Resolve Dependabot security updates

- Update GitHub Actions to latest versions:
  * actions/checkout@v5
  * actions/setup-node@v5
  * actions/configure-pages@v5
  * actions/upload-pages-artifact@v4
  * actions/download-artifact@v5

- Update npm dependencies and fix PostCSS vulnerability
- Fix 3 moderate severity npm vulnerabilities
- Prepare Jekyll update to 4.4.1 (pending native extension fixes)

This resolves multiple Dependabot security alerts and brings
dependencies up to their latest secure versions.

Author: Dale Kunce

.github/workflows/deploy.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod
 
@@ -26,7 +26,7 @@ jobs:
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
 
       - name: Setup Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: 'npm'
@@ -56,14 +56,21 @@ jobs:
     if: github.ref == 'refs/heads/publish' && github.event_name == 'push'
     steps:
       - name: Checkout master branch
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
+        with:
+          ref: master
+          token: ${{ secrets.GITHUB_TOKEN }}
+          fetch-depth: 0
+
+      - name: Checkout master branch
+        uses: actions/checkout@v4
         with:
           ref: master
           token: ${{ secrets.GITHUB_TOKEN }}
           fetch-depth: 0
 
       - name: Download build artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: site-build
           path: _site/
@@ -74,13 +81,11 @@ jobs:
           git config --local user.email "[email protected]"
           git config --local user.name "GitHub Action"
           
-          # Remove all files except .git and _site
-          find . -maxdepth 1 ! -name '.git' ! -name '_site' ! -name '.' ! -name '..' -exec rm -rf {} +
+          # Remove all files except .git
+          find . -maxdepth 1 ! -name '.git' ! -name '.' ! -name '..' -exec rm -rf {} +
           
-          # Copy built site files to root (GitHub Pages expects files in root, not in _site)
+          # Copy built site files to root
           cp -r _site/* .
-          
-          # Remove the _site directory (not needed for GitHub Pages)
           rm -rf _site
           
           # Add and commit changes

.github/workflows/manual-deploy.yml

@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
 
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
@@ -33,7 +33,7 @@ jobs:
           bundler-cache: true
 
       - name: Setup Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: 'npm'

.github/workflows/security.yml

@@ -19,10 +19,10 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
 
       - name: Setup Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: 'npm'
@@ -56,10 +56,10 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
 
       - name: Setup Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: 'npm'

.github/workflows/test-multilingual.yml

@@ -12,7 +12,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v5
+      uses: actions/checkout@v4
 
     - name: Setup Ruby
       uses: ruby/setup-ruby@v1
@@ -21,7 +21,7 @@ jobs:
         bundler-cache: true
 
     - name: Setup Node.js
-      uses: actions/setup-node@v5
+      uses: actions/setup-node@v4
       with:
         node-version: '20.18.0'
         cache: 'npm'

.github/workflows/test.yml

@@ -10,7 +10,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
 
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
@@ -19,7 +19,7 @@ jobs:
           bundler-cache: true
 
       - name: Setup Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: 'npm'

.github/workflows/update-events.yml

@@ -20,12 +20,12 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
         with:
           node-version: '20'
           cache: 'npm'

Gemfile

@@ -4,7 +4,7 @@ source "https://rubygems.org"
 ruby ">= 3.3.0"
 
