Complete Dependabot security updates - npm and GitHub Actions

- Updated all npm dependencies to resolve 3 moderate PostCSS vulnerabilities
- Upgraded all GitHub Actions workflows to v5 versions (checkout@v5, setup-node@v5, configure-pages@v5, etc.)
- Fixed Gulp build compatibility with newer gulp-autoprefixer and gulp-zip ES modules using dynamic imports
- Reverted Jekyll from 4.4.1 to stable 4.3.4 to avoid native extension compilation issues on macOS
- Copied Foundation Sites util/ directory locally to resolve SCSS import path issues
- All npm security vulnerabilities now resolved (0 vulnerabilities)
- GitHub Actions deprecation warnings eliminated
- Build process fully functional with updated dependencies

Author: Dale Kunce

.gitignore

@@ -18,6 +18,8 @@ app/.jekyll-cache
 app/.jekyll-metadata
 app/assets/data/events.json
 
+# Foundation util files (copied from node_modules)
+app/assets/styles/util/
 
 #Foundation additions
 .sass-cache

Gemfile

@@ -4,7 +4,7 @@ source "https://rubygems.org"
 ruby ">= 3.3.0"
 
 # Jekyll
-gem "jekyll", "~> 4.4.1"
+gem "jekyll", "~> 4.3.4"
 
 # Jekyll plugins
 gem "jekyll-feed", "~> 0.17"

Gemfile.lock

@@ -1,75 +1,114 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.7.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
+    base64 (0.3.0)
+    bigdecimal (3.2.3)
     colorator (1.1.0)
-    concurrent-ruby (1.1.6)
-    em-websocket (0.5.1)
+    concurrent-ruby (1.3.5)
+    csv (3.3.5)
+    em-websocket (0.5.3)
       eventmachine (>= 0.12.9)
-      http_parser.rb (~> 0.6.0)
+      http_parser.rb (~> 0)
     eventmachine (1.2.7)
-    ffi (1.12.2)
+    ffi (1.17.2)
+    ffi (1.17.2-arm64-darwin)
+    ffi (1.17.2-x86_64-darwin)
     forwardable-extended (2.6.0)
-    http_parser.rb (0.6.0)
-    i18n (1.8.2)
+    google-protobuf (4.32.1)
+      bigdecimal
+      rake (>= 13)
+    google-protobuf (4.32.1-arm64-darwin)
+      bigdecimal
+      rake (>= 13)
+    google-protobuf (4.32.1-x86_64-darwin)
+      bigdecimal
+      rake (>= 13)
+    http_parser.rb (0.8.0)
+    i18n (1.14.7)
       concurrent-ruby (~> 1.0)
-    jekyll (4.0.0)
+    jekyll (4.3.4)
       addressable (~> 2.4)
       colorator (~> 1.0)
       em-websocket (~> 0.5)
-      i18n (>= 0.9.5, < 2)
-      jekyll-sass-converter (~> 2.0)
+      i18n (~> 1.0)
+      jekyll-sass-converter (>= 2.0, < 4.0)
       jekyll-watch (~> 2.0)
-      kramdown (~> 2.1)
+      kramdown (~> 2.3, >= 2.3.1)
       kramdown-parser-gfm (~> 1.0)
       liquid (~> 4.0)
-      mercenary (~> 0.3.3)
+      mercenary (>= 0.3.6, < 0.5)
       pathutil (~> 0.9)
-      rouge (~> 3.0)
+      rouge (>= 3.0, < 5.0)
       safe_yaml (~> 1.0)
-      terminal-table (~> 1.8)
-    jekyll-feed (0.13.0)
+      terminal-table (>= 1.8, < 4.0)
+      webrick (~> 1.7)
+    jekyll-feed (0.17.0)
       jekyll (>= 3.7, < 5.0)
-    jekyll-sass-converter (2.1.0)
-      sassc (> 2.0.1, < 3.0)
+    jekyll-paginate-v2 (3.0.0)
+      jekyll (>= 3.0, < 5.0)
+    jekyll-polyglot (1.11.0)
+      jekyll (>= 4.0, >= 3.0)
+    jekyll-sass-converter (3.1.0)
+      sass-embedded (~> 1.75)
     jekyll-sitemap (1.4.0)
       jekyll (>= 3.7, < 5.0)
     jekyll-watch (2.2.1)
       listen (~> 3.0)
-    kramdown (2.3.1)
-      rexml
+    kramdown (2.5.1)
+      rexml (>= 3.3.9)
     kramdown-parser-gfm (1.1.0)
       kramdown (~> 2.0)
-    liquid (4.0.3)
-    listen (3.2.1)
+    liquid (4.0.4)
+    listen (3.9.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    mercenary (0.3.6)
+    logger (1.7.0)
+    mercenary (0.4.0)
+    ostruct (0.6.3)
     pathutil (0.16.2)
       forwardable-extended (~> 2.6)
-    public_suffix (4.0.3)
-    rb-fsevent (0.10.3)
-    rb-inotify (0.10.1)
+    public_suffix (6.0.2)
+    rake (13.3.0)
+    rb-fsevent (0.11.2)
+    rb-inotify (0.11.1)
       ffi (~> 1.0)
-    rexml (3.2.8)
-      strscan (>= 3.0.9)
-    rouge (3.17.0)
+    rexml (3.4.4)
+    rouge (4.6.1)
     safe_yaml (1.0.5)
-    sassc (2.2.1)
-      ffi (~> 1.9)
-    strscan (3.1.0)
-    terminal-table (1.8.0)
-      unicode-display_width (~> 1.1, >= 1.1.1)
-    unicode-display_width (1.7.0)
+    sass-embedded (1.93.2)
+      google-protobuf (~> 4.31)
+      rake (>= 13)
+    sass-embedded (1.93.2-arm64-darwin)
+      google-protobuf (~> 4.31)
+    sass-embedded (1.93.2-x86_64-darwin)
+      google-protobuf (~> 4.31)
+    terminal-table (3.0.2)
+      unicode-display_width (>= 1.1.1, < 3)
+    unicode-display_width (2.6.0)
+    webrick (1.9.1)
 
