Ruby and gem upgrade

[mani2106]

🔒 Complete Jekyll Blog Security Hardening

Overview

This PR implements comprehensive security hardening for the Jekyll blog by resolving all 12 GitHub Dependabot security alerts while maintaining full functionality and establishing ongoing maintenance procedures.

🚨 Security Vulnerabilities Resolved

Critical Priority (1 alert)

• CVE-2025-49794, CVE-2025-49796 - Nokogiri use-after-free and memory corruption (CVSS 9.1)

High Priority (2 alerts)

• CVE-2025-24855, CVE-2024-55549 - Nokogiri libxslt use-after-free (CVSS 7.8)
• CVE-2024-43398 - REXML DoS vulnerability with deep XML elements

Medium Priority (6 alerts)

• CVE-2024-49761 - REXML ReDoS vulnerability
• CVE-2024-41946 - REXML DoS with entity expansions
• CVE-2024-41123 - REXML DoS with specific characters
• CVE-2024-39908 - REXML DoS vulnerability
• CVE-2024-35176 - REXML DoS with many > characters
• CVE-2023-38037 - ActiveSupport file disclosure vulnerability

Low Priority (3 alerts)

• Multiple Nokogiri libxml2 security updates

🔧 Major Changes

Ruby & Environment

• Ruby: 2.7.1 → 3.3.9 (latest stable with security patches)
• Docker: Updated to ruby:3.3-alpine base image
• Bundler: 2.1.4 → 2.7.2

Critical Security Gems

• Nokogiri: 1.16.3 → 1.18.10 (added explicit constraint ~> 1.18)
• REXML: 3.2.5 → 3.4.4 (added explicit constraint ~> 3.4)
• ActiveSupport: 6.0.6.1 → 7.2.2.2 (major upgrade, added constraint ~> 7.2)
• Faraday: 0.17.5 → 2.12.3 (removed restrictive < 1.0 constraint)

Jekyll Ecosystem Updates

• Jekyll: Maintained at 4.3.4 (stable compatibility)
• Jekyll-feed: 0.15.0 → 0.17.0
• Jekyll-octicons: 11.0.0 → 19.8.0
• Jekyll-seo-tag: 2.6.1 → 2.8.0
• Jekyll-toc: 0.14.0 → 0.19.0
• Jemoji: 0.12.0 → 0.13.0

✅ Validation & Testing

Build Verification

• ✅ Jekyll builds successfully with jekyll build
• ✅ All pages render correctly with proper formatting
• ✅ Docker services start and function properly
• ✅ No dependency conflicts detected

Functionality Testing

• ✅ Math rendering (KaTeX) works correctly
• ✅ Code syntax highlighting functional
• ✅ RSS feed generation working
• ✅ SEO tags generating properly
• ✅ All Jekyll plugins load and function
• ✅ Site navigation and layout intact

📚 Documentation Added

Security Documentation

• MAINTENANCE_PROCEDURES.md - Ongoing security maintenance procedures

🔄 Ongoing Maintenance

Established Procedures

• Monthly security reviews for new Dependabot alerts
• Quarterly dependency updates for non-security improvements
• Annual major updates for Ruby/Jekyll versions
• Emergency response procedures for critical vulnerabilities

Security-First Constraints

Updated all gem constraints to use semantic versioning that allows automatic security patches while maintaining stability.

🎯 Impact Summary

• Security Status: ✅ SECURE - Zero known vulnerabilities
• Functionality: ✅ MAINTAINED - Full blog functionality preserved
• Performance: ✅ IMPROVED - Ruby 3.3.x performance gains
• Maintainability: ✅ ENHANCED - Modern dependencies and documentation

🚀 Deployment Notes

This PR is ready for immediate deployment. All changes have been thoroughly tested and validated. The blog will continue to function exactly as before, but with significantly improved security posture.

Breaking Changes: None - Full backward compatibility maintained
Rollback Plan: Available via backup files and documented procedures