From c794f683000c00f813e3ac892b3494387fc02b35 Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Tue, 25 Jun 2024 17:03:47 -0400 Subject: [PATCH] Initial commit --- .browserslistrc | 5 + .cfignore | 69 + .editorconfig | 5 + .erdconfig | 9 + .gitattributes | 9 + .githooks/pre-commit | 31 + .github/actions/run-server/action.yml | 28 + .github/actions/setup-languages/action.yml | 20 + .github/actions/setup-project/action.yml | 34 + .github/actions/trestle-cmd/action.yml | 20 + .github/workflows/assemble-ssp.yml | 26 + .github/workflows/brakeman-analysis.yml | 48 + .github/workflows/dependency-scans.yml | 56 + .github/workflows/deploy-production.yml | 42 + .github/workflows/deploy-staging.yml | 42 + .github/workflows/owasp-daily-scan.yml | 49 + .github/workflows/owasp-scan.yml | 48 + .github/workflows/pa11y.yml | 69 + .github/workflows/rspec.yml | 34 + .github/workflows/terraform-production.yml | 41 + .github/workflows/terraform-staging.yml | 41 + .github/workflows/validate-ssp.yml | 46 + .gitignore | 66 + .node-version | 1 + .nvmrc | 1 + .rspec | 1 + .ruby-version | 1 + Brewfile | 23 + CONTRIBUTING.md | 19 + Gemfile | 73 + Gemfile.lock | 359 +++ LICENSE.md | 21 + Procfile.dev | 4 + README.md | 227 ++ Rakefile | 6 + app/assets/builds/.keep | 0 app/assets/config/manifest.js | 2 + app/assets/images/.keep | 0 app/assets/images/uswds.js | 6 + .../stylesheets/application.postcss.scss | 5 + app/assets/stylesheets/uswds-components.scss | 13 + .../stylesheets/uswds-overrides/_index.scss | 2 + .../uswds-overrides/_override-usa-banner.scss | 13 + .../_override-usa-language-selector.scss | 38 + app/assets/stylesheets/uswds-settings.scss | 10 + app/controllers/application_controller.rb | 2 + app/controllers/concerns/.keep | 0 app/controllers/pages_controller.rb | 4 + app/helpers/application_helper.rb | 9 + app/javascript/application.js | 3 + app/jobs/application_job.rb | 7 + app/mailers/application_mailer.rb | 4 + app/models/application_record.rb | 3 + app/models/cloud_gov_config.rb | 15 + app/models/concerns/.keep | 0 .../application/_banner_lock_icon.html.erb | 19 + .../application/_demo_site_banner.html.erb | 3 + app/views/application/_header.html.erb | 26 + .../application/_language_selector.html.erb | 35 + app/views/application/_usa_banner.html.erb | 58 + app/views/layouts/application.html.erb | 23 + app/views/layouts/mailer.html.erb | 13 + app/views/layouts/mailer.text.erb | 1 + app/views/pages/home.html.erb | 2 + bin/bundle | 109 + bin/dev | 13 + bin/ops/create_service_account.sh | 78 + bin/ops/destroy_service_account.sh | 53 + bin/ops/set_space_egress.sh | 67 + bin/owasp-scan | 49 + bin/pa11y-scan | 10 + bin/rails | 4 + bin/rake | 4 + bin/setup | 38 + bin/trestle | 10 + bin/with-server | 36 + config.ru | 6 + config/application.rb | 45 + config/boot.rb | 4 + config/credentials.yml.enc | 1 + config/credentials/production.yml.enc | 1 + config/database.yml | 94 + config/deployment/production.yml | 5 + config/deployment/staging.yml | 5 + config/environment.rb | 5 + config/environments/ci.rb | 10 + config/environments/development.rb | 72 + config/environments/production.rb | 91 + config/environments/staging.rb | 6 + config/environments/test.rb | 63 + config/i18n-tasks.yml | 180 ++ config/initializers/assets.rb | 13 + .../initializers/content_security_policy.rb | 27 + .../initializers/filter_parameter_logging.rb | 8 + config/initializers/inflections.rb | 16 + config/initializers/permissions_policy.rb | 13 + config/initializers/redis.rb | 14 + config/initializers/secure_headers.rb | 5 + config/locales/en.yml | 26 + config/puma.rb | 35 + config/routes.rb | 16 + db/seeds.rb | 9 + doc/adr/0001-record-architecture-decisions.md | 21 + .../0002-initial-architecture-decisions.md | 24 + doc/adr/0003-security-scans.md | 44 + ...-rails-csp-compliant-script-tag-helpers.md | 53 + doc/compliance/README.md | 47 + doc/compliance/TODO.md | 37 + doc/compliance/apps/application.boundary.md | 61 + doc/compliance/oscal/.keep | 0 .../github_actions/component-definition.json | 310 +++ doc/compliance/oscal/trestle-config.yaml | 7 + doc/compliance/rendered/apps/.keep | 0 lib/assets/.keep | 0 lib/tasks/.keep | 0 lib/tasks/auto_generate_diagram.rake | 6 + lib/tasks/cf.rake | 9 + lib/tasks/scanning.rake | 63 + log/.keep | 0 manifest.yml | 23 + pa11y.js | 12 + pa11yci.js | 8 + package.json | 26 + postcss.config.js | 11 + public/404.html | 67 + public/422.html | 67 + public/500.html | 66 + public/apple-touch-icon-precomposed.png | 0 public/apple-touch-icon.png | 0 public/favicon.ico | 0 public/robots.txt | 1 + spec/i18n_spec.rb | 34 + spec/models/cloud_gov_config_spec.rb | 48 + spec/rails_helper.rb | 65 + spec/requests/pages_spec.rb | 10 + spec/spec_helper.rb | 93 + spec/views/pages/home.html.erb_spec.rb | 8 + storage/.keep | 0 terraform/README.md | 133 ++ terraform/bootstrap/import.sh | 13 + terraform/bootstrap/main.tf | 21 + terraform/bootstrap/providers.tf | 16 + terraform/bootstrap/run.sh | 39 + terraform/bootstrap/teardown_creds.sh | 5 + terraform/bootstrap/variables.tf | 2 + terraform/production/main.tf | 44 + terraform/production/providers.tf | 23 + terraform/production/variables.tf | 2 + terraform/staging/main.tf | 26 + terraform/staging/providers.tf | 23 + terraform/staging/variables.tf | 2 + tmp/.keep | 0 tmp/pids/.keep | 0 tmp/storage/.keep | 0 vendor/.keep | 0 webpack.config.js | 21 + yarn.lock | 2031 +++++++++++++++++ zap.conf | 121 + 158 files changed, 6874 insertions(+) create mode 100644 .browserslistrc create mode 100644 .cfignore create mode 100644 .editorconfig create mode 100644 .erdconfig create mode 100644 .gitattributes create mode 100755 .githooks/pre-commit create mode 100644 .github/actions/run-server/action.yml create mode 100644 .github/actions/setup-languages/action.yml create mode 100644 .github/actions/setup-project/action.yml create mode 100644 .github/actions/trestle-cmd/action.yml create mode 100644 .github/workflows/assemble-ssp.yml create mode 100644 .github/workflows/brakeman-analysis.yml create mode 100644 .github/workflows/dependency-scans.yml create mode 100644 .github/workflows/deploy-production.yml create mode 100644 .github/workflows/deploy-staging.yml create mode 100644 .github/workflows/owasp-daily-scan.yml create mode 100644 .github/workflows/owasp-scan.yml create mode 100644 .github/workflows/pa11y.yml create mode 100644 .github/workflows/rspec.yml create mode 100644 .github/workflows/terraform-production.yml create mode 100644 .github/workflows/terraform-staging.yml create mode 100644 .github/workflows/validate-ssp.yml create mode 100644 .gitignore create mode 100644 .node-version create mode 100644 .nvmrc create mode 100644 .rspec create mode 100644 .ruby-version create mode 100644 Brewfile create mode 100644 CONTRIBUTING.md create mode 100644 Gemfile create mode 100644 Gemfile.lock create mode 100644 LICENSE.md create mode 100644 Procfile.dev create mode 100644 README.md create mode 100644 Rakefile create mode 100644 app/assets/builds/.keep create mode 100644 app/assets/config/manifest.js create mode 100644 app/assets/images/.keep create mode 100644 app/assets/images/uswds.js create mode 100644 app/assets/stylesheets/application.postcss.scss create mode 100644 app/assets/stylesheets/uswds-components.scss create mode 100644 app/assets/stylesheets/uswds-overrides/_index.scss create mode 100644 app/assets/stylesheets/uswds-overrides/_override-usa-banner.scss create mode 100644 app/assets/stylesheets/uswds-overrides/_override-usa-language-selector.scss create mode 100644 app/assets/stylesheets/uswds-settings.scss create mode 100644 app/controllers/application_controller.rb create mode 100644 app/controllers/concerns/.keep create mode 100644 app/controllers/pages_controller.rb create mode 100644 app/helpers/application_helper.rb create mode 100644 app/javascript/application.js create mode 100644 app/jobs/application_job.rb create mode 100644 app/mailers/application_mailer.rb create mode 100644 app/models/application_record.rb create mode 100644 app/models/cloud_gov_config.rb create mode 100644 app/models/concerns/.keep create mode 100644 app/views/application/_banner_lock_icon.html.erb create mode 100644 app/views/application/_demo_site_banner.html.erb create mode 100644 app/views/application/_header.html.erb create mode 100644 app/views/application/_language_selector.html.erb create mode 100644 app/views/application/_usa_banner.html.erb create mode 100644 app/views/layouts/application.html.erb create mode 100644 app/views/layouts/mailer.html.erb create mode 100644 app/views/layouts/mailer.text.erb create mode 100644 app/views/pages/home.html.erb create mode 100755 bin/bundle create mode 100755 bin/dev create mode 100755 bin/ops/create_service_account.sh create mode 100755 bin/ops/destroy_service_account.sh create mode 100755 bin/ops/set_space_egress.sh create mode 100755 bin/owasp-scan create mode 100755 bin/pa11y-scan create mode 100755 bin/rails create mode 100755 bin/rake create mode 100755 bin/setup create mode 100755 bin/trestle create mode 100755 bin/with-server create mode 100644 config.ru create mode 100644 config/application.rb create mode 100644 config/boot.rb create mode 100644 config/credentials.yml.enc create mode 100644 config/credentials/production.yml.enc create mode 100644 config/database.yml create mode 100644 config/deployment/production.yml create mode 100644 config/deployment/staging.yml create mode 100644 config/environment.rb create mode 100644 config/environments/ci.rb create mode 100644 config/environments/development.rb create mode 100644 config/environments/production.rb create mode 100644 config/environments/staging.rb create mode 100644 config/environments/test.rb create mode 100644 config/i18n-tasks.yml create mode 100644 config/initializers/assets.rb create mode 100644 config/initializers/content_security_policy.rb create mode 100644 config/initializers/filter_parameter_logging.rb create mode 100644 config/initializers/inflections.rb create mode 100644 config/initializers/permissions_policy.rb create mode 100644 config/initializers/redis.rb create mode 100644 config/initializers/secure_headers.rb create mode 100644 config/locales/en.yml create mode 100644 config/puma.rb create mode 100644 config/routes.rb create mode 100644 db/seeds.rb create mode 100644 doc/adr/0001-record-architecture-decisions.md create mode 100644 doc/adr/0002-initial-architecture-decisions.md create mode 100644 doc/adr/0003-security-scans.md create mode 100644 doc/adr/0004-rails-csp-compliant-script-tag-helpers.md create mode 100644 doc/compliance/README.md create mode 100644 doc/compliance/TODO.md create mode 100644 doc/compliance/apps/application.boundary.md create mode 100644 doc/compliance/oscal/.keep create mode 100644 doc/compliance/oscal/component-definitions/github_actions/component-definition.json create mode 100644 doc/compliance/oscal/trestle-config.yaml create mode 100644 doc/compliance/rendered/apps/.keep create mode 100644 lib/assets/.keep create mode 100644 lib/tasks/.keep create mode 100644 lib/tasks/auto_generate_diagram.rake create mode 100644 lib/tasks/cf.rake create mode 100644 lib/tasks/scanning.rake create mode 100644 log/.keep create mode 100644 manifest.yml create mode 100644 pa11y.js create mode 100644 pa11yci.js create mode 100644 package.json create mode 100644 postcss.config.js create mode 100644 public/404.html create mode 100644 public/422.html create mode 100644 public/500.html create mode 100644 public/apple-touch-icon-precomposed.png create mode 100644 public/apple-touch-icon.png create mode 100644 public/favicon.ico create mode 100644 public/robots.txt create mode 100644 spec/i18n_spec.rb create mode 100644 spec/models/cloud_gov_config_spec.rb create mode 100644 spec/rails_helper.rb create mode 100644 spec/requests/pages_spec.rb create mode 100644 spec/spec_helper.rb create mode 100644 spec/views/pages/home.html.erb_spec.rb create mode 100644 storage/.keep create mode 100644 terraform/README.md create mode 100755 terraform/bootstrap/import.sh create mode 100644 terraform/bootstrap/main.tf create mode 100644 terraform/bootstrap/providers.tf create mode 100755 terraform/bootstrap/run.sh create mode 100755 terraform/bootstrap/teardown_creds.sh create mode 100644 terraform/bootstrap/variables.tf create mode 100644 terraform/production/main.tf create mode 100644 terraform/production/providers.tf create mode 100644 terraform/production/variables.tf create mode 100644 terraform/staging/main.tf create mode 100644 terraform/staging/providers.tf create mode 100644 terraform/staging/variables.tf create mode 100644 tmp/.keep create mode 100644 tmp/pids/.keep create mode 100644 tmp/storage/.keep create mode 100644 vendor/.keep create mode 100644 webpack.config.js create mode 100644 yarn.lock create mode 100644 zap.conf diff --git a/.browserslistrc b/.browserslistrc new file mode 100644 index 0000000..5a9b70c --- /dev/null +++ b/.browserslistrc @@ -0,0 +1,5 @@ +# Supported browsers +> 2% +last 2 versions +IE 11 +not dead diff --git a/.cfignore b/.cfignore new file mode 100644 index 0000000..cbd11cf --- /dev/null +++ b/.cfignore @@ -0,0 +1,69 @@ +# See https://help.github.com/articles/ignoring-files for more about ignoring files. +# +# If you find yourself ignoring temporary files generated by your text editor +# or operating system, you probably want to add a global ignore instead: +# git config --global core.excludesfile '~/.gitignore_global' + +# Ignore bundler config. +/.bundle + +# Ignore all environment files (except templates). +/.env* +!/.env*.erb + +# Ignore all logfiles and tempfiles. +/log/* +/tmp/* +!/log/.keep +!/tmp/.keep + +# Ignore pidfiles, but keep the directory. +/tmp/pids/* +!/tmp/pids/ +!/tmp/pids/.keep + +# Ignore storage (uploaded files in development and any SQLite databases). +/storage/* +!/storage/.keep +/tmp/storage/* +!/tmp/storage/ +!/tmp/storage/.keep + +/public/assets + +# Ignore master key for decrypting credentials and more. +/config/master.key + +# Ignore Brewfile debug info +Brewfile.lock.json + +# Ignore local dotenv overrides +.env*.local + +# Ignore OWASP files +/zap_report.html +/zap.yaml + +# Ignore rspec examples status file +spec/examples.txt + +/config/credentials/production.key + +/app/assets/builds/* +!/app/assets/builds/.keep + +/node_modules + +# Trestle working files +doc/compliance/oscal/.trestle/_trash +doc/compliance/oscal/.trestle/cache + +# Terraform +.terraform.lock.hcl +**/.terraform/* +secrets.auto.tfvars +terraform.tfstate +terraform.tfstate.backup + +# compliance documentation +/doc/compliance/ diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..4a074fa --- /dev/null +++ b/.editorconfig @@ -0,0 +1,5 @@ +# EditorConfig is awesome: https://EditorConfig.org + +[zap.conf] +indent_size = 4 +indent_style = tab diff --git a/.erdconfig b/.erdconfig new file mode 100644 index 0000000..0d24555 --- /dev/null +++ b/.erdconfig @@ -0,0 +1,9 @@ +attributes: + - content + - timestamps +filename: "doc/compliance/rendered/apps/data.logical" +filetype: pdf +inheritance: false +orientation: horizontal +polymorphism: false +exclude: "ActiveRecord::InternalMetadata,ActiveRecord::SchemaMigration" diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..8dc4323 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,9 @@ +# See https://git-scm.com/docs/gitattributes for more about git attribute files. + +# Mark the database schema as having been generated. +db/schema.rb linguist-generated + +# Mark any vendored files as having been vendored. +vendor/* linguist-vendored +config/credentials/*.yml.enc diff=rails_credentials +config/credentials.yml.enc diff=rails_credentials diff --git a/.githooks/pre-commit b/.githooks/pre-commit new file mode 100755 index 0000000..0464c38 --- /dev/null +++ b/.githooks/pre-commit @@ -0,0 +1,31 @@ +#! /usr/bin/env bash +# +# This hook runs on `git commit` and will prevent you from committing without +# approval from the linter and tests. +# +# To run, this file must be symlinked to: +# .git/hooks/pre-commit +# +# To bypass this hook, run: +# $ git commit --no-verify +# $ git commit -n + +echo "Running linter..." +bundle exec rake standard +linter_status=$? + +if [ $linter_status -ne 0 ]; then + echo "Fix above before committing. Run 'git commit -n' to bypass linter." + exit 1 +fi + +echo "Running Terraform formatter" +files=$(git diff --cached --name-only terraform) +for f in $files +do + # Format any *.tf files that were cached/staged + if [ -e "$f" ] && [[ $f == *.tf ]]; then + terraform fmt "$f" + git add "$f" + fi +done diff --git a/.github/actions/run-server/action.yml b/.github/actions/run-server/action.yml new file mode 100644 index 0000000..0672abd --- /dev/null +++ b/.github/actions/run-server/action.yml @@ -0,0 +1,28 @@ +name: "Run rails server" +description: "Run rails server in the background for scans to access" +inputs: + rails_env: + description: RAILS_ENV to set. Defaults to ci + required: false + default: ci + database_url: + description: DATABASE_URL to set + required: true +runs: + using: "composite" + steps: + - name: "Start server in background" + shell: bash + env: + RAILS_ENV: ${{ inputs.rails_env }} + DATABASE_URL: ${{ inputs.database_url }} + SECRET_KEY_BASE: not-actually-secret + run: bundle exec rails server & + + - name: "Wait for startup" + shell: bash + run: sleep 5 + + - name: "Verify response working" + shell: bash + run: curl http://localhost:3000 -I diff --git a/.github/actions/setup-languages/action.yml b/.github/actions/setup-languages/action.yml new file mode 100644 index 0000000..32deb9f --- /dev/null +++ b/.github/actions/setup-languages/action.yml @@ -0,0 +1,20 @@ +name: Set up languages +description: Set up ruby, javascript, and dependencies +runs: + using: composite + steps: + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + # bundler-cache automatically installs gems + bundler-cache: true + cache-version: 1 + + - name: Set up node + uses: actions/setup-node@v4 + with: + node-version: '20.13.1' + cache: 'yarn' + - name: Install yarn dependencies + shell: bash + run: yarn install --frozen-lockfile diff --git a/.github/actions/setup-project/action.yml b/.github/actions/setup-project/action.yml new file mode 100644 index 0000000..8a8a723 --- /dev/null +++ b/.github/actions/setup-project/action.yml @@ -0,0 +1,34 @@ +name: Set up project with database +description: Setup Ruby, Javascript, and load the database schema into a running postgres db +inputs: + rails_env: + description: RAILS_ENV to set. Defaults to ci + required: false + default: ci + database_url: + description: DATABASE_URL to set + required: false + default: postgres://cidbuser:postgres@localhost:5432/continuous_monitoring_test +outputs: + database_url: + value: ${{ inputs.database_url }} +runs: + using: composite + steps: + - name: Set up Ruby & Javascript + uses: ./.github/actions/setup-languages + + - name: Precompile assets + env: + RAILS_ENV: ${{ inputs.rails_env }} + SECRET_KEY_BASE: not-actually-secret + shell: bash + run: bundle exec rake assets:precompile + + - name: Set up database + env: + RAILS_ENV: ${{ inputs.rails_env }} + SECRET_KEY_BASE: not-actually-secret + DATABASE_URL: ${{ inputs.database_url }} + shell: bash + run: bundle exec rake db:schema:load diff --git a/.github/actions/trestle-cmd/action.yml b/.github/actions/trestle-cmd/action.yml new file mode 100644 index 0000000..85f8969 --- /dev/null +++ b/.github/actions/trestle-cmd/action.yml @@ -0,0 +1,20 @@ +name: "Run a docker-trestle command" +description: "Sets up workspace for running a single command in docker-trestle" +inputs: + tag: + description: docker-trestle tag to use. Defaults to latest + required: false + default: latest + cmd: + description: Command to run within docker-trestle + required: true +runs: + using: "composite" + steps: + - name: Enable writing to trestle directories + shell: bash + run: chmod -R a+w $GITHUB_WORKSPACE/doc/compliance/oscal + + - name: Run cmd + shell: bash + run: docker run -v $GITHUB_WORKSPACE/doc/compliance/oscal:/app/docs:rw ghcr.io/gsa-tts/trestle:latest ${{ inputs.cmd }} diff --git a/.github/workflows/assemble-ssp.yml b/.github/workflows/assemble-ssp.yml new file mode 100644 index 0000000..2a76b6d --- /dev/null +++ b/.github/workflows/assemble-ssp.yml @@ -0,0 +1,26 @@ +name: Assemble SSPP updates + +on: + workflow_dispatch: + push: + branches: [ main ] + paths: + - "doc/compliance/oscal/**" + +jobs: + assemble_ssp: + name: Assemble SSPP updates and save artifact + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Assemble final SSPP + uses: ./.github/actions/trestle-cmd + with: + cmd: trestle assemble -n continuous_monitoring system-security-plan + + - name: Save artifact + uses: actions/upload-artifact@v4 + with: + name: continuous_monitoring_SSPP + path: doc/compliance/oscal/dist/system-security-plans/continuous_monitoring.json diff --git a/.github/workflows/brakeman-analysis.yml b/.github/workflows/brakeman-analysis.yml new file mode 100644 index 0000000..d10e725 --- /dev/null +++ b/.github/workflows/brakeman-analysis.yml @@ -0,0 +1,48 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow integrates Brakeman with GitHub's Code Scanning feature +# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications + +name: Brakeman Scan + +on: + push: + branches: [ main ] + paths-ignore: + - 'doc/**' + - 'README.md' + pull_request: + # The branches below must be a subset of the branches above + branches: [ main ] + schedule: + # cron format: 'minute hour dayofmonth month dayofweek' + # this will run at noon UTC each Monday (7am EST / 8am EDT) + - cron: '0 12 * * 1' + +permissions: + contents: read + security-events: write + +jobs: + brakeman-scan: + name: Brakeman Scan + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: ./.github/actions/setup-languages + + # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis + - name: Scan + continue-on-error: true + run: | + bundle exec brakeman -f sarif -o output.sarif.json . + + # Upload the SARIF file generated in the previous step + - name: Upload SARIF + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: output.sarif.json diff --git a/.github/workflows/dependency-scans.yml b/.github/workflows/dependency-scans.yml new file mode 100644 index 0000000..fb6d71a --- /dev/null +++ b/.github/workflows/dependency-scans.yml @@ -0,0 +1,56 @@ +name: Ruby and Javascript dependency scans + +on: + push: + branches: [ main ] + paths-ignore: + - 'doc/**' + - 'README.md' + pull_request: + branches: [ main ] + schedule: + # cron format: 'minute hour dayofmonth month dayofweek' + # this will run at noon UTC every day (7am EST / 8am EDT) + - cron: '0 12 * * *' + +jobs: + bundle-audit: + name: Bundle audit + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - uses: ./.github/actions/setup-languages + + - name: Update advisory database and run checks + run: bundle exec rake bundler:audit + + yarn-audit: + name: Yarn audit + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - uses: ./.github/actions/setup-languages + + - name: Run yarn audit + run: bundle exec rake yarn:audit + + ruby-bom: + name: Ruby SBOM Generation + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/setup-languages + - name: Install cyclonedx + run: gem install cyclonedx-ruby + - name: Generate BOM + run: cyclonedx-ruby -p . -o ruby_bom.xml + - name: Save BOM + uses: actions/upload-artifact@v4 + with: + name: ruby-bom + path: ./ruby_bom.xml diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml new file mode 100644 index 0000000..1dff626 --- /dev/null +++ b/.github/workflows/deploy-production.yml @@ -0,0 +1,42 @@ +name: Deploy Production + +on: + push: + branches: [ production ] + paths-ignore: + - 'doc/**' + - 'README.md' + +permissions: + contents: read + pull-requests: write + +jobs: + deploy: + name: Deploy to production + runs-on: ubuntu-latest + environment: production + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - uses: actions/checkout@v4 + + - name: Terraform apply + uses: dflook/terraform-apply@v1 + env: + TF_VAR_cf_user: ${{ secrets.CF_USERNAME }} + TF_VAR_cf_password: ${{ secrets.CF_PASSWORD }} + with: + path: terraform/production + backend_config: > + access_key=${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} + secret_key=${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }} + + - name: Deploy app + uses: cloud-gov/cg-cli-tools@main + with: + cf_username: ${{ secrets.CF_USERNAME }} + cf_password: ${{ secrets.CF_PASSWORD }} + cf_org: gsa-tts-devtools-prototyping + cf_space: rahearn + cf_command: push --vars-file config/deployment/production.yml --var rails_master_key="${{ secrets.RAILS_MASTER_KEY }}" --strategy rolling diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml new file mode 100644 index 0000000..79fa135 --- /dev/null +++ b/.github/workflows/deploy-staging.yml @@ -0,0 +1,42 @@ +name: Deploy Staging + +on: + push: + branches: [ main ] + paths-ignore: + - 'doc/**' + - 'README.md' + +permissions: + contents: read + pull-requests: write + +jobs: + deploy: + name: Deploy to staging + runs-on: ubuntu-latest + environment: staging + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - uses: actions/checkout@v4 + + - name: Terraform apply + uses: dflook/terraform-apply@v1 + env: + TF_VAR_cf_user: ${{ secrets.CF_USERNAME }} + TF_VAR_cf_password: ${{ secrets.CF_PASSWORD }} + with: + path: terraform/staging + backend_config: > + access_key=${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} + secret_key=${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }} + + - name: Deploy app + uses: cloud-gov/cg-cli-tools@main + with: + cf_username: ${{ secrets.CF_USERNAME }} + cf_password: ${{ secrets.CF_PASSWORD }} + cf_org: gsa-tts-devtools-prototyping + cf_space: rahearn + cf_command: push --vars-file config/deployment/staging.yml --var rails_master_key="${{ secrets.RAILS_MASTER_KEY }}" --strategy rolling diff --git a/.github/workflows/owasp-daily-scan.yml b/.github/workflows/owasp-daily-scan.yml new file mode 100644 index 0000000..9d81cb4 --- /dev/null +++ b/.github/workflows/owasp-daily-scan.yml @@ -0,0 +1,49 @@ +name: OWASP ZAP daily scan + +on: + schedule: + # cron format: 'minute hour dayofmonth month dayofweek' + # this will run at noon UTC every day (7am EST / 8am EDT) + - cron: '0 12 * * *' + +permissions: + contents: read + issues: write + +jobs: + owasp-scan: + name: OWASP ZAP Scan + runs-on: ubuntu-latest + services: + postgres: + image: postgres + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + ports: ["5432:5432"] + env: + POSTGRES_DB: continuous_monitoring_test + POSTGRES_USER: cidbuser + POSTGRES_PASSWORD: postgres + + steps: + - uses: actions/checkout@v4 + + - id: setup + uses: ./.github/actions/setup-project + + - uses: ./.github/actions/run-server + with: + database_url: ${{ steps.setup.outputs.database_url }} + + - name: Run OWASP Full Scan + uses: zaproxy/action-full-scan@v0.10.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + docker_name: 'ghcr.io/zaproxy/zaproxy:weekly' + target: 'http://localhost:3000/' + fail_action: true + rules_file_name: 'zap.conf' + cmd_options: '-I' diff --git a/.github/workflows/owasp-scan.yml b/.github/workflows/owasp-scan.yml new file mode 100644 index 0000000..4993e2d --- /dev/null +++ b/.github/workflows/owasp-scan.yml @@ -0,0 +1,48 @@ +name: OWASP ZAP scan + +on: + push: + branches: [ main ] + paths-ignore: + - 'doc/**' + - 'README.md' + pull_request: + branches: [ main ] + +jobs: + owasp-scan: + name: OWASP ZAP Scan + runs-on: ubuntu-latest + services: + postgres: + image: postgres + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + ports: ["5432:5432"] + env: + POSTGRES_DB: continuous_monitoring_test + POSTGRES_USER: cidbuser + POSTGRES_PASSWORD: postgres + + steps: + - uses: actions/checkout@v4 + + - id: setup + uses: ./.github/actions/setup-project + + - uses: ./.github/actions/run-server + with: + database_url: ${{ steps.setup.outputs.database_url }} + + - name: Run OWASP Baseline Scan + uses: zaproxy/action-baseline@v0.12.0 + with: + docker_name: 'ghcr.io/zaproxy/zaproxy:weekly' + target: 'http://localhost:3000/' + fail_action: true + allow_issue_writing: false + rules_file_name: 'zap.conf' + cmd_options: '-I' diff --git a/.github/workflows/pa11y.yml b/.github/workflows/pa11y.yml new file mode 100644 index 0000000..f6b8dff --- /dev/null +++ b/.github/workflows/pa11y.yml @@ -0,0 +1,69 @@ +name: pa11y tests + +on: [pull_request] + +permissions: + contents: read + pull-requests: write + +jobs: + pa11y_scan: + name: Pa11y Scan + runs-on: ubuntu-latest + services: + postgres: + image: postgres + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + ports: ["5432:5432"] + env: + POSTGRES_DB: continuous_monitoring_test + POSTGRES_USER: cidbuser + POSTGRES_PASSWORD: postgres + + steps: + - uses: actions/checkout@v4 + + - id: setup + uses: ./.github/actions/setup-project + + - uses: ./.github/actions/run-server + with: + database_url: ${{ steps.setup.outputs.database_url }} + + - name: Run pa11y-ci + shell: bash + run: | + set -o pipefail + yarn run pa11y-ci -c pa11yci.js 2>&1 | tee pa11y_output.txt + + - name: Read pa11y_output file. + if: failure() + id: pa11y_output + uses: juliangruber/read-file-action@v1 + with: + path: ./pa11y_output.txt + + - name: Comment on pull request + if: failure() + uses: actions/github-script@v4 + with: + script: | + const output = `Pa11y Failures detected + +
