Changelog for Release server-2022-03-01 (#7659 )

* Update Changelog Co-authored-by: release[bot] <actions@users.noreply.github.com> Co-authored-by: chris48s <chris48s@users.noreply.github.com>
Add [Conan] version service (#7460 )
2022-03-02 20:38:40 +00:00 · 2022-03-01 06:08:45 +00:00 · 2022-02-28 23:50:19 -06:00 · 2022-02-27 22:28:49 +00:00 · 2022-02-27 22:22:31 +00:00 · 2022-02-27 22:14:14 +00:00
337 changed files with 14601 additions and 14487 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -6,7 +6,9 @@ main_steps: &main_steps

    - run:
        name: Install dependencies
-        command: npm ci
+        command: |
+          npm install --dry-run
+          npm ci
        environment:
          # https://docs.cypress.io/guides/getting-started/installing-cypress.html#Skipping-installation
          # We don't need to install the Cypress binary in jobs that aren't actually running Cypress.
@@ -47,7 +49,9 @@ integration_steps: &integration_steps

    - run:
        name: Install dependencies
-        command: npm ci
+        command: |
+          npm install --dry-run
+          npm ci
        environment:
          CYPRESS_INSTALL_BINARY: 0

@@ -68,7 +72,9 @@ services_steps: &services_steps

    - run:
        name: Install dependencies
-        command: npm ci
+        command: |
+          npm install --dry-run
+          npm ci
        environment:
          CYPRESS_INSTALL_BINARY: 0

@@ -137,33 +143,39 @@ package_steps: &package_steps
 jobs:
  main:
    docker:
-      - image: circleci/node:14
+      - image: circleci/node:16
+        environment:
+          NPM_CONFIG_ENGINE_STRICT: 'true'
+          NPM_CONFIG_STRICT_PEER_DEPS: 'true'

    <<: *main_steps

-  main@node-16:
+  main@node-17:
    docker:
-      - image: circleci/node:16
+      - image: circleci/node:17

    <<: *main_steps

  integration:
    docker:
-      - image: circleci/node:14
+      - image: circleci/node:16
+        environment:
+          NPM_CONFIG_ENGINE_STRICT: 'true'
+          NPM_CONFIG_STRICT_PEER_DEPS: 'true'
      - image: redis

    <<: *integration_steps

-  integration@node-16:
+  integration@node-17:
    docker:
-      - image: circleci/node:16
+      - image: circleci/node:17
      - image: redis

    <<: *integration_steps

  danger:
    docker:
-      - image: circleci/node:14
+      - image: circleci/node:16
    steps:
      - checkout

@@ -183,13 +195,18 @@ jobs:

  frontend:
    docker:
-      - image: circleci/node:14
+      - image: circleci/node:16
+        environment:
+          NPM_CONFIG_ENGINE_STRICT: 'true'
+          NPM_CONFIG_STRICT_PEER_DEPS: 'true'
    steps:
      - checkout

      - run:
          name: Install dependencies
-          command: npm ci
+          command: |
+            npm install --dry-run
+            npm ci
          environment:
            CYPRESS_INSTALL_BINARY: 0

@@ -224,19 +241,25 @@ jobs:

  services:
    docker:
-      - image: circleci/node:14
+      - image: circleci/node:16
+        environment:
+          NPM_CONFIG_ENGINE_STRICT: 'true'
+          NPM_CONFIG_STRICT_PEER_DEPS: 'true'

    <<: *services_steps

-  services@node-16:
+  services@node-17:
    docker:
-      - image: circleci/node:16
+      - image: circleci/node:17

    <<: *services_steps

  e2e:
    docker:
-      - image: cypress/base:14.16.0
+      - image: cypress/base:16.13.0
+        environment:
+          NPM_CONFIG_ENGINE_STRICT: 'true'
+          NPM_CONFIG_STRICT_PEER_DEPS: 'true'
    steps:
      - checkout

@@ -247,7 +270,9 @@ jobs:

      - run:
          name: Install dependencies
-          command: npm ci
+          command: |
+            npm install --dry-run
+            npm ci

      - run:
          name: Frontend build
@@ -285,11 +310,11 @@ workflows:
          filters:
            branches:
              ignore: gh-pages
-      - main@node-16:
+      - main@node-17:
          filters:
            branches:
              ignore: gh-pages
-      - integration@node-16:
+      - integration@node-17:
          filters:
            branches:
              ignore: gh-pages
@@ -307,7 +332,7 @@ workflows:
              ignore:
                - master
                - gh-pages
-      - services@node-16:
+      - services@node-17:
          filters:
            branches:
              ignore:
--- a/.github/ISSUE_TEMPLATE/2_Failing_service_test.md
+++ b/.github/ISSUE_TEMPLATE/2_Failing_service_test.md
@@ -22,7 +22,7 @@ labels: 'keep-service-tests-green'

