.2) + activejob (= 5.0.7.2) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 2.0) + actionpack (5.0.7.2) + actionview (= 5.0.7.2) + activesupport (= 5.0.7.2) + rack (~> 2.0) + rack-test (~> 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.0.7.2) + activesupport (= 5.0.7.2) + builder (~> 3.1) + erubis (~> 2.7.0) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.0.7.2) + activesupport (= 5.0.7.2) + globalid (>= 0.3.6) + activemodel (5.0.7.2) + activesupport (= 5.0.7.2) + activerecord (5.0.7.2) + activemodel (= 5.0.7.2) + activesupport (= 5.0.7.2) + arel (~> 7.0) + activesupport (5.0.7.2) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + addressable (2.8.4) + public_suffix (>= 2.0.2, < 6.0) + arel (7.1.4) + ast (2.4.2) + aws-sdk (1.67.0) + aws-sdk-v1 (= 1.67.0) + aws-sdk-v1 (1.67.0) + json (~> 1.4) + nokogiri (~> 1) + babel-source (5.8.35) + babel-transpiler (0.7.0) + babel-source (>= 4.0, < 6) + execjs (~> 2.0) + backports (3.24.1) + barby (0.6.8) + base58 (0.2.3) + bcrypt (3.1.18) + bindex (0.8.1) + binding_of_caller (0.8.0) + debug_inspector (>= 0.0.1) + brakeman-lib (4.6.1) + erubis (~> 2.6) + haml (>= 3.0, < 5.0) + highline (~> 2.0) + ruby2ruby (~> 2.4.0) + ruby_parser (~> 3.13) + ruby_parser-legacy (~> 1.0) + safe_yaml (>= 1.0) + sexp_processor (~> 4.7) + slim (>= 1.3.6, <= 4.0.1) + terminal-table (~> 1.4) + builder (3.2.4) + byebug (11.1.3) + capybara (3.17.0) + addressable + mini_mime (>= 0.1.3) + nokogiri (~> 1.8) + rack (>= 1.6.0) + rack-test (>= 0.6.3) + regexp_parser (~> 1.2) + xpath (~> 3.2) + capybara-screenshot (1.0.26) + capybara (>= 1.0, < 4) + launchy + childprocess (3.0.0) + chronic (0.10.2) + chunky_png (1.4.0) + climate_control (0.2.0) + cocaine (0.5.8) + climate_control (>= 0.0.3, < 1.0) + coderay (1.1.3) + coffee-rails (4.2.2) + coffee-script (>= 2.2.0) + railties (>= 4.0.0) + coffee-script (2.4.1) + coffee-script-source + execjs + coffee-script-source (1.12.2) + concurrent-ruby (1.2.2) + config (1.7.2) + activesupport (>= 3.0) + deep_merge (~> 1.2, >= 1.2.1) + dry-validation (~> 0.12, >= 0.12.2, < 1.0.0) + connection_pool (2.2.5) + crack (0.4.5) + rexml + crass (1.0.6) + css_parser (1.12.0) + addressable + csv_builder (2.1.3) + actionpack (>= 3.0.0) + cucumber (3.2.0) + builder (>= 2.1.2) + cucumber-core (~> 3.2.0) + cucumber-expressions (~> 6.0.1) + cucumber-wire (~> 0.0.1) + diff-lcs (~> 1.3) + gherkin (~> 5.1.0) + multi_json (>= 1.7.5, < 2.0) + multi_test (>= 0.1.2) + cucumber-core (3.2.1) + backports (>= 3.8.0) + cucumber-tag_expressions (~> 1.1.0) + gherkin (~> 5.0) + cucumber-expressions (6.0.1) + cucumber-rails (1.8.0) + capybara (>= 2.12, < 4) + cucumber (>= 3.0.2, < 4) + mime-types (>= 2.0, < 4) + nokogiri (~> 1.8) + railties (>= 4.2, < 7) + cucumber-tag_expressions (1.1.1) + cucumber-wire (0.0.1) + d3_rails (3.5.17) + railties (>= 3.1.0) + database_cleaner (1.99.0) + debug_inspector (1.1.0) + deep_merge (1.2.2) + devise (4.0.3) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 4.1.0, < 5.1) + responders + warden (~> 1.2.3) + devise-security (0.11.0) + devise (>= 3.0.0, < 5.0) + railties (>= 3.2.6, < 6.0) + devise_invitable (1.7.5) + actionmailer (>= 4.1.0) + devise (>= 4.0.0) + diff-lcs (1.5.0) + docile (1.3.5) + domain_name (0.5.20190701) + unf (>= 0.0.5, < 1.0.0) + doorkeeper (4.2.6) + railties (>= 4.2) + dotiw (3.1.1) + actionpack (>= 3) + i18n + dropzonejs-rails (0.8.5) + rails (> 3.1) + dry-configurable (0.11.6) + concurrent-ruby (~> 1.0) + dry-core (~> 0.4, >= 0.4.7) + dry-equalizer (~> 0.2) + dry-container (0.7.2) + concurrent-ruby (~> 1.0) + dry-configurable (~> 0.1, >= 0.1.3) + dry-core (0.4.9) + concurrent-ruby (~> 1.0) + dry-equalizer (0.3.0) + dry-inflector (0.2.0) + dry-logic (0.6.1) + concurrent-ruby (~> 1.0) + dry-core (~> 0.2) + dry-equalizer (~> 0.2) + dry-types (0.14.1) + concurrent-ruby (~> 1.0) + dry-container (~> 0.3) + dry-core (~> 0.4, >= 0.4.4) + dry-equalizer (~> 0.2) + dry-inflector (~> 0.1, >= 0.1.2) + dry-logic (~> 0.5, >= 0.5) + dry-validation (0.13.3) + concurrent-ruby (~> 1.0) + dry-configurable (~> 0.1, >= 0.1.3) + dry-core (~> 0.2, >= 0.2.1) + dry-equalizer (~> 0.2) + dry-logic (~> 0.5, >= 0.5.0) + dry-types (~> 0.14.0) + elasticsearch (1.1.3) + elasticsearch-api (= 1.1.3) + elasticsearch-transport (= 1.1.3) + elasticsearch-api (1.1.3) + multi_json + elasticsearch-transport (1.1.3) + faraday + multi_json + encryptor (2.0.0) + erubis (2.7.0) + et-orbi (1.2.7) + tzinfo + execjs (2.8.1) + faker (1.9.1) + i18n (>= 0.7) + faraday (0.17.6) + multipart-post (>= 1.2, < 3) + ffaker (2.11.0) + ffi (1.15.5) + filewatcher (0.3.6) + trollop (~> 2.0) + fugit (1.8.1) + et-orbi (~> 1, >= 1.2.7) + raabro (~> 1.4) + gherkin (5.1.0) + globalid (0.4.2) + activesupport (>= 4.2.0) + gon (6.4.0) + actionpack (>= 3.0.20) + i18n (>= 0.7) + multi_json + request_store (>= 1.0) + guid (0.1.1) + haml (4.0.7) + tilt + haml-rails (0.9.0) + actionpack (>= 4.0.1) + activesupport (>= 4.0.1) + haml (>= 4.0.6, < 5.0) + html2haml (>= 1.0.1) + railties (>= 4.0.1) + hashdiff (1.0.1) + hashie (5.0.0) + highline (2.1.0) + html2haml (2.3.0) + erubis (~> 2.7.0) + haml (>= 4.0) + nokogiri (>= 1.6.0) + ruby_parser (~> 3.5) + htmlentities (4.3.4) + http-accept (1.7.0) + http-cookie (1.0.5) + domain_name (~> 0.5) + i18n (1.13.0) + concurrent-ruby (~> 1.0) + interception (0.5) + jbuilder (2.11.5) + actionview (>= 5.0.0) + activesupport (>= 5.0.0) + jquery-rails (4.5.1) + rails-dom-testing (>= 1, < 3) + railties (>= 4.2.0) + thor (>= 0.14, < 2.0) + jquery-turbolinks (2.1.0) + railties (>= 3.1.0) + turbolinks + json (1.8.6) + jwt (2.3.0) + kaminari (0.17.0) + actionpack (>= 3.0.0) + activesupport (>= 3.0.0) + launchy (2.5.2) + addressable (~> 2.8) + leaflet-rails (0.7.7) + letter_opener (1.8.1) + launchy (>= 2.2, < 3) + libv8-node (15.14.0.1) + listen (3.0.8) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + lodash-rails (3.10.1) + railties (>= 3.1) + loofah (2.21.1) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + machinist (2.0) + mail (2.7.1) + mini_mime (>= 0.1.1) + method_source (1.0.0) + mime-types (3.4.