Show failure message + + \`\`\`\n + ${{ steps.pa11y_output.outputs.content }} + \`\`\` +
`; + + github.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }); diff --git a/.github/workflows/rspec.yml b/.github/workflows/rspec.yml new file mode 100644 index 0000000..a918700 --- /dev/null +++ b/.github/workflows/rspec.yml @@ -0,0 +1,34 @@ +name: rspec tests + +on: [pull_request] + +jobs: + rspec: + name: Rspec + runs-on: ubuntu-latest + services: + postgres: + image: postgres + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + ports: ["5432:5432"] + env: + POSTGRES_DB: continuous_monitoring_test + POSTGRES_USER: cidbuser + POSTGRES_PASSWORD: postgres + + steps: + - uses: actions/checkout@v4 + + - id: setup + uses: ./.github/actions/setup-project + with: + rails_env: test + + - name: Run rspec + env: + DATABASE_URL: ${{ steps.setup.outputs.database_url }} + run: bundle exec rspec diff --git a/.github/workflows/terraform-production.yml b/.github/workflows/terraform-production.yml new file mode 100644 index 0000000..2ab9b87 --- /dev/null +++ b/.github/workflows/terraform-production.yml @@ -0,0 +1,41 @@ +name: Run Terraform plan in production + +on: + pull_request: + branches: [ production ] + +permissions: + contents: read + pull-requests: write + +jobs: + terraform: + name: Terraform plan + runs-on: ubuntu-latest + environment: production + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: terraform validate + uses: dflook/terraform-validate@v1 + with: + path: terraform/production + + - name: terraform fmt + uses: dflook/terraform-fmt-check@v1 + with: + path: terraform/production + + - name: terraform plan + uses: dflook/terraform-plan@v1 + env: + TF_VAR_cf_user: ${{ secrets.CF_USERNAME }} + TF_VAR_cf_password: ${{ secrets.CF_PASSWORD }} + with: + path: terraform/production + backend_config: > + access_key=${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} + secret_key=${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/terraform-staging.yml b/.github/workflows/terraform-staging.yml new file mode 100644 index 0000000..901af8e --- /dev/null +++ b/.github/workflows/terraform-staging.yml @@ -0,0 +1,41 @@ +name: Run Terraform plan in staging + +on: + pull_request: + branches: [ main ] + +permissions: + contents: read + pull-requests: write + +jobs: + terraform: + name: Terraform plan + runs-on: ubuntu-latest + environment: staging + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: terraform validate + uses: dflook/terraform-validate@v1 + with: + path: terraform/staging + + - name: terraform fmt + uses: dflook/terraform-fmt-check@v1 + with: + path: terraform/staging + + - name: terraform plan + uses: dflook/terraform-plan@v1 + env: + TF_VAR_cf_user: ${{ secrets.CF_USERNAME }} + TF_VAR_cf_password: ${{ secrets.CF_PASSWORD }} + with: + path: terraform/staging + backend_config: > + access_key=${{ secrets.TERRAFORM_STATE_ACCESS_KEY }} + secret_key=${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/validate-ssp.yml b/.github/workflows/validate-ssp.yml new file mode 100644 index 0000000..8889884 --- /dev/null +++ b/.github/workflows/validate-ssp.yml @@ -0,0 +1,46 @@ +name: Validate OSCAL Assembly + +on: [pull_request] + +permissions: + contents: read + pull-requests: write + +jobs: + validate_ssp: + name: Validate SSP format + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Validate SSP + uses: ./.github/actions/trestle-cmd + with: + cmd: trestle validate -f system-security-plans/continuous_monitoring/system-security-plan.json + + check_ssp: + name: Check assembly is current + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Check assembly + uses: ./.github/actions/trestle-cmd + with: + cmd: assemble-ssp-json 2> /dev/null | grep "^No changes to assembled ssp" + + - name: Comment on pull request + if: failure() + uses: actions/github-script@v4 + with: + script: | + const output = `SSP assembly detected changes that aren't checked in. + + Run \`bin/trestle assemble-ssp-json\` to ensure markdown changes are reflected in your SSP`; + + github.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }); diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..723c26d --- /dev/null +++ b/.gitignore @@ -0,0 +1,66 @@ +# See https://help.github.com/articles/ignoring-files for more about ignoring files. +# +# If you find yourself ignoring temporary files generated by your text editor +# or operating system, you probably want to add a global ignore instead: +# git config --global core.excludesfile '~/.gitignore_global' + +# Ignore bundler config. +/.bundle + +# Ignore all environment files (except templates). +/.env* +!/.env*.erb + +# Ignore all logfiles and tempfiles. +/log/* +/tmp/* +!/log/.keep +!/tmp/.keep + +# Ignore pidfiles, but keep the directory. +/tmp/pids/* +!/tmp/pids/ +!/tmp/pids/.keep + +# Ignore storage (uploaded files in development and any SQLite databases). +/storage/* +!/storage/.keep +/tmp/storage/* +!/tmp/storage/ +!/tmp/storage/.keep + +/public/assets + +# Ignore master key for decrypting credentials and more. +/config/master.key + +# Ignore Brewfile debug info +Brewfile.lock.json + +# Ignore local dotenv overrides +.env*.local + +# Ignore OWASP files +/zap_report.html +/zap.yaml + +# Ignore rspec examples status file +spec/examples.txt + +/config/credentials/production.key + +/app/assets/builds/* +!/app/assets/builds/.keep + +/node_modules + +# Trestle working files +doc/compliance/oscal/.trestle/_trash +doc/compliance/oscal/.trestle/cache + +# Terraform +.terraform.lock.hcl +**/.terraform/* +secrets.auto.tfvars +terraform.tfstate +terraform.tfstate.backup diff --git a/.node-version b/.node-version new file mode 100644 index 0000000..f203ab8 --- /dev/null +++ b/.node-version @@ -0,0 +1 @@ +20.13.1 diff --git a/.nvmrc b/.nvmrc new file mode 100644 index 0000000..297d47b --- /dev/null +++ b/.nvmrc @@ -0,0 +1 @@ +20.13.1 \ No newline at end of file diff --git a/.rspec b/.rspec new file mode 100644 index 0000000..c99d2e7 --- /dev/null +++ b/.rspec @@ -0,0 +1 @@ +--require spec_helper diff --git a/.ruby-version b/.ruby-version new file mode 100644 index 0000000..bea438e --- /dev/null +++ b/.ruby-version @@ -0,0 +1 @@ +3.3.1 diff --git a/Brewfile b/Brewfile new file mode 100644 index 0000000..5fec9dc --- /dev/null +++ b/Brewfile @@ -0,0 +1,23 @@ +# Brewfile +# add any dependencies that must be installed from homebrew here + +# cloud.gov RDS is on postgres 15 +brew "postgresql@15", link: true + +# used in bin/with-server script +brew "dockerize" + +# used in bin/ops/create_service_account.sh +brew "jq" + +# helper scripts for creating new ADRs +brew "adr-tools" + +# chromedriver for integration tests +cask "chromedriver" + +# used by rails-erd documentation tool +brew "graphviz" + +# queue for sidekiq jobs +brew "redis" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..ec79fab --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,19 @@ +# Welcome! + +We're so glad you're thinking about contributing to a [open source project of the U.S. government](https://code.gov/)! If you're unsure about anything, just ask -- or submit the issue or pull request anyway. The worst that can happen is you'll be politely asked to change something. We love all friendly contributions. + +We encourage you to read this project's CONTRIBUTING policy (you are here), its [LICENSE](LICENSE.md), and its [README](README.md). + +## Policies + +We want to ensure a welcoming environment for all of our projects. Our staff follow the [TTS Code of Conduct](https://18f.gsa.gov/code-of-conduct/) and all contributors should do the same. + +We adhere to the [18F Open Source Policy](https://github.com/18f/open-source-policy). If you have any questions, just [shoot us an email](mailto:18f@gsa.gov). + +As part of a U.S. government agency, the General Services Administration (GSA)’s Technology Transformation Services (TTS) takes seriously our responsibility to protect the public’s information, including financial and personal information, from unwarranted disclosure. For more information about security and vulnerability disclosure for our projects, please read our [18F Vulnerability Disclosure Policy](https://18f.gsa.gov/vulnerability-disclosure-policy/). + +## Public domain + +This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/). + +All contributions to this project will be released under the CC0 dedication. By submitting a pull request or issue, you are agreeing to comply with this waiver of copyright interest. diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..9adb994 --- /dev/null +++ b/Gemfile @@ -0,0 +1,73 @@ +source "https://rubygems.org" + +ruby "3.3.1" + +# Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main" +gem "rails", "~> 7.1.3", ">= 7.1.3.4" + +# The original asset pipeline for Rails [https://github.com/rails/sprockets-rails] +gem "sprockets-rails" + +# Use postgresql as the database for Active Record +gem "pg", "~> 1.1" + +# Use the Puma web server [https://github.com/puma/puma] +gem "puma", ">= 5.0" + +# Bundle and transpile JavaScript [https://github.com/rails/jsbundling-rails] +gem "jsbundling-rails" + +# Bundle and process CSS [https://github.com/rails/cssbundling-rails] +gem "cssbundling-rails" + +# Build JSON APIs with ease [https://github.com/rails/jbuilder] +gem "jbuilder" + +# Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis] +# gem "kredis" + +# Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword] +# gem "bcrypt", "~> 3.1.7" + +# Windows does not include zoneinfo files, so bundle the tzinfo-data gem +gem "tzinfo-data", platforms: %i[windows jruby] + +# Reduces boot times through caching; required in config/boot.rb +gem "bootsnap", require: false + +group :development, :test do + # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem + gem "debug", platforms: %i[mri windows] +end + +group :development do + # Use console on exceptions pages [https://github.com/rails/web-console] + gem "web-console" + + # Add speed badges [https://github.com/MiniProfiler/rack-mini-profiler] + # gem "rack-mini-profiler" + + # Speed up commands on slow machines / big apps [https://github.com/rails/spring] + # gem "spring" +end + +gem "secure_headers", "~> 6.3" + +group :development, :test do + gem "rspec-rails", "~> 6.1" + gem "dotenv-rails", "~> 3.1" + gem "brakeman", "~> 6.1" + gem "bundler-audit", "~> 0.9" + gem "standard", "~> 1.36" +end +gem "rails_template_18f", group: :development +gem "rails-erd", "~> 1.7", group: :development + +group :development, :test do + gem "i18n-tasks", "~> 1.0" +end +gem "sidekiq", "~> 7.2" + +group :test do + gem "climate_control", "~> 1.0" +end diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..1d5fc4d --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,359 @@ +GEM + remote: https://rubygems.org/ + specs: + actioncable (7.1.3.4) + actionpack (= 7.1.3.4) + activesupport (= 7.1.3.4) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + zeitwerk (~> 2.6) + actionmailbox (7.1.3.4) + actionpack (= 7.1.3.4) + activejob (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) + mail (>= 2.7.1) + net-imap + net-pop + net-smtp + actionmailer (7.1.3.4) + actionpack (= 7.1.3.4) + actionview (= 7.1.3.4) + activejob (= 7.1.3.4) + activesupport (= 7.1.3.4) + mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp + rails-dom-testing (~> 2.2) + actionpack (7.1.3.4) + actionview (= 7.1.3.4) + activesupport (= 7.1.3.4) + nokogiri (>= 1.8.5) + racc + rack (>= 2.2.4) + rack-session (>= 1.0.1) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + actiontext (7.1.3.4) + actionpack (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) + globalid (>= 0.6.0) + nokogiri (>= 1.8.5) + actionview (7.1.3.4) + activesupport (= 7.1.3.4) + builder (~> 3.1) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activejob (7.1.3.4) + activesupport (= 7.1.3.4) + globalid (>= 0.3.6) + activemodel (7.1.3.4) + activesupport (= 7.1.3.4) + activerecord (7.1.3.4) + activemodel (= 7.1.3.4) + activesupport (= 7.1.3.4) + timeout (>= 0.4.0) + activestorage (7.1.3.4) + actionpack (= 7.1.3.4) + activejob (= 7.1.3.4) + activerecord (= 7.1.3.4) + activesupport (= 7.1.3.4) + marcel (~> 1.0) + activesupport (7.1.3.4) + base64 + bigdecimal + concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb + i18n (>= 1.6, < 2) + minitest (>= 5.1) + mutex_m + tzinfo (~> 2.0) + ast (2.4.2) + base64 (0.2.0) + bigdecimal (3.1.8) + bindex (0.8.1) + bootsnap (1.18.3) + msgpack (~> 1.2) + brakeman (6.1.2) + racc + builder (3.3.0) + bundler-audit (0.9.1) + bundler (>= 1.2.0, < 3) + thor (~> 1.0) + choice (0.2.0) + climate_control (1.2.0) + colorize (1.1.0) + concurrent-ruby (1.3.3) + connection_pool (2.4.1) + crass (1.0.6) + cssbundling-rails (1.4.0) + railties (>= 6.0.0) + date (3.3.4) + debug (1.9.2) + irb (~> 1.10) + reline (>= 0.3.8) + diff-lcs (1.5.1) + dotenv (3.1.2) + dotenv-rails (3.1.2) + dotenv (= 3.1.2) + railties (>= 6.1) + drb (2.2.1) + erubi (1.13.0) + globalid (1.2.1) + activesupport (>= 6.1) + highline (3.0.1) + i18n (1.14.5) + concurrent-ruby (~> 1.0) + i18n-tasks (1.0.14) + activesupport (>= 4.0.2) + ast (>= 2.1.0) + erubi + highline (>= 2.0.0) + i18n + parser (>= 3.2.2.1) + rails-i18n + rainbow (>= 2.2.2, < 4.0) + terminal-table (>= 1.5.1) + io-console (0.7.2) + irb (1.13.2) + rdoc (>= 4.0.0) + reline (>= 0.4.2) + jbuilder (2.12.0) + actionview (>= 5.0.0) + activesupport (>= 5.0.0) + jsbundling-rails (1.3.0) + railties (>= 6.0.0) + json (2.7.2) + language_server-protocol (3.17.0.3) + lint_roller (1.1.0) + loofah (2.22.0) + crass (~> 1.0.2) + nokogiri (>= 1.12.0) + mail (2.8.1) + mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp + marcel (1.0.4) + mini_mime (1.1.5) + minitest (5.24.0) + msgpack (1.7.2) + mutex_m (0.2.0) + net-imap (0.4.14) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.2) + timeout + net-smtp (0.5.0) + net-protocol + nio4r (2.7.3) + nokogiri (1.16.6-aarch64-linux) + racc (~> 1.4) + nokogiri (1.16.6-arm-linux) + racc (~> 1.4) + nokogiri (1.16.6-arm64-darwin) + racc (~> 1.4) + nokogiri (1.16.6-x86-linux) + racc (~> 1.4) + nokogiri (1.16.6-x86_64-darwin) + racc (~> 1.4) + nokogiri (1.16.6-x86_64-linux) + racc (~> 1.4) + parallel (1.25.1) + parser (3.3.3.0) + ast (~> 2.4.1) + racc + pg (1.5.6) + psych (5.1.2) + stringio + puma (6.4.2) + nio4r (~> 2.0) + racc (1.8.0) + rack (3.1.4) + rack-session (2.0.0) + rack (>= 3.0.0) + rack-test (2.1.0) + rack (>= 1.3) + rackup (2.1.0) + rack (>= 3) + webrick (~> 1.8) + rails (7.1.3.4) + actioncable (= 7.1.3.4) + actionmailbox (= 7.1.3.4) + actionmailer (= 7.1.3.4) + actionpack (= 7.1.3.4) + actiontext (= 7.1.3.4) + actionview (= 7.1.3.4) + activejob (= 7.1.3.4) + activemodel (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) + bundler (>= 1.15.0) + railties (= 7.1.3.4) + rails-dom-testing (2.2.0) + activesupport (>= 5.0.0) + minitest + nokogiri (>= 1.6) + rails-erd (1.7.2) + activerecord (>= 4.2) + activesupport (>= 4.2) + choice (~> 0.2.0) + ruby-graphviz (~> 1.2) + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) + rails-i18n (7.0.9) + i18n (>= 0.7, < 2) + railties (>= 6.0.0, < 8) + rails_template_18f (1.0.0) + activesupport (~> 7.1.0) + colorize (~> 1.1) + railties (~> 7.1.0) + thor (~> 1.3) + railties (7.1.3.4) + actionpack (= 7.1.3.4) + activesupport (= 7.1.3.4) + irb + rackup (>= 1.0.0) + rake (>= 12.2) + thor (~> 1.0, >= 1.2.2) + zeitwerk (~> 2.6) + rainbow (3.1.1) + rake (13.2.1) + rdoc (6.7.0) + psych (>= 4.0.0) + redis-client (0.22.2) + connection_pool + regexp_parser (2.9.2) + reline (0.5.9) + io-console (~> 0.5) + rexml (3.3.1) + strscan + rspec-core (3.13.0) + rspec-support (~> 3.13.0) + rspec-expectations (3.13.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.13.0) + rspec-mocks (3.13.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.13.0) + rspec-rails (6.1.3) + actionpack (>= 6.1) + activesupport (>= 6.1) + railties (>= 6.1) + rspec-core (~> 3.13) + rspec-expectations (~> 3.13) + rspec-mocks (~> 3.13) + rspec-support (~> 3.13) + rspec-support (3.13.1) + rubocop (1.64.1) + json (~> 2.3) + language_server-protocol (>= 3.17.0) + parallel (~> 1.10) + parser (>= 3.3.0.2) + rainbow (>= 2.2.2, < 4.0) + regexp_parser (>= 1.8, < 3.0) + rexml (>= 3.2.5, < 4.0) + rubocop-ast (>= 1.31.1, < 2.0) + ruby-progressbar (~> 1.7) + unicode-display_width (>= 2.4.0, < 3.0) + rubocop-ast (1.31.3) + parser (>= 3.3.1.0) + rubocop-performance (1.21.1) + rubocop (>= 1.48.1, < 2.0) + rubocop-ast (>= 1.31.1, < 2.0) + ruby-graphviz (1.2.5) + rexml + ruby-progressbar (1.13.0) + secure_headers (6.5.0) + sidekiq (7.2.4) + concurrent-ruby (< 2) + connection_pool (>= 2.3.0) + rack (>= 2.2.4) + redis-client (>= 0.19.0) + sprockets (4.2.1) + concurrent-ruby (~> 1.0) + rack (>= 2.2.4, < 4) + sprockets-rails (3.5.1) + actionpack (>= 6.1) + activesupport (>= 6.1) + sprockets (>= 3.0.0) + standard (1.39.0) + language_server-protocol (~> 3.17.0.2) + lint_roller (~> 1.0) + rubocop (~> 1.64.0) + standard-custom (~> 1.0.0) + standard-performance (~> 1.4) + standard-custom (1.0.2) + lint_roller (~> 1.0) + rubocop (~> 1.50) + standard-performance (1.4.0) + lint_roller (~> 1.1) + rubocop-performance (~> 1.21.0) + stringio (3.1.1) + strscan (3.1.0) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) + thor (1.3.1) + timeout (0.4.1) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + unicode-display_width (2.5.0) + web-console (4.2.1) + actionview (>= 6.0.0) + activemodel (>= 6.0.0) + bindex (>= 0.4.0) + railties (>= 6.0.0) + webrick (1.8.1) + websocket-driver (0.7.6) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.5) + zeitwerk (2.6.16) + +PLATFORMS + aarch64-linux + arm-linux + arm64-darwin + x86-linux + x86_64-darwin + x86_64-linux + +DEPENDENCIES + bootsnap + brakeman (~> 6.1) + bundler-audit (~> 0.9) + climate_control (~> 1.0) + cssbundling-rails + debug + dotenv-rails (~> 3.1) + i18n-tasks (~> 1.0) + jbuilder + jsbundling-rails + pg (~> 1.1) + puma (>= 5.0) + rails (~> 7.1.3, >= 7.1.3.4) + rails-erd (~> 1.7) + rails_template_18f + rspec-rails (~> 6.1) + secure_headers (~> 6.3) + sidekiq (~> 7.2) + sprockets-rails + standard (~> 1.36) + tzinfo-data + web-console + +RUBY VERSION + ruby 3.3.1p55 + +BUNDLED WITH + 2.5.9 diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..a9eb4a9 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,21 @@ +# License + +As a work of the [United States government](https://www.usa.gov/), this project is in the public domain within the United States of America. + +Additionally, we waive copyright and related rights in the work worldwide through the CC0 1.0 Universal public domain dedication. + +## CC0 1.0 Universal Summary + +This is a human-readable summary of the [Legal Code (read the full text)](https://creativecommons.org/publicdomain/zero/1.0/legalcode). + +### No Copyright + +The person who associated a work with this deed has dedicated the work to the public domain by waiving all of their rights to the work worldwide under copyright law, including all related and neighboring rights, to the extent allowed by law. + +You can copy, modify, distribute, and perform the work, even for commercial purposes, all without asking permission. + +### Other Information + +In no way are the patent or trademark rights of any person affected by CC0, nor are the rights that other persons may have in the work or in how the work is used, such as publicity or privacy rights. + +Unless expressly stated otherwise, the person who associated a work with this deed makes no warranties about the work, and disclaims liability for all uses of the work, to the fullest extent permitted by applicable law. When using or citing the work, you should not imply endorsement by the author or the affirmer. diff --git a/Procfile.dev b/Procfile.dev new file mode 100644 index 0000000..6291042 --- /dev/null +++ b/Procfile.dev @@ -0,0 +1,4 @@ +web: env RUBY_DEBUG_OPEN=true bin/rails server +js: yarn build --watch +css: yarn build:css --verbose --watch +worker: bundle exec sidekiq diff --git a/README.md b/README.md new file mode 100644 index 0000000..262ecfe --- /dev/null +++ b/README.md @@ -0,0 +1,227 @@ +Continuous Monitoring +======================== + +<> + +## Development + +If you're new to Rails, see the [Getting Started with Rails](https://guides.rubyonrails.org/getting_started.html) +guide for an introduction to the framework. + +### Local Setup + +* Install Ruby 3.3.1 +* Install NodeJS 20.13.1 +* Install homebrew dependencies: `brew bundle` + * [redis](https://redis.io/) + * [PostgreSQL](https://www.postgresql.org/) + * [Dockerize](https://github.com/jwilder/dockerize) + * [jq](https://stedolan.github.io/jq/) + * [ADR Tools](https://github.com/npryce/adr-tools) + * [Chromedriver](https://sites.google.com/chromium.org/driver/) + * Chromedriver must be allowed to run. You can either do that by: + * The command line: `xattr -d com.apple.quarantine $(which chromedriver)` (this is the only option if you are on Big Sur) + * Manually: clicking "allow" when you run the integration tests for the first time and a dialogue opens up +* Install Ruby dependencies: `bundle install` +* Install JS dependencies: `yarn install` +* Create database and run migrations: `bundle exec rake db:setup` +* Run the server: `bin/dev` +* Visit the site: http://localhost:3000 + +### Local Configuration + +Environment variables can be set in development using the [dotenv](https://github.com/bkeepers/dotenv) gem. + +Consistent but sensitive credentials should be added to `config/credentials.yml.enc` by using `$ rails credentials:edit` + +Production credentials should be added to `config/credentials/production.yml.enc` by using `$ rails credentials:edit --environment production` + +Any changes to variables in `.env` that should not be checked into git should be set +in `.env.local`. + +If you wish to override a config globally for the `test` Rails environment you can set it in `.env.test.local`. +However, any config that should be set on other machines should either go into `.env` or be explicitly set as part +of the test. + +## Security + +### Authentication + +TBD + +### Inline ` +``` + +As you can see we just threw away all of the cross site scripting protections of CSP by improperly using the nonce. diff --git a/doc/compliance/README.md b/doc/compliance/README.md new file mode 100644 index 0000000..20542b1 --- /dev/null +++ b/doc/compliance/README.md @@ -0,0 +1,47 @@ +# Compliance artifacts + +In order to maintain and revise compliance materials with minimal fuss, we store all artifacts as text source (eg Markdown, PlantUML, OSCAL), then generate rendered materials for consumption by downstream entities in the assessment and authorization process. + +This directory initially just contains system architecture diagrams corresponding to sections 1-12 of a typical System Security Plan (SSP) document. + +The source for other things (OSCAL for control descriptions, evidence generation scripts, etc) will appear here over time. + +## Documents + +### Application Boundary + +The UML source of the application boundary is stored at doc/compliance/apps/application.boundary.md. +The rendered output is saved to doc/compliance/rendered/apps/application.boundary.svg + +### Logical Data Model + +The logical data model will be auto-generated on each database migration. +The rendered output is saved to doc/compliance/rendered/apps/data.logical.pdf + +## Development + +These plugins may be helpful for editing diagrams. + +- vscode: [PlantUML extension](https://marketplace.visualstudio.com/items?itemName=jebbs.plantuml) + - Use "PlantUML: Export Current File Diagrams" to render the diagram in the current file (eg while iterating) + - Use "PlantUML: Export Workspace Diagrams" to render all diagrams (eg before pushing a branch) + +### VSCode PlantUML Settings + +| Setting name | Value | +| ------------ | ----- | +| Diagrams Root | `doc/compliance` | +| Export Format | `svg` | +| Export Out Dir | `doc/compliance/rendered` | +| Export Sub Folder | unchecked | +| File Extensions | append `.md` | +| Render | `PlantUMLServer` | +| Server | `http://localhost:8080` | + +### PlantUML Server + +The plugin default settings use the public server, https://www.plantuml.com/plantuml, which may **leak sensitive information**. Instead, run a local plantuml server: + +```bash +docker run -d -p 8080:8080 plantuml/plantuml-server:jetty +``` diff --git a/doc/compliance/TODO.md b/doc/compliance/TODO.md new file mode 100644 index 0000000..c6a5af9 --- /dev/null +++ b/doc/compliance/TODO.md @@ -0,0 +1,37 @@ +Compliance Tasks +================ + +This file contains a list of some tasks that can make your compliance journey a bit easier. + +These instructions assume that your application is being hosted on cloud.gov. + +Egress Spaces +------------- + +If your application requires outbound communication to services outside of cloud.gov: + +1. Set up `-egress` spaces for each environment. +1. Set that space to public egress with `bin/ops/set_space_egress.sh -s -egress -p` +1. Run [cg-egress-proxy](https://github.com/GSA/cg-egress-proxy#deploying-proxies-for-a-bunch-of-apps-automatically) in that space +1. Send all outbound traffic from your app through the proxy +1. Document this use under the SC-7 security control + +Log Drains +---------- + +Follow these directions to send your logs to an external consumer, such an S3 bucket for GSA SOC to ingest or New Relic + +1. Deploy the [logstash-shipper](https://github.com/GSA/datagov-logstack#setup) app in a management space. The management space could be its own space, or `-egress` +1. Deploy a [space-drain](https://github.com/GSA/datagov-logstack/blob/main/create-space-drain.sh) so that any app deployed to that space automatically has its logs shipped + +Drift Detection +--------------- + +1. Deploy [Watchtower](https://github.com/18F/watchtower) for drift detection + +Future Good Ideas +----------------- + +Other things that would be useful, but without decent implementations yet: + +* For RA-5, deploy a Monit sidecar buildpack to restart app if any anomalys are detected diff --git a/doc/compliance/apps/application.boundary.md b/doc/compliance/apps/application.boundary.md new file mode 100644 index 0000000..643da07 --- /dev/null +++ b/doc/compliance/apps/application.boundary.md @@ -0,0 +1,61 @@ +# Application boundary view + +![application boundary view](../rendered/apps/application.boundary.svg) + +```plantuml +@startuml +!include https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/master/C4_Container.puml +' uncomment the following line and comment the first to use locally +' !include C4_Container.puml +LAYOUT_WITH_LEGEND() +title application boundary view + +Person_Ext(public, "Public", "A member of the public") +Person(developer, "Developer", "Application developers") + +Boundary(device, "Computing Device", "Windows, OS X, Linux, iOS, Android"){ + System_Ext(browser, "Web Browser", "any modern version") +} +Rel(public, browser, "uses", "") + +note as EncryptionNote +All connections depicted are encrypted with TLS 1.2 unless otherwise noted. +end note +Boundary(aws, "AWS GovCloud") { + Boundary(cloudgov, "cloud.gov") { + System_Ext(cg_api, "cloud.gov API") + System_Ext(aws_alb, "cloud.gov load-balancer", "AWS ALB") + System_Ext(cloudgov_router, "<&layers> cloud.gov routers", "Cloud Foundry traffic service") + Boundary(atob, "ATO boundary") { + System_Boundary(inventory, "Application") { + Container(app, "<&layers> Continuous Monitoring", "Ruby 3.3.1, Rails 7.1.3.4", "TKTK Application Description") + ContainerDb(app_db, "Application DB", "AWS RDS (PostgreSQL)", "Primary data storage") + Container(worker, "<&layers> Sidekiq workers", "Ruby 3.3.1, Sidekiq", "Perform background work and data processing") + ContainerDb(redis, "Redis Database", "AWS ElastiCache (Redis)", "Background job queue") + } + } + } +} + +Boundary(gsa_saas, "GSA-authorized SaaS") { +} + +Boundary(cicd, "CI/CD Pipeline") { + System_Ext(githuball, "GitHub w/ GitHub Actions", "GSA-controlled code repository and Continuous Integration Service") +} + +Rel(browser, aws_alb, "request info, submit requests", "https GET/POST (443)") +Rel(aws_alb, cloudgov_router, "proxies requests", "https GET/POST (443)") +Rel(cloudgov_router, app, "proxies requests", "https GET/POST (443)") +Rel(app, app_db, "reads/writes primary data", "psql (5432)") +Rel(app, redis, "enqueue job parameters", "redis") +Rel(worker, redis, "dequeues job parameters", "redis") +Rel(worker, app_db, "reads/writes primary data", "psql (5432)") +Rel(developer, githuball, "Publish code", "git ssh (22)") +Rel(githuball, cg_api, "Deploy App", "Auth: SpaceDeployer Service Account, https (443)") +@enduml +``` + +### Notes + +* See the help docs for [C4 variant of PlantUML](https://github.com/RicardoNiepel/C4-PlantUML) for syntax help. diff --git a/doc/compliance/oscal/.keep b/doc/compliance/oscal/.keep new file mode 100644 index 0000000..e69de29 diff --git a/doc/compliance/oscal/component-definitions/github_actions/component-definition.json b/doc/compliance/oscal/component-definitions/github_actions/component-definition.json new file mode 100644 index 0000000..e179f9c --- /dev/null +++ b/doc/compliance/oscal/component-definitions/github_actions/component-definition.json @@ -0,0 +1,310 @@ +{ + "component-definition": { + "uuid": "b804945e-c0cb-4254-bebf-2c599f61c7a4", + "metadata": { + "title": "GitHub Actions Component Definition.", + "last-modified": "2024-06-10T21:22:51.617878+00:00", + "version": "0.0.1", + "oscal-version": "1.1.2" + }, + "components": [ + { + "uuid": "d86c09e8-8003-4223-8070-a87b83e8b118", + "type": "service", + "title": "GitHub Actions", + "description": "GitHub Actions CI/CD Pipeline", + "props": [ + { + "name": "Rule_Id", + "value": "properly-configured", + "remarks": "rule-config" + }, + { + "name": "Rule_Description", + "value": "System Owner has configured the system to properly utilize CI/CD for all tests, scans, and deployments", + "remarks": "rule-config" + }, + { + "name": "Rule_Id", + "value": "branch-protections", + "remarks": "rule-branch" + }, + { + "name": "Rule_Description", + "value": "System Owner has configured GitHub branch protections as described in control", + "remarks": "rule-branch" + } + ], + "control-implementations": [ + { + "uuid": "aa42c844-500d-4072-b92e-53e063a635bd", + "source": "trestle://profiles/lato/profile.json", + "description": "", + "implemented-requirements": [ + { + "uuid": "e0fa131a-1139-4a17-ab7f-8cf52a345288", + "control-id": "ca-7", + "description": "", + "statements": [ + { + "statement-id": "ca-7_smt.a", + "uuid": "6d113e20-3fc5-4937-8ff3-61c1bb1af2d0", + "description": "* continuous_monitoring DevOps staff review OWASP and Dependency scans every build, or at least weekly.\n* continuous_monitoring DevOps staff and the GSA ISSO review Web Application vulnerability scans on a weekly basis.\n* continuous_monitoring Administrators and DevOps staff review changes for potential security impact and engage the continuous_monitoring ISSO and ISSM who will review or engage assessment staff as needed.", + "props": [ + { + "name": "Rule_Id", + "value": "properly-configured" + }, + { + "name": "implementation-status", + "value": "partial" + } + ] + } + ] + }, + { + "uuid": "624e1e20-4c20-4a5c-a3c0-2ef603090498", + "control-id": "cm-2.2", + "description": "The continuous_monitoring team develops, documents, and maintains a current baseline for the continuous_monitoring application\ncomponents under configuration control, managed via git and github.com, and orchestrated using GitHub Actions\nand the cloud.gov Cloud Foundry CLI.\n\nNote: All cloud.gov brokered services (including databases) are fully managed by the cloud.gov platform.\nDue to this, the configuration and security of these services are not included in the continuous_monitoring configuration baseline.", + "props": [ + { + "name": "Rule_Id", + "value": "properly-configured" + }, + { + "name": "implementation-status", + "value": "implemented" + } + ] + }, + { + "uuid": "8906821c-bf90-4cc9-afda-db61d2e8a212", + "control-id": "cm-3.1", + "description": "", + "statements": [ + { + "statement-id": "cm-3.1_smt.f", + "uuid": "4b5c5828-16b9-4cf1-a329-f447726bbcef", + "description": "GitHub Actions is used to execute proposed changes to the information system.\nAdministrators and Developers for continuous_monitoring are automatically notified of\nthe success or failure of the change execution via the GitHub notification system.", + "props": [ + { + "name": "Rule_Id", + "value": "properly-configured" + }, + { + "name": "implementation-status", + "value": "implemented" + } + ] + } + ] + }, + { + "uuid": "db085642-8b08-476f-9d08-fe4c71cb2e40", + "control-id": "ra-5", + "description": "", + "statements": [ + { + "statement-id": "ra-5_smt.a", + "uuid": "30d6c6fc-0e55-484e-8832-35d9c4c511f9", + "description": "Any vulnerabilities in continuous_monitoring would have to be introduced at time of deployment because continuous_monitoring\nis a set of cloud.gov managed applications with SSH disabled in Production. continuous_monitoring monitors for\nvulnerabilities by ensuring that scans for vulnerabilities in the information system and hosted applications occur\ndaily and when new code is deployed.\n\nOWASP ZAP scans are built into the GitHub Actions CI/CD pipeline and runs a series of web vulnerability scans before\na successful deploy can be made to cloud.gov. Any issues or alerts caused by the scan are documented by continuous_monitoring\nOperations and cause the deployment to fail. Issues are tracked in GitHub. The issue posted will provide information\non which endpoints are vulnerable and the level of vulnerability, ranging from **False Positive** to **High**.\nThe issue also provides a detailed report formatted in html, json, and markdown.\n\nSystem Administrators are responsible for reporting any new vulnerabilities reported by the OWASP ZAP scan to the continuous_monitoring ISSO.", + "props": [ + { + "name": "Rule_Id", + "value": "properly-configured" + }, + { + "name": "implementation-status", + "value": "implemented" + } + ] + }, + { + "statement-id": "ra-5_smt.b", + "uuid": "71880ff9-0d82-440c-ab8d-29f0abab0045", + "description": "1. Alerts from each ZAP vulnerability scan are automatically reported in GitHub as an issue on the continuous_monitoring repository. This issue will enumerate each finding and detail the type and severity of the vulnerability. continuous_monitoring Developers and continuous_monitoring Administrators receive automated alerts via GitHub of the issues to remediate. Scan results are sent to the continuous_monitoring System Owner by continuous_monitoring Administrators. The vulnerabilities are analyzed and prioritized within GitHub based on input from the System Owner and ISSO.\n1. The ZAP report contains vulnerabilities grouped by type and by risk level. The report also provides a detailed report formatted in html, json, and markdown. The reported issues also include the CVE item associated with the vulnerability.\n1. Vulnerabilities are classified by ZAP under a level range from **False Positive** to **High**. The impact level is used to drive the priority of the effort to remediate.", + "props": [ + { + "name": "Rule_Id", + "value": "properly-configured" + }, + { + "name": "implementation-status", + "value": "implemented" + } + ] + }, + { + "statement-id": "ra-5_smt.c", + "uuid": "6ab6f84e-5a5d-4cf5-94fa-569be0f1fa61", + "description": "The ZAP vulnerability report contains information about how the attack was made and suggested solutions for each vulnerability found. Any static code analysis findings identified during automation as part of the GitHub pull request process must be reviewed, analyzed, and resolved by the continuous_monitoring Developer before the team can merge the pull request.", + "props": [ + { + "name": "Rule_Id", + "value": "properly-configured" + }, + { + "name": "Rule_Id", + "value": "branch-protections" + }, + { + "name": "implementation-status", + "value": "planned" + } + ] + } + ] + }, + { + "uuid": "75fba3a0-30f6-4fb0-9929-99627252560a", + "control-id": "sa-11.1", + "description": "The CI/CD pipeline utilizes multiple tools to perform static code analysis for security and privacy:\n\n* **Brakeman** is a static code scanner designed to find security issues in Ruby on Rails code. It can flag potential SQL injection,\nCommand Injection, open redirects, and other common vulnerabilities.\n* **bundle-audit** checks Ruby dependencies against a database of known CVE numbers.\n* **yarn audit** checks Javascript dependencies against a database of known CVE numbers.\n* **OWASP ZAP** is a dynamic security scanner that can simulate actual attacks on a running server.\n\nAn additional RAILS_ENV has been created called ci. It inherits from production to ensure that the system being tested is as close as possible to production while allowing for overrides such as bypassing authentication in a secure way.", + "props": [ + { + "name": "Rule_Id", + "value": "properly-configured" + }, + { + "name": "implementation-status", + "value": "implemented" + } + ] + }, + { + "uuid": "674c916f-ffef-4751-8073-2533e37d046f", + "control-id": "sa-22", + "description": "", + "statements": [ + { + "statement-id": "sa-22_smt.a", + "uuid": "14ab85ab-1746-47d1-9ccb-21a736013899", + "description": "The continuous_monitoring application is built and supported by the continuous_monitoring DevOps staff.\n\nThe application utilizes public open source Ruby and NodeJS components.\n\nThe application utilizes dependency scanning tools Bundle Audit and Yarn Audit to find vulnerable or insecure dependencies.\n\nIf a vulnerable or insecure dependency is found it will be upgraded or replaced. Additionally the continuous_monitoring team code review processes include a review of the health (up to date, supported, many individuals involved) of direct open source dependencies.", + "props": [ + { + "name": "Rule_Id", + "value": "properly-configured" + }, + { + "name": "implementation-status", + "value": "implemented" + } + ] + }, + { + "statement-id": "sa-22_smt.b", + "uuid": "44646913-4919-4725-bd26-7647213a6469", + "description": "There are currently no unsupported system components within continuous_monitoring. In case an unsupported system component is required to maintain continuous_monitoring, the continuous_monitoring System Owner will be consulted to make a determination in coordination with the continuous_monitoring ISSO and ISSM.", + "props": [ + { + "name": "Rule_Id", + "value": "properly-configured" + }, + { + "name": "implementation-status", + "value": "implemented" + } + ] + } + ] + }, + { + "uuid": "001779d3-01b4-4f5b-a9ee-5b78a32d9b9f", + "control-id": "sc-28.1", + "description": "As an additional layer of protection, all PII data is encrypted using [Active Record Encryption — Ruby on Rails Guides](https://guides.rubyonrails.org/active_record_encryption.html).\nThis encryption is implemented in a using non-deterministic AES-256-GCM through Ruby's openssl library with a 256-bit key and a random initialization vector {rails crypto module}.\n\nThe Data Encryption Key is stored in the credentials.yml file in an encrypted format by Ruby's openssl library using the AES-128-GCM cipher,\nand is built into the application package.\n\nThe credentials.yml decryption key is stored in GitHub Actions and injected into the running application as an environmental variable. The application then uses this key\nto decrypt the credentials.yml file and obtain the Data Encryption Key.\n\nA backup of the key is stored by the Lead Developer and System Owner within a keepass database stored in Google Drive.", + "props": [ + { + "name": "Rule_Id", + "value": "properly-configured" + }, + { + "name": "implementation-status", + "value": "partial" + } + ] + }, + { + "uuid": "0feeb621-8ce2-49f9-96a9-366e7e2ebee4", + "control-id": "si-2", + "description": "", + "statements": [ + { + "statement-id": "si-2_smt.a", + "uuid": "9545b50e-f930-4875-afef-f5e5c566be74", + "description": "Flaw and vulnerability checks are built into the continuous_monitoring CI/CD pipeline and automated to ensure compliance. Dynamic vulnerability scans are performed against continuous_monitoring before a successful deployment and reports issues after every scan.\n\nCompliance is documented in sections SA-11 and RA-5. The continuous_monitoring DevOps team uses GitHub as the Product Backlog to track and prioritize issues related to system flaws.\n\nThe responsibility of remediating flaws and vulnerabilities (once a remediation is available) falls on the continuous_monitoring Developer, who updates the continuous_monitoring code and deploys fixes as part of the normal development and CI/CD process.", + "props": [ + { + "name": "Rule_Id", + "value": "properly-configured" + }, + { + "name": "Rule_Id", + "value": "branch-protections" + }, + { + "name": "implementation-status", + "value": "implemented" + } + ] + }, + { + "statement-id": "si-2_smt.b", + "uuid": "f2713c7a-6ae5-41d6-98a8-f39519e68ec1", + "description": "Any flaws or vulnerabilities resolved in continuous_monitoring result in a GitHub issue for triage via the continuous_monitoring CM Configuration Control process described in CM-2(2). After resolving a vulnerability or flaw in continuous_monitoring, unit tests and integration tests are updated to prevent further inclusion of similar flaws.\n\n* All GitHub tickets have accompanying Acceptance Criteria that are used to create unit tests.\n* Unit tests are run on the Development environment when new code is pushed.\n* Integration tests are run on the Test environment when the remediation is deployed via the CI/CD process to ensure that the production environment does not suffer from any side effects of the vulnerability remediation.\n* Integration tests are run on the Prod environment when the remediation is deployed via the CI/CD process to validate the remediation and application functionality.\n* All findings that are not remediated immediately are tracked in the #{app_name} Plan of Action and Milestones (POAM) by continuous_monitoring Operations and the continuous_monitoring ISSO.", + "props": [ + { + "name": "Rule_Id", + "value": "properly-configured" + }, + { + "name": "implementation-status", + "value": "implemented" + } + ] + } + ] + }, + { + "uuid": "d9305c54-588b-4e58-8bb6-2dcfa9d50c9f", + "control-id": "si-10", + "description": "All inputs from the end user are parameterized prior to use to avoid potential sql injection.\n\nBrakeman scanner is impelmented within GitHub Actions which further identifies coding practices\nthat may lead to application vulnerabilities that are a result of improper input validation.", + "props": [ + { + "name": "Rule_Id", + "value": "properly-configured" + }, + { + "name": "implementation-status", + "value": "partial" + } + ] + }, + { + "uuid": "68820fd8-8a19-4074-aedb-9dbb9e175339", + "control-id": "sr-3", + "description": "", + "statements": [ + { + "statement-id": "sr-3_smt.b", + "uuid": "e265c455-ccec-4c34-afda-952498c79118", + "description": "A complete Software Bill of Materials (SBOM) for all Ruby dependencies is automatically\ngenerated by GitHub Actions on each push to GitHub as well as on a nightly basis. These can be downloaded\nfrom the applicable artifact section for each CI job.", + "props": [ + { + "name": "Rule_Id", + "value": "properly-configured" + }, + { + "name": "implementation-status", + "value": "partial" + } + ] + } + ] + } + ] + } + ] + } + ] + } +} diff --git a/doc/compliance/oscal/trestle-config.yaml b/doc/compliance/oscal/trestle-config.yaml new file mode 100644 index 0000000..ed9413d --- /dev/null +++ b/doc/compliance/oscal/trestle-config.yaml @@ -0,0 +1,7 @@ +# docker-trestle configuration file +# for ease of future rails_template18f generator use, keep the components list last in this file +system-name: "continuous_monitoring" +profile: lato +components: + - cloud_gov + - github_actions diff --git a/doc/compliance/rendered/apps/.keep b/doc/compliance/rendered/apps/.keep new file mode 100644 index 0000000..e69de29 diff --git a/lib/assets/.keep b/lib/assets/.keep new file mode 100644 index 0000000..e69de29 diff --git a/lib/tasks/.keep b/lib/tasks/.keep new file mode 100644 index 0000000..e69de29 diff --git a/lib/tasks/auto_generate_diagram.rake b/lib/tasks/auto_generate_diagram.rake new file mode 100644 index 0000000..1df0696 --- /dev/null +++ b/lib/tasks/auto_generate_diagram.rake @@ -0,0 +1,6 @@ +# NOTE: only doing this in development as some production environments (Heroku) +# NOTE: are sensitive to local FS writes, and besides -- it's just not proper +# NOTE: to have a dev-mode tool do its thing in production. +if Rails.env.development? + RailsERD.load_tasks +end diff --git a/lib/tasks/cf.rake b/lib/tasks/cf.rake new file mode 100644 index 0000000..1326341 --- /dev/null +++ b/lib/tasks/cf.rake @@ -0,0 +1,9 @@ +namespace :cf do + desc "Only run on the first application instance" + task :on_first_instance do + instance_index = Integer(ENV["CF_INSTANCE_INDEX"]) + exit(0) unless instance_index == 0 + rescue + exit(0) + end +end diff --git a/lib/tasks/scanning.rake b/lib/tasks/scanning.rake new file mode 100644 index 0000000..000877c --- /dev/null +++ b/lib/tasks/scanning.rake @@ -0,0 +1,63 @@ +desc "Run brakeman with potential non-0 return code" +task :brakeman do + # -z flag makes it return non-0 if there are any warnings + # -q quiets output + unless system("brakeman -z -q") # system is true if return is 0, false otherwise + abort("Brakeman detected one or more code problems, please run it manually and inspect the output.") + end +end + +namespace :bundler do + require "bundler/audit/cli" + + desc "Updates the ruby-advisory-db and runs audit" + task :audit do + %w[update check].each do |command| + Bundler::Audit::CLI.start [command] + end + end +rescue LoadError + # no-op, probably in a production environment +end + +namespace :yarn do + desc "Run yarn audit" + task :audit do + require "open3" + stdout, stderr, status = Open3.capture3("yarn audit --json") + unless status.success? + puts stderr + parsed = JSON.parse("[#{stdout.lines.join(",")}]") + puts JSON.pretty_generate(parsed) + if /503 Service Unavailable/.match?(stderr) + puts "Ignoring unavailable server" + elsif all_issues_ignored?(parsed) + puts "Ignoring known and accepted yarn audit results" + else + puts "Failed with exit code #{status.exitstatus}" + exit status.exitstatus + end + end + end +end + +def all_issues_ignored?(issues) + present_advisories_with_frequencies = Hash.new { |hash, key| hash[key] = 0 } + + # Only look at audit advisories, and not audit summaries + issues.select { |issue_json| issue_json["type"] == "auditAdvisory" }.each do |issue_json| + present_advisories_with_frequencies[issue_json["data"]["advisory"]["id"]] += 1 + end + + # Advisory ID to be ignored with number of times it appears in project dependencies + # And, a comment as to why we're ignoring + ignored_advisories_with_frequencies = { + # 1005154 => 2, # high - inefficient regex in dev server and at build time + } + + pp "Present advisories: #{present_advisories_with_frequencies}" + pp "Ignored advisories: #{ignored_advisories_with_frequencies}" + present_advisories_with_frequencies == ignored_advisories_with_frequencies +end + +task default: ["standard", "brakeman", "bundler:audit", "yarn:audit"] diff --git a/log/.keep b/log/.keep new file mode 100644 index 0000000..e69de29 diff --git a/manifest.yml b/manifest.yml new file mode 100644 index 0000000..a59916e --- /dev/null +++ b/manifest.yml @@ -0,0 +1,23 @@ +--- +applications: +- name: continuous_monitoring-((env)) + buildpacks: + - nodejs_buildpack + - ruby_buildpack + env: + RAILS_MASTER_KEY: ((rails_master_key)) + RAILS_ENV: ((env)) + RAILS_LOG_TO_STDOUT: true + RAILS_SERVE_STATIC_FILES: true + processes: + - type: worker + instances: ((worker_instances)) + memory: ((worker_memory)) + command: bundle exec sidekiq + - type: web + instances: ((web_instances)) + memory: ((web_memory)) + command: bundle exec rake cf:on_first_instance db:migrate && bundle exec rails s -b 0.0.0.0 -p $PORT -e $RAILS_ENV + services: + - continuous_monitoring-redis-((env)) + - continuous_monitoring-rds-((env)) diff --git a/pa11y.js b/pa11y.js new file mode 100644 index 0000000..8519e6a --- /dev/null +++ b/pa11y.js @@ -0,0 +1,12 @@ +module.exports = { + defaults: { + standard: "WCAG2AA", + runners: ["axe"], + hideElements: [ + ".usa-banner__button-text" // axe can't determine the background color for this button + ] + }, + urls: [ + "http://localhost:3000" + ] +}; diff --git a/pa11yci.js b/pa11yci.js new file mode 100644 index 0000000..4e22907 --- /dev/null +++ b/pa11yci.js @@ -0,0 +1,8 @@ +let defaults = require("./pa11y.js"); + +// set chrome path for github actions +defaults.defaults.chromeLaunchConfig = { + "executablePath": "/usr/bin/google-chrome" +}; + +module.exports = defaults; diff --git a/package.json b/package.json new file mode 100644 index 0000000..cc063e7 --- /dev/null +++ b/package.json @@ -0,0 +1,26 @@ +{ + "name": "app", + "private": true, + "dependencies": { + "@csstools/postcss-sass": "^5.1.1", + "@uswds/uswds": "^3.8.1", + "autoprefixer": "^10.4.19", + "postcss": "^8.4.38", + "postcss-cli": "^11.0.0", + "postcss-import": "^16.1.0", + "postcss-minify": "^1.1.0", + "postcss-scss": "^4.0.9", + "webpack": "^5.92.1", + "webpack-cli": "^5.1.4" + }, + "scripts": { + "build": "webpack --config webpack.config.js", + "build:css": "postcss ./app/assets/stylesheets/application.postcss.scss -o ./app/assets/builds/application.css" + }, + "devDependencies": { + "pa11y-ci": "^3.1.0" + }, + "resolutions": { + "@csstools/postcss-sass/@csstools/sass-import-resolve": "https://github.com/rahearn/sass-import-resolve" + } +} diff --git a/postcss.config.js b/postcss.config.js new file mode 100644 index 0000000..e96c749 --- /dev/null +++ b/postcss.config.js @@ -0,0 +1,11 @@ +module.exports = { + syntax: 'postcss-scss', + plugins: [ + require('postcss-import'), + require('@csstools/postcss-sass')({ + includePaths: ['./node_modules/@uswds/uswds/packages'], + }), + require('autoprefixer'), + process.env.NODE_ENV === 'production' ? require('postcss-minify') : null, + ], +} diff --git a/public/404.html b/public/404.html new file mode 100644 index 0000000..2be3af2 --- /dev/null +++ b/public/404.html @@ -0,0 +1,67 @@ + + + + The page you were looking for doesn't exist (404) + + + + + + +
+
+