 <!-- Provide a link to the failing test in CircleCI. -->

-:beetle: **Stack trace**
+:lady_beetle: **Stack trace**

 ```
 <!-- Provide the complete stack trace from the CircleCI test summary. -->
--- a/.github/actions/close-bot/helpers.js
+++ b/.github/actions/close-bot/helpers.js
@@ -56,6 +56,12 @@ function isPointlessVersionBump(body) {
      line => !line.startsWith('See <a href="https://conventionalcommits.org">')
    )
    .filter(line => !line.startsWith('<!--'))
+    .filter(
+      line =>
+        !line.startsWith(
+          '<p><a href="https://www.gatsbyjs.com/docs/reference/release-notes/'
+        )
+    )
  return allChangelogLinesAreVersionBump(changelogLines)
 }

--- a/.github/actions/close-bot/package-lock.json
+++ b/.github/actions/close-bot/package-lock.json
@@ -9,14 +9,17 @@
      "version": "0.0.0",
      "license": "CC0",
      "dependencies": {
-        "@actions/core": "^1.5.0",
+        "@actions/core": "^1.6.0",
        "@actions/github": "^5.0.0"
      }
    },
    "node_modules/@actions/core": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.5.0.tgz",
-      "integrity": "sha512-eDOLH1Nq9zh+PJlYLqEMkS/jLQxhksPNmUGNBHfa4G+tQmnIhzpctxmchETtVGyBOvXgOVVpYuE40+eS4cUnwQ=="
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.6.0.tgz",
+      "integrity": "sha512-NB1UAZomZlCV/LmJqkLhNTqtKfFXJZAUPcfl/zqG7EfsQdeUJtaWO98SGbuQ3pydJ3fHl2CvI/51OKYlCYYcaw==",
+      "dependencies": {
+        "@actions/http-client": "^1.0.11"
+      }
    },
    "node_modules/@actions/github": {
      "version": "5.0.0",
@@ -157,11 +160,22 @@
      }
    },
    "node_modules/node-fetch": {
-      "version": "2.6.1",
-      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz",
-      "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==",
+      "version": "2.6.7",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz",
+      "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==",
+      "dependencies": {
+        "whatwg-url": "^5.0.0"
+      },
      "engines": {
        "node": "4.x || >=6.0.0"
+      },
+      "peerDependencies": {
+        "encoding": "^0.1.0"
+      },
+      "peerDependenciesMeta": {
+        "encoding": {
+          "optional": true
+        }
      }
    },
    "node_modules/once": {
@@ -172,6 +186,11 @@
        "wrappy": "1"
      }
    },
+    "node_modules/tr46": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
+      "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o="
+    },
    "node_modules/tunnel": {
      "version": "0.0.6",
      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
@@ -185,6 +204,20 @@
      "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",
      "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w=="
    },
+    "node_modules/webidl-conversions": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
+      "integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE="
+    },
+    "node_modules/whatwg-url": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
+      "integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=",
+      "dependencies": {
+        "tr46": "~0.0.3",
+        "webidl-conversions": "^3.0.0"
+      }
+    },
    "node_modules/wrappy": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
@@ -193,9 +226,12 @@
  },
  "dependencies": {
    "@actions/core": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.5.0.tgz",
-      "integrity": "sha512-eDOLH1Nq9zh+PJlYLqEMkS/jLQxhksPNmUGNBHfa4G+tQmnIhzpctxmchETtVGyBOvXgOVVpYuE40+eS4cUnwQ=="
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.6.0.tgz",
+      "integrity": "sha512-NB1UAZomZlCV/LmJqkLhNTqtKfFXJZAUPcfl/zqG7EfsQdeUJtaWO98SGbuQ3pydJ3fHl2CvI/51OKYlCYYcaw==",
+      "requires": {
+        "@actions/http-client": "^1.0.11"
+      }
    },
    "@actions/github": {
      "version": "5.0.0",
@@ -327,9 +363,12 @@
      "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q=="
    },
    "node-fetch": {
-      "version": "2.6.1",
-      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz",
-      "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw=="
+      "version": "2.6.7",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz",
