* [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <[email protected]>

* Delete .github/workflows/dependency-review.yml

* Remove validation for GitHub Actions Zizmor

---------

Signed-off-by: StepSecurity Bot <[email protected]>
Co-authored-by: Christian Oliff <[email protected]>

Bumps the npm_and_yarn group with 1 update in the /website directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `vite` from 6.3.5 to 6.3.6
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.3.6/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 6.3.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christian Oliff <[email protected]>

Lowered the minimum Node.js engine requirement to 18 in package.json and added Node.js 18 to the test matrix. Updated CodeQL GitHub Actions to v3.30.2 and improved documentation for GitHub Actions usage. Removed a test that checked for rule presence in rules/index.mdx.

Update website.yml

Update project rules and labeler workflow formatting

Expanded general project rules to include line endings, code formatting, rule ordering, and GitHub Actions best practices. Also standardized comment spacing in the labeler workflow permissions section.

Introduces a new rule that enforces the presence of a <link rel="canonical"> tag with a non-blank href in the <head> element. Includes implementation, tests, documentation, and configuration updates.

Update link-rel-canonical-require.mdx

Refactor link-rel-canonical-require formatting

Improves code readability by reformatting the description string and simplifying the conditional for detecting canonical link elements.

Updated htmlhint and website package versions to 1.7.0. Upgraded ESLint and @typescript-eslint dependencies, as well as Astro and esbuild-related packages in the website. Also removed lockfile-version from website/.npmrc and updated documentation files.

…t#1723)

* Add 'Why this rule is important' sections to rule docs

Added explanations to multiple rule documentation files describing the importance of each rule for accessibility, SEO, and code quality. Also updated the configuration example to include the new 'form-method-require' rule and fixed changelog issue links.

* Update website/src/content/docs/changelog.mdx

Co-authored-by: Copilot <[email protected]>

---------

Co-authored-by: Copilot <[email protected]>

Removed 'New' badge from h1-require and main-require rule docs. Updated GitHub Actions usage docs to use latest actions/checkout@v5 and actions/setup-node@v5, and set persist-credentials to false.

Bumps the dependencies group in /website with 1 update: [@astrojs/starlight](https://github.com/withastro/starlight/tree/HEAD/packages/starlight).


Updates `@astrojs/starlight` from 0.35.2 to 0.35.3
- [Release notes](https://github.com/withastro/starlight/releases)
- [Changelog](https://github.com/withastro/starlight/blob/main/packages/starlight/CHANGELOG.md)
- [Commits](https://github.com/withastro/starlight/commits/@astrojs/[email protected]/packages/starlight)

---
updated-dependencies:
- dependency-name: "@astrojs/starlight"
  dependency-version: 0.35.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…t#1726)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.1 to 3.30.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v3.30.1...192325c)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.30.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Refactor glob usage in CLI for improved API and options

Replaces deprecated or less preferred glob API usages with updated methods (globSync, globStream) in formatter and htmlhint CLI modules. Removes unused or deprecated options and updates event handling for file matching, improving maintainability and compatibility.

* Update sourceMappingURL in htmlhint.js

The sourceMappingURL comment at the end of dist/cli/htmlhint.js was updated, likely reflecting a new or rebuilt source map. No other code changes were made.

* Update sarif.sarif

Bump @typescript-eslint/eslint-plugin and @typescript-eslint/parser to 8.44.0, and rollup to 4.50.2 in package.json and package-lock.json. Update Node.js version in Volta config to 20.19.5. Change Dependabot update interval from weekly to monthly for npm and GitHub Actions.

Add 'Why this rule is important' sections to rule docs

Added explanations to multiple rule documentation files describing the importance of each rule, along with further reading links where relevant. Also updated some headings for consistency.

Update further reading links to use markdown format

Replaced plain angle-bracketed URLs with markdown link syntax in the 'Further reading' sections of doctype-html5, frame-title-require, and main-require rule documentation for improved readability.

Update spec-char-escape.mdx

Update id-class-ad-disabled.mdx