The page you were looking for doesn't exist.

+

You may have mistyped the address or the page may have moved.

+
+

If you are the application owner check the logs for more information.

+
+ + diff --git a/public/422.html b/public/422.html new file mode 100644 index 0000000..c08eac0 --- /dev/null +++ b/public/422.html @@ -0,0 +1,67 @@ + + + + The change you wanted was rejected (422) + + + + + + +
+
+

The change you wanted was rejected.

+

Maybe you tried to change something you didn't have access to.

+
+

If you are the application owner check the logs for more information.

+
+ + diff --git a/public/500.html b/public/500.html new file mode 100644 index 0000000..78a030a --- /dev/null +++ b/public/500.html @@ -0,0 +1,66 @@ + + + + We're sorry, but something went wrong (500) + + + + + + +
+
+

We're sorry, but something went wrong.

+
+

If you are the application owner check the logs for more information.

+
+ + diff --git a/public/apple-touch-icon-precomposed.png b/public/apple-touch-icon-precomposed.png new file mode 100644 index 0000000..e69de29 diff --git a/public/apple-touch-icon.png b/public/apple-touch-icon.png new file mode 100644 index 0000000..e69de29 diff --git a/public/favicon.ico b/public/favicon.ico new file mode 100644 index 0000000..e69de29 diff --git a/public/robots.txt b/public/robots.txt new file mode 100644 index 0000000..c19f78a --- /dev/null +++ b/public/robots.txt @@ -0,0 +1 @@ +# See https://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file diff --git a/spec/i18n_spec.rb b/spec/i18n_spec.rb new file mode 100644 index 0000000..890699c --- /dev/null +++ b/spec/i18n_spec.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: true + +require "i18n/tasks" + +RSpec.describe I18n do + let(:i18n) { I18n::Tasks::BaseTask.new } + let(:missing_keys) { i18n.missing_keys } + let(:unused_keys) { i18n.unused_keys } + let(:inconsistent_interpolations) { i18n.inconsistent_interpolations } + + it "does not have missing keys" do + expect(missing_keys).to be_empty, + "Missing #{missing_keys.leaves.count} i18n keys, run `i18n-tasks missing' to show them" + end + + it "does not have unused keys" do + expect(unused_keys).to be_empty, + "#{unused_keys.leaves.count} unused i18n keys, run `i18n-tasks unused' to show them" + end + + it "files are normalized" do + non_normalized = i18n.non_normalized_paths + error_message = "The following files need to be normalized:\n" \ + "#{non_normalized.map { |path| " #{path}" }.join("\n")}\n" \ + "Please run `i18n-tasks normalize' to fix" + expect(non_normalized).to be_empty, error_message + end + + it "does not have inconsistent interpolations" do + error_message = "#{inconsistent_interpolations.leaves.count} i18n keys have inconsistent interpolations.\n" \ + "Run `i18n-tasks check-consistent-interpolations' to show them" + expect(inconsistent_interpolations).to be_empty, error_message + end +end diff --git a/spec/models/cloud_gov_config_spec.rb b/spec/models/cloud_gov_config_spec.rb new file mode 100644 index 0000000..37c3c33 --- /dev/null +++ b/spec/models/cloud_gov_config_spec.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: true + +require "rails_helper" + +RSpec.describe CloudGovConfig, type: :model do + subject { described_class } + + describe ".dig" do + context "VCAP_SERVICES is blank" do + it "returns nil" do + expect(subject.dig(:s3, :credentials, :bucket)).to be_nil + end + end + + context "VCAP_SERVICES is set" do + let(:bucket_name) { "bucket-name" } + let(:vcap) { + { + s3: [ + { + credentials: { + bucket: bucket_name + } + } + ] + } + } + + around do |example| + ClimateControl.modify VCAP_SERVICES: vcap.to_json do + example.run + end + end + + it "can find a path" do + expect(subject.dig(:s3, :credentials, :bucket)).to eq bucket_name + end + + it "returns nil for a missing path" do + expect(subject.dig(:s3, :missing)).to be_nil + end + + it "returns nil for a missing service" do + expect(subject.dig(:rds, :credentials)).to be_nil + end + end + end +end diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb new file mode 100644 index 0000000..db6d989 --- /dev/null +++ b/spec/rails_helper.rb @@ -0,0 +1,65 @@ +# This file is copied to spec/ when you run 'rails generate rspec:install' +require "spec_helper" +ENV["RAILS_ENV"] ||= "test" +require_relative "../config/environment" +# Prevent database truncation if the environment is production +abort("The Rails environment is running in production mode!") if Rails.env.production? +require "rspec/rails" +# Add additional requires below this line. Rails is not loaded until this point! + +# Requires supporting ruby files with custom matchers and macros, etc, in +# spec/support/ and its subdirectories. Files matching `spec/**/*_spec.rb` are +# run as spec files by default. This means that files in spec/support that end +# in _spec.rb will both be required and run as specs, causing the specs to be +# run twice. It is recommended that you do not name files matching this glob to +# end with _spec.rb. You can configure this pattern with the --pattern +# option on the command line or in ~/.rspec, .rspec or `.rspec-local`. +# +# The following line is provided for convenience purposes. It has the downside +# of increasing the boot-up time by auto-requiring all files in the support +# directory. Alternatively, in the individual `*_spec.rb` files, manually +# require only the support files necessary. +# +# Rails.root.glob('spec/support/**/*.rb').sort.each { |f| require f } + +# Checks for pending migrations and applies them before tests are run. +# If you are not using ActiveRecord, you can remove these lines. +begin + ActiveRecord::Migration.maintain_test_schema! +rescue ActiveRecord::PendingMigrationError => e + abort e.to_s.strip +end +RSpec.configure do |config| + # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures + config.fixture_paths = [ + Rails.root.join("spec/fixtures") + ] + + # If you're not using ActiveRecord, or you'd prefer not to run each of your + # examples within a transaction, remove the following line or assign false + # instead of true. + config.use_transactional_fixtures = true + + # You can uncomment this line to turn off ActiveRecord support entirely. + # config.use_active_record = false + + # RSpec Rails can automatically mix in different behaviours to your tests + # based on their file location, for example enabling you to call `get` and + # `post` in specs under `spec/controllers`. + # + # You can disable this behaviour by removing the line below, and instead + # explicitly tag your specs with their type, e.g.: + # + # RSpec.describe UsersController, type: :controller do + # # ... + # end + # + # The different available types are documented in the features, such as in + # https://rspec.info/features/6-0/rspec-rails + config.infer_spec_type_from_file_location! + + # Filter lines from Rails gems in backtraces. + config.filter_rails_from_backtrace! + # arbitrary gems may also be filtered via: + # config.filter_gems_from_backtrace("gem name") +end diff --git a/spec/requests/pages_spec.rb b/spec/requests/pages_spec.rb new file mode 100644 index 0000000..26f1292 --- /dev/null +++ b/spec/requests/pages_spec.rb @@ -0,0 +1,10 @@ +require "rails_helper" + +RSpec.describe "Pages", type: :request do + describe "GET /home" do + it "returns http success" do + get "/" + expect(response).to have_http_status(:success) + end + end +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb new file mode 100644 index 0000000..c002d8c --- /dev/null +++ b/spec/spec_helper.rb @@ -0,0 +1,93 @@ +# This file was generated by the `rails generate rspec:install` command. Conventionally, all +# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`. +# The generated `.rspec` file contains `--require spec_helper` which will cause +# this file to always be loaded, without a need to explicitly require it in any +# files. +# +# Given that it is always loaded, you are encouraged to keep this file as +# light-weight as possible. Requiring heavyweight dependencies from this file +# will add to the boot time of your test suite on EVERY test run, even for an +# individual file that may not need all of that loaded. Instead, consider making +# a separate helper file that requires the additional dependencies and performs +# the additional setup, and require it from the spec files that actually need +# it. +# +# See https://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration +RSpec.configure do |config| + # rspec-expectations config goes here. You can use an alternate + # assertion/expectation library such as wrong or the stdlib/minitest + # assertions if you prefer. + config.expect_with :rspec do |expectations| + # This option will default to `true` in RSpec 4. It makes the `description` + # and `failure_message` of custom matchers include text for helper methods + # defined using `chain`, e.g.: + # be_bigger_than(2).and_smaller_than(4).description + # # => "be bigger than 2 and smaller than 4" + # ...rather than: + # # => "be bigger than 2" + expectations.include_chain_clauses_in_custom_matcher_descriptions = true + end + + # rspec-mocks config goes here. You can use an alternate test double + # library (such as bogus or mocha) by changing the `mock_with` option here. + config.mock_with :rspec do |mocks| + # Prevents you from mocking or stubbing a method that does not exist on + # a real object. This is generally recommended, and will default to + # `true` in RSpec 4. + mocks.verify_partial_doubles = true + end + + # This option will default to `:apply_to_host_groups` in RSpec 4 (and will + # have no way to turn it off -- the option exists only for backwards + # compatibility in RSpec 3). It causes shared context metadata to be + # inherited by the metadata hash of host groups and examples, rather than + # triggering implicit auto-inclusion in groups with matching metadata. + config.shared_context_metadata_behavior = :apply_to_host_groups + + # The settings below are suggested to provide a good initial experience + # with RSpec, but feel free to customize to your heart's content. + + # This allows you to limit a spec run to individual examples or groups + # you care about by tagging them with `:focus` metadata. When nothing + # is tagged with `:focus`, all examples get run. RSpec also provides + # aliases for `it`, `describe`, and `context` that include `:focus` + # metadata: `fit`, `fdescribe` and `fcontext`, respectively. + config.filter_run_when_matching :focus + + # Allows RSpec to persist some state between runs in order to support + # the `--only-failures` and `--next-failure` CLI options. We recommend + # you configure your source control system to ignore this file. + config.example_status_persistence_file_path = "spec/examples.txt" + + # Limits the available syntax to the non-monkey patched syntax that is + # recommended. For more details, see: + # https://rspec.info/features/3-12/rspec-core/configuration/zero-monkey-patching-mode/ + config.disable_monkey_patching! + + # Many RSpec users commonly either run the entire suite or an individual + # file, and it's useful to allow more verbose output when running an + # individual spec file. + if config.files_to_run.one? + # Use the documentation formatter for detailed output, + # unless a formatter has already been configured + # (e.g. via a command-line flag). + config.default_formatter = "doc" + end + + # Print the 10 slowest examples and example groups at the + # end of the spec run, to help surface which specs are running + # particularly slow. + config.profile_examples = 10 + + # Run specs in random order to surface order dependencies. If you find an + # order dependency and want to debug it, you can fix the order by providing + # the seed, which is printed after each run. + # --seed 1234 + config.order = :random + + # Seed global randomization in this process using the `--seed` CLI option. + # Setting this allows you to use `--seed` to deterministically reproduce + # test failures related to randomization by passing the same `--seed` value + # as the one that triggered the failure. + Kernel.srand config.seed +end diff --git a/spec/views/pages/home.html.erb_spec.rb b/spec/views/pages/home.html.erb_spec.rb new file mode 100644 index 0000000..6ce2e2a --- /dev/null +++ b/spec/views/pages/home.html.erb_spec.rb @@ -0,0 +1,8 @@ +require "rails_helper" + +RSpec.describe "pages/home.html.erb", type: :view do + it "displays the gov banner" do + render template: "pages/home", layout: "layouts/application" + expect(rendered).to match "An official website of the United States government" + end +end diff --git a/storage/.keep b/storage/.keep new file mode 100644 index 0000000..e69de29 diff --git a/terraform/README.md b/terraform/README.md new file mode 100644 index 0000000..2e95825 --- /dev/null +++ b/terraform/README.md @@ -0,0 +1,133 @@ +# Terraform + +This directory holds the terraform modules for maintaining your complete persistent infrastructure. + +Prerequisite: install the `jq` JSON processor: `brew bundle` or `brew install jq` + +## Initial project setup + +These steps only need to be run once per project. + +1. Manually [bootstrap the state storage bucket](#bootstrapping-the-state-storage-s3-buckets-for-the-first-time) within the `bootstrap` directory +1. Setup CI/CD Pipeline to run Terraform + 1. Copy bootstrap credentials to your CI/CD secrets using the instructions in the base README + 1. Create a cloud.gov SpaceDeployer by following the instructions under `SpaceDeployers` + 1. Copy SpaceDeployer credentials to your CI/CD secrets using the instructions in the base README +1. Manually Running Terraform + 1. Follow instructions under `Set up a new environment` to create your infrastructure + +## Initial developer setup + +These steps should be run for any developer that needs to start running terraform or who just moved to a new machine. + +They are not necessary for the developer who runs the [initial project setup](#initial-project-setup) + +1. Import the existing bootstrap resources to your local state with `./import.sh` +1. Follow instructions under [Use bootstrap credentials](#use-bootstrap-credentials) + + +## Terraform State Credentials + +The `bootstrap` module is used to create an s3 bucket for later terraform runs to store their state in. + +### Bootstrapping the state storage s3 buckets for the first time + +These steps are run once per project. + +1. Run `./run.sh init` +1. Run `./run.sh apply` to set up the bucket and retrieve credentials +1. Follow instructions under [Use bootstrap credentials](#use-bootstrap-credentials) +1. Ensure that `import.sh` includes a line and correct IDs for any resources created +1. Run `./teardown_creds.sh` to remove the space deployer account used to create the s3 bucket + +### To make changes to the bootstrap module + +*This should not be necessary in most cases* + +1. Make your changes +1. Run `./run.sh plan` to verify the changes are what you expect +1. Continue from step 2 of the [boostrapping instructions](#bootstrapping-the-state-storage-s3-buckets-for-the-first-time) + +### Use bootstrap credentials + +1. Add the following to `~/.aws/credentials` + ``` + [continuous_monitoring-terraform-backend] + aws_access_key_id = + aws_secret_access_key = + ``` + +1. Copy `BUCKET` from `run.sh` output to the backend block of `staging/providers.tf` and `production/providers.tf` + +## SpaceDeployers + +A [SpaceDeployer](https://cloud.gov/docs/services/cloud-gov-service-account/) account is required to run terraform or +deploy the application from the CI/CD pipeline. Create a new account by running: + +`../bin/ops/create_service_account.sh -s -u ` + +## Set up a new environment manually + +The below steps rely on you first configuring access to the Terraform state in s3 as described in [initial project setup](#initial-project-setup) or [initial developer setup](#initial-developer-setup). + +1. `cd` to the environment you are working in + +1. Set up a SpaceDeployer and save the credentials in a file named `secrets.auto.tfvars` + ```bash + # create a space deployer service instance that can log in with just a username and password + # the value of < SPACE_NAME > should be `staging` or `prod` depending on where you are working + # the value for < ACCOUNT_NAME > can be anything, although we recommend + # something that communicates the purpose of the deployer + # for example: circleci-deployer for the credentials CircleCI uses to + # deploy the application or -terraform for credentials to run terraform manually + ../../bin/ops/create_service_account.sh -s -u > secrets.auto.tfvars + ``` + + The script will output the `username` (as `cf_user`) and `password` (as `cf_password`) for your ``. Read more in the [cloud.gov service account documentation](https://cloud.gov/docs/services/cloud-gov-service-account/). + + The easiest way to use this script locally is to redirect the output directly to the `secrets.auto.tfvars` file it needs to be used in + +1. Run terraform from your new environment directory with + ```bash + terraform init -backend-config="profile=continuous_monitoring-terraform-backend" + terraform plan + ``` + +1. Apply changes with `terraform apply`. + +1. Remove the space deployer service instance if it doesn't need to be used again, such as when manually running terraform plan before letting CI/CD apply the changes. + ```bash + # and have the same values as used above. + ../../bin/ops/destroy_service_account.sh -s -u + ``` + +## Structure + +Each environment has its own module. + +``` +- bootstrap/ + |- main.tf + |- providers.tf + |- variables.tf + |- run.sh + |- teardown_creds.sh + |- import.sh +- / + |- main.tf + |- providers.tf + |- variables.tf +``` + +In the environment-specific modules: +- `providers.tf` lists the required providers +- `main.tf` calls the shared Terraform code, but this is also a place where you can add any other services, resources, etc, which you would like to set up for that environment +- `variables.tf` lists the variables that will be needed, either to pass through to the child module or for use in this module + +In the bootstrap module: +- `providers.tf` lists the required providers +- `main.tf` sets up s3 bucket to be shared across all environments. It lives in `prod` to communicate that it should not be deleted +- `variables.tf` lists the variables that will be needed. Most values are hard-coded in this module +- `run.sh` Helper script to set up a space deployer and run terraform. The terraform action (`init`/`show`/`plan`/`apply`/`destroy`) is passed as an argument +- `teardown_creds.sh` Helper script to remove the space deployer setup as part of `run.sh` +- `import.sh` Helper script to create a new local state file when new developers need to access the state file diff --git a/terraform/bootstrap/import.sh b/terraform/bootstrap/import.sh new file mode 100755 index 0000000..f152007 --- /dev/null +++ b/terraform/bootstrap/import.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +read -p "Are you sure you want to import terraform state (y/n)? " verify + +if [[ $verify == "y" ]]; then + echo "Importing bootstrap state" + ./run.sh init + ./run.sh import module.s3.cloudfoundry_service_instance.bucket TKTK + ./run.sh import cloudfoundry_service_key.bucket_creds TKTK + ./run.sh plan +else + echo "Not importing bootstrap state" +fi diff --git a/terraform/bootstrap/main.tf b/terraform/bootstrap/main.tf new file mode 100644 index 0000000..70904a7 --- /dev/null +++ b/terraform/bootstrap/main.tf @@ -0,0 +1,21 @@ +locals { + s3_service_name = "continuous_monitoring-terraform-state" +} + +module "s3" { + source = "github.com/gsa-tts/terraform-cloudgov//s3?ref=v1.0.0" + + cf_org_name = "gsa-tts-devtools-prototyping" + cf_space_name = "rahearn" + name = local.s3_service_name +} + +resource "cloudfoundry_service_key" "bucket_creds" { + name = "${local.s3_service_name}-access" + service_instance = module.s3.bucket_id +} + +output "bucket_credentials" { + value = cloudfoundry_service_key.bucket_creds.credentials + sensitive = true +} diff --git a/terraform/bootstrap/providers.tf b/terraform/bootstrap/providers.tf new file mode 100644 index 0000000..3c699e7 --- /dev/null +++ b/terraform/bootstrap/providers.tf @@ -0,0 +1,16 @@ +terraform { + required_version = "~> 1.0" + required_providers { + cloudfoundry = { + source = "cloudfoundry-community/cloudfoundry" + version = "0.53.1" + } + } +} + +provider "cloudfoundry" { + api_url = "https://api.fr.cloud.gov" + user = var.cf_user + password = var.cf_password + app_logs_max = 30 +} diff --git a/terraform/bootstrap/run.sh b/terraform/bootstrap/run.sh new file mode 100755 index 0000000..5f73e6d --- /dev/null +++ b/terraform/bootstrap/run.sh @@ -0,0 +1,39 @@ +#!/usr/bin/env bash + +if ! command -v jq &> /dev/null +then + echo "jq must be installed. Run 'brew bundle' to install everything in the Brewfile" + exit 1 +fi +if ! command -v terraform &> /dev/null +then + echo "terraform must be installed before running this script" + exit 1 +fi + +dig_output () { + dig_result=`cat terraform.tfstate | jq -r ".outputs.bucket_credentials.value.$1"` +} + +if [[ ! -f "secrets.auto.tfvars" ]]; then + ../../bin/ops/create_service_account.sh -s rahearn -u config-bootstrap-deployer > secrets.auto.tfvars +fi + +if [[ $# -gt 0 ]]; then + echo "Running terraform $@" + terraform $@ + if [[ -f terraform.tfstate ]]; then + echo + echo "Credentials for terraform state bucket:" + dig_output "bucket" + echo "BUCKET=$dig_result" + dig_output "access_key_id" + echo "AWS_ACCESS_KEY_ID=$dig_result" + dig_output "secret_access_key" + echo "AWS_SECRET_ACCESS_KEY=$dig_result" + dig_output "region" + echo "AWS_REGION=$dig_result" + fi +else + echo "Not running terraform" +fi diff --git a/terraform/bootstrap/teardown_creds.sh b/terraform/bootstrap/teardown_creds.sh new file mode 100755 index 0000000..dde9393 --- /dev/null +++ b/terraform/bootstrap/teardown_creds.