+      "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==",
+      "requires": {
+        "whatwg-url": "^5.0.0"
+      }
    },
    "once": {
      "version": "1.4.0",
@@ -339,6 +378,11 @@
        "wrappy": "1"
      }
    },
+    "tr46": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
+      "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o="
+    },
    "tunnel": {
      "version": "0.0.6",
      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
@@ -349,6 +393,20 @@
      "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",
      "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w=="
    },
+    "webidl-conversions": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
+      "integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE="
+    },
+    "whatwg-url": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
+      "integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=",
+      "requires": {
+        "tr46": "~0.0.3",
+        "webidl-conversions": "^3.0.0"
+      }
+    },
    "wrappy": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
--- a/.github/actions/close-bot/package.json
+++ b/.github/actions/close-bot/package.json
@@ -10,7 +10,7 @@
  "author": "chris48s",
  "license": "CC0",
  "dependencies": {
-    "@actions/core": "^1.5.0",
+    "@actions/core": "^1.6.0",
    "@actions/github": "^5.0.0"
  }
 }
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -8,6 +8,16 @@ updates:
      day: friday
      time: '12:00'
    open-pull-requests-limit: 99
+    ignore:
+      # https://github.com/badges/shields/issues/7324
+      # https://github.com/badges/shields/issues/7447
+      # we're stuck with these versions until Safari is compatible with lookbehind regex syntax
+      # https://caniuse.com/js-regexp-lookbehind
+      - dependency-name: 'decamelize'
+      - dependency-name: 'humanize-string'
+
+      # https://github.com/badges/shields/pull/7288#issuecomment-974699240
+      - dependency-name: '@types/node'

  # badge-maker package dependencies
  - package-ecosystem: npm
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -12,9 +12,14 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1

+      - name: Set Git Short SHA
+        run: echo "SHORT_SHA=${GITHUB_SHA::7}" >> $GITHUB_ENV
+
      - name: Build
        uses: docker/build-push-action@v2
        with:
          context: .
          push: false
          tags: shieldsio/shields:pr-validation
+          build-args: |
+            version=${{ env.SHORT_SHA }}
--- a/.github/workflows/create-release.yml
+++ b/.github/workflows/create-release.yml
@@ -45,3 +45,5 @@ jobs:
          context: .
          push: true
          tags: shieldsio/shields:server-${{ steps.date.outputs.date }}
+          build-args: |
+            version=server-${{ steps.date.outputs.date }}
--- a/.github/workflows/publish-docker-next.yml
+++ b/.github/workflows/publish-docker-next.yml
@@ -20,9 +20,14 @@ jobs:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

+      - name: Set Git Short SHA
+        run: echo "SHORT_SHA=${GITHUB_SHA::7}" >> $GITHUB_ENV
+
      - name: Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          push: true
          tags: shieldsio/shields:next
+          build-args: |
+            version=${{ env.SHORT_SHA }}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,86 @@ Note: this changelog is for the shields.io server. The changelog for the badge-m

 ---

+## server-2022-03-01
+
+- Add [Conan] version service (#7460)
+- remove suspended [github] tokens from the pool [#7654](https://github.com/badges/shields/issues/7654)
+- generate links without trailing : if port not set [#7655](https://github.com/badges/shields/issues/7655)
+- Use the latest build status when checking docs.rs [#7613](https://github.com/badges/shields/issues/7613)
+- Remove no download handling and add API warning to [Wordpress] badges [#7606](https://github.com/badges/shields/issues/7606)
+- set a higher default cacheLength on rating/star category [#7587](https://github.com/badges/shields/issues/7587)
+- Update [amo] to use v4 API, set custom `cacheLength`s [#7586](https://github.com/badges/shields/issues/7586)
