[build](web): from RalphHightower/blog

.github/pull_request_template.md

@@ -1,97 +1,146 @@
-<!--- Please provide a general summary of your changes in the title above -->
+<!-- Provide a concise summary of your changes above the fold -->
 
-# Pull request type
-<!-- Please try to limit your pull request to one type, submit multiple pull requests if needed -->
+**Pull Request/Issue Number:** N/A
+<!--
+IS#9999 – Independent issue
+PR#9999 – Issue created from a PR
+-->
 
-**🚨 Jekyll Precheck Verify blog(s), page(s) before merge 🚨**
-- [ ] title
-- [ ] tags
-- [ ] categories
-- [ ] date
+---
+# 🚨 Jekyll Pre‑Merge Verification
+- [ ] Title correct
+- [ ] Tags assigned
+- [ ] Categories assigned
+- [ ] Date correct (no accidental future dates)
+- [ ] Front matter is valid YAML
+- [ ] Liquid used only where required (stock‑quote posts)
 
-<!-
-IS#9999 – Issue created independently of a Pull Request
-PR#9999 – Issue created from a Pull Request
--->
-Pull Request/Issue Number: N/A
+---
 
-Please check the type of change your PR introduces:
+# Pull Request Type
+Select one (one PR per change):
 
 - [ ] New blog post(s)
 - [ ] Bugfix(es)
 - [ ] Code change(s)
-- [ ] Jekyll change(s)
-- [ ] Liquid change(s)
-- [ ] Markdown change(s)
-- [ ] npm package(s) 
-- [ ] YAML change(s)
+- [ ] HTML / Jekyll / Liquid / Markdown change(s)
 - [ ] Build error(s)
-- [ ] Feature(s)
-- [ ] Code style update (formatting, renaming)
-- [ ] Refactoring (no functional changes, no api changes)
-- [ ] Build related change(s)
-- [ ] Documentation content change(s)
-- [ ] Other (please describe):
+- [ ] Documentation
+- [ ] Refactor (no functional changes)
+- [ ] Security
+- [ ] Templates
+- [ ] Other (describe):
+
+# Reason for Change
+<!-- Why this PR exists. What triggered it? -->
+
+---
+
+# Current Behavior
+<!-- Describe or link to the issue -->
+
+---
+
+# New Behavior
+<!-- Describe what this PR adds or fixes -->
+
+---
+
+# Files Added
+1. 
 
-## Language(s)
+# Files Modified
+1. 
 
-- [ ] Assembler
+# Files Deleted
+1. 
+
+---
+
+# Environment
+
+## Languages
+- [ ] APL
 - [ ] awk
-- [ ] C/C++/C#
+- [ ] C / C++ / C#
+- [ ] Fortran
 - [ ] HTML
+- [ ] Java
 - [ ] Javascript
 - [ ] Jekyll
 - [ ] Liquid
 - [ ] Markdown
-- [ ] npm package
 - [ ] Ruby
-- [ ] Python
+- [ ] SNOBOL
 - [ ] YAML
+- [ ] Other:
 
-## Operating System(s)
-
+## Operating Systems
+- [ ] Android
 - [ ] Linux
 - [ ] Unix
 - [ ] Solaris
 - [ ] Windows
 
-## What is the current behavior?
-<!-- Please describe the current behavior that you are modifying, or link to a relevant issue -->
+## Hardware
+<details>
+<summary>Expand hardware list</summary>
 
-- 
+- [ ] ARM
+- [ ] DEC PDP‑8
+- [ ] DEC PDP‑11
+- [ ] DEC VAX
+- [ ] DEC VAXStation
+- [ ] IBM 
+- [ ] IBM System/360
+- [ ] IBM System/370
+- [ ] IBM System/370-XA
+- [ ] IBM ESA/370
+- [ ] IBM z/Architecture
+- [ ] Intel 8080
+- [ ] Intel Core
+- [ ] Motorola 68000
+- [ ] Raspberry Pi
+- [ ] RISC‑V
+- [ ] Sun SPARCStation
 
-## What is the new behavior?
-<!-- Please describe the behavior or changes that are being added by this PR -->
+</details>
 
-- 
+---
 
-## Files Added
+# Other Information
+<!-- Screenshots, notes, or anything relevant -->
 
-- 
+---
 
-## Files Modified
+# Clean Exit
+- [ ] Branch will be deleted after merge
+- [ ] No overlapping PRs for this repo
+- [ ] One change per branch
+<!-- Provide a concise summary of your changes above the fold -->
+<!--
+Update build status
+-->
 
-- 
+# Build Status
+- [ ] Success (assign 'action – success'). This may be delayed and updated in bulk.
+- [ ] Partial Success (build succeeded, but not desired result. HTTP 404, etc.)
+- [ ] Failure (Build failed. Mark status: "action – failed'. Copy build log in comment of this PR. Create Issue  from Comment, click on '…', 'reference in new issue' with PR#{pull request number} as subject.
+- [ ] Canceled (flag PR as 'action – canceled')
 