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +../../bin/ops/destroy_service_account.sh -s rahearn -u config-bootstrap-deployer + +rm secrets.auto.tfvars diff --git a/terraform/bootstrap/variables.tf b/terraform/bootstrap/variables.tf new file mode 100644 index 0000000..2fe5005 --- /dev/null +++ b/terraform/bootstrap/variables.tf @@ -0,0 +1,2 @@ +variable "cf_password" {} +variable "cf_user" {} diff --git a/terraform/production/main.tf b/terraform/production/main.tf new file mode 100644 index 0000000..beba652 --- /dev/null +++ b/terraform/production/main.tf @@ -0,0 +1,44 @@ +locals { + cf_org_name = "gsa-tts-devtools-prototyping" + cf_space_name = "rahearn" + env = "production" + app_name = "continuous_monitoring" +} + +module "database" { + source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v1.0.0" + + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-rds-${local.env}" + rds_plan_name = "TKTK-production-rds-plan" +} + +module "redis" { + source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v1.0.0" + + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-redis-${local.env}" + redis_plan_name = "TKTK-production-redis-plan" +} + + + +########################################################################### +# The following lines need to be commented out for the initial `terraform apply` +# It can be re-enabled after: +# 1) the app has first been deployed +# 2) the route has been manually created by an OrgManager: +# `cf create-domain gsa-tts-devtools-prototyping TKTK-production-domain-name` +########################################################################### +# module "domain" { +# source = "github.com/gsa-tts/terraform-cloudgov//domain?ref=v1.0.0" +# +# cf_org_name = local.cf_org_name +# cf_space_name = local.cf_space_name +# app_name_or_id = "${local.app_name}-${local.env}" +# cdn_plan_name = "domain" +# domain_name = "TKTK-production-domain-name" +# host_name = "TKTK-production-hostname (optional)" +# } diff --git a/terraform/production/providers.tf b/terraform/production/providers.tf new file mode 100644 index 0000000..feaa0cc --- /dev/null +++ b/terraform/production/providers.tf @@ -0,0 +1,23 @@ +terraform { + required_version = "~> 1.0" + required_providers { + cloudfoundry = { + source = "cloudfoundry-community/cloudfoundry" + version = "0.53.1" + } + } + + backend "s3" { + bucket = "TKTK-s3-bucket" + key = "terraform.tfstate.prod" + encrypt = "true" + region = "us-gov-west-1" + } +} + +provider "cloudfoundry" { + api_url = "https://api.fr.cloud.gov" + user = var.cf_user + password = var.cf_password + app_logs_max = 30 +} diff --git a/terraform/production/variables.tf b/terraform/production/variables.tf new file mode 100644 index 0000000..2fe5005 --- /dev/null +++ b/terraform/production/variables.tf @@ -0,0 +1,2 @@ +variable "cf_password" {} +variable "cf_user" {} diff --git a/terraform/staging/main.tf b/terraform/staging/main.tf new file mode 100644 index 0000000..b9902e1 --- /dev/null +++ b/terraform/staging/main.tf @@ -0,0 +1,26 @@ +locals { + cf_org_name = "gsa-tts-devtools-prototyping" + cf_space_name = "rahearn" + env = "staging" + app_name = "continuous_monitoring" +} + +module "database" { + source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v1.0.0" + + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-rds-${local.env}" + rds_plan_name = "micro-psql" +} + +module "redis" { + source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v1.0.0" + + cf_org_name = local.cf_org_name + cf_space_name = local.cf_space_name + name = "${local.app_name}-redis-${local.env}" + redis_plan_name = "redis-dev" +} + + diff --git a/terraform/staging/providers.tf b/terraform/staging/providers.tf new file mode 100644 index 0000000..8401aad --- /dev/null +++ b/terraform/staging/providers.tf @@ -0,0 +1,23 @@ +terraform { + required_version = "~> 1.0" + required_providers { + cloudfoundry = { + source = "cloudfoundry-community/cloudfoundry" + version = "0.53.1" + } + } + + backend "s3" { + bucket = "TKTK-s3-bucket" + key = "terraform.tfstate.stage" + encrypt = "true" + region = "us-gov-west-1" + } +} + +provider "cloudfoundry" { + api_url = "https://api.fr.cloud.gov" + user = var.cf_user + password = var.cf_password + app_logs_max = 30 +} diff --git a/terraform/staging/variables.tf b/terraform/staging/variables.tf new file mode 100644 index 0000000..2fe5005 --- /dev/null +++ b/terraform/staging/variables.tf @@ -0,0 +1,2 @@ +variable "cf_password" {} +variable "cf_user" {} diff --git a/tmp/.keep b/tmp/.keep new file mode 100644 index 0000000..e69de29 diff --git a/tmp/pids/.keep b/tmp/pids/.keep new file mode 100644 index 0000000..e69de29 diff --git a/tmp/storage/.keep b/tmp/storage/.keep new file mode 100644 index 0000000..e69de29 diff --git a/vendor/.keep b/vendor/.keep new file mode 100644 index 0000000..e69de29 diff --git a/webpack.config.js b/webpack.config.js new file mode 100644 index 0000000..557a746 --- /dev/null +++ b/webpack.config.js @@ -0,0 +1,21 @@ +const path = require("path") +const webpack = require("webpack") + +module.exports = { + mode: "production", + devtool: "source-map", + entry: { + application: "./app/javascript/application.js" + }, + output: { + filename: "[name].js", + sourceMapFilename: "[file].map", + chunkFormat: "module", + path: path.resolve(__dirname, "app/assets/builds"), + }, + plugins: [ + new webpack.optimize.LimitChunkCountPlugin({ + maxChunks: 1 + }) + ] +} diff --git a/yarn.lock b/yarn.lock new file mode 100644 index 0000000..f4ed8ad --- /dev/null +++ b/yarn.lock @@ -0,0 +1,2031 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +"@csstools/postcss-sass@^5.1.1": + version "5.1.1" + resolved "https://registry.yarnpkg.com/@csstools/postcss-sass/-/postcss-sass-5.1.1.tgz#135921df13bc56bee50c7470a66e4e9f3d5c89ae" + integrity sha512-La7bgTcM6YwPBLqlaXg7lMLry82iLv1a+S1RmgvHq2mH2Zd57L2anjZvJC8ACUHWc4M9fXws93dq6gaK0kZyAw== + dependencies: + "@csstools/sass-import-resolve" "^1.0.0" + sass "^1.69.5" + source-map "~0.7.4" + +"@csstools/sass-import-resolve@^1.0.0", "@csstools/sass-import-resolve@https://github.com/rahearn/sass-import-resolve": + version "1.0.0" + resolved "https://github.com/rahearn/sass-import-resolve#e2414ce43a3330cd8f2ea208e19a1a872b6153ff" + +"@discoveryjs/json-ext@^0.5.0": + version "0.5.7" + resolved "https://registry.yarnpkg.com/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz#1d572bfbbe14b7704e0ba0f39b74815b84870d70" + integrity sha512-dBVuXR082gk3jsFp7Rd/JI4kytwGHecnCoTtXFb7DB6CNHp4rg5k1bhg0nWdLGLnOV71lmDzGQaLMy8iPLY0pw== + +"@jridgewell/gen-mapping@^0.3.5": + version "0.3.5" + resolved "https://registry.yarnpkg.com/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz#dcce6aff74bdf6dad1a95802b69b04a2fcb1fb36" + integrity sha512-IzL8ZoEDIBRWEzlCcRhOaCupYyN5gdIK+Q6fbFdPDg6HqX6jpkItn7DFIpW9LQzXG6Df9sA7+OKnq0qlz/GaQg== + dependencies: + "@jridgewell/set-array" "^1.2.1" + "@jridgewell/sourcemap-codec" "^1.4.10" + "@jridgewell/trace-mapping" "^0.3.24" + +"@jridgewell/resolve-uri@^3.1.0": + version "3.1.2" + resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz#7a0ee601f60f99a20c7c7c5ff0c80388c1189bd6" + integrity sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw== + +"@jridgewell/set-array@^1.2.1": + version "1.2.1" + resolved "https://registry.yarnpkg.com/@jridgewell/set-array/-/set-array-1.2.1.tgz#558fb6472ed16a4c850b889530e6b36438c49280" + integrity sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A== + +"@jridgewell/source-map@^0.3.3": + version "0.3.6" + resolved "https://registry.yarnpkg.com/@jridgewell/source-map/-/source-map-0.3.6.tgz#9d71ca886e32502eb9362c9a74a46787c36df81a" + integrity sha512-1ZJTZebgqllO79ue2bm3rIGud/bOe0pP5BjSRCRxxYkEZS8STV7zN84UBbiYu7jy+eCKSnVIUgoWWE/tt+shMQ== + dependencies: + "@jridgewell/gen-mapping" "^0.3.5" + "@jridgewell/trace-mapping" "^0.3.25" + +"@jridgewell/sourcemap-codec@^1.4.10", "@jridgewell/sourcemap-codec@^1.4.14": + version "1.4.15" + resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz#d7c6e6755c78567a951e04ab52ef0fd26de59f32" + integrity sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg== + +"@jridgewell/trace-mapping@^0.3.20", "@jridgewell/trace-mapping@^0.3.24", "@jridgewell/trace-mapping@^0.3.25": + version "0.3.25" + resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz#15f190e98895f3fc23276ee14bc76b675c2e50f0" + integrity sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ== + dependencies: + "@jridgewell/resolve-uri" "^3.1.0" + "@jridgewell/sourcemap-codec" "^1.4.14" + +"@nodelib/fs.scandir@2.1.5": + version "2.1.5" + resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5" + integrity sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g== + dependencies: + "@nodelib/fs.stat" "2.0.5" + run-parallel "^1.1.9" + +"@nodelib/fs.stat@2.0.5", "@nodelib/fs.stat@^2.0.2": + version "2.0.5" + resolved "https://registry.yarnpkg.com/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz#5bd262af94e9d25bd1e71b05deed44876a222e8b" + integrity sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A== + +"@nodelib/fs.walk@^1.2.3": + version "1.2.8" + resolved "https://registry.yarnpkg.com/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz#e95737e8bb6746ddedf69c556953494f196fe69a" + integrity sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg== + dependencies: + "@nodelib/fs.scandir" "2.1.5" + fastq "^1.6.0" + +"@sindresorhus/merge-streams@^2.1.0": + version "2.3.0" + resolved "https://registry.yarnpkg.com/@sindresorhus/merge-streams/-/merge-streams-2.3.0.tgz#719df7fb41766bc143369eaa0dd56d8dc87c9958" + integrity sha512-LtoMMhxAlorcGhmFYI+LhPgbPZCkgP6ra1YL604EeF6U98pLlQ3iWIGMdWSC+vWmPBWBNgmDBAhnAobLROJmwg== + +"@types/eslint-scope@^3.7.3": + version "3.7.7" + resolved "https://registry.yarnpkg.com/@types/eslint-scope/-/eslint-scope-3.7.7.tgz#3108bd5f18b0cdb277c867b3dd449c9ed7079ac5" + integrity sha512-MzMFlSLBqNF2gcHWO0G1vP/YQyfvrxZ0bF+u7mzUdZ1/xK4A4sru+nraZz5i3iEIk1l1uyicaDVTB4QbbEkAYg== + dependencies: + "@types/eslint" "*" + "@types/estree" "*" + +"@types/eslint@*": + version "8.56.10" + resolved "https://registry.yarnpkg.com/@types/eslint/-/eslint-8.56.10.tgz#eb2370a73bf04a901eeba8f22595c7ee0f7eb58d" + integrity sha512-Shavhk87gCtY2fhXDctcfS3e6FdxWkCx1iUZ9eEUbh7rTqlZT0/IzOkCOVt0fCjcFuZ9FPYfuezTBImfHCDBGQ== + dependencies: + "@types/estree" "*" + "@types/json-schema" "*" + +"@types/estree@*", "@types/estree@^1.0.5": + version "1.0.5" + resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.5.tgz#a6ce3e556e00fd9895dd872dd172ad0d4bd687f4" + integrity sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw== + +"@types/json-schema@*", "@types/json-schema@^7.0.8": + version "7.0.15" + resolved "https://registry.yarnpkg.com/@types/json-schema/-/json-schema-7.0.15.tgz#596a1747233694d50f6ad8a7869fcb6f56cf5841" + integrity sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA== + +"@types/node@*": + version "20.14.8" + resolved "https://registry.yarnpkg.com/@types/node/-/node-20.14.8.tgz#45c26a2a5de26c3534a9504530ddb3b27ce031ac" + integrity sha512-DO+2/jZinXfROG7j7WKFn/3C6nFwxy2lLpgLjEXJz+0XKphZlTLJ14mo8Vfg8X5BWN6XjyESXq+LcYdT7tR3bA== + dependencies: + undici-types "~5.26.4" + +"@types/yauzl@^2.9.1": + version "2.10.3" + resolved "https://registry.yarnpkg.com/@types/yauzl/-/yauzl-2.10.3.tgz#e9b2808b4f109504a03cda958259876f61017999" + integrity sha512-oJoftv0LSuaDZE3Le4DbKX+KS9G36NzOeSap90UIK0yMA/NhKJhqlSGtNDORNRaIbQfzjXDrQa0ytJ6mNRGz/Q== + dependencies: + "@types/node" "*" + +"@uswds/uswds@^3.8.1": + version "3.8.1" + resolved "https://registry.yarnpkg.com/@uswds/uswds/-/uswds-3.8.1.tgz#3d834559498ae1bb7d3a618f3f85a5f4e9818497" + integrity sha512-bKG/B9mJF1v0yoqth48wQDzST5Xyu3OxxpePIPDyhKWS84oDrCehnu3Z88JhSjdIAJMl8dtjtH8YvdO9kZUpAg== + dependencies: + classlist-polyfill "1.2.0" + object-assign "4.1.1" + receptor "1.0.0" + resolve-id-refs "0.1.0" + +"@webassemblyjs/ast@1.12.1", "@webassemblyjs/ast@^1.12.1": + version "1.12.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/ast/-/ast-1.12.1.tgz#bb16a0e8b1914f979f45864c23819cc3e3f0d4bb" + integrity sha512-EKfMUOPRRUTy5UII4qJDGPpqfwjOmZ5jeGFwid9mnoqIFK+e0vqoi1qH56JpmZSzEL53jKnNzScdmftJyG5xWg== + dependencies: + "@webassemblyjs/helper-numbers" "1.11.6" + "@webassemblyjs/helper-wasm-bytecode" "1.11.6" + +"@webassemblyjs/floating-point-hex-parser@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.6.tgz#dacbcb95aff135c8260f77fa3b4c5fea600a6431" + integrity sha512-ejAj9hfRJ2XMsNHk/v6Fu2dGS+i4UaXBXGemOfQ/JfQ6mdQg/WXtwleQRLLS4OvfDhv8rYnVwH27YJLMyYsxhw== + +"@webassemblyjs/helper-api-error@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.6.tgz#6132f68c4acd59dcd141c44b18cbebbd9f2fa768" + integrity sha512-o0YkoP4pVu4rN8aTJgAyj9hC2Sv5UlkzCHhxqWj8butaLvnpdc2jOwh4ewE6CX0txSfLn/UYaV/pheS2Txg//Q== + +"@webassemblyjs/helper-buffer@1.12.1": + version "1.12.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-buffer/-/helper-buffer-1.12.1.tgz#6df20d272ea5439bf20ab3492b7fb70e9bfcb3f6" + integrity sha512-nzJwQw99DNDKr9BVCOZcLuJJUlqkJh+kVzVl6Fmq/tI5ZtEyWT1KZMyOXltXLZJmDtvLCDgwsyrkohEtopTXCw== + +"@webassemblyjs/helper-numbers@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.6.tgz#cbce5e7e0c1bd32cf4905ae444ef64cea919f1b5" + integrity sha512-vUIhZ8LZoIWHBohiEObxVm6hwP034jwmc9kuq5GdHZH0wiLVLIPcMCdpJzG4C11cHoQ25TFIQj9kaVADVX7N3g== + dependencies: + "@webassemblyjs/floating-point-hex-parser" "1.11.6" + "@webassemblyjs/helper-api-error" "1.11.6" + "@xtuc/long" "4.2.2" + +"@webassemblyjs/helper-wasm-bytecode@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.6.tgz#bb2ebdb3b83aa26d9baad4c46d4315283acd51e9" + integrity sha512-sFFHKwcmBprO9e7Icf0+gddyWYDViL8bpPjJJl0WHxCdETktXdmtWLGVzoHbqUcY4Be1LkNfwTmXOJUFZYSJdA== + +"@webassemblyjs/helper-wasm-section@1.12.1": + version "1.12.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.12.1.tgz#3da623233ae1a60409b509a52ade9bc22a37f7bf" + integrity sha512-Jif4vfB6FJlUlSbgEMHUyk1j234GTNG9dBJ4XJdOySoj518Xj0oGsNi59cUQF4RRMS9ouBUxDDdyBVfPTypa5g== + dependencies: + "@webassemblyjs/ast" "1.12.1" + "@webassemblyjs/helper-buffer" "1.12.1" + "@webassemblyjs/helper-wasm-bytecode" "1.11.6" + "@webassemblyjs/wasm-gen" "1.12.1" + +"@webassemblyjs/ieee754@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/ieee754/-/ieee754-1.11.6.tgz#bb665c91d0b14fffceb0e38298c329af043c6e3a" + integrity sha512-LM4p2csPNvbij6U1f19v6WR56QZ8JcHg3QIJTlSwzFcmx6WSORicYj6I63f9yU1kEUtrpG+kjkiIAkevHpDXrg== + dependencies: + "@xtuc/ieee754" "^1.2.0" + +"@webassemblyjs/leb128@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/leb128/-/leb128-1.11.6.tgz#70e60e5e82f9ac81118bc25381a0b283893240d7" + integrity sha512-m7a0FhE67DQXgouf1tbN5XQcdWoNgaAuoULHIfGFIEVKA6tu/edls6XnIlkmS6FrXAquJRPni3ZZKjw6FSPjPQ== + dependencies: + "@xtuc/long" "4.2.2" + +"@webassemblyjs/utf8@1.11.6": + version "1.11.6" + resolved "https://registry.yarnpkg.com/@webassemblyjs/utf8/-/utf8-1.11.6.tgz#90f8bc34c561595fe156603be7253cdbcd0fab5a" + integrity sha512-vtXf2wTQ3+up9Zsg8sa2yWiQpzSsMyXj0qViVP6xKGCUT8p8YJ6HqI7l5eCnWx1T/FYdsv07HQs2wTFbbof/RA== + +"@webassemblyjs/wasm-edit@^1.12.1": + version "1.12.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-edit/-/wasm-edit-1.12.1.tgz#9f9f3ff52a14c980939be0ef9d5df9ebc678ae3b" + integrity sha512-1DuwbVvADvS5mGnXbE+c9NfA8QRcZ6iKquqjjmR10k6o+zzsRVesil54DKexiowcFCPdr/Q0qaMgB01+SQ1u6g== + dependencies: + "@webassemblyjs/ast" "1.12.1" + "@webassemblyjs/helper-buffer" "1.12.1" + "@webassemblyjs/helper-wasm-bytecode" "1.11.6" + "@webassemblyjs/helper-wasm-section" "1.12.1" + "@webassemblyjs/wasm-gen" "1.12.1" + "@webassemblyjs/wasm-opt" "1.12.1" + "@webassemblyjs/wasm-parser" "1.12.1" + "@webassemblyjs/wast-printer" "1.12.1" + +"@webassemblyjs/wasm-gen@1.12.1": + version "1.12.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-gen/-/wasm-gen-1.12.1.tgz#a6520601da1b5700448273666a71ad0a45d78547" + integrity sha512-TDq4Ojh9fcohAw6OIMXqiIcTq5KUXTGRkVxbSo1hQnSy6lAM5GSdfwWeSxpAo0YzgsgF182E/U0mDNhuA0tW7w== + dependencies: + "@webassemblyjs/ast" "1.12.1" + "@webassemblyjs/helper-wasm-bytecode" "1.11.6" + "@webassemblyjs/ieee754" "1.11.6" + "@webassemblyjs/leb128" "1.11.6" + "@webassemblyjs/utf8" "1.11.6" + +"@webassemblyjs/wasm-opt@1.12.1": + version "1.12.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-opt/-/wasm-opt-1.12.1.tgz#9e6e81475dfcfb62dab574ac2dda38226c232bc5" + integrity sha512-Jg99j/2gG2iaz3hijw857AVYekZe2SAskcqlWIZXjji5WStnOpVoat3gQfT/Q5tb2djnCjBtMocY/Su1GfxPBg== + dependencies: + "@webassemblyjs/ast" "1.12.1" + "@webassemblyjs/helper-buffer" "1.12.1" + "@webassemblyjs/wasm-gen" "1.12.1" + "@webassemblyjs/wasm-parser" "1.12.1" + +"@webassemblyjs/wasm-parser@1.12.1", "@webassemblyjs/wasm-parser@^1.12.1": + version "1.12.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-parser/-/wasm-parser-1.12.1.tgz#c47acb90e6f083391e3fa61d113650eea1e95937" + integrity sha512-xikIi7c2FHXysxXe3COrVUPSheuBtpcfhbpFj4gmu7KRLYOzANztwUU0IbsqvMqzuNK2+glRGWCEqZo1WCLyAQ== + dependencies: + "@webassemblyjs/ast" "1.12.1" + "@webassemblyjs/helper-api-error" "1.11.6" + "@webassemblyjs/helper-wasm-bytecode" "1.11.6" + "@webassemblyjs/ieee754" "1.11.6" + "@webassemblyjs/leb128" "1.11.6" + "@webassemblyjs/utf8" "1.11.6" + +"@webassemblyjs/wast-printer@1.12.1": + version "1.12.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wast-printer/-/wast-printer-1.12.1.tgz#bcecf661d7d1abdaf989d8341a4833e33e2b31ac" + integrity sha512-+X4WAlOisVWQMikjbcvY2e0rwPsKQ9F688lksZhBcPycBBuii3O7m8FACbDMWDojpAqvjIncrG8J0XHKyQfVeA== + dependencies: + "@webassemblyjs/ast" "1.12.1" + "@xtuc/long" "4.2.2" + +"@webpack-cli/configtest@^2.1.1": + version "2.1.1" + resolved "https://registry.yarnpkg.com/@webpack-cli/configtest/-/configtest-2.1.1.tgz#3b2f852e91dac6e3b85fb2a314fb8bef46d94646" + integrity sha512-wy0mglZpDSiSS0XHrVR+BAdId2+yxPSoJW8fsna3ZpYSlufjvxnP4YbKTCBZnNIcGN4r6ZPXV55X4mYExOfLmw== + +"@webpack-cli/info@^2.0.2": + version "2.0.2" + resolved "https://registry.yarnpkg.com/@webpack-cli/info/-/info-2.0.2.tgz#cc3fbf22efeb88ff62310cf885c5b09f44ae0fdd" + integrity sha512-zLHQdI/Qs1UyT5UBdWNqsARasIA+AaF8t+4u2aS2nEpBQh2mWIVb8qAklq0eUENnC5mOItrIB4LiS9xMtph18A== + +"@webpack-cli/serve@^2.0.5": + version "2.0.5" + resolved "https://registry.yarnpkg.com/@webpack-cli/serve/-/serve-2.0.5.tgz#325db42395cd49fe6c14057f9a900e427df8810e" + integrity sha512-lqaoKnRYBdo1UgDX8uF24AfGMifWK19TxPmM5FHc2vAGxrJ/qtyUyFBWoY1tISZdelsQ5fBcOusifo5o5wSJxQ== + +"@xtuc/ieee754@^1.2.0": + version "1.2.0" + resolved "https://registry.yarnpkg.com/@xtuc/ieee754/-/ieee754-1.2.0.tgz#eef014a3145ae477a1cbc00cd1e552336dceb790" + integrity sha512-DX8nKgqcGwsc0eJSqYt5lwP4DH5FlHnmuWWBRy7X0NcaGR0ZtuyeESgMwTYVEtxmsNGY+qit4QYT/MIYTOTPeA== + +"@xtuc/long@4.2.2": + version "4.2.2" + resolved "https://registry.yarnpkg.com/@xtuc/long/-/long-4.2.2.tgz#d291c6a4e97989b5c61d9acf396ae4fe133a718d" + integrity sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ== + +acorn-import-attributes@^1.9.5: + version "1.9.5" + resolved "https://registry.yarnpkg.com/acorn-import-attributes/-/acorn-import-attributes-1.9.5.tgz#7eb1557b1ba05ef18b5ed0ec67591bfab04688ef" + integrity sha512-n02Vykv5uA3eHGM/Z2dQrcD56kL8TyDb2p1+0P83PClMnC/nc+anbQRhIOWnSq4Ke/KvDPrY3C9hDtC/A3eHnQ== + +acorn@^8.7.1, acorn@^8.8.2: + version "8.12.0" + resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.12.0.tgz#1627bfa2e058148036133b8d9b51a700663c294c" + integrity sha512-RTvkC4w+KNXrM39/lWCUaG0IbRkWdCv7W/IOW9oU6SawyxulvkQy5HQPVTKxEjczcUvapcrw3cFx/60VN/NRNw== + +agent-base@6: + version "6.0.2" + resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-6.0.2.tgz#49fff58577cfee3f37176feab4c22e00f86d7f77" + integrity sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ== + dependencies: + debug "4" + +ajv-keywords@^3.5.2: + version "3.5.2" + resolved "https://registry.yarnpkg.com/ajv-keywords/-/ajv-keywords-3.5.2.tgz#31f29da5ab6e00d1c2d329acf7b5929614d5014d" + integrity sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ== + +ajv@^6.12.5: + version "6.12.6" + resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.6.tgz#baf5a62e802b07d977034586f8c3baf5adf26df4" + integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g== + dependencies: + fast-deep-equal "^3.1.1" + fast-json-stable-stringify "^2.0.0" + json-schema-traverse "^0.4.1" + uri-js "^4.2.2" + +ansi-regex@^5.0.1: + version "5.0.1" + resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304" + integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ== + +ansi-styles@^4.0.0: + version "4.3.0" + resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-4.3.0.tgz#edd803628ae71c04c85ae7a0906edad34b648937" + integrity sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg== + dependencies: + color-convert "^2.0.1" + +anymatch@~3.1.2: + version "3.1.3" + resolved "https://registry.yarnpkg.com/anymatch/-/anymatch-3.1.3.tgz#790c58b19ba1720a84205b57c618d5ad8524973e" + integrity sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw== + dependencies: + normalize-path "^3.0.0" + picomatch "^2.0.4" + +array-union@^1.0.1: + version "1.0.2" + resolved "https://registry.yarnpkg.com/array-union/-/array-union-1.0.2.tgz#9a34410e4f4e3da23dea375be5be70f24778ec39" + integrity sha512-Dxr6QJj/RdU/hCaBjOfxW+q6lyuVE6JFWIrAUpuOOhoJJoQ99cUn3igRaHVB5P9WrgFVN0FfArM3x0cueOU8ng== + dependencies: + array-uniq "^1.0.1" + +array-uniq@^1.0.1: + version "1.0.3" + resolved "https://registry.yarnpkg.com/array-uniq/-/array-uniq-1.0.3.tgz#af6ac877a25cc7f74e058894753858dfdb24fdb6" + integrity sha512-MNha4BWQ6JbwhFhj03YK552f7cb3AzoE8SzeljgChvL1dl3IcvggXVz1DilzySZkCja+CXuZbdW7yATchWn8/Q== + +async@~2.6.4: + version "2.6.4" + resolved "https://registry.yarnpkg.com/async/-/async-2.6.4.tgz#706b7ff6084664cd7eae713f6f965433b5504221" + integrity sha512-mzo5dfJYwAn29PeiJ0zvwTo04zj8HDJj0Mn8TD7sno7q12prdbnasKJHhkm2c1LgrhlJ0teaea8860oxi51mGA== + dependencies: + lodash "^4.17.14" + +autoprefixer@^10.4.19: + version "10.4.19" + resolved "https://registry.yarnpkg.com/autoprefixer/-/autoprefixer-10.4.19.tgz#ad25a856e82ee9d7898c59583c1afeb3fa65f89f" + integrity sha512-BaENR2+zBZ8xXhM4pUaKUxlVdxZ0EZhjvbopwnXmxRUfqDmwSpC2lAi/QXvx7NRdPCo1WKEcEF6mV64si1z4Ew== + dependencies: + browserslist "^4.23.0" + caniuse-lite "^1.0.30001599" + fraction.js "^4.3.7" + normalize-range "^0.1.2" + picocolors "^1.0.0" + postcss-value-parser "^4.2.0" + +axe-core@~4.2.1: + version "4.2.4" + resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.2.4.tgz#626cfbd1827985c5b20a9b9ae5bc3dbe8a3df490" + integrity sha512-9AiDKFKUCWEQm1Kj4lcq7KFavLqSXdf2m/zJo+NVh4VXlW5iwXRJ6alkKmipCyYorsRnqsICH9XLubP1jBF+Og== + +balanced-match@^1.0.0: + version "1.0.2" + resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.2.tgz#e83e3a7e3f300b34cb9d87f615fa0cbf357690ee" + integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw== + +base64-js@^1.3.1: + version "1.5.1" + resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a" + integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA== + +bfj@~7.0.2: + version "7.0.2" + resolved "https://registry.yarnpkg.com/bfj/-/bfj-7.0.2.tgz#1988ce76f3add9ac2913fd8ba47aad9e651bfbb2" + integrity sha512-+e/UqUzwmzJamNF50tBV6tZPTORow7gQ96iFow+8b562OdMpEK0BcJEq2OSPEDmAbSMBQ7PKZ87ubFkgxpYWgw== + dependencies: + bluebird "^3.5.5" + check-types "^11.1.1" + hoopy "^0.1.4" + tryer "^1.0.1" + +binary-extensions@^2.0.