chore: refresh QA dependencies and build setup

[ootakazuhiko]

Summary

• Refresh Node QA dependencies (markdownlint-cli 0.48.x / markdown-link-check 3.14.x) and add npm audit as check:security in the default test path.
• Normalize Markdown table syntax required by the newer markdownlint rule set without changing table content.
• Update local development guidance to use npm ci, verify Actions setup-node@v6, and make the local Bundler path install missing gems before Jekyll build.
• Ignore local Jekyll/Bundler artifacts generated by build/test runs.

Evidence

• Baseline npm audit: 8 vulnerabilities (2 moderate, 6 high); after lockfile refresh: 0 vulnerabilities.
• Verified actions/setup-node@v6 and existing actions/checkout@v6 tags are available upstream.
• Existing local Jekyll build failed before this change when Bundler existed but gems were not installed; scripts/jekyll.sh now runs bundle check || bundle install before bundle exec.

Local verification

• npm ci
• npm run check:security
• npm run check:metadata
• npm run lint
• npm run check-links
• npm test
• BUNDLE_PATH=/home/devuser/work/CodeX/booksB/.codex-local/tmp/issue-driven-bundle/path BUNDLE_APP_CONFIG=/home/devuser/work/CodeX/booksB/.codex-local/tmp/issue-driven-bundle/config npm run build
• Built-site smoke: _site/index.html, _site/chapters/chapter-01/index.html, _site/chapters/chapter-07/index.html, _site/appendices/templates/index.html
• Workflow YAML parse for .github/workflows/ci.yml
• git diff --check

[ootakazuhiko]

検証結果を記録します。

• PR head: 56e7aac901c77287ecc153a198041ba4735503fc
• CI: CI run 26947510691 / job test (79504050628) success
• Local QA:
  • npm ci
  • npm run check:security（0 vulnerabilities）
  • npm run check:metadata
  • npm run lint
  • npm run check-links
  • npm test
  • workspace-local Bundler 設定で npm run build
  • built-site smoke: _site/index.html, _site/chapters/chapter-01/index.html, _site/chapters/chapter-07/index.html, _site/appendices/templates/index.html
  • .github/workflows/ci.yml YAML parse
  • git diff --check
• Review completeness: status=ok, reviews=0, review_comments=0, review_threads=0, unresolved_threads=0

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 56e7aac901

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Keep the default test script runnable offline

In environments where the npm audit endpoint is blocked or unavailable, npm test now fails before running the metadata/lint/link checks; I reproduced this with npm test, which stopped at npm audit with a 403 from /-/npm/v1/security/advisories/bulk. Because this repo's existing checks otherwise avoid external network access (for example, external links are ignored by the link-check config), putting the registry-backed audit in the default test path breaks routine local/CI validation for network-restricted contributors even when the checked content is fine; consider keeping the audit as a separate CI/security step instead of gating npm test.

Useful? React with 👍 / 👎.

[Copilot]

Pull request overview

Refreshes the project’s QA/tooling dependencies and tightens the default CI/local quality gate by adding a security audit, while also aligning Markdown table formatting with newer markdownlint rules and improving local Jekyll build reliability.

Changes:

• Update Node QA devDependencies (markdownlint-cli, markdown-link-check) and refresh package-lock.json.
• Add npm audit as check:security and include it in the default npm test pipeline.
• Improve local Jekyll build path by ensuring gems are installed when using host Bundler; update docs/CI and ignore generated Jekyll artifacts.

Reviewed changes

Copilot reviewed 4 out of 11 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
scripts/jekyll.sh	Runs `bundle check
README.md	Updates local dev commands to npm ci, documents the expanded test pipeline, and adds check:security to the quality checks list.
package.json	Adds check:security (npm audit) and wires it into npm test; bumps QA tool versions.
package-lock.json	Lockfile refresh corresponding to updated QA dependencies and transitive updates.
docs/chapters/chapter-07/index.md	Normalizes Markdown table formatting (spacing/pipes) for lint compatibility.
docs/chapters/chapter-05/index.md	Normalizes Markdown table formatting (spacing/pipes) for lint compatibility.
docs/chapters/chapter-02/index.md	Normalizes Markdown table formatting (spacing/pipes) for lint compatibility.
docs/appendices/templates/triage-matrix/index.md	Normalizes Markdown table separator formatting.
docs/appendices/templates/pr/index.md	Normalizes Markdown table formatting used in the PR template.
.gitignore	Ignores additional local Jekyll/Bundler artifacts generated by build/test runs.
.github/workflows/ci.yml	Updates Actions Node setup step to actions/setup-node@v6.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.