Merge branch 'main' into conflicts-with-main

.asdfrc

@@ -0,0 +1 @@
+legacy_version_file = yes

.bundler-version

@@ -0,0 +1 @@
+2.4.2

.github/dependabot.yml

@@ -0,0 +1,15 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "npm" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "bundler" # for Ruby Gemfile
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/workflows/build.yml

@@ -20,3 +20,4 @@ jobs:
           npm install
           npm run gulp
           bundle exec jekyll build
+

.github/workflows/qa.yml

@@ -23,6 +23,6 @@ jobs:
           npm install
           npm run gulp
       - name: Build static site
-        run: bundle exec jekyll build
+        run: npm run build
       - name: Test External Links
-        run: bundle exec htmlproofer --check-html _site
+        run: npm run qa

.ruby-version

@@ -1 +1,2 @@
 3.2.2
+

.snyk

@@ -1,11 +1,12 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.13.5
+version: v1.25.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
-  SNYK-RUBY-NOKOGIRI-1726792:
+  SNYK-RUBY-NOKOGIRI-3164751:
     - '*':
         reason: >-
-          nokogiri input is from trusted sources so a XXE
-          Injenction is not a concern. Not able to be upgraded at
-          this time.
-        expires: '2021-12-30T21:40:40.202Z'
+          native platform version contains fix as well
+          https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.10
+        expires: 2023-06-30T00:00:00.000Z
+        created: 2023-01-04T00:00:00.000Z
+patch: {}

.tool-versions

@@ -0,0 +1 @@
+ruby 2.7.5

Gemfile.lock

@@ -123,3 +123,4 @@ DEPENDENCIES
 
 BUNDLED WITH
    2.4.3
+

README.md

@@ -17,6 +17,26 @@ This is a starter repository to help in implementing the [Open SDG](https://gith
 ### Publication 
 - the static sites created using this repo are configured to be published by pages.cloud.gov via webhooks. For more information on cloud.gov pages visit the [website](https://cloud.gov/pages/)
 
+### Requirements
+
+-   [Ruby](https://www.ruby-lang.org/en/) = 2.6.0
+-   [Bundler](https://bundler.io/) > 2.0
+-   [Node](https://nodejs.org/en/download/) > 16.0
+
+NOTE: You must build this repo with Ruby 2.6.0. 
+### Setup
+
+After you've confirmed the above requirements, all lifecycle operations can be run with NPM scripts (ex. `npm run build`)
+
+| NPM Command | Description                     |
+| ----------- | ------------------------------- |
+| build       | Build the site                  |
+| setup       | Install ruby gems               |
+| start       | Serve a local build             |
+| test        | Check for broken internal links |
+| qa          | Check for broken external links |
+
+
 ## Contributing
 
 See [CONTRIBUTING](CONTRIBUTING.md) for additional information.

SECURITY.md

@@ -0,0 +1,27 @@
+# Security Policy
+
+As a U.S. Government agency, the General Services Administration (GSA) takes
+seriously our responsibility to protect the public's information, including
+financial and personal information, from unwarranted disclosure.
+
+Software developed by the U.S. General Services Administration (GSA)
+is subject to the [GSA Vulnerability Disclosure Policy <gsa.gov/vulnerability-disclosure-policy>](gsa.gov/vulnerability-disclosure-policy).
+
+Please consult our policy for:
+* How to submit a report if you believe you have discovered a vulnerability.
+* GSA's coordinated disclosure policy.
+* Information on how you may conduct security research on GSA developed
+  software and systems.
+* Important legal and policy guidelines.
+
+## Supported Versions
+
+Please note that only certain branches are supported with security updates.
+
+| Version (Branch) | Supported          |
+| ---------------- | ------------------ |
+| main             | :white_check_mark: |
+| other            | :x:                |
+
+When using this code or reporting vulnerabilities please only use supported
+versions.

Staticfile

@@ -1 +1,2 @@
-root: _site
+root: _site
+

pages.json

@@ -0,0 +1,3 @@
+{
+  "cache": false
+}