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-2.3.0.tgz#f6e14a97858d327252200242d4ccfe522c445522" + integrity sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw== + +bl@^4.0.3: + version "4.1.0" + resolved "https://registry.yarnpkg.com/bl/-/bl-4.1.0.tgz#451535264182bec2fbbc83a62ab98cf11d9f7b3a" + integrity sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w== + dependencies: + buffer "^5.5.0" + inherits "^2.0.4" + readable-stream "^3.4.0" + +bluebird@^3.5.5: + version "3.7.2" + resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.7.2.tgz#9f229c15be272454ffa973ace0dbee79a1b0c36f" + integrity sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg== + +boolbase@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/boolbase/-/boolbase-1.0.0.tgz#68dff5fbe60c51eb37725ea9e3ed310dcc1e776e" + integrity sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww== + +brace-expansion@^1.1.7: + version "1.1.11" + resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd" + integrity sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA== + dependencies: + balanced-match "^1.0.0" + concat-map "0.0.1" + +braces@^3.0.3, braces@~3.0.2: + version "3.0.3" + resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789" + integrity sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA== + dependencies: + fill-range "^7.1.1" + +browserslist@^4.21.10, browserslist@^4.23.0: + version "4.23.1" + resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.23.1.tgz#ce4af0534b3d37db5c1a4ca98b9080f985041e96" + integrity sha512-TUfofFo/KsK/bWZ9TWQ5O26tsWW4Uhmt8IYklbnUa70udB6P2wA7w7o4PY4muaEPBQaAX+CEnmmIA41NVHtPVw== + dependencies: + caniuse-lite "^1.0.30001629" + electron-to-chromium "^1.4.796" + node-releases "^2.0.14" + update-browserslist-db "^1.0.16" + +buffer-crc32@~0.2.3: + version "0.2.13" + resolved "https://registry.yarnpkg.com/buffer-crc32/-/buffer-crc32-0.2.13.tgz#0d333e3f00eac50aa1454abd30ef8c2a5d9a7242" + integrity sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ== + +buffer-from@^1.0.0: + version "1.1.2" + resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.2.tgz#2b146a6fd72e80b4f55d255f35ed59a3a9a41bd5" + integrity sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ== + +buffer@^5.2.1, buffer@^5.5.0: + version "5.7.1" + resolved "https://registry.yarnpkg.com/buffer/-/buffer-5.7.1.tgz#ba62e7c13133053582197160851a8f648e99eed0" + integrity sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ== + dependencies: + base64-js "^1.3.1" + ieee754 "^1.1.13" + +caniuse-lite@^1.0.30001599, caniuse-lite@^1.0.30001629: + version "1.0.30001636" + resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001636.tgz#b15f52d2bdb95fad32c2f53c0b68032b85188a78" + integrity sha512-bMg2vmr8XBsbL6Lr0UHXy/21m84FTxDLWn2FSqMd5PrlbMxwJlQnC2YWYxVgp66PZE+BBNF2jYQUBKCo1FDeZg== + +check-types@^11.1.1: + version "11.2.3" + resolved "https://registry.yarnpkg.com/check-types/-/check-types-11.2.3.tgz#1ffdf68faae4e941fce252840b1787b8edc93b71" + integrity sha512-+67P1GkJRaxQD6PKK0Et9DhwQB+vGg3PM5+aavopCpZT1lj9jeqfvpgTLAWErNj8qApkkmXlu/Ug74kmhagkXg== + +cheerio-select@^2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/cheerio-select/-/cheerio-select-2.1.0.tgz#4d8673286b8126ca2a8e42740d5e3c4884ae21b4" + integrity sha512-9v9kG0LvzrlcungtnJtpGNxY+fzECQKhK4EGJX2vByejiMX84MFNQw4UxPJl3bFbTMw+Dfs37XaIkCwTZfLh4g== + dependencies: + boolbase "^1.0.0" + css-select "^5.1.0" + css-what "^6.1.0" + domelementtype "^2.3.0" + domhandler "^5.0.3" + domutils "^3.0.1" + +cheerio@~1.0.0-rc.10: + version "1.0.0-rc.12" + resolved "https://registry.yarnpkg.com/cheerio/-/cheerio-1.0.0-rc.12.tgz#788bf7466506b1c6bf5fae51d24a2c4d62e47683" + integrity sha512-VqR8m68vM46BNnuZ5NtnGBKIE/DfN0cRIzg9n40EIq9NOv90ayxLBXA8fXC5gquFRGJSTRqBq25Jt2ECLR431Q== + dependencies: + cheerio-select "^2.1.0" + dom-serializer "^2.0.0" + domhandler "^5.0.3" + domutils "^3.0.1" + htmlparser2 "^8.0.1" + parse5 "^7.0.0" + parse5-htmlparser2-tree-adapter "^7.0.0" + +"chokidar@>=3.0.0 <4.0.0", chokidar@^3.3.0: + version "3.6.0" + resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-3.6.0.tgz#197c6cc669ef2a8dc5e7b4d97ee4e092c3eb0d5b" + integrity sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw== + dependencies: + anymatch "~3.1.2" + braces "~3.0.2" + glob-parent "~5.1.2" + is-binary-path "~2.1.0" + is-glob "~4.0.1" + normalize-path "~3.0.0" + readdirp "~3.6.0" + optionalDependencies: + fsevents "~2.3.2" + +chownr@^1.1.1: + version "1.1.4" + resolved "https://registry.yarnpkg.com/chownr/-/chownr-1.1.4.tgz#6fc9d7b42d32a583596337666e7d08084da2cc6b" + integrity sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg== + +chrome-trace-event@^1.0.2: + version "1.0.4" + resolved "https://registry.yarnpkg.com/chrome-trace-event/-/chrome-trace-event-1.0.4.tgz#05bffd7ff928465093314708c93bdfa9bd1f0f5b" + integrity sha512-rNjApaLzuwaOTjCiT8lSDdGN1APCiqkChLMJxJPWLunPAt5fy8xgU9/jNOchV84wfIxrA0lRQB7oCT8jrn/wrQ== + +classlist-polyfill@1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/classlist-polyfill/-/classlist-polyfill-1.2.0.tgz#935bc2dfd9458a876b279617514638bcaa964a2e" + integrity sha512-GzIjNdcEtH4ieA2S8NmrSxv7DfEV5fmixQeyTmqmRmRJPGpRBaSnA2a0VrCjyT8iW8JjEdMbKzDotAJf+ajgaQ== + +cliui@^8.0.1: + version "8.0.1" + resolved "https://registry.yarnpkg.com/cliui/-/cliui-8.0.1.tgz#0c04b075db02cbfe60dc8e6cf2f5486b1a3608aa" + integrity sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ== + dependencies: + string-width "^4.2.0" + strip-ansi "^6.0.1" + wrap-ansi "^7.0.0" + +clone-deep@^4.0.1: + version "4.0.1" + resolved "https://registry.yarnpkg.com/clone-deep/-/clone-deep-4.0.1.tgz#c19fd9bdbbf85942b4fd979c84dcf7d5f07c2387" + integrity sha512-neHB9xuzh/wk0dIHweyAXv2aPGZIVk3pLMe+/RNzINf17fe0OG96QroktYAUm7SM1PBnzTabaLboqqxDyMU+SQ== + dependencies: + is-plain-object "^2.0.4" + kind-of "^6.0.2" + shallow-clone "^3.0.0" + +color-convert@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-2.0.1.tgz#72d3a68d598c9bdb3af2ad1e84f21d896abd4de3" + integrity sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ== + dependencies: + color-name "~1.1.4" + +color-name@~1.1.4: + version "1.1.4" + resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.4.tgz#c2a09a87acbde69543de6f63fa3995c826c536a2" + integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA== + +colorette@^2.0.14: + version "2.0.20" + resolved "https://registry.yarnpkg.com/colorette/-/colorette-2.0.20.tgz#9eb793e6833067f7235902fcd3b09917a000a95a" + integrity sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w== + +commander@^10.0.1: + version "10.0.1" + resolved "https://registry.yarnpkg.com/commander/-/commander-10.0.1.tgz#881ee46b4f77d1c1dccc5823433aa39b022cbe06" + integrity sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug== + +commander@^2.20.0: + version "2.20.3" + resolved "https://registry.yarnpkg.com/commander/-/commander-2.20.3.tgz#fd485e84c03eb4881c20722ba48035e8531aeb33" + integrity sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ== + +commander@~6.2.1: + version "6.2.1" + resolved "https://registry.yarnpkg.com/commander/-/commander-6.2.1.tgz#0792eb682dfbc325999bb2b84fddddba110ac73c" + integrity sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA== + +commander@~8.0.0: + version "8.0.0" + resolved "https://registry.yarnpkg.com/commander/-/commander-8.0.0.tgz#1da2139548caef59bd23e66d18908dfb54b02258" + integrity sha512-Xvf85aAtu6v22+E5hfVoLHqyul/jyxh91zvqk/ioJTQuJR7Z78n7H558vMPKanPSRgIEeZemT92I2g9Y8LPbSQ== + +concat-map@0.0.1: + version "0.0.1" + resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b" + integrity sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg== + +cross-spawn@^7.0.3: + version "7.0.3" + resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6" + integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w== + dependencies: + path-key "^3.1.0" + shebang-command "^2.0.0" + which "^2.0.1" + +css-select@^5.1.0: + version "5.1.0" + resolved "https://registry.yarnpkg.com/css-select/-/css-select-5.1.0.tgz#b8ebd6554c3637ccc76688804ad3f6a6fdaea8a6" + integrity sha512-nwoRF1rvRRnnCqqY7updORDsuqKzqYJ28+oSMaJMMgOauh3fvwHqMS7EZpIPqK8GL+g9mKxF1vP/ZjSeNjEVHg== + dependencies: + boolbase "^1.0.0" + css-what "^6.1.0" + domhandler "^5.0.2" + domutils "^3.0.1" + nth-check "^2.0.1" + +css-what@^6.1.0: + version "6.1.0" + resolved "https://registry.yarnpkg.com/css-what/-/css-what-6.1.0.tgz#fb5effcf76f1ddea2c81bdfaa4de44e79bac70f4" + integrity sha512-HTUrgRJ7r4dsZKU6GjmpfRK1O76h97Z8MfS1G0FozR+oF2kG6Vfe8JE6zwrkbxigziPHinCJ+gCPjA9EaBDtRw== + +cssesc@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/cssesc/-/cssesc-3.0.0.tgz#37741919903b868565e1c09ea747445cd18983ee" + integrity sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg== + +debug@4, debug@^4.1.0, debug@^4.1.1: + version "4.3.5" + resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.5.tgz#e83444eceb9fedd4a1da56d671ae2446a01a6e1e" + integrity sha512-pt0bNEmneDIvdL1Xsd9oDQ/wrQRkXDT4AUWlNZNPKvW5x/jyO9VFXkJUP07vQ2upmw5PlaITaPKc31jK13V+jg== + dependencies: + ms "2.1.2" + +dependency-graph@^0.11.0: + version "0.11.0" + resolved "https://registry.yarnpkg.com/dependency-graph/-/dependency-graph-0.11.0.tgz#ac0ce7ed68a54da22165a85e97a01d53f5eb2e27" + integrity sha512-JeMq7fEshyepOWDfcfHK06N3MhyPhz++vtqWhMT5O9A3K42rdsEDpfdVqjaqaAhsw6a+ZqeDvQVtD0hFHQWrzg== + +devtools-protocol@0.0.869402: + version "0.0.869402" + resolved "https://registry.yarnpkg.com/devtools-protocol/-/devtools-protocol-0.0.869402.tgz#03ade701761742e43ae4de5dc188bcd80f156d8d" + integrity sha512-VvlVYY+VDJe639yHs5PHISzdWTLL3Aw8rO4cvUtwvoxFd6FHbE4OpHHcde52M6096uYYazAmd4l0o5VuFRO2WA== + +dom-serializer@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/dom-serializer/-/dom-serializer-2.0.0.tgz#e41b802e1eedf9f6cae183ce5e622d789d7d8e53" + integrity sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg== + dependencies: + domelementtype "^2.3.0" + domhandler "^5.0.2" + entities "^4.2.0" + +domelementtype@^2.3.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-2.3.0.tgz#5c45e8e869952626331d7aab326d01daf65d589d" + integrity sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw== + +domhandler@^5.0.2, domhandler@^5.0.3: + version "5.0.3" + resolved "https://registry.yarnpkg.com/domhandler/-/domhandler-5.0.3.tgz#cc385f7f751f1d1fc650c21374804254538c7d31" + integrity sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w== + dependencies: + domelementtype "^2.3.0" + +domutils@^3.0.1: + version "3.1.0" + resolved "https://registry.yarnpkg.com/domutils/-/domutils-3.1.0.tgz#c47f551278d3dc4b0b1ab8cbb42d751a6f0d824e" + integrity sha512-H78uMmQtI2AhgDJjWeQmHwJJ2bLPD3GMmO7Zja/ZZh84wkm+4ut+IUnUdRa8uCGX88DiVx1j6FRe1XfxEgjEZA== + dependencies: + dom-serializer "^2.0.0" + domelementtype "^2.3.0" + domhandler "^5.0.3" + +electron-to-chromium@^1.4.796: + version "1.4.811" + resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.811.tgz#031c8b101e7d0a7cde1dfdb0623dbdb5e19655cd" + integrity sha512-CDyzcJ5XW78SHzsIOdn27z8J4ist8eaFLhdto2hSMSJQgsiwvbv2fbizcKUICryw1Wii1TI/FEkvzvJsR3awrA== + +element-closest@^2.0.1: + version "2.0.2" + resolved "https://registry.yarnpkg.com/element-closest/-/element-closest-2.0.2.tgz#72a740a107453382e28df9ce5dbb5a8df0f966ec" + integrity sha512-QCqAWP3kwj8Gz9UXncVXQGdrhnWxD8SQBSeZp5pOsyCcQ6RpL738L1/tfuwBiMi6F1fYkxqPnBrFBR4L+f49Cg== + +emoji-regex@^8.0.0: + version "8.0.0" + resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-8.0.0.tgz#e818fd69ce5ccfcb404594f842963bf53164cc37" + integrity sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A== + +end-of-stream@^1.1.0, end-of-stream@^1.4.1: + version "1.4.4" + resolved "https://registry.yarnpkg.com/end-of-stream/-/end-of-stream-1.4.4.tgz#5ae64a5f45057baf3626ec14da0ca5e4b2431eb0" + integrity sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q== + dependencies: + once "^1.4.0" + +enhanced-resolve@^5.17.0: + version "5.17.0" + resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.17.0.tgz#d037603789dd9555b89aaec7eb78845c49089bc5" + integrity sha512-dwDPwZL0dmye8Txp2gzFmA6sxALaSvdRDjPH0viLcKrtlOL3tw62nWWweVD1SdILDTJrbrL6tdWVN58Wo6U3eA== + dependencies: + graceful-fs "^4.2.4" + tapable "^2.2.0" + +entities@^4.2.0, entities@^4.4.0: + version "4.5.0" + resolved "https://registry.yarnpkg.com/entities/-/entities-4.5.0.tgz#5d268ea5e7113ec74c4d033b79ea5a35a488fb48" + integrity sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw== + +envinfo@^7.7.3: + version "7.13.0" + resolved "https://registry.yarnpkg.com/envinfo/-/envinfo-7.13.0.tgz#81fbb81e5da35d74e814941aeab7c325a606fb31" + integrity sha512-cvcaMr7KqXVh4nyzGTVqTum+gAiL265x5jUWQIDLq//zOGbW+gSW/C+OWLleY/rs9Qole6AZLMXPbtIFQbqu+Q== + +envinfo@~7.8.1: + version "7.8.1" + resolved "https://registry.yarnpkg.com/envinfo/-/envinfo-7.8.1.tgz#06377e3e5f4d379fea7ac592d5ad8927e0c4d475" + integrity sha512-/o+BXHmB7ocbHEAs6F2EnG0ogybVVUdkRunTT2glZU9XAaGmhqskrvKwqXuDfNjEO0LZKWdejEEpnq8aM0tOaw== + +es-module-lexer@^1.2.1: + version "1.5.4" + resolved "https://registry.yarnpkg.com/es-module-lexer/-/es-module-lexer-1.5.4.tgz#a8efec3a3da991e60efa6b633a7cad6ab8d26b78" + integrity sha512-MVNK56NiMrOwitFB7cqDwq0CQutbw+0BvLshJSse0MUNU+y1FC3bUS/AQg7oUng+/wKrrki7JfmwtVHkVfPLlw== + +escalade@^3.1.1, escalade@^3.1.2: + version "3.1.2" + resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.1.2.tgz#54076e9ab29ea5bf3d8f1ed62acffbb88272df27" + integrity sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA== + +eslint-scope@5.1.1: + version "5.1.1" + resolved "https://registry.yarnpkg.com/eslint-scope/-/eslint-scope-5.1.1.tgz#e786e59a66cb92b3f6c1fb0d508aab174848f48c" + integrity sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw== + dependencies: + esrecurse "^4.3.0" + estraverse "^4.1.1" + +esrecurse@^4.3.0: + version "4.3.0" + resolved "https://registry.yarnpkg.com/esrecurse/-/esrecurse-4.3.0.tgz#7ad7964d679abb28bee72cec63758b1c5d2c9921" + integrity sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag== + dependencies: + estraverse "^5.2.0" + +estraverse@^4.1.1: + version "4.3.0" + resolved "https://registry.yarnpkg.com/estraverse/-/estraverse-4.3.0.tgz#398ad3f3c5a24948be7725e83d11a7de28cdbd1d" + integrity sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw== + +estraverse@^5.2.0: + version "5.3.0" + resolved "https://registry.yarnpkg.com/estraverse/-/estraverse-5.3.0.tgz#2eea5290702f26ab8fe5370370ff86c965d21123" + integrity sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA== + +events@^3.2.0: + version "3.3.0" + resolved "https://registry.yarnpkg.com/events/-/events-3.3.0.tgz#31a95ad0a924e2d2c419a813aeb2c4e878ea7400" + integrity sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q== + +extract-zip@^2.0.0: + version "2.0.1" + resolved "https://registry.yarnpkg.com/extract-zip/-/extract-zip-2.0.1.tgz#663dca56fe46df890d5f131ef4a06d22bb8ba13a" + integrity sha512-GDhU9ntwuKyGXdZBUgTIe+vXnWj0fppUEtMDL0+idd5Sta8TGpHssn/eusA9mrPr9qNDym6SxAYZjNvCn/9RBg== + dependencies: + debug "^4.1.1" + get-stream "^5.1.0" + yauzl "^2.10.0" + optionalDependencies: + "@types/yauzl" "^2.9.1" + +fast-deep-equal@^3.1.1: + version "3.1.3" + resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz#3a7d56b559d6cbc3eb512325244e619a65c6c525" + integrity sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q== + +fast-glob@^3.3.2: + version "3.3.2" + resolved "https://registry.yarnpkg.com/fast-glob/-/fast-glob-3.3.2.tgz#a904501e57cfdd2ffcded45e99a54fef55e46129" + integrity sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow== + dependencies: + "@nodelib/fs.stat" "^2.0.2" + "@nodelib/fs.walk" "^1.2.3" + glob-parent "^5.1.2" + merge2 "^1.3.0" + micromatch "^4.0.4" + +fast-json-stable-stringify@^2.0.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633" + integrity sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw== + +fastest-levenshtein@^1.0.12: + version "1.0.16" + resolved "https://registry.yarnpkg.com/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz#210e61b6ff181de91ea9b3d1b84fdedd47e034e5" + integrity sha512-eRnCtTTtGZFpQCwhJiUOuxPQWRXVKYDn0b2PeHfXL6/Zi53SLAzAHfVhVWK2AryC/WH05kGfxhFIPvTF0SXQzg== + +fastq@^1.6.0: + version "1.17.1" + resolved "https://registry.yarnpkg.com/fastq/-/fastq-1.17.1.tgz#2a523f07a4e7b1e81a42b91b8bf2254107753b47" + integrity sha512-sRVD3lWVIXWg6By68ZN7vho9a1pQcN/WBFaAAsDDFzlJjvoGx0P8z7V1t72grFJfJhu3YPZBuu25f7Kaw2jN1w== + dependencies: + reusify "^1.0.4" + +fd-slicer@~1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/fd-slicer/-/fd-slicer-1.1.0.tgz#25c7c89cb1f9077f8891bbe61d8f390eae256f1e" + integrity sha512-cE1qsB/VwyQozZ+q1dGxR8LBYNZeofhEdUNGSMbQD3Gw2lAzX9Zb3uIU6Ebc/Fmyjo9AWWfnn0AUCHqtevs/8g== + dependencies: + pend "~1.2.0" + +file-url@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/file-url/-/file-url-3.0.0.tgz#247a586a746ce9f7a8ed05560290968afc262a77" + integrity sha512-g872QGsHexznxkIAdK8UiZRe7SkE6kvylShU4Nsj8NvfvZag7S0QuQ4IgvPDkk75HxgjIVDwycFTDAgIiO4nDA== + +fill-range@^7.1.1: + version "7.1.1" + resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.1.1.tgz#44265d3cac07e3ea7dc247516380643754a05292" + integrity sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg== + dependencies: + to-regex-range "^5.0.1" + +find-up@^4.0.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/find-up/-/find-up-4.1.0.tgz#97afe7d6cdc0bc5928584b7c8d7b16e8a9aa5d19" + integrity sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw== + dependencies: + locate-path "^5.0.0" + path-exists "^4.0.0" + +flat@^5.0.2: + version "5.0.2" + resolved "https://registry.yarnpkg.com/flat/-/flat-5.0.2.tgz#8ca6fe332069ffa9d324c327198c598259ceb241" + integrity sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ== + +fraction.js@^4.3.7: + version "4.3.7" + resolved "https://registry.yarnpkg.com/fraction.js/-/fraction.js-4.3.7.tgz#06ca0085157e42fda7f9e726e79fefc4068840f7" + integrity sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew== + +fs-constants@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/fs-constants/-/fs-constants-1.0.0.tgz#6be0de9be998ce16af8afc24497b9ee9b7ccd9ad" + integrity sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow== + +fs-extra@^11.0.0: + version "11.2.0" + resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-11.2.0.tgz#e70e17dfad64232287d01929399e0ea7c86b0e5b" + integrity sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw== + dependencies: + graceful-fs "^4.2.0" + jsonfile "^6.0.1" + universalify "^2.0.0" + +fs.realpath@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f" + integrity sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw== + +fsevents@~2.3.2: + version "2.3.3" + resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-2.3.3.tgz#cac6407785d03675a2a5e1a5305c697b347d90d6" + integrity sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw== + +function-bind@^1.1.2: + version "1.1.2" + resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.2.tgz#2c02d864d97f3ea6c8830c464cbd11ab6eab7a1c" + integrity sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA== + +get-caller-file@^2.0.5: + version "2.0.5" + resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-2.0.5.tgz#4f94412a82db32f36e3b0b9741f8a97feb031f7e" + integrity sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg== + +get-stdin@^9.0.0: + version "9.0.0" + resolved "https://registry.yarnpkg.com/get-stdin/-/get-stdin-9.0.0.tgz#3983ff82e03d56f1b2ea0d3e60325f39d703a575" + integrity sha512-dVKBjfWisLAicarI2Sf+JuBE/DghV4UzNAVe9yhEJuzeREd3JhOTE9cUaJTeSa77fsbQUK3pcOpJfM59+VKZaA== + +get-stream@^5.1.0: + version "5.2.0" + resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-5.2.0.tgz#4966a1795ee5ace65e706c4b7beb71257d6e22d3" + integrity sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA== + dependencies: + pump "^3.0.0" + +glob-parent@^5.1.2, glob-parent@~5.1.2: + version "5.1.2" + resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4" + integrity sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow== + dependencies: + is-glob "^4.0.1" + +glob-to-regexp@^0.4.1: + version "0.4.1" + resolved "https://registry.yarnpkg.com/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz#c75297087c851b9a578bd217dd59a92f59fe546e" + integrity sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw== + +glob@^7.0.3, glob@^7.1.3: + version "7.2.3" + resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.3.tgz#b8df0fb802bbfa8e89bd1d938b4e16578ed44f2b" + integrity sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q== + dependencies: + fs.realpath "^1.0.0" + inflight "^1.0.4" + inherits "2" + minimatch "^3.1.1" + once "^1.3.0" + path-is-absolute "^1.0.0" + +globby@^14.0.0: + version "14.0.1" + resolved "https://registry.yarnpkg.com/globby/-/globby-14.0.1.tgz#a1b44841aa7f4c6d8af2bc39951109d77301959b" + integrity sha512-jOMLD2Z7MAhyG8aJpNOpmziMOP4rPLcc95oQPKXBazW82z+CEgPFBQvEpRUa1KeIMUJo4Wsm+q6uzO/Q/4BksQ== + dependencies: + "@sindresorhus/merge-streams" "^2.1.0" + fast-glob "^3.3.2" + ignore "^5.2.4" + path-type "^5.0.0" + slash "^5.1.0" + unicorn-magic "^0.1.0" + +globby@~6.1.0: + version "6.1.0" + resolved "https://registry.yarnpkg.com/globby/-/globby-6.1.0.tgz#f5a6d70e8395e21c858fb0489d64df02424d506c" + integrity sha512-KVbFv2TQtbzCoxAnfD6JcHZTYCzyliEaaeM/gH8qQdkKr5s0OP9scEgvdcngyk7AVdY6YVW/TJHd+lQ/Df3Daw== + dependencies: + array-union "^1.0.1" + glob "^7.0.3" + object-assign "^4.0.1" + pify "^2.0.0" + pinkie-promise "^2.0.0" + +graceful-fs@^4.1.2, graceful-fs@^4.1.6, graceful-fs@^4.2.0, graceful-fs@^4.2.11, graceful-fs@^4.2.4: + version "4.2.11" + resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3" + integrity sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ== + +has-flag@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-4.0.0.tgz#944771fd9c81c81265c4d6941860da06bb59479b" + integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ== + +hasown@^2.0.0, hasown@^2.0.2: + version "2.0.2" + resolved "https://registry.yarnpkg.com/hasown/-/hasown-2.0.2.tgz#003eaf91be7adc372e84ec59dc37252cedb80003" + integrity sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ== + dependencies: + function-bind "^1.1.2" + +hoopy@^0.1.4: + version "0.1.4" + resolved "https://registry.yarnpkg.com/hoopy/-/hoopy-0.1.4.tgz#609207d661100033a9a9402ad3dea677381c1b1d" + integrity sha512-HRcs+2mr52W0K+x8RzcLzuPPmVIKMSv97RGHy0Ea9y/mpcaK+xTrjICA04KAHi4GRzxliNqNJEFYWHghy3rSfQ== + +html_codesniffer@~2.5.1: + version "2.5.1" + resolved "https://registry.yarnpkg.com/html_codesniffer/-/html_codesniffer-2.5.1.tgz#d76d124b8f5cd0e58b3c1b142fd095a40573ea28" + integrity sha512-vcz0yAaX/OaV6sdNHuT9alBOKkSxYb8h5Yq26dUqgi7XmCgGUSa7U9PiY1PBXQFMjKv1wVPs5/QzHlGuxPDUGg== + +htmlparser2@^8.0.1: + version "8.0.2" + resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-8.0.2.tgz#f002151705b383e62433b5cf466f5b716edaec21" + integrity sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA== + dependencies: + domelementtype "^2.3.0" + domhandler "^5.0.3" + domutils "^3.0.1" + entities "^4.4.0" + +https-proxy-agent@^5.0.0: + version "5.0.1" + resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz#c59ef224a04fe8b754f3db0063a25ea30d0005d6" + integrity sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA== + dependencies: + agent-base "6" + debug "4" + +ieee754@^1.1.13: + version "1.2.1" + resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352" + integrity sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA== + +ignore@^5.2.4: + version "5.3.1" + resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.1.tgz#5073e554cd42c5b33b394375f538b8593e34d4ef" + integrity sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw== + +immutable@^4.0.0: + version "4.3.6" + resolved "https://registry.yarnpkg.com/immutable/-/immutable-4.3.6.tgz#6a05f7858213238e587fb83586ffa3b4b27f0447" + integrity sha512-Ju0+lEMyzMVZarkTn/gqRpdqd5dOPaz1mCZ0SH3JV6iFw81PldE/PEB1hWVEA288HPt4WXW8O7AWxB10M+03QQ== + +import-local@^3.0.2: + version "3.1.0" + resolved "https://registry.yarnpkg.com/import-local/-/import-local-3.1.0.tgz#b4479df8a5fd44f6cdce24070675676063c95cb4" + integrity sha512-ASB07uLtnDs1o6EHjKpX34BKYDSqnFerfTOJL2HvMqF70LnxpjkzDB8J44oT9pu4AMPkQwf8jl6szgvNd2tRIg== + dependencies: + pkg-dir "^4.2.0" + resolve-cwd "^3.0.0" + +inflight@^1.0.4: + version "1.0.6" + resolved "https://registry.yarnpkg.com/inflight/-/inflight-1.0.6.tgz#49bd6331d7d02d0c09bc910a1075ba8165b56df9" + integrity sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA== + dependencies: + once "^1.3.0" + wrappy "1" + +inherits@2, inherits@^2.0.3, inherits@^2.0.4: + version "2.0.4" + resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c" + integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== + +interpret@^3.1.1: + version "3.1.1" + resolved "https://registry.yarnpkg.com/interpret/-/interpret-3.1.1.tgz#5be0ceed67ca79c6c4bc5cf0d7ee843dcea110c4" + integrity sha512-6xwYfHbajpoF0xLW+iwLkhwgvLoZDfjYfoFNu8ftMoXINzwuymNLd9u/KmwtdT2GbR+/Cz66otEGEVVUHX9QLQ== + +is-binary-path@~2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/is-binary-path/-/is-binary-path-2.1.0.tgz#ea1f7f3b80f064236e83470f86c09c254fb45b09" + integrity sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw== + dependencies: + binary-extensions "^2.0.0" + +is-core-module@^2.13.0: + version "2.14.0" + resolved "https://registry.yarnpkg.com/is-core-module/-/is-core-module-2.14.0.tgz#43b8ef9f46a6a08888db67b1ffd4ec9e3dfd59d1" + integrity