From 187d7d2723ed0d22d01a83b270c60be0968f3679 Mon Sep 17 00:00:00 2001
From: jmeridth <jmeridth@gmail.com>
Date: Wed, 22 Jan 2025 13:23:49 -0600
Subject: [PATCH 1/2] fix: update immutable github actions to semver

closes security warnings

Signed-off-by: jmeridth <jmeridth@gmail.com>
---
 .github/workflows/jekyll-preview.yml | 8 ++++----
 .github/workflows/jekyll.yml         | 8 ++++----
 .github/workflows/stale.yml          | 2 +-
 .github/workflows/tests.yml          | 4 ++--
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/jekyll-preview.yml b/.github/workflows/jekyll-preview.yml
index f281aed4ff2..0316b5efccf 100644
--- a/.github/workflows/jekyll-preview.yml
+++ b/.github/workflows/jekyll-preview.yml
@@ -30,13 +30,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@4.2.2
         with:
           # For PRs make sure to checkout the PR branch
           ref: ${{ github.event.pull_request.head.sha }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
       - name: Setup Pages
-        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5
+        uses: actions/configure-pages@v5.0.0
       - name: Build with Jekyll
         uses: actions/jekyll-build-pages@44a6e6beabd48582f863aeeb6cb2151cc1716697 # v1
         with:
@@ -44,7 +44,7 @@ jobs:
           destination: ./_site
       - name: Upload artifact
         # Automatically uploads an artifact from the './_site' directory by default
-        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3
+        uses: actions/upload-pages-artifact@v3.0.1
   # Deployment job
   deploy:
     environment:
@@ -60,6 +60,6 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4
+        uses: actions/deploy-pages@v4.0.5
         with:
           preview: "true"
diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml
index 8fcab6dbb40..4da0a4f51b6 100644
--- a/.github/workflows/jekyll.yml
+++ b/.github/workflows/jekyll.yml
@@ -27,9 +27,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@v4.2.2
       - name: Setup Pages
-        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5
+        uses: actions/configure-pages@v5.0.0
       - name: Build with Jekyll
         uses: actions/jekyll-build-pages@44a6e6beabd48582f863aeeb6cb2151cc1716697 # v1
         with:
@@ -37,7 +37,7 @@ jobs:
           destination: ./_site
       - name: Upload artifact
         # Automatically uploads an artifact from the './_site' directory by default
-        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3
+        uses: actions/upload-pages-artifact@v3.0.1
   # Deployment job
   deploy:
     environment:
@@ -48,4 +48,4 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4
+        uses: actions/deploy-pages@v4.0.5
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 1aeb25b78b6..f67b03703e5 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -11,7 +11,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9
+      - uses: actions/stale@v9.1.0
         with:
           stale-pr-message: >
             This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 03630db18ee..fec06827e50 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -11,13 +11,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Set up Git repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@v4.2.2
       - name: Set up Ruby
         uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 # v1
         with:
           bundler-cache: true
       - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4
+        uses: actions/setup-node@v4.1.0
       - name: Bootstrap
         run: script/bootstrap
         env:

From 024b6291360f6e202f0273a10a7f1038bfd8a3e2 Mon Sep 17 00:00:00 2001
From: jmeridth <jmeridth@gmail.com>
Date: Wed, 22 Jan 2025 13:42:00 -0600
Subject: [PATCH 2/2] fix: add mozilla foundation site to url_ignores

https://foundation.mozilla.org/en/blog/its-a-wrap-movement-building-from-home/ currently 403s then redirects.

Signed-off-by: jmeridth <jmeridth@gmail.com>
---
 script/html-proofer | 1 +
 1 file changed, 1 insertion(+)

diff --git a/script/html-proofer b/script/html-proofer
index 4187f49b2f1..230dd9d2d25 100755
--- a/script/html-proofer
+++ b/script/html-proofer
@@ -9,6 +9,7 @@ url_ignores = [
   "https://scripts.sil.org/ofl",
   "https://the-orbit.net/almostdiamonds/2014/04/10/so-youve-got-yourself-a-policy-now-what/",
   "https://pages.18f.gov/open-source-guide/making-readmes-readable/",
+  "https://foundation.mozilla.org/en/blog/its-a-wrap-movement-building-from-home/",
   %r{^https?://readwrite\.com/2014/10/10/open-source-diversity-how-to-contribute/},
   %r{^https?://twitter\.com/},
   %r{^https?://(www\.)?kickstarter\.com/},