bonnie_bundler 2.2.0 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: b269f1ed95afc827a2d65807ae470d8c8b262983
-  data.tar.gz: 0774557d617fec8aaedee51f337c1f221b047f78
+SHA256:
+  metadata.gz: 327ca5f0f9c6e8b7d15aec442443fcf5cf74162967fc814a8edd80e2804dacf9
+  data.tar.gz: 0f8b190e0a145f8b188b1d0d707c17a5fdbcaefac8573c7244e825a5f2d80a51
 SHA512:
-  metadata.gz: a10c1306be5997580e139e0d19bf2ab4ebebcdc797ebe20e68495c6c20bf61d0b75528fd9837f845b847784b1e41ef4de22cdcbbe9885da408dc4c9ae28fc2ef
-  data.tar.gz: 5a70b2143fd7a1151c0d82328d7fdc96c46a7be2d1c7ef4bc671e4c0970e568ee6e483661a052629a5ae3d43d1dfa3c011bbcad3f937eb66a4fa04e1694480e2
+  metadata.gz: c94fc587d3a98914a9f9dd7cbb71025b9b56c1cd563f92f17b048f2e03286206890ff80609cdabd24a226d6086a63e6d4e849908f51a7d5afda8b8d5980cd3d3
+  data.tar.gz: 33ded10c16749888bb8658e6a4bdb5f8b30d48317f98779377d19a516a30c1aecfd02b6d4be4c9d8ef34ba1493bf76c21acf33d05f637645f5c75ed326c95863

data/.github/gitleaks.toml

@@ -0,0 +1,268 @@
+title = "gitleaks config"
+
+[[rules]]
+    description = "AWS Manager ID"
+    regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+    tags = ["key", "AWS"]
+
+[[rules]]
+    description = "AWS cred file info"
+    regex = '''(?i)(aws_access_key_id|aws_secret_access_key)(.{0,20})?=.[0-9a-zA-Z\/+]{20,40}'''
+    tags = ["AWS"]
+
+[[rules]]
+    description = "AWS Secret Key"
+    regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
+    tags = ["key", "AWS"]
+
+[[rules]]
+    description = "AWS MWS key"
+    regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
+    tags = ["key", "AWS", "MWS"]
+
+[[rules]]
+    description = "Facebook Secret Key"
+    regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
+    tags = ["key", "Facebook"]
+
+[[rules]]
+    description = "Facebook Client ID"
+    regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
+    tags = ["key", "Facebook"]
+
+[[rules]]
+    description = "Twitter Secret Key"
+    regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
+    tags = ["key", "Twitter"]
+
+[[rules]]
+    description = "Twitter Client ID"
+    regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
+    tags = ["client", "Twitter"]
+
+[[rules]]
+    description = "Github"
+    regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
+    tags = ["key", "Github"]
+
+[[rules]]
+    description = "LinkedIn Client ID"
+    regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]'''
+    tags = ["client", "LinkedIn"]
+
+[[rules]]
+    description = "LinkedIn Secret Key"
+    regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]'''
+    tags = ["secret", "LinkedIn"]
+
+[[rules]]
+    description = "Slack"
+    regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
+    tags = ["key", "Slack"]
+
+[[rules]]
+    description = "EC"
+    regex = '''-----BEGIN EC PRIVATE KEY-----'''
+    tags = ["key", "EC"]
+
+
+[[rules]]
+    description = "Google API key"
+    regex = '''AIza[0-9A-Za-z\\-_]{35}'''
+    tags = ["key", "Google"]
+
+
+[[rules]]
+    description = "Heroku API key"
+    regex = '''(?i)heroku(.{0,20})?['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]'''
+    tags = ["key", "Heroku"]
+
+[[rules]]
+    description = "MailChimp API key"
+    regex = '''(?i)(mailchimp|mc)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