+- fix(amo): include trailing slash in API call [#7585](https://github.com/badges/shields/issues/7585)
+- fix docker image user agent [#7582](https://github.com/badges/shields/issues/7582)
+- Delete deprecated Codetally and continuousphp services [#7572](https://github.com/badges/shields/issues/7572)
+- Deprecate [Requires] service [#7571](https://github.com/badges/shields/issues/7571)
+- [AUR] Fix RPC URL [#7570](https://github.com/badges/shields/issues/7570)
+- Dependency updates
+
+## server-2022-02-01
+
+- [Depfu] Add support for Gitlab [#7475](https://github.com/badges/shields/issues/7475)
+- replace label in hn-user-karma with U/ [#7500](https://github.com/badges/shields/issues/7500)
+- Support [Feedz] response with multiple pages without items [#7476](https://github.com/badges/shields/issues/7476)
+- revert decamelize and humanize-string to old versions [#7449](https://github.com/badges/shields/issues/7449)
+- Dependency updates
+
+## server-2022-01-01
+
+- minor [reddit] improvements [#7436](https://github.com/badges/shields/issues/7436)
+- [HackerNews] Show User Karma [#7411](https://github.com/badges/shields/issues/7411)
+- [YouTube] Drop support for removed dislikes [#7410](https://github.com/badges/shields/issues/7410)
+- change closed GitHub issue color to purple [#7374](https://github.com/badges/shields/issues/7374)
+- restore cors header injection from #4171 [#4255](https://github.com/badges/shields/issues/4255)
+- [GithubPackageJson] Get version from monorepo subfolder package.json [#7350](https://github.com/badges/shields/issues/7350)
+- Dependency updates
+
+## server-2021-12-01
+
+- Send better user-agent values [#7309](https://github.com/badges/shields/issues/7309)
+  Self-hosting users now send a user agent which indicates the server version and starts `shields (self-hosted)/` by default.
+  This can be configured using the env var `USER_AGENT_BASE`
+- upgrade to node 16 [#7271](https://github.com/badges/shields/issues/7271)
+- feat: deprecate dependabot badges [#7274](https://github.com/badges/shields/issues/7274)
+- fix: npmversion tagged service test [#7269](https://github.com/badges/shields/issues/7269)
+- feat: create new Test Results category [#7218](https://github.com/badges/shields/issues/7218)
+- Migration from Request to Got for all HTTP requests is completed in this release
+- Dependency updates
+
+## server-2021-11-04
+
+- migrate regularUpdate() from request-->got [#7215](https://github.com/badges/shields/issues/7215)
+- migrate github badges to use got instead of request; affects [github librariesio] [#7212](https://github.com/badges/shields/issues/7212)
+- deprecate David badges [#7197](https://github.com/badges/shields/issues/7197)
+- fix: ensure libraries.io header values are processed numerically [#7196](https://github.com/badges/shields/issues/7196)
+- Add authentication for Libraries.io-based badges, run [Libraries Bower] [#7080](https://github.com/badges/shields/issues/7080)
+- fixes and tests for pipenv helpers [#7194](https://github.com/badges/shields/issues/7194)
+- add GitLab Release badge, run all [GitLab] [#7021](https://github.com/badges/shields/issues/7021)
+- set content-length header on badge responses [#7179](https://github.com/badges/shields/issues/7179)
+- fix [github] release/tag/download schema [#7170](https://github.com/badges/shields/issues/7170)
+- Supported nested groups on [GitLabPipeline] badge [#7159](https://github.com/badges/shields/issues/7159)
+- Support nested groups on [GitLabTag] badge [#7158](https://github.com/badges/shields/issues/7158)
+- Fixing incorrect JetBrains Plugin rating values for [JetBrainsRating] [#7140](https://github.com/badges/shields/issues/7140)
+- support using release or tag name in [GitHub] Release version badge [#7075](https://github.com/badges/shields/issues/7075)
+- feat: support branches in sonar badges [#7065](https://github.com/badges/shields/issues/7065)
+- Add [Modrinth] total downloads badge [#7132](https://github.com/badges/shields/issues/7132)
+- remove [github] admin routes [#7105](https://github.com/badges/shields/issues/7105)
+- Dependency updates
+
+## server-2021-10-04
+