 PLATFORMS
+  arm64-darwin
   ruby
+  x86_64-darwin
 
 DEPENDENCIES
-  jekyll (~> 4.0)
-  jekyll-feed
-  jekyll-sitemap
+  base64 (~> 0.2)
+  bundler (~> 2.5)
+  csv (~> 3.3)
+  jekyll (~> 4.3.4)
+  jekyll-feed (~> 0.17)
+  jekyll-paginate-v2 (~> 3.0)
+  jekyll-polyglot (~> 1.8)
+  jekyll-sitemap (~> 1.4)
+  logger (~> 1.6)
+  ostruct (~> 0.6)
+  webrick (~> 1.8)
+
+RUBY VERSION
+   ruby 3.3.5p100
 
 BUNDLED WITH
-   2.1.4
+   2.6.9

gulpfile.cjs

@@ -1,6 +1,6 @@
 const gulp = require('gulp');
 
-const autoprefixer = require('gulp-autoprefixer');
+// const autoprefixer = require('gulp-autoprefixer'); // Will be dynamically imported
 const browserSync = require('browser-sync');
 const concat = require('gulp-concat');
 const cp = require('child_process');
@@ -11,7 +11,7 @@ const path = require('path');
 const plumber = require('gulp-plumber');
 const sass = require('gulp-sass')(require('sass'));
 const sourcemaps = require('gulp-sourcemaps');
-const zip = require('gulp-zip');
+// const zip = require('gulp-zip'); // Will be dynamically imported
 
 async function grabEvents () {
   // First try to fetch from osmcal.org
@@ -47,14 +47,16 @@ function copyAssets () {
 }
 exports.copyAssets = copyAssets;
 
-function styles () {
+async function styles () {
+  const autoprefixer = (await import('gulp-autoprefixer')).default;
+  
   const sassInput = 'app/assets/styles/*.scss';
   const sassOptions = {
     includePaths: [
+      'app/assets/styles',
       'node_modules/foundation-sites/scss',
       'node_modules/@fortawesome/fontawesome-free/scss',
-      '.tmp/assets/styles',
-      'app/assets/styles'
+      '.tmp/assets/styles'
     ],
     errLogToConsole: true,
     outputStyle: 'expanded',
@@ -67,7 +69,7 @@ function styles () {
     .pipe(plumber())
     .pipe(sourcemaps.init())
     .pipe(sass(sassOptions).on('error', sass.logError))
-    .pipe(autoprefixer())
+    .pipe(autoprefixer({ cascade: false }))
     .pipe(sourcemaps.write('.'));
 
   // Only call browserSync.reload if browserSync is active and properly configured
@@ -102,7 +104,9 @@ function javascripts () {
 }
 exports.javascripts = javascripts;
 
-function zipMaterials () {
+async function zipMaterials () {
+  const zip = (await import('gulp-zip')).default;
+  
   return gulp.src('app/assets/downloads/mapathon-materials/**', { base : 'app/assets/downloads/' })
     .pipe(zip('mapathon-materials.zip'))
     .pipe(gulp.dest('.tmp/assets/downloads'));