+    tags = ["key", "Mailchimp"]
+
+[[rules]]
+    description = "Mailgun API key"
+    regex = '''(?i)(mailgun|mg)(.{0,20})?['"][0-9a-z]{32}['"]'''
+    tags = ["key", "Mailgun"]
+
+[[rules]]
+    description = "PayPal Braintree access token"
+    regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
+    tags = ["key", "Paypal"]
+
+[[rules]]
+    description = "Picatic API key"
+    regex = '''sk_live_[0-9a-z]{32}'''
+    tags = ["key", "Picatic"]
+
+[[rules]]
+    description = "Slack Webhook"
+    regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
+    tags = ["key", "slack"]
+
+[[rules]]
+    description = "Stripe API key"
+    regex = '''(?i)stripe(.{0,20})?['\"][sk|rk]_live_[0-9a-zA-Z]{24}'''
+    tags = ["key", "Stripe"]
+
+[[rules]]
+    description = "Square access token"
+    regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
+    tags = ["key", "square"]
+
+[[rules]]
+    description = "Square OAuth secret"
+    regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
+    tags = ["key", "square"]
+
+[[rules]]
+    description = "Twilio API key"
+    regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
+    tags = ["key", "twilio"]
+
+[[rules]]
+    description = "Env Var"
+    regex = '''(?i)(apikey|secret|key|api|password|pass|pw|host)=[0-9a-zA-Z-_.{}]{4,120}'''
+
+    [[rules.whitelist]]
+        regex='''Key\='''
+        description = "Reference to repo for sonarqube"
+        file = '''(?i)jenkinsfile'''
+
+    [[rules.whitelist]]
+        regex='''config.s3.aws_secret_access_key'''
+        description = "variable placeholder"
+        file = '''s3_connector.py'''
+
+    [[rules.whitelist]]
+        regex='''key=os\.path\.dirname'''
+        description = "env var whitelist"
+
+    [[rules.whitelist]]
+        regex='''.*os\.getenv.*|.*key=os\.environ\.get'''
+
+    
+    [[rules.whitelist]]
+        regex='''.*(?i)(s3secretkey|ENV_VAR|test_token|test\/key|testkey|Bearer|key.pem|key-specification|hadoop.*|Key=None|HOST=minio|KEY=S3AccessKey|api_url(),data.*|key=_file_mmset_sort_key)'''
+#[[rules]]
+#   description = "Port"
+#   regex = '''(?i)port(.{0,4})?[0-9]{1,10}'''
+#   [[rules.whitelist]]
+#       regex = '''(?i)port '''
+#       description = "ignore export "
+
+
+
+#[[rules]]
+#    description = "Email"
+#    regex = '''[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}'''
+#    tags = ["email"]
+#    [[rules.whitelist]]
+#        file = '''(?i)bashrc'''
+#        description = "ignore bashrc emails"
+
+
+[[rules]]
+    description = "Generic Credential"
+    regex = '''(?i)(dbpasswd|dbuser|dbname|dbhost|api_key|apikey|secret|key|api|password|user|guid|hostname|pw|auth)(.{0,20})?['|"]([0-9a-zA-Z-_\/+!{}/=]{4,120})['|"]'''
+    tags = ["key", "API", "generic"]
+    # ignore leaks with specific identifiers like slack and aws
+    [[rules.whitelist]]
+        regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})'''
+        description = "ignore slack"
+    [[rules.whitelist]]
+        description = "MailChimp API key"
+        regex = '''(?i)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
+    [[rules.whitelist]]
+        description = "AWS Manager ID"
+        regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+    [[rules.whitelist]]