+- feat: add 2021 support to GitHub Hacktoberfest [#7086](https://github.com/badges/shields/issues/7086)
+- Add [ClearlyDefined] service [#6944](https://github.com/badges/shields/issues/6944)
+- handle null licenses in crates.io response schema, run [crates] [#7074](https://github.com/badges/shields/issues/7074)
+- [OBS] add Open Build Service service-badge [#6993](https://github.com/badges/shields/issues/6993)
+- Correction of badges url in self-hosting configuration with a custom port. Issue 7025 [#7036](https://github.com/badges/shields/issues/7036)
+- fix: support gitlab token via env var [#7023](https://github.com/badges/shields/issues/7023)
+- Add API-based support for [GitLab] badges, add new GitLab Tag badge [#6988](https://github.com/badges/shields/issues/6988)
+- [freecodecamp]: allow + symbol in username [#7016](https://github.com/badges/shields/issues/7016)
+- Rename Riot to Element in Matrix badge help [#6996](https://github.com/badges/shields/issues/6996)
+- Fixed Reddit Negative Karma Issue [#6992](https://github.com/badges/shields/issues/6992)
+- Dependency updates
+
 ## server-2021-09-01

 - use multi-stage build to reduce size of docker images [#6938](https://github.com/badges/shields/issues/6938)
--- a/9
+++ b/9
@@ -1,4 +1,4 @@
-FROM node:14-alpine AS Builder
+FROM node:16-alpine AS Builder

 RUN mkdir -p /usr/src/app
 RUN mkdir /usr/src/app/private
@@ -8,6 +8,7 @@ COPY package.json package-lock.json /usr/src/app/
 # Without the badge-maker package.json and CLI script in place, `npm ci` will fail.
 COPY badge-maker /usr/src/app/badge-maker/

+RUN apk add python3 make g++
 RUN npm install -g "npm@>=7"
 # We need dev deps to build the front end. We don't need Cypress, though.
 RUN NODE_ENV=development CYPRESS_INSTALL_BINARY=0 npm ci
@@ -18,7 +19,11 @@ RUN npm prune --production
 RUN npm cache clean --force

 # Use multi-stage build to reduce size
-FROM node:14-alpine
+FROM node:16-alpine
+
+ARG version=dev
+ENV DOCKER_SHIELDS_VERSION=$version
+
 # Run the server using production configs.
 ENV NODE_ENV production

--- a/README.md
+++ b/README.md
@@ -101,8 +101,8 @@ You can read a [tutorial on how to add a badge][tutorial].

 ## Development

-1. Install Node 14 or later. You can use the [package manager][] of your choice.
-   Tests need to pass in Node 14 and 16.
+1. Install Node 16 or later. You can use the [package manager][] of your choice.
+   Tests need to pass in Node 16 and 17.
 2. Clone this repository.
 3. Run `npm ci` to install the dependencies.
 4. Run `npm start` to start the badge server and the frontend dev server.
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -7,10 +7,10 @@ Please follow this guidance when reporting security issues affecting:
 - [Shields.io](https://shields.io)
 - [Raster.shields.io](https://raster.shields.io)
 - Self-hosted Shields instances
- The [svg-to-image-proxy](https://www.npmjs.com/package/svg-to-image-proxy) NPM package
+- The [squint](https://github.com/badges/squint) raster proxy
 - The [badge-maker](https://www.npmjs.com/package/badge-maker) NPM package

-The [gh-badges](https://www.npmjs.com/package/gh-badges) NPM package is now deprecated and will no longer receive fixes for bugs or security issues.
+The [gh-badges](https://www.npmjs.com/package/gh-badges) and [svg-to-image-proxy](https://www.npmjs.com/package/svg-to-image-proxy) NPM packages are now deprecated and will no longer receive fixes for bugs or security issues.

 ## Reporting a Vulnerability

--- a/badge-maker/lib/xml.js
+++ b/badge-maker/lib/xml.js
@@ -33,7 +33,7 @@ class XmlElement {
   * @param {object} attrs Refer to individual attrs
   * @param {string} attrs.name
   *    Name of the XML tag
-   * @param {Array.<string|module:badge-maker/lib/xml-element~XmlElement>} [attrs.content=[]]
+   * @param {Array.<string|module:badge-maker/lib/xml~XmlElement>} [attrs.content=[]]
   *    Array of objects to render inside the tag. content may contain a mix of
   *    string and XmlElement objects. If content is `[]` or ommitted the
   *    element will be rendered as a self-closing element.
--- a/config/custom-environment-variables.yml
+++ b/config/custom-environment-variables.yml
