From 5ce50633b4d31ed47533010705337985fb3cba25 Mon Sep 17 00:00:00 2001 From: John Benninghoff Date: Sat, 28 Mar 2026 17:26:55 -0500 Subject: [PATCH 1/6] bundle update --- Gemfile.lock | 60 +++++++++++++++++++++++++++------------------------- 1 file changed, 31 insertions(+), 29 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index d06aa70..b1d9379 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -2,7 +2,7 @@ GEM remote: https://rubygems.org/ specs: Ascii85 (2.0.1) - activesupport (8.1.2) + activesupport (8.1.3) base64 bigdecimal concurrent-ruby (~> 1.0, >= 1.3.1) @@ -15,11 +15,11 @@ GEM securerandom (>= 0.3) tzinfo (~> 2.0, >= 2.0.5) uri (>= 0.13.1) - addressable (2.8.8) + addressable (2.8.9) public_suffix (>= 2.0.2, < 8.0) afm (1.0.0) ast (2.4.3) - async (2.36.0) + async (2.38.1) console (~> 1.29) fiber-annotation io-event (~> 1.11) @@ -49,8 +49,9 @@ GEM em-websocket (0.5.3) eventmachine (>= 0.12.9) http_parser.rb (~> 0) - ethon (0.15.0) + ethon (0.18.0) ffi (>= 1.15.0) + logger eventmachine (1.2.7) execjs (2.10.0) faraday (2.14.1) @@ -59,14 +60,14 @@ GEM logger faraday-net_http (3.4.2) net-http (~> 0.5) - ffi (1.17.3-aarch64-linux-gnu) - ffi (1.17.3-aarch64-linux-musl) - ffi (1.17.3-arm-linux-gnu) - ffi (1.17.3-arm-linux-musl) - ffi (1.17.3-arm64-darwin) - ffi (1.17.3-x86_64-darwin) - ffi (1.17.3-x86_64-linux-gnu) - ffi (1.17.3-x86_64-linux-musl) + ffi (1.17.4-aarch64-linux-gnu) + ffi (1.17.4-aarch64-linux-musl) + ffi (1.17.4-arm-linux-gnu) + ffi (1.17.4-arm-linux-musl) + ffi (1.17.4-arm64-darwin) + ffi (1.17.4-x86_64-darwin) + ffi (1.17.4-x86_64-linux-gnu) + ffi (1.17.4-x86_64-linux-musl) fiber-annotation (0.2.0) fiber-local (1.1.0) fiber-storage @@ -142,7 +143,7 @@ GEM http_parser.rb (0.8.1) i18n (1.14.8) concurrent-ruby (~> 1.0) - io-event (1.14.2) + io-event (1.14.5) jekyll (3.10.0) addressable (~> 2.4) colorator (~> 1.0) @@ -253,7 +254,7 @@ GEM gemoji (>= 3, < 5) html-pipeline (~> 2.2) jekyll (>= 3.0, < 5.0) - json (2.18.1) + json (2.19.3) kramdown (2.4.0) rexml kramdown-parser-gfm (1.1.0) @@ -272,31 +273,32 @@ GEM jekyll (>= 3.5, < 5.0) jekyll-feed (~> 0.9) jekyll-seo-tag (~> 2.1) - minitest (6.0.1) + minitest (6.0.2) + drb (~> 2.0) prism (~> 1.5) net-http (0.9.1) uri (>= 0.11.1) - nokogiri (1.19.1-aarch64-linux-gnu) + nokogiri (1.19.2-aarch64-linux-gnu) racc (~> 1.4) - nokogiri (1.19.1-aarch64-linux-musl) + nokogiri (1.19.2-aarch64-linux-musl) racc (~> 1.4) - nokogiri (1.19.1-arm-linux-gnu) + nokogiri (1.19.2-arm-linux-gnu) racc (~> 1.4) - nokogiri (1.19.1-arm-linux-musl) + nokogiri (1.19.2-arm-linux-musl) racc (~> 1.4) - nokogiri (1.19.1-arm64-darwin) + nokogiri (1.19.2-arm64-darwin) racc (~> 1.4) - nokogiri (1.19.1-x86_64-darwin) + nokogiri (1.19.2-x86_64-darwin) racc (~> 1.4) - nokogiri (1.19.1-x86_64-linux-gnu) + nokogiri (1.19.2-x86_64-linux-gnu) racc (~> 1.4) - nokogiri (1.19.1-x86_64-linux-musl) + nokogiri (1.19.2-x86_64-linux-musl) racc (~> 1.4) octokit (4.25.1) faraday (>= 1, < 3) sawyer (~> 0.9) parallel (1.27.0) - parser (3.3.10.2) + parser (3.3.11.1) ast (~> 2.4.1) racc pathutil (0.16.2) @@ -318,7 +320,7 @@ GEM regexp_parser (2.11.3) rexml (3.4.4) rouge (3.30.0) - rubocop (1.84.2) + rubocop (1.86.0) json (~> 2.3) language_server-protocol (~> 3.17.0.2) lint_roller (~> 1.1.0) @@ -329,7 +331,7 @@ GEM rubocop-ast (>= 1.49.0, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 4.0) - rubocop-ast (1.49.0) + rubocop-ast (1.49.1) parser (>= 3.3.7.2) prism (~> 1.7) rubocop-rake (0.7.1) @@ -353,8 +355,8 @@ GEM traces (0.18.2) ttfunk (1.8.0) bigdecimal (~> 3.1) - typhoeus (1.5.0) - ethon (>= 0.9.0, < 0.16.0) + typhoeus (1.6.0) + ethon (>= 0.18.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) unicode-display_width (3.2.0) @@ -363,7 +365,7 @@ GEM uri (1.1.1) webrick (1.9.2) yell (2.2.2) - zeitwerk (2.7.4) + zeitwerk (2.7.5) PLATFORMS aarch64-linux-gnu From 168993744eb93f177da323d1ae30aa30d407b1cb Mon Sep 17 00:00:00 2001 From: John Benninghoff Date: Sat, 28 Mar 2026 17:27:15 -0500 Subject: [PATCH 2/6] Update URLs --- Rakefile | 1 + _posts/2011-09-21-appsec-usa-2011.md | 6 +++--- _posts/2011-09-26-bsm-presentation.md | 4 ++-- _posts/2011-11-17-appsec-usa-2011-video.md | 4 ++-- _posts/2012-06-06-linked-passwords.md | 2 +- _posts/2012-07-11-information-safety-basics.md | 2 +- _posts/2012-10-25-appsec-usa-2012.md | 2 +- 7 files changed, 11 insertions(+), 10 deletions(-) diff --git a/Rakefile b/Rakefile index 0e1fd8c..654d0f8 100644 --- a/Rakefile +++ b/Rakefile @@ -60,6 +60,7 @@ task test: :build do ignore_urls: [ # URL not resolving # URLs time out + 'https://www.cybersecuritysummit.org', # URLs require authentication # Dead URLs not available on https://web.archive.org 'https://vimeo.com/31654452', diff --git a/_posts/2011-09-21-appsec-usa-2011.md b/_posts/2011-09-21-appsec-usa-2011.md index 70aa6b1..8f17762 100644 --- a/_posts/2011-09-21-appsec-usa-2011.md +++ b/_posts/2011-09-21-appsec-usa-2011.md @@ -4,12 +4,12 @@ title: Speaking at AppSec USA 2011! author: jabenninghoff comments: false --- -I'll be [speaking](http://2011.appsecusa.org/talks.html#bsm) at [AppSec -USA 2011](http://2011.appsecusa.org/), the national +I'll be [speaking](https://web.archive.org/web/20251127175303/https://2011.appsecusa.org/talks.html#bsm) at [AppSec +USA 2011](https://web.archive.org/web/20251127211544/https://2011.appsecusa.org/), the national [OWASP](https://www.owasp.org/) conference, tomorrow, 9/22/2011! If you're here in Minneapolis, come down to the convention center and you can see me and many other more illustrious speakers. I'll be discussing *Behavioral Security Modeling*, the first tool to be developed for Behavioral Information Security. -[![AppSec USA 2011](/assets/appsecusa-promo.gif)](http://2011.appsecusa.org/) +[![AppSec USA 2011](/assets/appsecusa-promo.gif)](https://web.archive.org/web/20251127211544/https://2011.appsecusa.org/) diff --git a/_posts/2011-09-26-bsm-presentation.md b/_posts/2011-09-26-bsm-presentation.md index 3746f45..7121399 100644 --- a/_posts/2011-09-26-bsm-presentation.md +++ b/_posts/2011-09-26-bsm-presentation.md @@ -5,8 +5,8 @@ author: jabenninghoff comments: false --- Here are the slides from my -[talk](http://2011.appsecusa.org/talks.html#bsm) at [AppSec USA -2011](http://2011.appsecusa.org/). +[talk](https://web.archive.org/web/20251127175303/https://2011.appsecusa.org/talks.html#bsm) at [AppSec USA +2011](https://web.archive.org/web/20251127211544/https://2011.appsecusa.org/). [Behavioral Security Modeling: Eliminating Vulnerabilities by Building Predictable Systems](/assets/bsm-owasp-20110922.pdf) diff --git a/_posts/2011-11-17-appsec-usa-2011-video.md b/_posts/2011-11-17-appsec-usa-2011-video.md index c2cb872..1391d1a 100644 --- a/_posts/2011-11-17-appsec-usa-2011-video.md +++ b/_posts/2011-11-17-appsec-usa-2011-video.md @@ -9,8 +9,8 @@ are available on YouTube, [here](https://www.youtube.com/watch?v=jLW617T45IA) and [here](https://www.youtube.com/watch?v=hPBBuPI5tOg). [OWASP](https://www.owasp.org/) has posted video from [my -talk](http://2011.appsecusa.org/talks.html#bsm) at [AppSec USA -2011](http://2011.appsecusa.org/). I haven't yet built up the nerve to +talk](https://web.archive.org/web/20251127175303/https://2011.appsecusa.org/talks.html#bsm) at [AppSec USA +2011](https://web.archive.org/web/20251127211544/https://2011.appsecusa.org/). I haven't yet built up the nerve to watch it yet (who likes to watch themselves?), so I can't say how good it is, but hopefully it is interesting and informative. *Update:* it seems the video is just slides & audio -- which is probably a good diff --git a/_posts/2012-06-06-linked-passwords.md b/_posts/2012-06-06-linked-passwords.md index 5c54dc6..c65e6cd 100644 --- a/_posts/2012-06-06-linked-passwords.md +++ b/_posts/2012-06-06-linked-passwords.md @@ -68,7 +68,7 @@ them securely, all protected by a single *master password*, and makes it easy to enter your password when logging on to a website (just click a button!) -Right now, I use [1Password](https://agilebits.com/onepassword), but +Right now, I use [1Password](https://web.archive.org/web/20120714093334/https://agilebits.com/onepassword), but also recommend [LastPass](https://lastpass.com/). I use a very long pass phrase for my master password, which is a phrase or complete sentence that should be easy to remember, but hard to guess. Five or more words diff --git a/_posts/2012-07-11-information-safety-basics.md b/_posts/2012-07-11-information-safety-basics.md index dc0afc5..c49aea0 100644 --- a/_posts/2012-07-11-information-safety-basics.md +++ b/_posts/2012-07-11-information-safety-basics.md @@ -29,4 +29,4 @@ those are listed below. - Updates -- Windows: [Secunia Personal Software Inspector](http://secunia.com/products/consumer/psi/) - Anti-Virus -- Mac: [Sophos Anti-Virus](https://home.sophos.com/en-us/download-mac-security) - Anti-Virus -- Windows: [Microsoft Security Essentials](http://windows.microsoft.com/mse) -- Passwords -- Mac & Windows: [1Password](https://agilebits.com/onepassword) or [Lastpass](https://lastpass.com/) +- Passwords -- Mac & Windows: [1Password](https://web.archive.org/web/20120714093334/https://agilebits.com/onepassword) or [Lastpass](https://lastpass.com/) diff --git a/_posts/2012-10-25-appsec-usa-2012.md