+        regex='''(dns_secret_key|dns_access_key)'''
+        description = "Ignore credstash secrets in Terraform files"        
+
+    [[rules.whitelist]]
+        regex='''(linkKey)'''
+        description = "Ignore references to linkkey in scala files"
+        file = '''(?i)\.scala'''
+
+    [[rules.whitelist]]
+        regex='''(linkNum)'''
+        description = "Ignore references to linknum is input.json. Not sensitive"
+        file = '''(?i)input\.json'''
+
+    [[rules.whitelist]]
+        regex='''(link_key)'''
+        description = "Ignore references to this in json files. Not sensitive"
+        file = '''(?i)\.json'''
+
+    [[rules.whitelist]]
+        regex='''keys \"position\", \"category\"'''
+        description = "Config information, not sensitive"
+        file = '''(cost_attribution_rules_from_xlsx.pyi|codes_to_config.py)'''
+
+    [[rules.whitelist]]
+        regex='''(json_name)'''
+        description = "google protoobuf descriptor"
+        file = '''(protos/google/protobuf/descriptor.proto)'''
+    [[rules.whitelist]]
+        regex='''KEY \=.*'''
+        description = "Delta deleter script, can ignore"
+        file = '''(claims-api-submitter/deletion/delta_deleter.py)'''
+       
+    [[rules.whitelist]]
+        regex = '''secret=os.getenv\(\"AWS_SECRET_ACCESS_KEY\"'''
+        description = "claims deleter key reference"
+        file = '''claims-api-submitter/tests/integration_tests/test_claims_api_deleter.py'''
+
+   [[rules.whitelist]]
+        regex = '''key\": \"testkey\"'''
+        
+    [[rules.whitelist]]
+       regex='''.*os\.getenv.*'''
+
+    [[rules.whitelist]]
+        regex='''.*(?i)(s3secretkey|ENV_VAR|test_token|test_cookie|test\/key|testkey|Bearer|helper|max_user_ip|keywords|randomly|sslcert|disable|none|\"api_token\"|dry_run_url|API_TOKEN = \"submissions?_api_token\"|KEY_ID = \"AWS_ACCESS_KEY_ID\".*|key=None|api\(\"test\"|api_url()|key prefix|GET response|bad_format|key=_file_mmset_sort_key|KEYS = \[.*|no_submission_key|)'''
+
+    [[rules.whitelist]]
+        regex='''.*(?i)(user=\"hadoop\"|key=None)'''
+
+
+   [[rules]]
+    description = "High Entropy"
+    regex = '''[0-9a-zA-Z-_!{}/=]{4,120}'''
+    fileNameRegex = '''(?i)(dump.sql|high-entropy-misc.txt)$'''
+    tags = ["entropy"]
+        [[rules.Entropies]]
+            Min = "4.3"
+            Max = "7.0"
+        [[rules.whitelist]]
+            description = "ignore public ssh key and pems"
+            file = '''(pem|ppk|env)$'''
+            path = '''(.*)?ssh'''
+   
+
+[[rules]]
+    description = "Potential bash var"
+    regex='''(?i)(=)([0-9a-zA-Z-_!{}=]{4,120})'''
+    tags = ["key", "bash", "API", "generic"]
+        [[rules.Entropies]]
+            Min = "3.5"
+            Max = "4.5"
+            Group = "1"
+
+[[rules]]
+    description = "WP-Config"
+    regex='''define(.{0,20})?(DB_CHARSET|NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|NONCE_KEY|DB_HOST|DB_PASSWORD|AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|DB_NAME|DB_USER)(.{0,20})?['|"].{10,120}['|"]'''
+    tags = ["key", "API", "generic"]
+
+[[rules]]
+    description = "Files with keys and credentials"
+    fileNameRegex = '''(?i)(id_rsa|passwd|id_rsa.pub|pgpass|pem|key|shadow)'''