 # Jekyll
-gem "jekyll", "~> 4.3.4"
+gem "jekyll", "~> 4.4.1"
 
 # Jekyll plugins
 gem "jekyll-feed", "~> 0.17"

Gemfile.lock

@@ -1,114 +1,75 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.8.7)
-      public_suffix (>= 2.0.2, < 7.0)
-    base64 (0.3.0)
-    bigdecimal (3.2.3)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
     colorator (1.1.0)
-    concurrent-ruby (1.3.5)
-    csv (3.3.5)
-    em-websocket (0.5.3)
+    concurrent-ruby (1.1.6)
+    em-websocket (0.5.1)
       eventmachine (>= 0.12.9)
-      http_parser.rb (~> 0)
+      http_parser.rb (~> 0.6.0)
     eventmachine (1.2.7)
-    ffi (1.17.2)
-    ffi (1.17.2-arm64-darwin)
-    ffi (1.17.2-x86_64-darwin)
+    ffi (1.12.2)
     forwardable-extended (2.6.0)
-    google-protobuf (4.32.1)
-      bigdecimal
-      rake (>= 13)
-    google-protobuf (4.32.1-arm64-darwin)
-      bigdecimal
-      rake (>= 13)
-    google-protobuf (4.32.1-x86_64-darwin)
-      bigdecimal
-      rake (>= 13)
-    http_parser.rb (0.8.0)
-    i18n (1.14.7)
+    http_parser.rb (0.6.0)
+    i18n (1.8.2)
       concurrent-ruby (~> 1.0)
-    jekyll (4.3.4)
+    jekyll (4.0.0)
       addressable (~> 2.4)
       colorator (~> 1.0)
       em-websocket (~> 0.5)
-      i18n (~> 1.0)
-      jekyll-sass-converter (>= 2.0, < 4.0)
+      i18n (>= 0.9.5, < 2)
+      jekyll-sass-converter (~> 2.0)
       jekyll-watch (~> 2.0)
-      kramdown (~> 2.3, >= 2.3.1)
+      kramdown (~> 2.1)
       kramdown-parser-gfm (~> 1.0)
       liquid (~> 4.0)
-      mercenary (>= 0.3.6, < 0.5)
+      mercenary (~> 0.3.3)
       pathutil (~> 0.9)
-      rouge (>= 3.0, < 5.0)
+      rouge (~> 3.0)
       safe_yaml (~> 1.0)
-      terminal-table (>= 1.8, < 4.0)
-      webrick (~> 1.7)
-    jekyll-feed (0.17.0)
+      terminal-table (~> 1.8)
+    jekyll-feed (0.13.0)
       jekyll (>= 3.7, < 5.0)
-    jekyll-paginate-v2 (3.0.0)
-      jekyll (>= 3.0, < 5.0)
-    jekyll-polyglot (1.11.0)
-      jekyll (>= 4.0, >= 3.0)
-    jekyll-sass-converter (3.1.0)
-      sass-embedded (~> 1.75)
+    jekyll-sass-converter (2.1.0)
+      sassc (> 2.0.1, < 3.0)
     jekyll-sitemap (1.4.0)
       jekyll (>= 3.7, < 5.0)
     jekyll-watch (2.2.1)
       listen (~> 3.0)
-    kramdown (2.5.1)
-      rexml (>= 3.3.9)
+    kramdown (2.3.1)
+      rexml
     kramdown-parser-gfm (1.1.0)
       kramdown (~> 2.0)
-    liquid (4.0.4)
-    listen (3.9.0)
+    liquid (4.0.3)
+    listen (3.2.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    logger (1.7.0)
-    mercenary (0.4.0)
-    ostruct (0.6.3)
+    mercenary (0.3.6)
     pathutil (0.16.2)
       forwardable-extended (~> 2.6)
-    public_suffix (6.0.2)
-    rake (13.3.0)
-    rb-fsevent (0.11.2)
-    rb-inotify (0.11.1)
+    public_suffix (4.0.3)
+    rb-fsevent (0.10.3)
+    rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rexml (3.4.4)
-    rouge (4.6.1)
+    rexml (3.2.8)
+      strscan (>= 3.0.9)
+    rouge (3.17.0)
     safe_yaml (1.0.5)
-    sass-embedded (1.93.2)
-      google-protobuf (~> 4.31)
-      rake (>= 13)
-    sass-embedded (1.93.2-arm64-darwin)
-      google-protobuf (~> 4.31)
-    sass-embedded (1.93.2-x86_64-darwin)
-      google-protobuf (~> 4.31)
-    terminal-table (3.0.2)
-      unicode-display_width (>= 1.1.1, < 3)
-    unicode-display_width (2.6.0)
-    webrick (1.9.1)
+    sassc (2.2.1)
+      ffi (~> 1.9)
+    strscan (3.1.0)
+    terminal-table (1.8.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
+    unicode-display_width (1.7.0)
 
 PLATFORMS
-  arm64-darwin
   ruby
-  x86_64-darwin
 
 DEPENDENCIES
-  base64 (~> 0.2)
-  bundler (~> 2.5)
-  csv (~> 3.3)
-  jekyll (~> 4.3.4)
-  jekyll-feed (~> 0.17)
-  jekyll-paginate-v2 (~> 3.0)
-  jekyll-polyglot (~> 1.8)
-  jekyll-sitemap (~> 1.4)
-  logger (~> 1.6)
-  ostruct (~> 0.6)
-  webrick (~> 1.8)
-
-RUBY VERSION
-   ruby 3.3.5p100
+  jekyll (~> 4.0)
+  jekyll-feed
+  jekyll-sitemap
 
 BUNDLED WITH
-   2.6.9
+   2.1.4