b/_posts/2012-10-25-appsec-usa-2012.md index 7ff19f5..c10d9f4 100644 --- a/_posts/2012-10-25-appsec-usa-2012.md +++ b/_posts/2012-10-25-appsec-usa-2012.md @@ -4,7 +4,7 @@ title: AppSec USA 2012: Functional Security Requirements using Behavioral Se author: jabenninghoff comments: false --- -I spoke today at OWASP [AppSec USA](http://2012.appsecusa.org/) on +I spoke today at OWASP [AppSec USA](https://web.archive.org/web/20260214035454/https://2012.appsecusa.org/) on ["Building Predictable Systems using Behavioral Security Modeling: Functional Security Requirements".](https://web.archive.org/web/20121029075040if_/http://appsecusa2012.sched.org/event/a3576d789eeb8449ecc84d1338cc3f19) From 0c930ea59b8ca66e3f20d1b1ffadc0f157bf5deb Mon Sep 17 00:00:00 2001 From: John Benninghoff Date: Sat, 28 Mar 2026 17:27:33 -0500 Subject: [PATCH 3/6] Fix shell script permissions --- bootstrap.sh | 0 clean.sh | 0 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 bootstrap.sh mode change 100644 => 100755 clean.sh diff --git a/bootstrap.sh b/bootstrap.sh old mode 100644 new mode 100755 diff --git a/clean.sh b/clean.sh old mode 100644 new mode 100755 From b9e0ed83359cea470c75ac6667251141fb731ee4 Mon Sep 17 00:00:00 2001 From: John Benninghoff Date: Sat, 28 Mar 2026 17:27:56 -0500 Subject: [PATCH 4/6] Pin GitHub actions to improve security --- .github/workflows/ruby.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml index 5fa6692..9086780 100644 --- a/.github/workflows/ruby.yml +++ b/.github/workflows/ruby.yml @@ -15,15 +15,15 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: ruby/setup-ruby@v1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1.299.0 with: bundler-cache: true # from https://github.com/gjtorikian/html-proofer/blob/main/README.md#caching-with-continuous-integration - name: Cache HTMLProofer id: cache-htmlproofer - uses: actions/cache@v4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: tmp/.htmlproofer key: ${{ runner.os }}-htmlproofer From f8293f9936658a9042506a56fc856f0496d2a6da Mon Sep 17 00:00:00 2001 From: John Benninghoff Date: Sat, 28 Mar 2026 17:28:09 -0500 Subject: [PATCH 5/6] Add Dependabot version updates --- .github/dependabot.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..21ffdd6 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,14 @@ +# https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference + +version: 2 +updates: + + - package-ecosystem: "bundler" + directory: "/" + schedule: + interval: "weekly" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" From d31b8c83eeb2d4704c9c6a49b0e8bdd3df3d8928 Mon Sep 17 00:00:00 2001 From: John Benninghoff Date: Sat, 28 Mar 2026 17:31:29 -0500 Subject: [PATCH 6/6] Check monthly, not weekly --- .github/dependabot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 21ffdd6..29a0322 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,9 +6,9 @@ updates: - package-ecosystem: "bundler" directory: "/" schedule: - interval: "weekly" + interval: "monthly" - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "weekly" + interval: "monthly"