+
+[whitelist]
+    description = "image whitelists"
+    files = ['''(.*?)(jpg|gif|doc|pdf|bin|CMS31v4_SimpleXML.xml|CMS31v4.xml|vsac_auth_bad_credentials.yml|swagger_generator.rb|sonar.properties|sonar-project.properties|build.sbt|sonar-project-benelevel-eligibility-filter.properties)$''']
+
+

data/.github/workflows/main.yml

@@ -0,0 +1,31 @@
+name: Github Secret Scanner
+
+on: [push]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    env:
+      REPO: https://github.com/projecttacoma/bonnie_bundler
+      REMOTE_EXCLUDES_URL: https://raw.githubusercontent.com/projecttacoma/bonnie_bundler/master/.github/gitleaks.toml
+      GITLEAKS_VERSION: v4.3.0
+    steps:
+    - name: Execute Gitleaks
+      run: |
+        #wget ${REMOTE_EXCLUDES_URL} -O gitleaks.toml
+        curl -H 'Authorization: token ${{ secrets.ACCESS_TOKEN_GITLEAKS }}' ${REMOTE_EXCLUDES_URL} -o gitleaks.toml
+        wget https://github.com/zricethezav/gitleaks/releases/download/${GITLEAKS_VERSION}/gitleaks-linux-amd64 -O gitleaks
+        chmod +x gitleaks
+        echo ${GITHUB_SHA}
+        echo "gitleaks --repo=${REPO} -v --pretty --redact --commit=${GITHUB_SHA} --config=gitleaks.toml"
+        ./gitleaks --repo=${REPO} -v --pretty --redact --commit=${GITHUB_SHA} --config=gitleaks.toml --access-token=${{ secrets.ACCESS_TOKEN_GITLEAKS }}
+    - name: Slack notification
+      if: failure()
+      env:
+        SLACK_WEBHOOK_GITLEAKS: ${{ secrets.SLACK_WEBHOOK_GITLEAKS }}
+      uses: Ilshidur/action-slack@master
+      with:
+        args: 'Potential Secrets found in: https://github.com/{{ GITHUB_REPOSITORY }}/commit/{{ GITHUB_SHA }} Link to build with full gitleaks output: https://github.com/{{ GITHUB_REPOSITORY }}/commit/{{ GITHUB_SHA }}/checks'
+

data/.travis.yml

@@ -1,9 +1,9 @@
 language: ruby
 rvm:
-  - "2.3.5"
+  - "2.3.8"
 services: mongodb
 script:
-  - bundle exec bundle-audit check --update
+  - bundle exec bundle-audit check --update --ignore CVE-2020-5267 CVE-2020-8166 CVE-2020-8164 CVE-2020-15169 CVE-2020-8163 CVE-2020-8167 CVE-2020-8165 CVE-2020-8184 CVE-2020-8161 CVE-2020-10663 CVE-2019-15587 CVE-2020-7595 CVE-2019-13117 CVE-2019-16782 CVE-2020-8130 CVE-2019-16892
   - bundle exec rake
 notifications:
   email:

data/Gemfile.lock

@@ -1,15 +1,15 @@
 PATH
   remote: .
   specs:
-    bonnie_bundler (2.2.0)
+    bonnie_bundler (3.0.0)
       diffy (~> 3.0.0)
-      health-data-standards (~> 4.0)
+      health-data-standards (~> 4.3.2)
       hqmf2js (~> 1.4)
       hquery-patient-api (~> 1.1)
       mongoid (~> 5.0)
       quality-measure-engine (~> 3.2)
-      rails (~> 4.2)
-      roo (~> 1.13)
+      rails (>= 4.2, < 6.0)
+      roo (~> 2.7)
       rubyzip (~> 1.2, >= 1.2.1)
       simplexml_parser (~> 1.0)
       zip-zip (~> 0.3)
@@ -17,36 +17,36 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (4.2.10)
-      actionpack (= 4.2.10)
-      actionview (= 4.2.10)
-      activejob (= 4.2.10)
+    actionmailer (4.2.11.1)
+      actionpack (= 4.2.11.1)
+      actionview (= 4.2.11.1)
+      activejob (= 4.2.11.1)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.10)
-      actionview (= 4.2.10)
-      activesupport (= 4.2.10)
+    actionpack (4.2.11.1)
+      actionview (= 4.2.11.1)
+      activesupport (= 4.2.11.1)