sha512-a5dFJih5ZLYlRtDc0dZWP7RiKr6xIKzmn/oAYCDvdLThadVgyJwlaoQPmRtMSpz+rk0OGAgIu+TcM9HUF0fk1A== + dependencies: + hasown "^2.0.2" + +is-extglob@^2.1.1: + version "2.1.1" + resolved "https://registry.yarnpkg.com/is-extglob/-/is-extglob-2.1.1.tgz#a88c02535791f02ed37c76a1b9ea9773c833f8c2" + integrity sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ== + +is-fullwidth-code-point@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz#f116f8064fe90b3f7844a38997c0b75051269f1d" + integrity sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg== + +is-glob@^4.0.1, is-glob@~4.0.1: + version "4.0.3" + resolved "https://registry.yarnpkg.com/is-glob/-/is-glob-4.0.3.tgz#64f61e42cbbb2eec2071a9dac0b28ba1e65d5084" + integrity sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg== + dependencies: + is-extglob "^2.1.1" + +is-number@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/is-number/-/is-number-7.0.0.tgz#7535345b896734d5f80c4d06c50955527a14f12b" + integrity sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng== + +is-plain-object@^2.0.4: + version "2.0.4" + resolved "https://registry.yarnpkg.com/is-plain-object/-/is-plain-object-2.0.4.tgz#2c163b3fafb1b606d9d17928f05c2a1c38e07677" + integrity sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og== + dependencies: + isobject "^3.0.1" + +is@^3.3.0: + version "3.3.0" + resolved "https://registry.yarnpkg.com/is/-/is-3.3.0.tgz#61cff6dd3c4193db94a3d62582072b44e5645d79" + integrity sha512-nW24QBoPcFGGHJGUwnfpI7Yc5CdqWNdsyHQszVE/z2pKHXzh7FZ5GWhJqSyaQ9wMkQnsTx+kAI8bHlCX4tKdbg== + +isexe@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10" + integrity sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw== + +isobject@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/isobject/-/isobject-3.0.1.tgz#4e431e92b11a9731636aa1f9c8d1ccbcfdab78df" + integrity sha512-WhB9zCku7EGTj/HQQRz5aUQEUeoQZH2bWcltRErOpymJ4boYE6wL9Tbr23krRPSZ+C5zqNSrSw+Cc7sZZ4b7vg== + +jest-worker@^27.4.5: + version "27.5.1" + resolved "https://registry.yarnpkg.com/jest-worker/-/jest-worker-27.5.1.tgz#8d146f0900e8973b106b6f73cc1e9a8cb86f8db0" + integrity sha512-7vuh85V5cdDofPyxn58nrPjBktZo0u9x1g8WtjQol+jZDaE+fhN+cIvTj11GndBnMnyfrUOG1sZQxCdjKh+DKg== + dependencies: + "@types/node" "*" + merge-stream "^2.0.0" + supports-color "^8.0.0" + +json-parse-even-better-errors@^2.3.1: + version "2.3.1" + resolved "https://registry.yarnpkg.com/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz#7c47805a94319928e05777405dc12e1f7a4ee02d" + integrity sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w== + +json-schema-traverse@^0.4.1: + version "0.4.1" + resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660" + integrity sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg== + +jsonfile@^6.0.1: + version "6.1.0" + resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-6.1.0.tgz#bc55b2634793c679ec6403094eb13698a6ec0aae" + integrity sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ== + dependencies: + universalify "^2.0.0" + optionalDependencies: + graceful-fs "^4.1.6" + +keyboardevent-key-polyfill@^1.0.2: + version "1.1.0" + resolved "https://registry.yarnpkg.com/keyboardevent-key-polyfill/-/keyboardevent-key-polyfill-1.1.0.tgz#8a319d8e45a13172fca56286372f90c1d4c7014c" + integrity sha512-NTDqo7XhzL1fqmUzYroiyK2qGua7sOMzLav35BfNA/mPUSCtw8pZghHFMTYR9JdnJ23IQz695FcaM6EE6bpbFQ== + +kind-of@^6.0.2: + version "6.0.3" + resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-6.0.3.tgz#07c05034a6c349fa06e24fa35aa76db4580ce4dd" + integrity sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw== + +kleur@~4.1.4: + version "4.1.5" + resolved "https://registry.yarnpkg.com/kleur/-/kleur-4.1.5.tgz#95106101795f7050c6c650f350c683febddb1780" + integrity sha512-o+NO+8WrRiQEE4/7nwRJhN1HWpVmJm511pBHUxPLtp0BUISzlBplORYSmTclCnJvQq2tKu/sgl3xVpkc7ZWuQQ== + +lilconfig@^3.1.1: + version "3.1.2" + resolved "https://registry.yarnpkg.com/lilconfig/-/lilconfig-3.1.2.tgz#e4a7c3cb549e3a606c8dcc32e5ae1005e62c05cb" + integrity sha512-eop+wDAvpItUys0FWkHIKeC9ybYrTGbU41U5K7+bttZZeohvnY7M9dZ5kB21GNWiFT2q1OoPTvncPCgSOVO5ow== + +loader-runner@^4.2.0: + version "4.3.0" + resolved "https://registry.yarnpkg.com/loader-runner/-/loader-runner-4.3.0.tgz#c1b4a163b99f614830353b16755e7149ac2314e1" + integrity sha512-3R/1M+yS3j5ou80Me59j7F9IMs4PXs3VqRrm0TU3AbKPxlmpoY1TNscJV/oGJXo8qCatFGTfDbY6W6ipGOYXfg== + +locate-path@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/locate-path/-/locate-path-5.0.0.tgz#1afba396afd676a6d42504d0a67a3a7eb9f62aa0" + integrity sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g== + dependencies: + p-locate "^4.1.0" + +lodash@^4.17.14, lodash@~4.17.21: + version "4.17.21" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" + integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== + +lru-cache@^6.0.0: + version "6.0.0" + resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-6.0.0.tgz#6d6fe6570ebd96aaf90fcad1dafa3b2566db3a94" + integrity sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA== + dependencies: + yallist "^4.0.0" + +matches-selector@^1.0.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/matches-selector/-/matches-selector-1.2.0.tgz#d1814e7e8f43e69d22ac33c9af727dc884ecf12a" + integrity sha512-c4vLwYWyl+Ji+U43eU/G5FwxWd4ZH0ePUsFs5y0uwD9HUEFBXUQ1zUUan+78IpRD+y4pUfG0nAzNM292K7ItvA== + +merge-stream@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/merge-stream/-/merge-stream-2.0.0.tgz#52823629a14dd00c9770fb6ad47dc6310f2c1f60" + integrity sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w== + +merge2@^1.3.0: + version "1.4.1" + resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae" + integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg== + +micromatch@^4.0.4: + version "4.0.7" + resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.7.tgz#33e8190d9fe474a9895525f5618eee136d46c2e5" + integrity sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q== + dependencies: + braces "^3.0.3" + picomatch "^2.3.1" + +mime-db@1.52.0: + version "1.52.0" + resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70" + integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg== + +mime-types@^2.1.27: + version "2.1.35" + resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.35.tgz#381a871b62a734450660ae3deee44813f70d959a" + integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw== + dependencies: + mime-db "1.52.0" + +minimatch@^3.1.1: + version "3.1.2" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b" + integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw== + dependencies: + brace-expansion "^1.1.7" + +mkdirp-classic@^0.5.2: + version "0.5.3" + resolved "https://registry.yarnpkg.com/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz#fa10c9115cc6d8865be221ba47ee9bed78601113" + integrity sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A== + +ms@2.1.2: + version "2.1.2" + resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009" + integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w== + +mustache@~4.2.0: + version "4.2.0" + resolved "https://registry.yarnpkg.com/mustache/-/mustache-4.2.0.tgz#e5892324d60a12ec9c2a73359edca52972bf6f64" + integrity sha512-71ippSywq5Yb7/tVYyGbkBggbU8H3u5Rz56fH60jGFgr8uHwxs+aSKeqmluIVzM0m0kB7xQjKS6qPfd0b2ZoqQ== + +nanoid@^3.3.7: + version "3.3.7" + resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.7.tgz#d0c301a691bc8d54efa0a2226ccf3fe2fd656bd8" + integrity sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g== + +neo-async@^2.6.2: + version "2.6.2" + resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.2.tgz#b4aafb93e3aeb2d8174ca53cf163ab7d7308305f" + integrity sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw== + +node-fetch@^2.6.1: + version "2.7.0" + resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.7.0.tgz#d0f0fa6e3e2dc1d27efcd8ad99d550bda94d187d" + integrity sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A== + dependencies: + whatwg-url "^5.0.0" + +node-fetch@~2.6.1: + version "2.6.13" + resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.13.tgz#a20acbbec73c2e09f9007de5cda17104122e0010" + integrity sha512-StxNAxh15zr77QvvkmveSQ8uCQ4+v5FkvNTj0OESmiHu+VRi/gXArXtkWMElOsOUNLtUEvI4yS+rdtOHZTwlQA== + dependencies: + whatwg-url "^5.0.0" + +node-releases@^2.0.14: + version "2.0.14" + resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.14.tgz#2ffb053bceb8b2be8495ece1ab6ce600c4461b0b" + integrity sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw== + +node.extend@~2.0.2: + version "2.0.3" + resolved "https://registry.yarnpkg.com/node.extend/-/node.extend-2.0.3.tgz#01cff7d142996aee6bb6bf506d065405ecd4371d" + integrity sha512-xwADg/okH48PvBmRZyoX8i8GJaKuJ1CqlqotlZOhUio8egD1P5trJupHKBzcPjSF9ifK2gPcEICRBnkfPqQXZw== + dependencies: + hasown "^2.0.0" + is "^3.3.0" + +normalize-path@^3.0.0, normalize-path@~3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/normalize-path/-/normalize-path-3.0.0.tgz#0dcd69ff23a1c9b11fd0978316644a0388216a65" + integrity sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA== + +normalize-range@^0.1.2: + version "0.1.2" + resolved "https://registry.yarnpkg.com/normalize-range/-/normalize-range-0.1.2.tgz#2d10c06bdfd312ea9777695a4d28439456b75942" + integrity sha512-bdok/XvKII3nUpklnV6P2hxtMNrCboOjAcyBuQnWEhO665FwrSNRxU+AqpsyvO6LgGYPspN+lu5CLtw4jPRKNA== + +nth-check@^2.0.1: + version "2.1.1" + resolved "https://registry.yarnpkg.com/nth-check/-/nth-check-2.1.1.tgz#c9eab428effce36cd6b92c924bdb000ef1f1ed1d" + integrity sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w== + dependencies: + boolbase "^1.0.0" + +object-assign@4.1.1, object-assign@^4.0.1, object-assign@^4.1.0: + version "4.1.1" + resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863" + integrity sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg== + +once@^1.3.0, once@^1.3.1, once@^1.4.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1" + integrity sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w== + dependencies: + wrappy "1" + +p-limit@^2.2.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-2.3.0.tgz#3dd33c647a214fdfffd835933eb086da0dc21db1" + integrity sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w== + dependencies: + p-try "^2.0.0" + +p-locate@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/p-locate/-/p-locate-4.1.0.tgz#a3428bb7088b3a60292f66919278b7c297ad4f07" + integrity sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A== + dependencies: + p-limit "^2.2.0" + +p-timeout@~4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/p-timeout/-/p-timeout-4.1.0.tgz#788253c0452ab0ffecf18a62dff94ff1bd09ca0a" + integrity sha512-+/wmHtzJuWii1sXn3HCuH/FTwGhrp4tmJTxSKJbfS+vkipci6osxXM5mY0jUiRzWKMTgUT8l7HFbeSwZAynqHw== + +p-try@^2.0.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/p-try/-/p-try-2.2.0.tgz#cb2868540e313d61de58fafbe35ce9004d5540e6" + integrity sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ== + +pa11y-ci@^3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/pa11y-ci/-/pa11y-ci-3.1.0.tgz#66cf220d1dcc5f886fb25a8db25758caf0c20466" + integrity sha512-1WBGBMq0dYtZ+N/SH/AcnFSsT6sZ2w27d8Z/5XHJWSELeX8Qhh4yX5f0drb7crwjt7ugKSo4A7eEF9RbMB0LYg== + dependencies: + async "~2.6.4" + cheerio "~1.0.0-rc.10" + commander "~6.2.1" + globby "~6.1.0" + kleur "~4.1.4" + lodash "~4.17.21" + node-fetch "~2.6.1" + pa11y "^6.2.3" + protocolify "~3.0.0" + puppeteer "~9.1.1" + wordwrap "~1.0.0" + +pa11y@^6.2.3: + version "6.2.3" + resolved "https://registry.yarnpkg.com/pa11y/-/pa11y-6.2.3.tgz#920de467a9fa0d52c80e07ae910ea98b167b7336" + integrity sha512-69JoUlfW2QVmrgQAm+17XBxIvmd1u0ImFBYIHPyjC61CzAkmxO3kkbqDVxIcl0OKLvAMYSMbvfCH8kMFE9xsbg== + dependencies: + axe-core "~4.2.1" + bfj "~7.0.2" + commander "~8.0.0" + envinfo "~7.8.1" + html_codesniffer "~2.5.1" + kleur "~4.1.4" + mustache "~4.2.0" + node.extend "~2.0.2" + p-timeout "~4.1.0" + puppeteer "~9.1.1" + semver "~7.3.5" + +parse5-htmlparser2-tree-adapter@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-7.0.0.tgz#23c2cc233bcf09bb7beba8b8a69d46b08c62c2f1" + integrity sha512-B77tOZrqqfUfnVcOrUvfdLbz4pu4RopLD/4vmu3HUPswwTA8OH0EMW9BlWR2B0RCoiZRAHEUu7IxeP1Pd1UU+g== + dependencies: + domhandler "^5.0.2" + parse5 "^7.0.0" + +parse5@^7.0.0: + version "7.1.2" + resolved "https://registry.yarnpkg.com/parse5/-/parse5-7.1.2.tgz#0736bebbfd77793823240a23b7fc5e010b7f8e32" + integrity sha512-Czj1WaSVpaoj0wbhMzLmWD69anp2WH7FXMB9n1Sy8/ZFF9jolSQVMu1Ij5WIyGmcBmhk7EOndpO4mIpihVqAXw== + dependencies: + entities "^4.4.0" + +path-exists@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/path-exists/-/path-exists-4.0.0.tgz#513bdbe2d3b95d7762e8c1137efa195c6c61b5b3" + integrity sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w== + +path-is-absolute@^1.0.0: + version "1.0.1" + resolved "https://registry.yarnpkg.com/path-is-absolute/-/path-is-absolute-1.0.1.tgz#174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f" + integrity sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg== + +path-key@^3.1.0: + version "3.1.1" + resolved "https://registry.yarnpkg.com/path-key/-/path-key-3.1.1.tgz#581f6ade658cbba65a0d3380de7753295054f375" + integrity sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q== + +path-parse@^1.0.7: + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== + +path-type@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/path-type/-/path-type-5.0.0.tgz#14b01ed7aea7ddf9c7c3f46181d4d04f9c785bb8" + integrity sha512-5HviZNaZcfqP95rwpv+1HDgUamezbqdSYTyzjTvwtJSnIH+3vnbmWsItli8OFEndS984VT55M3jduxZbX351gg== + +pend@~1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/pend/-/pend-1.2.0.tgz#7a57eb550a6783f9115331fcf4663d5c8e007a50" + integrity sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg== + +picocolors@^1.0.0, picocolors@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.0.1.tgz#a8ad579b571952f0e5d25892de5445bcfe25aaa1" + integrity sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew== + +picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.3.1: + version "2.3.1" + resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42" + integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA== + +pify@^2.0.0, pify@^2.3.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/pify/-/pify-2.3.0.tgz#ed141a6ac043a849ea588498e7dca8b15330e90c" + integrity sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog== + +pinkie-promise@^2.0.0: + version "2.0.1" + resolved "https://registry.yarnpkg.com/pinkie-promise/-/pinkie-promise-2.0.1.tgz#2135d6dfa7a358c069ac9b178776288228450ffa" + integrity sha512-0Gni6D4UcLTbv9c57DfxDGdr41XfgUjqWZu492f0cIGr16zDU06BWP/RAEvOuo7CQ0CNjHaLlM59YJJFm3NWlw== + dependencies: + pinkie "^2.0.0" + +pinkie@^2.0.0: + version "2.0.4" + resolved "https://registry.yarnpkg.com/pinkie/-/pinkie-2.0.4.tgz#72556b80cfa0d48a974e80e77248e80ed4f7f870" + integrity sha512-MnUuEycAemtSaeFSjXKW/aroV7akBbY+Sv+RkyqFjgAe73F+MR0TBWKBRDkmfWq/HiFmdavfZ1G7h4SPZXaCSg== + +pkg-dir@^4.2.0: + version "4.2.0" + resolved "https://registry.yarnpkg.com/pkg-dir/-/pkg-dir-4.2.0.tgz#f099133df7ede422e81d1d8448270eeb3e4261f3" + integrity sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ== + dependencies: + find-up "^4.0.0" + +postcss-cli@^11.0.0: + version "11.0.0" + resolved "https://registry.yarnpkg.com/postcss-cli/-/postcss-cli-11.0.0.tgz#649f4b9af447501feb6cbca7f7505a132f90442b" + integrity sha512-xMITAI7M0u1yolVcXJ9XTZiO9aO49mcoKQy6pCDFdMh9kGqhzLVpWxeD/32M/QBmkhcGypZFFOLNLmIW4Pg4RA== + dependencies: + chokidar "^3.3.0" + dependency-graph "^0.11.0" + fs-extra "^11.0.0" + get-stdin "^9.0.0" + globby "^14.0.0" + picocolors "^1.0.0" + postcss-load-config "^5.0.0" + postcss-reporter "^7.0.0" + pretty-hrtime "^1.0.3" + read-cache "^1.0.0" + slash "^5.0.0" + yargs "^17.0.0" + +postcss-import@^16.1.0: + version "16.1.0" + resolved "https://registry.yarnpkg.com/postcss-import/-/postcss-import-16.1.0.tgz#258732175518129667fe1e2e2a05b19b5654b96a" + integrity sha512-7hsAZ4xGXl4MW+OKEWCnF6T5jqBw80/EE9aXg1r2yyn1RsVEU8EtKXbijEODa+rg7iih4bKf7vlvTGYR4CnPNg== + dependencies: + postcss-value-parser "^4.0.0" + read-cache "^1.0.0" + resolve "^1.1.7" + +postcss-load-config@^5.0.0: + version "5.1.0" + resolved "https://registry.yarnpkg.com/postcss-load-config/-/postcss-load-config-5.1.0.tgz#4ded23410da973e05edae9d41fa99bb5c1d5477f" + integrity sha512-G5AJ+IX0aD0dygOE0yFZQ/huFFMSNneyfp0e3/bT05a8OfPC5FUoZRPfGijUdGOJNMewJiwzcHJXFafFzeKFVA== + dependencies: + lilconfig "^3.1.1" + yaml "^2.4.2" + +postcss-minify@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/postcss-minify/-/postcss-minify-1.1.0.tgz#3b1bf92c27c7503ccd8d9c7db9e4272b97c099f2" + integrity sha512-9D64ueIW0DL2FdLajQTlXrnTN8Ox9NjuXqigKMmB819RhdClNPYx5Zp3i5x0ghjjy3vGrLBBYEYvJjY/1eMNbw== + dependencies: + postcss-selector-parser "^6.0" + postcss-value-parser "^4.1" + +postcss-reporter@^7.0.0: + version "7.1.0" + resolved "https://registry.yarnpkg.com/postcss-reporter/-/postcss-reporter-7.1.0.tgz#5ec476d224e2fe25a054e3c66d9b2901d4fab422" + integrity sha512-/eoEylGWyy6/DOiMP5lmFRdmDKThqgn7D6hP2dXKJI/0rJSO1ADFNngZfDzxL0YAxFvws+Rtpuji1YIHj4mySA== + dependencies: + picocolors "^1.0.0" + thenby "^1.3.4" + +postcss-scss@^4.0.9: + version "4.0.9" + resolved "https://registry.yarnpkg.com/postcss-scss/-/postcss-scss-4.0.9.tgz#a03c773cd4c9623cb04ce142a52afcec74806685" + integrity sha512-AjKOeiwAitL/MXxQW2DliT28EKukvvbEWx3LBmJIRN8KfBGZbRTxNYW0kSqi1COiTZ57nZ9NW06S6ux//N1c9A== + +postcss-selector-parser@^6.0: + version "6.1.0" + resolved "https://registry.yarnpkg.com/postcss-selector-parser/-/postcss-selector-parser-6.1.0.tgz#49694cb4e7c649299fea510a29fa6577104bcf53" + integrity sha512-UMz42UD0UY0EApS0ZL9o1XnLhSTtvvvLe5Dc2H2O56fvRZi+KulDyf5ctDhhtYJBGKStV2FL1fy6253cmLgqVQ== + dependencies: + cssesc "^3.0.0" + util-deprecate "^1.0.2" + +postcss-value-parser@^4.0.0, postcss-value-parser@^4.1, postcss-value-parser@^4.2.0: + version "4.2.0" + resolved "https://registry.yarnpkg.com/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz#723c09920836ba6d3e5af019f92bc0971c02e514" + integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ== + +postcss@^8.4.38: + version "8.4.38" + resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.38.tgz#b387d533baf2054288e337066d81c6bee9db9e0e" + integrity sha512-Wglpdk03BSfXkHoQa3b/oulrotAkwrlLDRSOb9D0bN86FdRyE9lppSp33aHNPgBa0JKCoB+drFLZkQoRRYae5A== + dependencies: + nanoid "^3.3.7" + picocolors "^1.0.0" + source-map-js "^1.2.0" + +prepend-http@^3.0.0: + version "3.0.1" + resolved "https://registry.yarnpkg.com/prepend-http/-/prepend-http-3.0.1.tgz#3e724d58fd5867465b300bb9615009fa2f8ee3b6" + integrity sha512-BLxfZh+m6UiAiCPZFJ4+vYoL7NrRs5XgCTRrjseATAggXhdZKKxn+JUNmuVYWY23bDHgaEHodxw8mnmtVEDtHw== + +pretty-hrtime@^1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/pretty-hrtime/-/pretty-hrtime-1.0.3.tgz#b7e3ea42435a4c9b2759d99e0f201eb195802ee1" + integrity sha512-66hKPCr+72mlfiSjlEB1+45IjXSqvVAIy6mocupoww4tBFE9R9IhwwUGoI4G++Tc9Aq+2rxOt0RFU6gPcrte0A== + +progress@^2.0.1: + version "2.0.3" + resolved "https://registry.yarnpkg.com/progress/-/progress-2.0.3.tgz#7e8cf8d8f5b8f239c1bc68beb4eb78567d572ef8" + integrity sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA== + +protocolify@~3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/protocolify/-/protocolify-3.0.0.tgz#addf3f90b4f2b86b65cdaf260a761e2bf556854e" + integrity sha512-PuvDJOkKJMVQx8jSNf8E5g0bJw/UTKm30mTjFHg4N30c8sefgA5Qr/f8INKqYBKfvP/MUSJrj+z1Smjbq4/3rQ== + dependencies: + file-url "^3.0.0" + prepend-http "^3.0.0" + +proxy-from-env@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2" + integrity sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg== + +pump@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/pump/-/pump-3.0.0.tgz#b4a2116815bde2f4e1ea602354e8c75565107a64" + integrity sha512-LwZy+p3SFs1Pytd/jYct4wpv49HiYCqd9Rlc5ZVdk0V+8Yzv6jR5Blk3TRmPL1ft69TxP0IMZGJ+WPFU2BFhww== + dependencies: + end-of-stream "^1.1.0" + once "^1.3.1" + +punycode@^2.1.0: + version "2.3.1" + resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.1.tgz#027422e2faec0b25e1549c3e1bd8309b9133b6e5" + integrity sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg== + +puppeteer@~9.1.1: + version "9.1.1" + resolved "https://registry.yarnpkg.com/puppeteer/-/puppeteer-9.1.1.tgz#f74b7facf86887efd6c6b9fabb7baae6fdce012c" + integrity sha512-W+nOulP2tYd/ZG99WuZC/I5ljjQQ7EUw/jQGcIb9eu8mDlZxNY2SgcJXTLG9h5gRvqA3uJOe4hZXYsd3EqioMw== + dependencies: + debug "^4.1.0" + devtools-protocol "0.0.869402" + extract-zip "^2.0.0" + https-proxy-agent "^5.0.0" + node-fetch "^2.6.1" + pkg-dir "^4.2.0" + progress "^2.0.1" + proxy-from-env "^1.1.0" + rimraf "^3.0.2" + tar-fs "^2.0.0" + unbzip2-stream "^1.3.3" + ws "^7.2.3" + +queue-microtask@^1.2.2: + version "1.2.3" + resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.3.tgz#4929228bbc724dfac43e0efb058caf7b6cfb6243" + integrity sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A== + +randombytes@^2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/randombytes/-/randombytes-2.1.0.tgz#df6f84372f0270dc65cdf6291349ab7a473d4f2a" + integrity sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ== + dependencies: + safe-buffer "^5.1.0" + +read-cache@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/read-cache/-/read-cache-1.0.0.tgz#e664ef31161166c9751cdbe8dbcf86b5fb58f774" + integrity sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA== + dependencies: + pify "^2.3.0" + +readable-stream@^3.1.1, readable-stream@^3.4.0: + version "3.6.2" + resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-3.6.2.tgz#56a9b36ea965c00c5a93ef31eb111a0f11056967" + integrity sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA== + dependencies: + inherits "^2.0.3" + string_decoder "^1.1.1" + util-deprecate "^1.0.1" + +readdirp@~3.6.0: + version "3.6.0" + resolved "https://registry.yarnpkg.com/readdirp/-/readdirp-3.6.0.tgz#74a370bd857116e245b29cc97340cd431a02a6c7" + integrity sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA== + dependencies: + picomatch "^2.2.1" + +receptor@1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/receptor/-/receptor-1.0.0.tgz#bf54477e0387e44bebf3855120bbda5adea08f8b" + integrity sha512-yvVEqVQDNzEmGkluCkEdbKSXqZb3WGxotI/VukXIQ+4/BXEeXVjWtmC6jWaR1BIsmEAGYQy3OTaNgDj2Svr01w== + dependencies: + element-closest "^2.0.1" + keyboardevent-key-polyfill "^1.0.2" + matches-selector "^1.0.0" + object-assign "^4.1.0" + +rechoir@^0.8.0: + version "0.8.0" + resolved "https://registry.yarnpkg.com/rechoir/-/rechoir-0.8.0.tgz#49f866e0d32146142da3ad8f0eff352b3215ff22" + integrity sha512-/vxpCXddiX8NGfGO/mTafwjq4aFa/71pvamip0++IQk3zG8cbCj0fifNPrjjF1XMXUne91jL9OoxmdykoEtifQ== + dependencies: + resolve "^1.20.0" + +require-directory@^2.1.1: + version "2.1.1" + resolved "https://registry.yarnpkg.com/require-directory/-/require-directory-2.1.1.tgz#8c64ad5fd30dab1c976e2344ffe7f792a6a6df42" + integrity sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q== + +resolve-cwd@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/resolve-cwd/-/resolve-cwd-3.0.0.tgz#0f0075f1bb2544766cf73ba6a6e2adfebcb13f2d" + integrity sha512-OrZaX2Mb+rJCpH/6CpSqt9xFVpN++x01XnN2ie9g6P5/3xelLAkXWVADpdz1IHD/KFfEXyE6V0U01OQ3UO2rEg== + dependencies: + resolve-from "^5.0.0" + +resolve-from@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/resolve-from/-/resolve-from-5.0.0.tgz#c35225843df8f776df21c57557bc087e9dfdfc69" + integrity sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw== + +resolve-id-refs@0.1.0: + version "0.1.0" + resolved "https://registry.yarnpkg.com/resolve-id-refs/-/resolve-id-refs-0.1.0.tgz#3126624b887489da8fc0ae889632f8413ac6c3ec" + integrity