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2023.0218.1) + mini_mime (1.1.2) + mini_portile2 (2.4.0) + mini_racer (0.4.0) + libv8-node (~> 15.14.0.0) + minitest (5.15.0) + multi_json (1.15.0) + multi_test (1.1.0) + multi_xml (0.6.0) + multipart-post (2.3.0) + mysql2 (0.5.5) + netrc (0.11.0) + nio4r (2.5.9) + nokogiri (1.10.10) + mini_portile2 (~> 2.4.0) + nuntium_api (0.21) + json + rest-client + oauth2 (1.4.11) + faraday (>= 0.17.3, < 3.0) + jwt (>= 1.0, < 3.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 4) + oj (2.17.2) + omniauth (1.9.2) + hashie (>= 3.4.6) + rack (>= 1.6.2, < 3) + omniauth-google-oauth2 (0.8.2) + jwt (>= 2.0) + oauth2 (~> 1.1) + omniauth (~> 1.1) + omniauth-oauth2 (>= 1.6) + omniauth-oauth2 (1.7.3) + oauth2 (>= 1.4, < 3) + omniauth (>= 1.9, < 3) + orm_adapter (0.5.0) + parallel (1.20.1) + parallel_tests (3.5.2) + parallel + paranoia (2.4.3) + activerecord (>= 4.0, < 6.2) + parser (3.2.2.1) + ast (~> 2.4.1) + pdf-core (0.7.0) + prawn (2.2.2) + pdf-core (~> 0.7.0) + ttfunk (~> 1.5) + prawn-svg (0.32.0) + css_parser (~> 1.6) + prawn (>= 0.11.1, < 3) + rexml (~> 3.2) + premailer (1.12.1) + addressable + css_parser (>= 1.6.0) + htmlentities (>= 4.0.0) + premailer-rails (1.9.7) + actionmailer (>= 3, < 6) + premailer (~> 1.7, >= 1.7.9) + pry (0.13.1) + coderay (~> 1.1) + method_source (~> 1.0) + pry-byebug (3.9.0) + byebug (~> 11.0) + pry (~> 0.13.0) + pry-rescue (1.5.2) + interception (>= 0.5) + pry (>= 0.12.0) + pry-stack_explorer (0.4.12) + binding_of_caller (~> 0.7) + pry (~> 0.13) + public_suffix (4.0.7) + puma (3.12.6) + raabro (1.4.0) + rack (2.2.7) + rack-protection (2.2.4) + rack + rack-test (0.6.3) + rack (>= 1.0) + rails (5.0.7.2) + actioncable (= 5.0.7.2) + actionmailer (= 5.0.7.2) + actionpack (= 5.0.7.2) + actionview (= 5.0.7.2) + activejob (= 5.0.7.2) + activemodel (= 5.0.7.2) + activerecord (= 5.0.7.2) + activesupport (= 5.0.7.2) + bundler (>= 1.3.0) + railties (= 5.0.7.2) + sprockets-rails (>= 2.0.0) + rails-assets-urijs (1.17.1) + rails-controller-testing (1.0.5) + actionpack (>= 5.0.1.rc1) + actionview (>= 5.0.1.rc1) + activesupport (>= 5.0.1.rc1) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.5.0) + loofah (~> 2.19, >= 2.19.1) + rails-i18n (5.1.3) + i18n (>= 0.7, < 2) + railties (>= 5.0, < 6) + railties (5.0.7.2) + actionpack (= 5.0.7.2) + activesupport (= 5.0.7.2) + method_source + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + rainbow (3.1.1) + rake (13.0.6) + rb-fsevent (0.11.2) + rb-inotify (0.10.1) + ffi (~> 1.0) + rchardet (1.8.0) + react-rails (1.3.3) + babel-transpiler (>= 0.7.0) + coffee-script-source (~> 1.8) + connection_pool + execjs + rails (>= 3.2) + tilt + recaptcha (4.14.0) + json + redis (3.3.5) + regexp_parser (1.8.2) + request_store (1.5.1) + rack (>= 1.4) + responders (3.0.1) + actionpack (>= 5.0) + railties (>= 5.0) + rest-client (2.1.0) + http-accept (>= 1.7.0, < 2.0) + http-cookie (>= 1.0.2, < 2.0) + mime-types (>= 1.16, < 4.0) + netrc (~> 0.8) + rexml (3.2.5) + rqrcode (0.10.1) + chunky_png (~> 1.0) + rspec (3.9.0) + rspec-core (~> 3.9.0) + rspec-expectations (~> 3.9.0) + rspec-mocks (~> 3.9.0) + rspec-collection_matchers (1.2.0) + rspec-expectations (>= 2.99.0.beta1) + rspec-core (3.9.3) + rspec-support (~> 3.9.3) + rspec-expectations (3.9.4) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.9.0) + rspec-mocks (3.9.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.9.0) + rspec-rails (3.9.1) + actionpack (>= 3.0) + activesupport (>= 3.0) + railties (>= 3.0) + rspec-core (~> 3.9.0) + rspec-expectations (~> 3.9.0) + rspec-mocks (~> 3.9.0) + rspec-support (~> 3.9.0) + rspec-support (3.9.4) + rubocop (1.12.1) + parallel (~> 1.10) + parser (>= 3.0.0.0) + rainbow (>= 2.2.2, < 4.0) + regexp_parser (>= 1.8, < 3.0) + rexml + rubocop-ast (>= 1.2.0, < 2.0) + ruby-progressbar (~> 1.7) + unicode-display_width (>= 1.4.0, < 3.0) + rubocop-ast (1.4.1) + parser (>= 2.7.1.5) + rubocop-performance (1.10.1) + rubocop (>= 0.90.0, < 2.0) + rubocop-ast (>= 0.4.0) + rubocop-rails (2.9.1) + activesupport (>= 4.2.0) + rack (>= 1.1) + rubocop (>= 0.90.0, < 2.0) + rubocop-rspec (2.2.0) + rubocop (~> 1.0) + rubocop-ast (>= 1.1.0) + ruby-progressbar (1.13.0) + ruby2ruby (2.4.4) + ruby_parser (~> 3.1) + sexp_processor (~> 4.6) + ruby_parser (3.19.2) + sexp_processor (~> 4.16) + ruby_parser-legacy (1.0.0) + ruby_parser (~> 3.13) + rubyzip (2.3.2) + rufus-scheduler (3.8.2) + fugit (~> 1.1, >= 1.1.6) + safe_yaml (1.0.5) + sass (3.7.4) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + sass-rails (5.0.7) + railties (>= 4.0.0, < 6) + sass (~> 3.1) + sprockets (>= 2.8, < 4.0) + sprockets-rails (>= 2.0, < 4.0) + tilt (>= 1.1, < 3) + selenium-webdriver (3.142.7) + childprocess (>= 0.5, < 4.0) + rubyzip (>= 1.2.2) + sentry-raven (2.13.0) + faraday (>= 0.7.6, < 1.0) + sexp_processor (4.16.1) + sidekiq (4.2.10) + concurrent-ruby (~> 1.0) + connection_pool (~> 2.2, >= 2.2.0) + rack-protection (>= 1.5.0) + redis (~> 3.2, >= 3.2.1) + sidekiq-cron (0.6.3) + rufus-scheduler (>= 3.3.0) + sidekiq (>= 4.2.1) + simplecov (0.18.5) + docile (~> 1.1) + simplecov-html (~> 0.11) + simplecov-html (0.12.3) + site_prism (3.7.3) + addressable (~> 2.6) + capybara (~> 3.15) + site_prism-all_there (>= 0.3.1, < 1.0) + site_prism-all_there (0.3.2) + slim (4.0.1) + temple (>= 0.7.6, < 0.9) + tilt (>= 2.0.6, < 2.1) + spring (2.1.1) + spring-commands-parallel-tests (1.0.1) + spring (>= 0.9.1) + spring-commands-rspec (1.0.4) + spring (>= 0.9.1) + spring-watcher-listen (2.0.1) + listen (>= 2.7, < 4.0) + spring (>= 1.2, < 3.0) + sprockets (3.7.2) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.2.2) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) + standard (1.0.5) + rubocop (= 1.12.1) + rubocop-performance (= 1.10.1) + temple (0.8.2) + terminal-table (1.6.0) + thor (1.2.2) + thread_safe (0.3.6) + tilt (2.0.11) + timecop (0.9.6) + trollop (2.9.10) + ttfunk (1.6.2.1) + turbolinks (2.5.4) + coffee-rails + tzinfo (1.2.11) + thread_safe (~> 0.1) + uglifier (2.7.2) + execjs (>= 0.3.0) + json (>= 1.8.0) + unf (0.1.4) + unf_ext + unf_ext (0.0.8.2) + unicode-display_width (2.4.2) + warden (1.2.9) + rack (>= 2.0.9) + web-console (3.7.0) + actionview (>= 5.0) + activemodel (>= 5.0) + bindex (>= 0.4.0) + railties (>= 5.0) + webmock (2.3.2) + addressable (>= 2.3.6) + crack (>= 0.3.2) + hashdiff + websocket-driver (0.6.5) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.5) + whenever (1.0.0) + chronic (>= 0.6.3) + xpath (3.2.0) + nokogiri (~> 1.8) + +PLATFORMS + ruby + +DEPENDENCIES + aws-sdk (~> 1.6) + barby (~> 0.6) + base58 (~> 0.1) + brakeman-lib + capybara (~> 3.17.0) + capybara-screenshot (~> 1.0) + cdx! + cdx-api-elasticsearch! + cdx-sync-server! + config (~> 1.2) + csv_builder (~> 2.1) + cucumber-rails (~> 1.5) + d3_rails (~> 3.5.6) + database_cleaner (~> 1.99) + devise (~> 4.0.0) + devise-security (< 0.15.0) + devise_invitable (~> 1.5) + doorkeeper (~> 4.2.0) + dotiw (~> 3.0) + dropzonejs-rails (~> 0.8.4) + elasticsearch (~> 1.0) + encryptor (~> 2.0) + faker (< 1.9.2) + ffaker (< 2.12.0) + geojson_import! + globalid (< 0.5.0) + gon (~> 6.0) + guid (~> 0.1) + haml-rails (~> 0.9) + jbuilder (~> 2.5) + jquery-rails (~> 4.0) + jquery-turbolinks (~> 2.1.0) + kaminari (~> 0.16) + leaflet-rails (~> 0.7.4) + letter_opener + listen (~> 3.0.5) + location_service! + lodash-rails (~> 3.10.1) + machinist (~> 2.0) + mini_racer + mysql2 (~> 0.3) + nokogiri (~> 1.6, < 1.11.0) + nuntium_api (~> 0.21) + oj (~> 2.12, < 2.17.3) + omniauth (~> 1.2) + omniauth-google-oauth2 (~> 0.2) + paperclip! + parallel (~> 1.20.0) + parallel_tests (~> 3.5.1) + paranoia (< 2.5.0) + prawn + prawn-svg + premailer-rails (< 1.10) + pry-byebug (< 3.10.0) + pry-rescue + pry-stack_explorer + puma (~> 3.0) + rails (~> 5.0.0) + rails-assets-urijs (~> 1.17.0)! + rails-controller-testing + rails-i18n (~> 5.0) + rchardet (~> 1.6) + react-rails (~> 1.3.2) + recaptcha (~> 4.9) + rest-client (~> 2.1) + rqrcode (~> 0.10) + rspec (~> 3.3) + rspec-collection_matchers (~> 1.1) + rspec-rails (~> 3.3) + rubocop-rails + rubocop-rspec + rubyzip (>= 1.0.0) + sass-rails (~> 5.0, < 5.0.8) + selenium-webdriver (< 4.0) + sentry-raven (~> 2.13) + sidekiq (~> 4.2) + sidekiq-cron (~> 0.3) + simplecov + site_prism (~> 3.0) + spring + spring-commands-parallel-tests + spring-commands-rspec + spring-watcher-listen (~> 2.0.0) + sprockets-rails (< 3.3.0) + standard + timecop (~> 0.8) + turbolinks (~> 2.5) + uglifier (~> 2.7) + view_components! + web-console (< 4.0) + webmock (~> 2.3.1) + whenever (~> 1.0) + +BUNDLED WITH + 1.17.3