       rack (~> 1.6)
       rack-test (~> 0.6.2)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.10)
-      activesupport (= 4.2.10)
+    actionview (4.2.11.1)
+      activesupport (= 4.2.11.1)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (4.2.10)
-      activesupport (= 4.2.10)
+    activejob (4.2.11.1)
+      activesupport (= 4.2.11.1)
       globalid (>= 0.3.0)
-    activemodel (4.2.10)
-      activesupport (= 4.2.10)
+    activemodel (4.2.11.1)
+      activesupport (= 4.2.11.1)
       builder (~> 3.1)
-    activerecord (4.2.10)
-      activemodel (= 4.2.10)
-      activesupport (= 4.2.10)
+    activerecord (4.2.11.1)
+      activemodel (= 4.2.11.1)
+      activesupport (= 4.2.11.1)
       arel (~> 6.0)
-    activesupport (4.2.10)
+    activesupport (4.2.11.1)
       i18n (~> 0.7)
       minitest (~> 5.1)
       thread_safe (~> 0.3, >= 0.3.4)
@@ -55,7 +55,7 @@ GEM
       public_suffix (>= 2.0.2, < 4.0)
     arel (6.0.4)
     awesome_print (1.2.0)
-    bson (4.2.2)
+    bson (4.4.2)
     builder (3.2.3)
     bundler-audit (0.6.0)
       bundler (~> 1.2)
@@ -65,41 +65,42 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    concurrent-ruby (1.0.5)
+    concurrent-ruby (1.1.5)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
-    crass (1.0.3)
-    delayed_job (4.1.3)
-      activesupport (>= 3.0, < 5.2)
+    crass (1.0.4)
+    delayed_job (4.1.5)
+      activesupport (>= 3.0, < 5.3)
     delayed_job_mongoid (2.3.0)
       delayed_job (>= 3.0, < 5)
       mongoid (>= 3.0, < 7)
       mongoid-compatibility (>= 0.4.0)
     diffy (3.0.7)
     docile (1.1.3)
-    domain_name (0.5.20170404)
+    domain_name (0.5.20180417)
       unf (>= 0.0.5, < 1.0.0)
     erubis (2.7.0)
     execjs (2.7.0)
-    globalid (0.4.1)
+    globalid (0.4.2)
       activesupport (>= 4.2.0)
     hashdiff (0.3.6)
-    health-data-standards (4.1.0)
-      activesupport (~> 4.2.0)
+    health-data-standards (4.3.5)
+      activesupport (~> 4.2.11)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       highline (~> 1.7.0)
       log4r (~> 1.1.10)
       memoist (~> 0.9.1)
+      mongo (~> 2.4.3)
       mongoid (~> 5.0.0)
       mongoid-tree (~> 2.0.0)
-      nokogiri (~> 1.8.2)
+      nokogiri (~> 1.10.3)
       protected_attributes (~> 1.0.5)
-      rest-client (~> 1.8.0)
+      rest-client (~> 2.0.1)
       rubyzip (~> 1.2.1)
       uuid (~> 2.3.7)
       zip-zip (~> 0.3)
-    highline (1.7.8)
+    highline (1.7.10)
     hike (1.2.3)
     hqmf2js (1.4.0)
       health-data-standards (~> 4.0)
@@ -114,24 +115,26 @@ GEM
       uglifier (~> 2.7)
     http-cookie (1.0.3)
       domain_name (~> 0.5)
-    i18n (0.9.1)
+    i18n (0.9.5)
       concurrent-ruby (~> 1.0)
     json (2.1.0)
     libv8 (3.16.14.19)
     log4r (1.1.10)
-    loofah (2.2.2)
+    loofah (2.2.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     macaddr (1.7.1)
       systemu (~> 2.6.2)
-    mail (2.7.0)
+    mail (2.7.1)
       mini_mime (>= 0.1.1)
     memoist (0.9.3)
     method_source (0.8.2)
-    mime-types (2.99.3)
-    mini_mime (1.0.0)
-    mini_portile2 (2.3.0)
-    minitest (5.10.2)
+    mime-types (3.2.2)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2019.0331)
+    mini_mime (1.0.1)
+    mini_portile2 (2.4.0)
+    minitest (5.11.3)
