Add dependabot.yml

.github/dependabot.yml

@@ -0,0 +1,14 @@
+# https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference
+
+version: 2
+updates:
+
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"

.github/workflows/ruby.yml

@@ -15,15 +15,15 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
-    - uses: ruby/setup-ruby@v1
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1.299.0
       with:
         bundler-cache: true
 
     # from https://github.com/gjtorikian/html-proofer/blob/main/README.md#caching-with-continuous-integration
     - name: Cache HTMLProofer
       id: cache-htmlproofer
-      uses: actions/cache@v4
+      uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
       with:
         path: tmp/.htmlproofer
         key: ${{ runner.os }}-htmlproofer

Gemfile.lock

@@ -2,7 +2,7 @@ GEM
   remote: https://rubygems.org/
   specs:
     Ascii85 (2.0.1)
-    activesupport (8.1.2)
+    activesupport (8.1.3)
       base64
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.3.1)
@@ -15,11 +15,11 @@ GEM
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
       uri (>= 0.13.1)
-    addressable (2.8.8)
+    addressable (2.8.9)
       public_suffix (>= 2.0.2, < 8.0)
     afm (1.0.0)
     ast (2.4.3)
-    async (2.36.0)
+    async (2.38.1)
       console (~> 1.29)
       fiber-annotation
       io-event (~> 1.11)
@@ -49,8 +49,9 @@ GEM
     em-websocket (0.5.3)
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0)
-    ethon (0.15.0)
+    ethon (0.18.0)
       ffi (>= 1.15.0)
+      logger
     eventmachine (1.2.7)
     execjs (2.10.0)
     faraday (2.14.1)
@@ -59,14 +60,14 @@ GEM
       logger
     faraday-net_http (3.4.2)
       net-http (~> 0.5)
-    ffi (1.17.3-aarch64-linux-gnu)
-    ffi (1.17.3-aarch64-linux-musl)
-    ffi (1.17.3-arm-linux-gnu)
-    ffi (1.17.3-arm-linux-musl)
-    ffi (1.17.3-arm64-darwin)
-    ffi (1.17.3-x86_64-darwin)
-    ffi (1.17.3-x86_64-linux-gnu)
-    ffi (1.17.3-x86_64-linux-musl)
+    ffi (1.17.4-aarch64-linux-gnu)
+    ffi (1.17.4-aarch64-linux-musl)
+    ffi (1.17.4-arm-linux-gnu)
+    ffi (1.17.4-arm-linux-musl)
+    ffi (1.17.4-arm64-darwin)
+    ffi (1.17.4-x86_64-darwin)
+    ffi (1.17.4-x86_64-linux-gnu)
+    ffi (1.17.4-x86_64-linux-musl)
     fiber-annotation (0.2.0)
     fiber-local (1.1.0)
       fiber-storage
@@ -142,7 +143,7 @@ GEM
     http_parser.rb (0.8.1)
     i18n (1.14.8)
       concurrent-ruby (~> 1.0)
-    io-event (1.14.2)
+    io-event (1.14.5)
     jekyll (3.10.0)
       addressable (~> 2.4)
       colorator (~> 1.0)
@@ -253,7 +254,7 @@ GEM
       gemoji (>= 3, < 5)
       html-pipeline (~> 2.2)
       jekyll (>= 3.0, < 5.0)
-    json (2.18.1)
+    json (2.19.3)
     kramdown (2.4.0)
       rexml
     kramdown-parser-gfm (1.1.0)
@@ -272,31 +273,32 @@ GEM
       jekyll (>= 3.5, < 5.0)
       jekyll-feed (~> 0.9)
       jekyll-seo-tag (~> 2.1)
-    minitest (6.0.1)
+    minitest (6.0.2)
+      drb (~> 2.0)
       prism (~> 1.5)
     net-http (0.9.1)
       uri (>= 0.11.1)
-    nokogiri (1.19.1-aarch64-linux-gnu)
+    nokogiri (1.19.2-aarch64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.19.1-aarch64-linux-musl)
+    nokogiri (1.19.2-aarch64-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.19.1-arm-linux-gnu)
+    nokogiri (1.19.2-arm-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.19.1-arm-linux-musl)
+    nokogiri (1.19.2-arm-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.19.1-arm64-darwin)
+    nokogiri (1.19.2-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.19.1-x86_64-darwin)
+    nokogiri (1.19.2-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.19.1-x86_64-linux-gnu)
+    nokogiri (1.19.2-x86_64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.19.1-x86_64-linux-musl)
+    nokogiri (1.19.2-x86_64-linux-musl)
       racc (~> 1.4)
     octokit (4.25.1)
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
     parallel (1.27.0)
-    parser (3.3.10.2)
+    parser (3.3.11.1)
       ast (~> 2.4.1)
       racc
     pathutil (0.16.2)
@@ -318,7 +320,7 @@ GEM
     regexp_parser (2.11.3)
     rexml (3.4.4)
     rouge (3.30.0)
-    rubocop (1.84.2)
+    rubocop (1.86.0)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -329,7 +331,7 @@ GEM
       rubocop-ast (>= 1.49.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.49.0)
+    rubocop-ast (1.49.1)
       parser (>= 3.3.7.2)
       prism (~> 1.7)
     rubocop-rake (0.7.1)
@@ -353,8 +355,8 @@ GEM
     traces (0.18.2)
     ttfunk (1.8.0)
       bigdecimal (~> 3.1)
-    typhoeus (1.5.0)
-      ethon (>= 0.9.0, < 0.16.0)
+    typhoeus (1.6.0)
+      ethon (>= 0.18.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (3.2.0)
@@ -363,7 +365,7 @@ GEM
     uri (1.1.1)
     webrick (1.9.2)
     yell (2.2.2)
-    zeitwerk (2.7.4)
+    zeitwerk (2.7.5)
 
