Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.1.1 to 3.2.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/56337c425554a6be30cdef71bf441f15be286854...17f8bd926464a1afa4c6a11669539e9c1ba77048

)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Blog: clean up styling, add banner for guest posts

Add a "views expressed disclaimer" on guest posts.

Clean up the styling of blog posts:
- Smaller header with white background.
- Format the date to look a bit nicer.
Signed-off-by: Mark Lodato <lodato@google.com>

Add SLSA + SBOM blogpost

Signed-off-by: Brandon Lum <lumjjb@gmail.com>

Update build-model diagram to match visual style

Reimplement the diagram in Figma and use the same visual style as the
other supply chain diagrams.
Signed-off-by: Mark Lodato <lodato@google.com>

Bump github-pages from 225 to 226 in /docs

Bumps [github-pages](https://github.com/github/pages-gem) from 225 to 226.
- [Release notes](https://github.com/github/pages-gem/releases)
- [Commits](https://github.com/github/pages-gem/compare/v225...v226

)

---
updated-dependencies:
- dependency-name: github-pages
  dependency-type: direct:development
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>

Make the diagrams easier to edit

dependabot: fix bundler, decrease freq to weekly

Signed-off-by: Mark Lodato <lodato@google.com>

Our Gemfile is in the docs directory, not the root directory.

Decrease all the frequencies to weekly (not daily) to slightly reduce
the amount of PR spam we get.
Signed-off-by: Mark Lodato <lodato@google.com>

Bump actions/checkout from 3.0.0 to 3.0.2

Signed-off-by: Mark Lodato <lodato@google.com>

Signed-off-by: Mark Lodato <lodato@google.com>

We don't need these anymore now that we use Google Web Fonts
exclusively.
Signed-off-by: Mark Lodato <lodato@google.com>

Use Google Web Font (Inter, Arimo) instead of custom alternatives
(Prodigy Sans, Arial) to allow easier edits. Visually it's very similar.

Rename "bad dependency" to "risky dependency" as per #347.

Update Figma file to match SVG (remove drop shadow, use non-oval shape
for Build, fix alignment).
Signed-off-by: Mark Lodato <lodato@google.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.0 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/a12a3943b4bdde767164f792f33f40b04645d846...2541b1294d2704b0964813337f33b291d3f8596b

)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Update Gemfile.lock

Fix lint error on blog post

Signed-off-by: Mark Lodato <lodato@google.com>

Signed-off-by: Mark Lodato <lodato@google.com>

Signed-off-by: Thomas Owens <thomas.j.owens@gmail.com>

Add blog post: SLSA is no free lunch

Co-authored-by: Kim Lewandowski <kim.m.lewandowski@gmail.com>

Signed-off-by: Michael Lieberman <mlieberman85@gmail.com>

Co-authored-by: Kim Lewandowski <kim.m.lewandowski@gmail.com>
Signed-off-by: Michael Lieberman <mlieberman85@gmail.com>

This is a blog post trying to clear up any confusion on some
common use cases for SLSA as well as what SLSA doesn't cover and
is currently out of scope.
Signed-off-by: Michael Lieberman <mlieberman85@gmail.com>

Signed-off-by: Thomas Owens <thomas.j.owens@gmail.com>

Signed-off-by: Thomas Owens <thomas.j.owens@gmail.com>

Addresses vulnerablities in Nokogiri.
Signed-off-by: Mark Lodato <lodato@google.com>

Fix "Change history" rendering of VSA page

Improve CSS on blog post pages.

Signed-off-by: Thomas Owens <thomas.j.owens@gmail.com>

Signed-off-by: Thomas Owens <thomas.j.owens@gmail.com>