Post hog update

.cursor/rules/docs.mdc

@@ -0,0 +1,24 @@
+---
+name: UpdateDocs
+description: Rules for updating the documentation
+alwaysApply: true
+---
+## Rules
+
+### 1. Always update the documentation
+Always update the documentation.
+
+### 2. Always update changelog
+Always update the changelog.
+
+### 3. Always update README
+Always update the README.
+
+### 4. Always update CONTRIBUTING.md
+Always update the CONTRIBUTING.md.
+
+### 5. Always update SECURITY.md
+Always update the SECURITY.md.
+
+### 6. Always update LICENSE
+Always update the LICENSE.

.github/workflows/main.yml

@@ -25,7 +25,7 @@ jobs:
       - name: Setup Hugo
         uses: peaceiris/actions-hugo@v3
         with:
-          hugo-version: '0.133.0'
+          hugo-version: '0.146.0'
           extended: true
  #     - name: Golang
  #       uses: actions/checkout@master

.github/workflows/push.yml

@@ -6,9 +6,9 @@ name: validate
 on:
   push:
     branches:
+      - '**'         # matches every branch
       - '!master'   # excludes master
       - '!main'     # excludes main
-      - '**'         # matches every branch
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
@@ -31,12 +31,12 @@ jobs:
       - name: Setup Hugo
         uses: peaceiris/actions-hugo@v3
         with:
-          hugo-version: '0.133.0'
+          hugo-version: '0.146.0'
           extended: true
       - name: Setup go
         uses: actions/setup-go@v1
         with:
-          go-version: '1.23'
+          go-version: '1.25.1'
       - name: Build Translator
         run: cd ./translate; go build translate.go
       - name: Create Secret

.gitignore

@@ -8,6 +8,8 @@
 /resources/_gen/
 hugo_stats.json
 /node_modules/
+/_vendor/
+# Note: static/sitemap.xml is kept in repo to ensure correct permissions
 
 # Executable may be added to repository
 hugo.exe

.vscode/settings.json

@@ -0,0 +1,6 @@
+{
+  "cmake.ignoreCMakeListsMissing": true,
+  "cmake.configureOnOpen": false,
+  "cmake.enableAutomaticKitScan": false,
+  "cmake.sourceDirectory": "${workspaceFolder}/nonexistent"
+}

CHANGELOG.md

@@ -0,0 +1,23 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Security
+- Updated `mermaid` from 9.2.1 to 11.12.1 to fix high-severity security vulnerabilities (DOMPurify XSS and prototype pollution)
+- Replaced deprecated `popper.js` (v1.16.1) with `@popperjs/core` (v2.11.8) for Bootstrap 5 compatibility
+- Fixed 8 npm security vulnerabilities (6 automatically fixed, 2 via mermaid update)
+- Updated Hugo Toha theme from v4.6.0 to v4.12.0
+
+### Changed
+- Updated npm dependencies to latest secure versions
+- Migrated from deprecated popper.js to @popperjs/core
+
+## [Previous Versions]
+
+Previous changes were not tracked in this changelog format.
+