sha512-hNS03NEmVpJheF7yfyagNh57XuKc0z+NkSO0oBbeO67o6IJKoqlDfnNIxhjp7aTWwjmSWZQhtiGrOgZXVyM90w== + +resolve@^1.1.7, resolve@^1.20.0: + version "1.22.8" + resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.22.8.tgz#b6c87a9f2aa06dfab52e3d70ac8cde321fa5a48d" + integrity sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw== + dependencies: + is-core-module "^2.13.0" + path-parse "^1.0.7" + supports-preserve-symlinks-flag "^1.0.0" + +reusify@^1.0.4: + version "1.0.4" + resolved "https://registry.yarnpkg.com/reusify/-/reusify-1.0.4.tgz#90da382b1e126efc02146e90845a88db12925d76" + integrity sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw== + +rimraf@^3.0.2: + version "3.0.2" + resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-3.0.2.tgz#f1a5402ba6220ad52cc1282bac1ae3aa49fd061a" + integrity sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA== + dependencies: + glob "^7.1.3" + +run-parallel@^1.1.9: + version "1.2.0" + resolved "https://registry.yarnpkg.com/run-parallel/-/run-parallel-1.2.0.tgz#66d1368da7bdf921eb9d95bd1a9229e7f21a43ee" + integrity sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA== + dependencies: + queue-microtask "^1.2.2" + +safe-buffer@^5.1.0, safe-buffer@~5.2.0: + version "5.2.1" + resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6" + integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== + +sass@^1.69.5: + version "1.77.6" + resolved "https://registry.yarnpkg.com/sass/-/sass-1.77.6.tgz#898845c1348078c2e6d1b64f9ee06b3f8bd489e4" + integrity sha512-ByXE1oLD79GVq9Ht1PeHWCPMPB8XHpBuz1r85oByKHjZY6qV6rWnQovQzXJXuQ/XyE1Oj3iPk3lo28uzaRA2/Q== + dependencies: + chokidar ">=3.0.0 <4.0.0" + immutable "^4.0.0" + source-map-js ">=0.6.2 <2.0.0" + +schema-utils@^3.1.1, schema-utils@^3.2.0: + version "3.3.0" + resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-3.3.0.tgz#f50a88877c3c01652a15b622ae9e9795df7a60fe" + integrity sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg== + dependencies: + "@types/json-schema" "^7.0.8" + ajv "^6.12.5" + ajv-keywords "^3.5.2" + +semver@~7.3.5: + version "7.3.8" + resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.8.tgz#07a78feafb3f7b32347d725e33de7e2a2df67798" + integrity sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A== + dependencies: + lru-cache "^6.0.0" + +serialize-javascript@^6.0.1: + version "6.0.2" + resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.2.tgz#defa1e055c83bf6d59ea805d8da862254eb6a6c2" + integrity sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g== + dependencies: + randombytes "^2.1.0" + +shallow-clone@^3.0.0: + version "3.0.1" + resolved "https://registry.yarnpkg.com/shallow-clone/-/shallow-clone-3.0.1.tgz#8f2981ad92531f55035b01fb230769a40e02efa3" + integrity sha512-/6KqX+GVUdqPuPPd2LxDDxzX6CAbjJehAAOKlNpqqUpAqPM6HeL8f+o3a+JsyGjn2lv0WY8UsTgUJjU9Ok55NA== + dependencies: + kind-of "^6.0.2" + +shebang-command@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/shebang-command/-/shebang-command-2.0.0.tgz#ccd0af4f8835fbdc265b82461aaf0c36663f34ea" + integrity sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA== + dependencies: + shebang-regex "^3.0.0" + +shebang-regex@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-3.0.0.tgz#ae16f1644d873ecad843b0307b143362d4c42172" + integrity sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A== + +slash@^5.0.0, slash@^5.1.0: + version "5.1.0" + resolved "https://registry.yarnpkg.com/slash/-/slash-5.1.0.tgz#be3adddcdf09ac38eebe8dcdc7b1a57a75b095ce" + integrity sha512-ZA6oR3T/pEyuqwMgAKT0/hAv8oAXckzbkmR0UkUosQ+Mc4RxGoJkRmwHgHufaenlyAgE1Mxgpdcrf75y6XcnDg== + +"source-map-js@>=0.6.2 <2.0.0", source-map-js@^1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/source-map-js/-/source-map-js-1.2.0.tgz#16b809c162517b5b8c3e7dcd315a2a5c2612b2af" + integrity sha512-itJW8lvSA0TXEphiRoawsCksnlf8SyvmFzIhltqAHluXd88pkCd+cXJVHTDwdCr0IzwptSm035IHQktUu1QUMg== + +source-map-support@~0.5.20: + version "0.5.21" + resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.21.tgz#04fe7c7f9e1ed2d662233c28cb2b35b9f63f6e4f" + integrity sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w== + dependencies: + buffer-from "^1.0.0" + source-map "^0.6.0" + +source-map@^0.6.0: + version "0.6.1" + resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.6.1.tgz#74722af32e9614e9c287a8d0bbde48b5e2f1a263" + integrity sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g== + +source-map@~0.7.4: + version "0.7.4" + resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.7.4.tgz#a9bbe705c9d8846f4e08ff6765acf0f1b0898656" + integrity sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA== + +string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3: + version "4.2.3" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" + integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== + dependencies: + emoji-regex "^8.0.0" + is-fullwidth-code-point "^3.0.0" + strip-ansi "^6.0.1" + +string_decoder@^1.1.1: + version "1.3.0" + resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.3.0.tgz#42f114594a46cf1a8e30b0a84f56c78c3edac21e" + integrity sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA== + dependencies: + safe-buffer "~5.2.0" + +strip-ansi@^6.0.0, strip-ansi@^6.0.1: + version "6.0.1" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" + integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== + dependencies: + ansi-regex "^5.0.1" + +supports-color@^8.0.0: + version "8.1.1" + resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-8.1.1.tgz#cd6fc17e28500cff56c1b86c0a7fd4a54a73005c" + integrity sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q== + dependencies: + has-flag "^4.0.0" + +supports-preserve-symlinks-flag@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz#6eda4bd344a3c94aea376d4cc31bc77311039e09" + integrity sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w== + +tapable@^2.1.1, tapable@^2.2.0: + version "2.2.1" + resolved "https://registry.yarnpkg.com/tapable/-/tapable-2.2.1.tgz#1967a73ef4060a82f12ab96af86d52fdb76eeca0" + integrity sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ== + +tar-fs@^2.0.0: + version "2.1.1" + resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-2.1.1.tgz#489a15ab85f1f0befabb370b7de4f9eb5cbe8784" + integrity sha512-V0r2Y9scmbDRLCNex/+hYzvp/zyYjvFbHPNgVTKfQvVrb6guiE/fxP+XblDNR011utopbkex2nM4dHNV6GDsng== + dependencies: + chownr "^1.1.1" + mkdirp-classic "^0.5.2" + pump "^3.0.0" + tar-stream "^2.1.4" + +tar-stream@^2.1.4: + version "2.2.0" + resolved "https://registry.yarnpkg.com/tar-stream/-/tar-stream-2.2.0.tgz#acad84c284136b060dc3faa64474aa9aebd77287" + integrity sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ== + dependencies: + bl "^4.0.3" + end-of-stream "^1.4.1" + fs-constants "^1.0.0" + inherits "^2.0.3" + readable-stream "^3.1.1" + +terser-webpack-plugin@^5.3.10: + version "5.3.10" + resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-5.3.10.tgz#904f4c9193c6fd2a03f693a2150c62a92f40d199" + integrity sha512-BKFPWlPDndPs+NGGCr1U59t0XScL5317Y0UReNrHaw9/FwhPENlq6bfgs+4yPfyP51vqC1bQ4rp1EfXW5ZSH9w== + dependencies: + "@jridgewell/trace-mapping" "^0.3.20" + jest-worker "^27.4.5" + schema-utils "^3.1.1" + serialize-javascript "^6.0.1" + terser "^5.26.0" + +terser@^5.26.0: + version "5.31.1" + resolved "https://registry.yarnpkg.com/terser/-/terser-5.31.1.tgz#735de3c987dd671e95190e6b98cfe2f07f3cf0d4" + integrity sha512-37upzU1+viGvuFtBo9NPufCb9dwM0+l9hMxYyWfBA+fbwrPqNJAhbZ6W47bBFnZHKHTUBnMvi87434qq+qnxOg== + dependencies: + "@jridgewell/source-map" "^0.3.3" + acorn "^8.8.2" + commander "^2.20.0" + source-map-support "~0.5.20" + +thenby@^1.3.4: + version "1.3.4" + resolved "https://registry.yarnpkg.com/thenby/-/thenby-1.3.4.tgz#81581f6e1bb324c6dedeae9bfc28e59b1a2201cc" + integrity sha512-89Gi5raiWA3QZ4b2ePcEwswC3me9JIg+ToSgtE0JWeCynLnLxNr/f9G+xfo9K+Oj4AFdom8YNJjibIARTJmapQ== + +through@^2.3.8: + version "2.3.8" + resolved "https://registry.yarnpkg.com/through/-/through-2.3.8.tgz#0dd4c9ffaabc357960b1b724115d7e0e86a2e1f5" + integrity sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg== + +to-regex-range@^5.0.1: + version "5.0.1" + resolved "https://registry.yarnpkg.com/to-regex-range/-/to-regex-range-5.0.1.tgz#1648c44aae7c8d988a326018ed72f5b4dd0392e4" + integrity sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ== + dependencies: + is-number "^7.0.0" + +tr46@~0.0.3: + version "0.0.3" + resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a" + integrity sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw== + +tryer@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/tryer/-/tryer-1.0.1.tgz#f2c85406800b9b0f74c9f7465b81eaad241252f8" + integrity sha512-c3zayb8/kWWpycWYg87P71E1S1ZL6b6IJxfb5fvsUgsf0S2MVGaDhDXXjDMpdCpfWXqptc+4mXwmiy1ypXqRAA== + +unbzip2-stream@^1.3.3: + version "1.4.3" + resolved "https://registry.yarnpkg.com/unbzip2-stream/-/unbzip2-stream-1.4.3.tgz#b0da04c4371311df771cdc215e87f2130991ace7" + integrity sha512-mlExGW4w71ebDJviH16lQLtZS32VKqsSfk80GCfUlwT/4/hNRFsoscrF/c++9xinkMzECL1uL9DDwXqFWkruPg== + dependencies: + buffer "^5.2.1" + through "^2.3.8" + +undici-types@~5.26.4: + version "5.26.5" + resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" + integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== + +unicorn-magic@^0.1.0: + version "0.1.0" + resolved "https://registry.yarnpkg.com/unicorn-magic/-/unicorn-magic-0.1.0.tgz#1bb9a51c823aaf9d73a8bfcd3d1a23dde94b0ce4" + integrity sha512-lRfVq8fE8gz6QMBuDM6a+LO3IAzTi05H6gCVaUpir2E1Rwpo4ZUog45KpNXKC/Mn3Yb9UDuHumeFTo9iV/D9FQ== + +universalify@^2.0.0: + version "2.0.1" + resolved "https://registry.yarnpkg.com/universalify/-/universalify-2.0.1.tgz#168efc2180964e6386d061e094df61afe239b18d" + integrity sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw== + +update-browserslist-db@^1.0.16: + version "1.0.16" + resolved "https://registry.yarnpkg.com/update-browserslist-db/-/update-browserslist-db-1.0.16.tgz#f6d489ed90fb2f07d67784eb3f53d7891f736356" + integrity sha512-KVbTxlBYlckhF5wgfyZXTWnMn7MMZjMu9XG8bPlliUOP9ThaF4QnhP8qrjrH7DRzHfSk0oQv1wToW+iA5GajEQ== + dependencies: + escalade "^3.1.2" + picocolors "^1.0.1" + +uri-js@^4.2.2: + version "4.4.1" + resolved "https://registry.yarnpkg.com/uri-js/-/uri-js-4.4.1.tgz#9b1a52595225859e55f669d928f88c6c57f2a77e" + integrity sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg== + dependencies: + punycode "^2.1.0" + +util-deprecate@^1.0.1, util-deprecate@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" + integrity sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw== + +watchpack@^2.4.1: + version "2.4.1" + resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-2.4.1.tgz#29308f2cac150fa8e4c92f90e0ec954a9fed7fff" + integrity sha512-8wrBCMtVhqcXP2Sup1ctSkga6uc2Bx0IIvKyT7yTFier5AXHooSI+QyQQAtTb7+E0IUCCKyTFmXqdqgum2XWGg== + dependencies: + glob-to-regexp "^0.4.1" + graceful-fs "^4.1.2" + +webidl-conversions@^3.0.0: + version "3.0.1" + resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871" + integrity sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ== + +webpack-cli@^5.1.4: + version "5.1.4" + resolved "https://registry.yarnpkg.com/webpack-cli/-/webpack-cli-5.1.4.tgz#c8e046ba7eaae4911d7e71e2b25b776fcc35759b" + integrity sha512-pIDJHIEI9LR0yxHXQ+Qh95k2EvXpWzZ5l+d+jIo+RdSm9MiHfzazIxwwni/p7+x4eJZuvG1AJwgC4TNQ7NRgsg== + dependencies: + "@discoveryjs/json-ext" "^0.5.0" + "@webpack-cli/configtest" "^2.1.1" + "@webpack-cli/info" "^2.0.2" + "@webpack-cli/serve" "^2.0.5" + colorette "^2.0.14" + commander "^10.0.1" + cross-spawn "^7.0.3" + envinfo "^7.7.3" + fastest-levenshtein "^1.0.12" + import-local "^3.0.2" + interpret "^3.1.1" + rechoir "^0.8.0" + webpack-merge "^5.7.3" + +webpack-merge@^5.7.3: + version "5.10.0" + resolved "https://registry.yarnpkg.com/webpack-merge/-/webpack-merge-5.10.0.tgz#a3ad5d773241e9c682803abf628d4cd62b8a4177" + integrity sha512-+4zXKdx7UnO+1jaN4l2lHVD+mFvnlZQP/6ljaJVb4SZiwIKeUnrT5l0gkT8z+n4hKpC+jpOv6O9R+gLtag7pSA== + dependencies: + clone-deep "^4.0.1" + flat "^5.0.2" + wildcard "^2.0.0" + +webpack-sources@^3.2.3: + version "3.2.3" + resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-3.2.3.tgz#2d4daab8451fd4b240cc27055ff6a0c2ccea0cde" + integrity sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w== + +webpack@^5.92.1: + version "5.92.1" + resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.92.1.tgz#eca5c1725b9e189cffbd86e8b6c3c7400efc5788" + integrity sha512-JECQ7IwJb+7fgUFBlrJzbyu3GEuNBcdqr1LD7IbSzwkSmIevTm8PF+wej3Oxuz/JFBUZ6O1o43zsPkwm1C4TmA== + dependencies: + "@types/eslint-scope" "^3.7.3" + "@types/estree" "^1.0.5" + "@webassemblyjs/ast" "^1.12.1" + "@webassemblyjs/wasm-edit" "^1.12.1" + "@webassemblyjs/wasm-parser" "^1.12.1" + acorn "^8.7.1" + acorn-import-attributes "^1.9.5" + browserslist "^4.21.10" + chrome-trace-event "^1.0.2" + enhanced-resolve "^5.17.0" + es-module-lexer "^1.2.1" + eslint-scope "5.1.1" + events "^3.2.0" + glob-to-regexp "^0.4.1" + graceful-fs "^4.2.11" + json-parse-even-better-errors "^2.3.1" + loader-runner "^4.2.0" + mime-types "^2.1.27" + neo-async "^2.6.2" + schema-utils "^3.2.0" + tapable "^2.1.1" + terser-webpack-plugin "^5.3.10" + watchpack "^2.4.1" + webpack-sources "^3.2.3" + +whatwg-url@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d" + integrity sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw== + dependencies: + tr46 "~0.0.3" + webidl-conversions "^3.0.0" + +which@^2.0.1: + version "2.0.2" + resolved "https://registry.yarnpkg.com/which/-/which-2.0.2.tgz#7c6a8dd0a636a0327e10b59c9286eee93f3f51b1" + integrity sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA== + dependencies: + isexe "^2.0.0" + +wildcard@^2.0.0: + version "2.0.1" + resolved "https://registry.yarnpkg.com/wildcard/-/wildcard-2.0.1.tgz#5ab10d02487198954836b6349f74fff961e10f67" + integrity sha512-CC1bOL87PIWSBhDcTrdeLo6eGT7mCFtrg0uIJtqJUFyK+eJnzl8A1niH56uu7KMa5XFrtiV+AQuHO3n7DsHnLQ== + +wordwrap@~1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/wordwrap/-/wordwrap-1.0.0.tgz#27584810891456a4171c8d0226441ade90cbcaeb" + integrity sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q== + +wrap-ansi@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" + integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== + dependencies: + ansi-styles "^4.0.0" + string-width "^4.1.0" + strip-ansi "^6.0.0" + +wrappy@1: + version "1.0.2" + resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f" + integrity sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ== + +ws@^7.2.3: + version "7.5.10" + resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.10.tgz#58b5c20dc281633f6c19113f39b349bd8bd558d9" + integrity sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ== + +y18n@^5.0.5: + version "5.0.8" + resolved "https://registry.yarnpkg.com/y18n/-/y18n-5.0.8.tgz#7f4934d0f7ca8c56f95314939ddcd2dd91ce1d55" + integrity sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA== + +yallist@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/yallist/-/yallist-4.0.0.tgz#9bb92790d9c0effec63be73519e11a35019a3a72" + integrity sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A== + +yaml@^2.4.2: + version "2.4.5" + resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.4.5.tgz#60630b206dd6d84df97003d33fc1ddf6296cca5e" + integrity sha512-aBx2bnqDzVOyNKfsysjA2ms5ZlnjSAW2eG3/L5G/CSujfjLJTJsEw1bGw8kCf04KodQWk1pxlGnZ56CRxiawmg== + +yargs-parser@^21.1.1: + version "21.1.1" + resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-21.1.1.tgz#9096bceebf990d21bb31fa9516e0ede294a77d35" + integrity sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw== + +yargs@^17.0.0: + version "17.7.2" + resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.7.2.tgz#991df39aca675a192b816e1e0363f9d75d2aa269" + integrity sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w== + dependencies: + cliui "^8.0.1" + escalade "^3.1.1" + get-caller-file "^2.0.5" + require-directory "^2.1.1" + string-width "^4.2.3" + y18n "^5.0.5" + yargs-parser "^21.1.1" + +yauzl@^2.10.0: + version "2.10.0" + resolved "https://registry.yarnpkg.com/yauzl/-/yauzl-2.10.0.tgz#c7eb17c93e112cb1086fa6d8e51fb0667b79a5f9" + integrity sha512-p4a9I6X6nu6IhoGmBqAcbJy1mlC4j27vEPZX9F4L4/vZT3Lyq1VkFHw/V/PUcB9Buo+DG3iHkT0x3Qya58zc3g== + dependencies: + buffer-crc32 "~0.2.3" + fd-slicer "~1.1.0" diff --git a/zap.conf b/zap.conf new file mode 100644 index 0000000..f4e88ff --- /dev/null +++ b/zap.conf @@ -0,0 +1,121 @@ +# zap-full-scan rule configuration file +# Change WARN to IGNORE to ignore rule or FAIL to fail if rule matches +# Active scan rules set to IGNORE will not be run which will speed up the scan +# Only the rule identifiers are used - the names are just for info +# You can add your own messages to each rule by appending them after a tab on each line. +0 WARN (Directory Browsing - Active/release) +10003 WARN (Vulnerable JS Library - Passive/release) +10010 FAIL (Cookie No HttpOnly Flag - Passive/release) +10011 FAIL (Cookie Without Secure Flag - Passive/release) +10015 WARN (Incomplete or No Cache-control Header Set - Passive/release) +10016 FAIL (Web Browser XSS Protection Not Enabled) +10017 WARN (Cross-Domain JavaScript Source File Inclusion - Passive/release) +10019 WARN (Content-Type Header Missing - Passive/release) +10020 FAIL (X-Frame-Options Header - Passive/release) +10021 WARN (X-Content-Type-Options Header Missing - Passive/release) +10023 WARN (Information Disclosure - Debug Error Messages - Passive/release) +10024 FAIL (Information Disclosure - Sensitive Information in URL - Passive/release) +10025 FAIL (Information Disclosure - Sensitive Information in HTTP Referrer Header - Passive/release) +10026 WARN (HTTP Parameter Override - Passive/beta) +10027 WARN (Information Disclosure - Suspicious Comments - Passive/release) +10028 FAIL (Open Redirect - Passive/beta) +10029 WARN (Cookie Poisoning - Passive/beta) +10030 WARN (User Controllable Charset - Passive/beta) +10031 WARN (User Controllable HTML Element Attribute (Potential XSS) - Passive/beta) +10032 WARN (Viewstate - Passive/release) +10033 WARN (Directory Browsing - Passive/beta) +10034 WARN (Heartbleed OpenSSL Vulnerability (Indicative) - Passive/beta) +10035 FAIL (Strict-Transport-Security Header - Passive/beta) +10036 WARN (HTTP Server Response Header - Passive/beta) +10037 WARN (Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) - Passive/release) +10038 FAIL (Content Security Policy (CSP) Header Not Set - Passive/beta) +10039 WARN (X-Backend-Server Header Information Leak - Passive/beta) +10040 FAIL (Secure Pages Include Mixed Content - Passive/release) +10041 WARN (HTTP to HTTPS Insecure Transition in Form Post - Passive/beta) +10042 WARN (HTTPS to HTTP Insecure Transition in Form Post - Passive/beta) +10043 FAIL (User Controllable JavaScript Event (XSS) - Passive/beta) +10044 WARN (Big Redirect Detected (Potential Sensitive Information Leak) - Passive/beta) +10045 WARN (Source Code Disclosure - /WEB-INF folder - Active/release) +10047 WARN (HTTPS Content Available via HTTP - Active/beta) +10048 FAIL (Remote Code Execution - Shell Shock - Active/beta) +10050 WARN (Retrieved from Cache - Passive/beta) +10051 WARN (Relative Path Confusion - Active/beta) +10052 WARN (X-ChromeLogger-Data (XCOLD) Header Information Leak - Passive/beta) +10053 WARN (Apache Range Header DoS (CVE-2011-3192) - Active/beta) +10054 WARN (Cookie without SameSite Attribute - Passive/release) +10055 WARN (CSP - Passive/release) +10056 WARN (X-Debug-Token Information Leak - Passive/release) +10057 WARN (Username Hash Found - Passive/release) +10058 FAIL (GET for POST - Active/beta) +10061 WARN (X-AspNet-Version Response Header - Passive/release) +10062 FAIL (PII Disclosure - Passive/beta) +10095 IGNORE (Backup File Disclosure - Active/beta) +10096 WARN (Timestamp Disclosure - Passive/release) +10097 WARN (Hash Disclosure - Passive/beta) +10098 WARN (Cross-Domain Misconfiguration - Passive/release) +10104 WARN (User Agent Fuzzer - Active/beta) +10105 WARN (Weak Authentication Method - Passive/release) +10106 IGNORE (HTTP Only Site - Active/beta) +10107 WARN (Httpoxy - Proxy Header Misuse - Active/beta) +10108 WARN (Reverse Tabnabbing - Passive/beta) +10109 WARN (Modern Web Application - Passive/beta) +10202 FAIL (Absence of Anti-CSRF Tokens - Passive/release) +2 WARN (Private IP Disclosure - Passive/release) +20012 FAIL (Anti-CSRF Tokens Check - Active/beta) +20014 WARN (HTTP Parameter Pollution - Active/beta) +20015 WARN (Heartbleed OpenSSL Vulnerability - Active/beta) +20016 WARN (Cross-Domain Misconfiguration - Active/beta) +20017 FAIL (Source Code Disclosure - CVE-2012-1823 - Active/beta) +20018 FAIL (Remote Code Execution - CVE-2012-1823 - Active/beta) +20019 WARN (External Redirect - Active/release) +3 WARN (Session ID in URL Rewrite - Passive/release) +30001 WARN (Buffer Overflow - Active/release) +30002 WARN (Format String Error - Active/release) +30003 WARN (Integer Overflow Error - Active/beta) +40003 WARN (CRLF Injection - Active/release) +40008 WARN (Parameter Tampering - Active/release) +40009 WARN (Server Side Include - Active/release) +40012 FAIL (Cross Site Scripting (Reflected) - Active/release) +40013 FAIL (Session Fixation - Active/beta) +40014 FAIL (Cross Site Scripting (Persistent) - Active/release) +40016 FAIL (Cross Site Scripting (Persistent) - Prime - Active/release) +40017 FAIL (Cross Site Scripting (Persistent) - Spider - Active/release) +40018 FAIL (SQL Injection - Active/release) +40019 FAIL (SQL Injection - MySQL - Active/beta) +40020 FAIL (SQL Injection - Hypersonic SQL - Active/beta) +40021 FAIL (SQL Injection - Oracle - Active/beta) +40022 FAIL (SQL Injection - PostgreSQL - Active/beta) +40023 FAIL (Possible Username Enumeration - Active/beta) +40024 FAIL (SQL Injection - SQLite - Active/beta) +40025 FAIL (Proxy Disclosure - Active/beta) +40026 FAIL (Cross Site Scripting (DOM Based) - Active/beta) +40027 FAIL (SQL Injection - MsSQL - Active/beta) +40028 WARN (ELMAH Information Leak - Active/release) +40029 WARN (Trace.axd Information Leak - Active/beta) +40032 FAIL (.htaccess Information Leak - Active/release) +40034 FAIL (.env Information Leak - Active/beta) +40035 FAIL (Hidden File Finder - Active/beta) +41 FAIL (Source Code Disclosure - Git - Active/beta) +42 WARN (Source Code Disclosure - SVN - Active/beta) +43 WARN (Source Code Disclosure - File Inclusion - Active/beta) +50000 WARN (Script Active Scan Rules - Active/release) +50001 WARN (Script Passive Scan Rules - Passive/release) +6 WARN (Path Traversal - Active/release) +7 WARN (Remote File Inclusion - Active/release) +90001 WARN (Insecure JSF ViewState - Passive/release) +90011 WARN (Charset Mismatch - Passive/release) +90017 WARN (XSLT Injection - Active/beta) +90019 WARN (Server Side Code Injection - Active/release) +90020 FAIL (Remote OS Command Injection - Active/release) +90021 WARN (XPath Injection - Active/beta) +90022 WARN (Application Error Disclosure - Passive/release) +90023 WARN (XML External Entity Attack - Active/beta) +90024 WARN (Generic Padding Oracle - Active/beta) +90025 WARN (Expression Language Injection - Active/beta) +90026 WARN (SOAP Action Spoofing - Active/alpha) +90027 IGNORE (Cookie Slack Detector - Active/beta) +90028 WARN (Insecure HTTP Method - Active/beta) +90029 WARN (SOAP XML Injection - Active/alpha) +90030 WARN (WSDL File Detection - Passive/alpha) +90033 WARN (Loosely Scoped Cookie - Passive/release) +90034 WARN (Cloud Metadata Potentially Exposed - Active/beta)