Use Brakeman (closes #11)

Gemfile

@@ -112,6 +112,10 @@ group :development, :test do
 
   # bundler-audit provides patch-level verification for Bundled apps.
   gem 'bundler-audit', '~> 0.6'
+
+  # Brakeman detects security vulnerabilities
+  # in Ruby on Rails applications via static analysis.
+  gem 'brakeman', '~> 4.3'
 end
 
 group :development do

Gemfile.lock

@@ -59,6 +59,7 @@ GEM
       autoprefixer-rails (>= 6.0.3)
       popper_js (>= 1.12.9, < 2)
       sass (>= 3.5.2)
+    brakeman (4.3.1)
     builder (3.2.3)
     bundler-audit (0.6.0)
       bundler (~> 1.2)
@@ -396,6 +397,7 @@ DEPENDENCIES
   bcrypt (~> 3.1)
   bootsnap (>= 1.1.0)
   bootstrap (~> 4.1.3)
+  brakeman (~> 4.3)
   bundler-audit (~> 0.6)
   byebug
   capistrano (~> 3.11)

Rakefile

@@ -8,7 +8,7 @@ desc 'Run all checks (test, lint...)'
 task default: :lint
 
 desc 'Run all code analysis tools (RuboCop...)'
-task lint: %i[rubocop bundler:audit]
+task lint: %i[rubocop bundler:audit brakeman]
 
 desc 'Fix code style (rubocop --auto-correct)'
 task fix: 'rubocop:auto_correct'
@@ -48,3 +48,16 @@ namespace :bundler do
 rescue LoadError
   nil
 end
+
+desc 'Detects security vulnerabilities via static analysis'
+task :brakeman do
+  sh(
+    'bundle',
+    'exec',
+    'brakeman',
+    Rails.root.to_s,
+    '--confidence-level',
+    '1',
+    '--run-all-checks',
+  )
+end

app/views/users/registrations/edit.html.erb

@@ -13,7 +13,7 @@
 
       <%= f.input :password,
                   hint: translate('.leave_blank_if_you_don_t_want_to_change_it'),
-                  required: false
+                  required: false,
                   input_html: { autocomplete: 'new-password' } %>
 
       <%= f.input :password_confirmation,