 PLATFORMS
   aarch64-linux-gnu

Rakefile

@@ -60,6 +60,7 @@ task test: :build do
     ignore_urls: [
       # URL not resolving
       # URLs time out
+      'https://www.cybersecuritysummit.org',
       # URLs require authentication
       # Dead URLs not available on https://web.archive.org
       'https://vimeo.com/31654452',

_posts/2011-09-21-appsec-usa-2011.md

@@ -4,12 +4,12 @@ title: Speaking at AppSec USA 2011!
 author: jabenninghoff
 comments: false
 ---
-I'll be [speaking](http://2011.appsecusa.org/talks.html#bsm) at [AppSec
-USA 2011](http://2011.appsecusa.org/), the national
+I'll be [speaking](https://web.archive.org/web/20251127175303/https://2011.appsecusa.org/talks.html#bsm) at [AppSec
+USA 2011](https://web.archive.org/web/20251127211544/https://2011.appsecusa.org/), the national
 [OWASP](https://www.owasp.org/) conference, tomorrow, 9/22/2011! If
 you're here in Minneapolis, come down to the convention center and you
 can see me and many other more illustrious speakers. I'll be discussing
 *Behavioral Security Modeling*, the first tool to be developed for
 Behavioral Information Security.
 
-[![AppSec USA 2011](/assets/appsecusa-promo.gif)](http://2011.appsecusa.org/)
+[![AppSec USA 2011](/assets/appsecusa-promo.gif)](https://web.archive.org/web/20251127211544/https://2011.appsecusa.org/)

_posts/2011-09-26-bsm-presentation.md

@@ -5,8 +5,8 @@ author: jabenninghoff
 comments: false
 ---
 Here are the slides from my
-[talk](http://2011.appsecusa.org/talks.html#bsm) at [AppSec USA
-2011](http://2011.appsecusa.org/).
+[talk](https://web.archive.org/web/20251127175303/https://2011.appsecusa.org/talks.html#bsm) at [AppSec USA
+2011](https://web.archive.org/web/20251127211544/https://2011.appsecusa.org/).
 
 [Behavioral Security Modeling: Eliminating Vulnerabilities by Building Predictable Systems](/assets/bsm-owasp-20110922.pdf)
 

_posts/2011-11-17-appsec-usa-2011-video.md

@@ -9,8 +9,8 @@ are available on YouTube, [here](https://www.youtube.com/watch?v=jLW617T45IA)
 and [here](https://www.youtube.com/watch?v=hPBBuPI5tOg).
 
 [OWASP](https://www.owasp.org/) has posted video from [my
-talk](http://2011.appsecusa.org/talks.html#bsm) at [AppSec USA
-2011](http://2011.appsecusa.org/). I haven't yet built up the nerve to
+talk](https://web.archive.org/web/20251127175303/https://2011.appsecusa.org/talks.html#bsm) at [AppSec USA
+2011](https://web.archive.org/web/20251127211544/https://2011.appsecusa.org/). I haven't yet built up the nerve to
 watch it yet (who likes to watch themselves?), so I can't say how good
 it is, but hopefully it is interesting and informative. *Update:* it
 seems the video is just slides & audio -- which is probably a good

_posts/2012-06-06-linked-passwords.md

@@ -68,7 +68,7 @@ them securely, all protected by a single *master password*, and makes it
 easy to enter your password when logging on to a website (just click a
 button!)
 
-Right now, I use [1Password](https://agilebits.com/onepassword), but
+Right now, I use [1Password](https://web.archive.org/web/20120714093334/https://agilebits.com/onepassword), but
 also recommend [LastPass](https://lastpass.com/). I use a very long pass
 phrase for my master password, which is a phrase or complete sentence
 that should be easy to remember, but hard to guess. Five or more words

_posts/2012-07-11-information-safety-basics.md

@@ -29,4 +29,4 @@ those are listed below.
 - Updates -- Windows: [Secunia Personal Software Inspector](http://secunia.com/products/consumer/psi/)
 - Anti-Virus -- Mac: [Sophos Anti-Virus](https://home.sophos.com/en-us/download-mac-security)
 - Anti-Virus -- Windows: [Microsoft Security Essentials](http://windows.microsoft.com/mse)
-- Passwords -- Mac & Windows: [1Password](https://agilebits.com/onepassword) or [Lastpass](https://lastpass.com/)
+- Passwords -- Mac & Windows: [1Password](https://web.archive.org/web/20120714093334/https://agilebits.com/onepassword) or [Lastpass](https://lastpass.com/)

_posts/2012-10-25-appsec-usa-2012.md

@@ -4,7 +4,7 @@ title: AppSec USA 2012: Functional Security Requirements using Behavioral Se
 author: jabenninghoff
 comments: false
 ---
-I spoke today at OWASP [AppSec USA](http://2012.appsecusa.org/) on
+I spoke today at OWASP [AppSec USA](https://web.archive.org/web/20260214035454/https://2012.appsecusa.org/) on
 ["Building Predictable Systems using Behavioral Security Modeling:
 Functional Security
 Requirements".](https://web.archive.org/web/20121029075040if_/http://appsecusa2012.sched.org/event/a3576d789eeb8449ecc84d1338cc3f19)