fix(docs): sync version templates with current documentation

[rafaelpereyra]

The version_template_manager only matched the exact current version when converting docs to templates. This meant any doc edits between releases were lost when templates were regenerated during a release (the template still had the old content). Fix the template manager to match ANY v3.x.y semver pattern using regex groups, then regenerate all templates from the current docs. This ensures the inline suppressions docs, GHAS section, Homebrew instructions, and other recent additions are preserved across releases.

Issue #, if available:

Description of changes:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[github-actions]

ASH Security Scan Report

• Report generated: 2026-05-11T17:06:48+00:00
• Time since scan: 1 minute

Scan Metadata

• Project: ASH
• Scan executed: 2026-05-11T17:04:59+00:00
• ASH version: 3.4.1

Summary

Scanner Results

The table below shows findings by scanner, with status based on severity thresholds and dependencies:

• Severity levels:
  • Suppressed (S): Findings that have been explicitly suppressed and don't affect scanner status
  • Critical (C): Highest severity findings that require immediate attention
  • High (H): Serious findings that should be addressed soon
  • Medium (M): Moderate risk findings
  • Low (L): Lower risk findings
  • Info (I): Informational findings with minimal risk
• Duration (Time): Time taken by the scanner to complete its execution
• Actionable: Number of findings at or above the threshold severity level that require attention
• Result:
  • PASSED = No findings at or above threshold
  • FAILED = Findings at or above threshold
  • MISSING = Required dependencies not available
  • SKIPPED = Scanner explicitly disabled
  • ERROR = Scanner execution error
• Threshold: The minimum severity level that will cause a scanner to fail
  • Thresholds: ALL, LOW, MEDIUM, HIGH, CRITICAL
  • Source: Values in parentheses indicate where the threshold is set:
    • global (global_settings section in the ASH_CONFIG used)
    • config (scanner config section in the ASH_CONFIG used)
    • scanner (default configuration in the plugin, if explicitly set)
• Statistics calculation:
  • All statistics are calculated from the final aggregated SARIF report
  • Suppressed findings are counted separately and do not contribute to actionable findings
  • Scanner status is determined by comparing actionable findings to the threshold

Scanner	Suppressed	Critical	High	Medium	Low	Info	Actionable	Result	Threshold
bandit	0	0	0	0	0	0	0	PASSED	MEDIUM (global)
cdk-nag	0	0	0	0	0	0	0	MISSING	MEDIUM (global)
cfn-nag	0	0	0	0	0	0	0	MISSING	MEDIUM (global)
checkov	3	0	0	0	0	0	0	PASSED	LOW (config)
detect-secrets	17	0	0	0	0	0	0	PASSED	MEDIUM (global)
grype	0	0	0	0	0	0	0	PASSED	MEDIUM (global)
npm-audit	0	0	0	0	0	0	0	PASSED	MEDIUM (global)
opengrep	7	0	0	0	0	0	0	PASSED	MEDIUM (global)
semgrep	7	0	0	0	0	0	0	PASSED	MEDIUM (global)
syft	0	0	0	0	0	0	0	PASSED	MEDIUM (global)

---

Report generated by Automated Security Helper (ASH) at 2026-05-11T17:06:48+00:00