-## Files Deleted
+---
 
-- 
+# Branch Lifecycle
+- [ ] This branch is single‑purpose
+- [ ] No overlapping PRs for this repo
 
-## Other information
-<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change -->
+<!-- Stale branch cleanup is automated -->
 
-- 
+# Scope of Change
+<!-- Multi-file fixes are allowed when they belong to the same module or anomaly. -->
 
-## Hardware
+- Number of files touched:
+- Why these files belong together:
+
+---
 
-- [ ] ARM
-- [ ] DEC PDP-8
-- [ ] DEC PDP-11
-- [ ] DEC VAX
-- [ ] DEC VAXStation
-- [ ] Intel 8080
-- [ ] Intel Core
-- [ ] Motorola 68000
-- [ ] Raspberry Pi
-- [ ] RISC/V
-- [ ] Sun SPARCStation

.github/workflows/ci.yaml

@@ -20,16 +20,16 @@ jobs:
       JEKYLL_VERSION: ${{ matrix.jekyll }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
         with:
           egress-policy: audit
 
       - name: Checkout Repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-      - name: Set Up Ruby 3.4.7
-        uses: ruby/setup-ruby@675dd7ba1b06c8786a1480d89c384f5620a42647 # v1.281.0
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Set Up Ruby 4.0.1
+        uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
         with:
-          ruby-version: 3.4.7
+          ruby-version: 4.0.2
           bundler-cache: true
       # - name: Run tests
-      #   run: script/cibuild
+      #   run: script/cibuild

.github/workflows/codeql.yml

@@ -41,16 +41,16 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
         with:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
+        uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -60,7 +60,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
+        uses: github/codeql-action/autobuild@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -73,6 +73,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
+        uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
         with:
-          category: "/language:${{matrix.language}}"
+          category: "/language:${{matrix.language}}"

.github/workflows/dependency-review.yml

@@ -28,17 +28,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
         with:
           egress-policy: audit
 
       - name: 'Checkout repository'
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
+        uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
         # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.
         with:
           comment-summary-in-pr: always
         #   fail-on-severity: moderate
         #   deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later
-        #   retry-on-snapshot-warnings: true
+        #   retry-on-snapshot-warnings: true

.github/workflows/issueQuarterlyRelease.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
         with:
           egress-policy: audit
 
@@ -44,4 +44,4 @@ jobs:
             - [ ] Create Quarterly Release.
 
           PINNED: false
-          CLOSE_PREVIOUS: false
+          CLOSE_PREVIOUS: false

.github/workflows/jekyll.yml

@@ -29,24 +29,24 @@ concurrency:
 jobs:
   # Build job
   build:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
         with:
           egress-policy: audit
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Setup Ruby
-        uses: ruby/setup-ruby@675dd7ba1b06c8786a1480d89c384f5620a42647 # v1.281.0
+        uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
         with:
-          ruby-version: '4.0.0' # Not needed with a .ruby-version file
+          ruby-version: '4.0.4' # Not needed with a .ruby-version file
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
           cache-version: 5 # Increment this number if you need to re-download cached gems
       - name: Setup Pages
         id: pages
-        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
+        uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0
       - name: Build with Jekyll
         # Outputs to the './_site' directory by default
         run: bundle exec jekyll build --trace --incremental --baseurl "${{ steps.pages.outputs.base_path }}"
@@ -56,7 +56,7 @@ jobs:
           LOG_LEVEL: debug 
       - name: Upload artifact
         # Automatically uploads an artifact from the './_site' directory by default
-        uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0
+        uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0
 
   # Deployment job
   deploy:
@@ -67,10 +67,10 @@ jobs:
     needs: build
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
         with:
           egress-policy: audit
 
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
+        uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0

.github/workflows/newYearUpdateCopyright.yml

@@ -15,6 +15,11 @@ jobs:
     permissions:
       issues: write
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
+        with:
+          egress-policy: audit
+
       - name: Happy New Year!
         run: |
           new_issue_url=$(gh issue create \
@@ -37,4 +42,4 @@ jobs:
             - [ ] Update LICENSE. Add new year to year's span.
 
           PINNED: false
-          CLOSE_PREVIOUS: false
+          CLOSE_PREVIOUS: false

.github/workflows/permission_advisor.yml

@@ -22,11 +22,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+      uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
       with:
         egress-policy: audit
 
     - uses: GitHubSecurityLab/actions-permissions/advisor@babd69bc8d78e6cdece903dfdcfb72d4e1a4f00d # v1.0.2-beta5
       with:
         name: ${{ inputs.name }}
-        count: ${{ inputs.count }}
+        count: ${{ inputs.count }}