RalphHightower · RalphHightower · May 27, 2026 · May 27, 2026 · May 27, 2026
@@ -17,13 +17,16 @@ updates:
     schedule:
       # Check for updates to GitHub Actions every weekday
       interval: "daily"
+      prefix: "[info](sec): /github-actuons/ "
 
   - package-ecosystem: bundler
     directory: /
     schedule:
       interval: daily
+      prefix: "[info](sec): /bundler/ "
 
   - package-ecosystem: npm
     directory: /
     schedule:
       interval: daily
+      prefix: "[info](sec): /npm/ "
@@ -0,0 +1,146 @@
+<!-- Provide a concise summary of your changes above the fold -->
+
+**Pull Request/Issue Number:** N/A
+<!--
+IS#9999 – Independent issue
+PR#9999 – Issue created from a PR
+-->
+
+---
+# 🚨 Jekyll Pre‑Merge Verification
+- [ ] Title correct
+- [ ] Tags assigned
+- [ ] Categories assigned
+- [ ] Date correct (no accidental future dates)
+- [ ] Front matter is valid YAML
+- [ ] Liquid used only where required (stock‑quote posts)
+
+---
+
+# Pull Request Type
+Select one (one PR per change):
+
+- [ ] New blog post(s)
+- [ ] Bugfix(es)
+- [ ] Code change(s)
+- [ ] HTML / Jekyll / Liquid / Markdown change(s)
+- [ ] Build error(s)
+- [ ] Documentation
+- [ ] Refactor (no functional changes)
+- [ ] Security
+- [ ] Templates
+- [ ] Other (describe):
+
+# Reason for Change
+<!-- Why this PR exists. What triggered it? -->
+
+---
+
+# Current Behavior
+<!-- Describe or link to the issue -->
+
+---
+
+# New Behavior
+<!-- Describe what this PR adds or fixes -->
+
+---
+
+# Files Added
+1. 
+
+# Files Modified
+1. 
+
+# Files Deleted
+1. 
+
+---
+
+# Environment
+
+## Languages
+- [ ] APL
+- [ ] awk
+- [ ] C / C++ / C#
+- [ ] Fortran
+- [ ] HTML
+- [ ] Java
+- [ ] Javascript
+- [ ] Jekyll
+- [ ] Liquid
+- [ ] Markdown
+- [ ] Ruby
+- [ ] SNOBOL
+- [ ] YAML
+- [ ] Other:
+
+## Operating Systems
+- [ ] Android
+- [ ] Linux
+- [ ] Unix
+- [ ] Solaris
+- [ ] Windows
+
+## Hardware
+<details>
+<summary>Expand hardware list</summary>
+
+- [ ] ARM
+- [ ] DEC PDP‑8
+- [ ] DEC PDP‑11
+- [ ] DEC VAX
+- [ ] DEC VAXStation
+- [ ] IBM 
+- [ ] IBM System/360
+- [ ] IBM System/370
+- [ ] IBM System/370-XA
+- [ ] IBM ESA/370
+- [ ] IBM z/Architecture
+- [ ] Intel 8080
+- [ ] Intel Core
+- [ ] Motorola 68000
+- [ ] Raspberry Pi
+- [ ] RISC‑V
+- [ ] Sun SPARCStation
+
+</details>
+
+---
+
+# Other Information
+<!-- Screenshots, notes, or anything relevant -->
+
+---
+
+# Clean Exit
+- [ ] Branch will be deleted after merge
+- [ ] No overlapping PRs for this repo
+- [ ] One change per branch
+<!-- Provide a concise summary of your changes above the fold -->
+<!--
+Update build status
+-->
+
+# Build Status
+- [ ] Success (assign 'action – success'). This may be delayed and updated in bulk.
+- [ ] Partial Success (build succeeded, but not desired result. HTTP 404, etc.)
+- [ ] Failure (Build failed. Mark status: "action – failed'. Copy build log in comment of this PR. Create Issue  from Comment, click on '…', 'reference in new issue' with PR#{pull request number} as subject.
+- [ ] Canceled (flag PR as 'action – canceled')
+
+---
+
+# Branch Lifecycle
+- [ ] This branch is single‑purpose
+- [ ] No overlapping PRs for this repo
+
+<!-- Stale branch cleanup is automated -->
+
+# Scope of Change
+<!-- Multi-file fixes are allowed when they belong to the same module or anomaly. -->
+
+- Number of files touched:
+- Why these files belong together:
+
+---
+
@@ -20,16 +20,16 @@ jobs:
       JEKYLL_VERSION: ${{ matrix.jekyll }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
         with:
           egress-policy: audit
 