     mongo (2.4.3)
       bson (>= 4.2.1, < 5.0.0)
     mongoid (5.0.2)
@@ -139,15 +142,15 @@ GEM
       mongo (~> 2.1)
       origin (~> 2.1)
       tzinfo (>= 0.3.37)
-    mongoid-compatibility (0.5.0)
+    mongoid-compatibility (0.5.1)
       activesupport
       mongoid (>= 2.0)
     mongoid-tree (2.0.1)
       mongoid (>= 4.0, < 6.0)
-    multi_json (1.12.2)
+    multi_json (1.13.1)
     netrc (0.11.0)
-    nokogiri (1.8.2)
-      mini_portile2 (~> 2.3.0)
+    nokogiri (1.10.4)
+      mini_portile2 (~> 2.4.0)
     origin (2.3.1)
     protected_attributes (1.0.9)
       activemodel (>= 4.0.1, < 5.0)
@@ -163,45 +166,43 @@ GEM
       mongoid (~> 5.0)
       rubyzip (~> 1.0)
       zip-zip (~> 0.3)
-    rack (1.6.8)
+    rack (1.6.11)
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.2.10)
-      actionmailer (= 4.2.10)
-      actionpack (= 4.2.10)
-      actionview (= 4.2.10)
-      activejob (= 4.2.10)
-      activemodel (= 4.2.10)
-      activerecord (= 4.2.10)
-      activesupport (= 4.2.10)
+    rails (4.2.11.1)
+      actionmailer (= 4.2.11.1)
+      actionpack (= 4.2.11.1)
+      actionview (= 4.2.11.1)
+      activejob (= 4.2.11.1)
+      activemodel (= 4.2.11.1)
+      activerecord (= 4.2.11.1)
+      activesupport (= 4.2.11.1)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.10)
+      railties (= 4.2.11.1)
       sprockets-rails
     rails-deprecated_sanitizer (1.0.3)
       activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.8)
-      activesupport (>= 4.2.0.beta, < 5.0)
+    rails-dom-testing (1.0.9)
+      activesupport (>= 4.2.0, < 5.0)
       nokogiri (~> 1.6)
       rails-deprecated_sanitizer (>= 1.0.1)
     rails-html-sanitizer (1.0.4)
       loofah (~> 2.2, >= 2.2.2)
-    railties (4.2.10)
-      actionpack (= 4.2.10)
-      activesupport (= 4.2.10)
+    railties (4.2.11.1)
+      actionpack (= 4.2.11.1)
+      activesupport (= 4.2.11.1)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rake (12.0.0)
     ref (2.0.0)
-    rest-client (1.8.0)
+    rest-client (2.0.2)
       http-cookie (>= 1.0.2, < 2.0)
-      mime-types (>= 1.16, < 3.0)
-      netrc (~> 0.7)
-    roo (1.13.2)
-      nokogiri
-      rubyzip
-      spreadsheet (> 0.6.4)
-    ruby-ole (1.2.12.1)
-    rubyzip (1.2.1)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
+    roo (2.8.2)
+      nokogiri (~> 1)
+      rubyzip (>= 1.2.1, < 2.0.0)
+    rubyzip (1.2.2)
     safe_yaml (1.0.4)
     simplecov (0.8.2)
       docile (~> 1.1.0)
@@ -212,8 +213,6 @@ GEM
       health-data-standards (~> 4.0)
       tilt (~> 1.4)
     slop (3.5.0)
-    spreadsheet (1.1.5)
-      ruby-ole (>= 1.0)
     sprockets (2.12.5)
       hike (~> 1.2)
       multi_json (~> 1.0)
@@ -227,18 +226,18 @@ GEM
     therubyracer (0.12.3)
       libv8 (~> 3.16.14.15)
       ref
-    thor (0.20.0)
+    thor (0.20.3)
     thread_safe (0.3.6)
     tilt (1.4.1)
-    tzinfo (1.2.4)
+    tzinfo (1.2.5)
       thread_safe (~> 0.1)
     uglifier (2.7.2)
       execjs (>= 0.3.0)
       json (>= 1.8.0)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.7.4)
-    uuid (2.3.8)
+    unf_ext (0.0.7.6)
+    uuid (2.3.9)
       macaddr (~> 1.0)
     vcr (3.0.3)
     webmock (3.0.1)
@@ -264,4 +263,4 @@ DEPENDENCIES
   webmock
 
 BUNDLED WITH
-   1.16.2
+   1.17.1