CONTRIBUTING.md

@@ -0,0 +1,78 @@
+# Contributing to DavidgsWeb
+
+Thank you for your interest in contributing to this project! This document provides guidelines and instructions for contributing.
+
+## Code of Conduct
+
+This project adheres to a Code of Conduct. By participating, you are expected to uphold this code.
+
+## How to Contribute
+
+### Reporting Bugs
+
+If you find a bug, please create an issue with:
+- A clear title and description
+- Steps to reproduce the bug
+- Expected vs actual behavior
+- Your environment (OS, browser, etc.)
+
+### Suggesting Enhancements
+
+Enhancement suggestions are welcome! Please create an issue describing:
+- The feature or improvement you'd like to see
+- Why it would be useful
+- Any potential implementation ideas
+
+### Translation Improvements
+
+This website is available in multiple languages:
+- English (native)
+- French (ML translated)
+- German (ML translated)
+- Spanish (ML translated)
+- Dutch (ML translated)
+
+Native speakers are especially encouraged to improve translations! Please:
+1. Fork the repository
+2. Make your translation improvements
+3. Submit a pull request with a clear description of changes
+
+### Pull Requests
+
+1. Fork the repository
+2. Create a feature branch (`git checkout -b feature/amazing-feature`)
+3. Make your changes
+4. Commit your changes (`git commit -m 'Add some amazing feature'`)
+5. Push to the branch (`git push origin feature/amazing-feature`)
+6. Open a Pull Request
+
+### Development Setup
+
+1. Clone the repository
+2. Install dependencies:
+   ```bash
+   npm install
+   ```
+3. Install Go dependencies:
+   ```bash
+   go mod download
+   ```
+4. Run Hugo development server:
+   ```bash
+   hugo server
+   ```
+
+## Dependency Updates
+
+When updating dependencies:
+- Always run `npm audit` to check for security vulnerabilities
+- Update `CHANGELOG.md` with security fixes
+- Test thoroughly after dependency updates
+- Follow semantic versioning for major updates
+
+## Questions?
+
+Feel free to open an issue for any questions or concerns.
+
+Thank you for contributing!
+

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021 David G. Simmons
+Copyright (c) 2021-2025 David G. Simmons
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -23,3 +23,20 @@ It is currently offered in 5 languages:
 The translations are all done automatically using my own [Translator](https://github.com/davidgs/Translator) project which relies on Google Translate for the translations.
 
 Native-speakers are encouraged to submit Pull Requests to make the translations better!
+
+## Dependencies
+
+This project uses:
+- **Hugo** with the [Toha theme](https://github.com/hugo-toha/toha) v4.12.0
+- **Node.js** dependencies managed via npm
+- **Go modules** for Hugo theme dependencies
+
+### Key Dependencies
+- React 18.3.1
+- Next.js 15.5.6
+- Bootstrap 5.3.3
+- Mermaid 11.12.1 (for diagram rendering)
+- @popperjs/core 2.11.8 (for Bootstrap tooltips/popovers)
+
+See `package.json` and `go.mod` for complete dependency lists.
+

SECURITY.md

@@ -0,0 +1,58 @@
+# Security Policy
+
+## Supported Versions
+
+We actively support the latest version of this website and its dependencies. Security updates are applied as soon as vulnerabilities are discovered.
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please **do not** open a public issue. Instead, please report it via one of the following methods:
+
+- Email: [Your email or security contact]
+- GitHub Security Advisory: Use GitHub's private vulnerability reporting feature if available
+
+Please include:
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Suggested fix (if any)
+
+## Security Updates
+
+We take security seriously and will:
+- Respond to security reports within 48 hours
+- Provide regular security updates for dependencies
+- Maintain a security audit process using `npm audit` and `go list -m -u`
+- Document security fixes in CHANGELOG.md
+
+## Dependency Security
+
+This project uses:
+- **npm** for Node.js dependencies - regularly audited with `npm audit`
+- **Go modules** for Hugo theme dependencies - checked with `go list -m -u`
+
+### Recent Security Updates
+
+- **2025-01-19**: Updated mermaid from 9.2.1 to 11.12.1 to fix DOMPurify vulnerabilities
+- **2025-01-19**: Replaced deprecated popper.js with @popperjs/core
+- **2025-01-19**: Fixed 8 npm security vulnerabilities
+- **2025-01-19**: Updated Hugo Toha theme to v4.12.0
+
+## Best Practices
+
+- Always keep dependencies up to date
+- Run `npm audit` regularly
+- Review security advisories for all dependencies
+- Test thoroughly after security updates
+
+## Security Checklist
+
+When contributing, please ensure:
+- [ ] No hardcoded secrets or credentials
+- [ ] Dependencies are up to date
+- [ ] No known security vulnerabilities (`npm audit` passes)
+- [ ] Input validation is performed where appropriate
+- [ ] Security headers are properly configured
+
+Thank you for helping keep this project secure!
+