       - name: Checkout Repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-      - name: Set Up Ruby 3.4.7
-        uses: ruby/setup-ruby@4c24fa5ec04b2e79eb40571b1cee2a0d2b705771 # v1.278.0
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Set Up Ruby 4.0.1
+        uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
         with:
-          ruby-version: 3.4.7
+          ruby-version: 4.0.2
           bundler-cache: true
       # - name: Run tests
-      #   run: script/cibuild
+      #   run: script/cibuild
@@ -41,16 +41,16 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
         with:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -60,7 +60,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/autobuild@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -73,6 +73,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
         with:
-          category: "/language:${{matrix.language}}"
+          category: "/language:${{matrix.language}}"
@@ -28,17 +28,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
         with:
           egress-policy: audit
 
       - name: 'Checkout repository'
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
+        uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
         # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.
         with:
           comment-summary-in-pr: always
         #   fail-on-severity: moderate
         #   deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later
-        #   retry-on-snapshot-warnings: true
+        #   retry-on-snapshot-warnings: true
@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
         with:
           egress-policy: audit
 
@@ -44,4 +44,4 @@ jobs:
             - [ ] Create Quarterly Release.
 
           PINNED: false
-          CLOSE_PREVIOUS: false
+          CLOSE_PREVIOUS: false
@@ -32,21 +32,21 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
         with:
           egress-policy: audit
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Setup Ruby
-        uses: ruby/setup-ruby@4c24fa5ec04b2e79eb40571b1cee2a0d2b705771 # v1.278.0
+        uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
         with:
-          ruby-version: '4.0.0' # Not needed with a .ruby-version file
+          ruby-version: '4.0.2' # Not needed with a .ruby-version file
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
           cache-version: 5 # Increment this number if you need to re-download cached gems
       - name: Setup Pages
         id: pages
-        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
+        uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0
       - name: Build with Jekyll
         # Outputs to the './_site' directory by default
         run: bundle exec jekyll build --trace --incremental --baseurl "${{ steps.pages.outputs.base_path }}"
@@ -56,7 +56,7 @@ jobs:
           LOG_LEVEL: debug 
       - name: Upload artifact
         # Automatically uploads an artifact from the './_site' directory by default
-        uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0
+        uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0
 
   # Deployment job
   deploy:
@@ -67,10 +67,10 @@ jobs:
     needs: build
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
         with:
           egress-policy: audit
 
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
+        uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0
@@ -15,6 +15,11 @@ jobs:
     permissions:
       issues: write
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
+        with:
+          egress-policy: audit
+
       - name: Happy New Year!
         run: |
           new_issue_url=$(gh issue create \
@@ -37,4 +42,4 @@ jobs:
             - [ ] Update LICENSE. Add new year to year's span.
 
           PINNED: false
-          CLOSE_PREVIOUS: false
+          CLOSE_PREVIOUS: false
@@ -22,11 +22,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+      uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
       with:
         egress-policy: audit
 
     - uses: GitHubSecurityLab/actions-permissions/advisor@babd69bc8d78e6cdece903dfdcfb72d4e1a4f00d # v1.0.2-beta5
       with:
         name: ${{ inputs.name }}
-        count: ${{ inputs.count }}
+        count: ${{ inputs.count }}
@@ -9,17 +9,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+      uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
       with:
         egress-policy: audit
 
     - name: Checkout 
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
     - name: Checking markdown
-      uses: DavidAnson/markdownlint-cli2-action@07035fd053f7be764496c0f8d8f9f41f98305101 # v22.0.0
+      uses: DavidAnson/markdownlint-cli2-action@ded1f9488f68a970bc66ea5619e13e9b52e601cd # v23.2.0
       with:
         globs: |
           *.md
           **/*.md
           !test/*.md
-          !_data/*.md
+          !_data/*.md
@@ -25,11 +25,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
         with:
           egress-policy: audit
 
-      - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0
+      - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0
         with:
           contents: write
           pull-requests: write
@@ -39,4 +39,4 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
           # this is a built-in strategy in release-please, see "Action Inputs"
           # for more options
-          release-type: simple
+          release-type: simple