@@ -50,6 +50,8 @@ public:
      authorizedOrigins: 'NEXUS_ORIGINS'
    npm:
      authorizedOrigins: 'NPM_ORIGINS'
+    obs:
+      authorizedOrigins: 'OBS_ORIGINS'
    sonar:
      authorizedOrigins: 'SONAR_ORIGINS'
    teamcity:
@@ -62,6 +64,7 @@ public:
    defaultCacheLengthSeconds: 'BADGE_MAX_AGE_SECONDS'

  fetchLimit: 'FETCH_LIMIT'
+  userAgentBase: 'USER_AGENT_BASE'

  requestTimeoutSeconds: 'REQUEST_TIMEOUT_SECONDS'
  requestTimeoutMaxAgeSeconds: 'REQUEST_TIMEOUT_MAX_AGE_SECONDS'
@@ -84,12 +87,14 @@ private:
  jenkins_pass: 'JENKINS_PASS'
  jira_user: 'JIRA_USER'
  jira_pass: 'JIRA_PASS'
+  librariesio_tokens: 'LIBRARIESIO_TOKENS'
  nexus_user: 'NEXUS_USER'
  nexus_pass: 'NEXUS_PASS'
  npm_token: 'NPM_TOKEN'
+  obs_user: 'OBS_USER'
+  obs_pass: 'OBS_PASS'
  redis_url: 'REDIS_URL'
  sentry_dsn: 'SENTRY_DSN'
-  shields_secret: 'SHIELDS_SECRET'
  sl_insight_userUuid: 'SL_INSIGHT_USER_UUID'
  sl_insight_apiToken: 'SL_INSIGHT_API_TOKEN'
  sonarqube_token: 'SONARQUBE_TOKEN'
--- a/config/default.yml
+++ b/config/default.yml
@@ -22,6 +22,8 @@ public:
      debug:
        enabled: false
        intervalSeconds: 200
+    obs:
+      authorizedOrigins: 'https://api.opensuse.org'
    weblate:
      authorizedOrigins: 'https://hosted.weblate.org'
    trace: false
@@ -32,6 +34,7 @@ public:
  handleInternalErrors: true

  fetchLimit: '10MB'
+  userAgentBase: 'shields (self-hosted)'

  requestTimeoutSeconds: 120
  requestTimeoutMaxAgeSeconds: 30
--- a/config/local.template.yml
+++ b/config/local.template.yml
@@ -6,6 +6,8 @@ private:
  # preferable for self hosting.
  gh_token: '...'
  gitlab_token: '...'
+  obs_user: '...'
+  obs_pass: '...'
  twitch_client_id: '...'
  twitch_client_secret: '...'
  weblate_api_key: '...'
--- a/core/base-service/auth-helper.js
+++ b/core/base-service/auth-helper.js
@@ -74,7 +74,7 @@ class AuthHelper {
  }

  static _isInsecureSslRequest({ options = {} }) {
-    const { strictSSL = true } = options
+    const strictSSL = options?.https?.rejectUnauthorized ?? true
    return strictSSL !== true
  }

@@ -107,8 +107,10 @@ class AuthHelper {
  }

  get _basicAuth() {
-    const { _user: user, _pass: pass } = this
-    return this.isConfigured ? { user, pass } : undefined
+    const { _user: username, _pass: password } = this
+    return this.isConfigured
+      ? { username: username || '', password: password || '' }
+      : undefined
  }

  /*
@@ -131,7 +133,7 @@ class AuthHelper {
    const { options, ...rest } = requestParams
    return {
      options: {
-        auth,
+        ...auth,
        ...options,
      },
      ...rest,
@@ -181,11 +183,13 @@ class AuthHelper {
  }

  static _mergeQueryParams(requestParams, query) {
-    const { options: { qs: existingQuery, ...restOptions } = {}, ...rest } =
-      requestParams
+    const {
+      options: { searchParams: existingQuery, ...restOptions } = {},
+      ...rest
+    } = requestParams
    return {
      options: {
-        qs: {
+        searchParams: {
          ...existingQuery,
          ...query,
        },
--- a/core/base-service/auth-helper.spec.js
+++ b/core/base-service/auth-helper.spec.js
@@ -104,14 +104,14 @@ describe('AuthHelper', function () {
          { userKey: 'myci_user', passKey: 'myci_pass' },
          { myci_user: 'admin', myci_pass: 'abc123' }
        ),
-      ]).expect({ user: 'admin', pass: 'abc123' })
+      ]).expect({ username: 'admin', password: 'abc123' })
      given({ userKey: 'myci_user' }, { myci_user: 'admin' }).expect({
-        user: 'admin',
-        pass: undefined,
+        username: 'admin',
+        password: '',
      })
      given({ passKey: 'myci_pass' }, { myci_pass: 'abc123' }).expect({
-        user: undefined,
-        pass: 'abc123',
+        username: '',
+        password: 'abc123',
      })
      given({ userKey: 'myci_user', passKey: 'myci_pass' }, {}).expect(
        undefined
@@ -120,8 +120,8 @@ describe('AuthHelper', function () {
        { passKey: 'myci_pass', defaultToEmptyStringForUser: true },
        { myci_pass: 'abc123' }
      ).expect({
-        user: '',
-        pass: 'abc123',
+        username: '',
+        password: 'abc123',
      })
    })
  })
@@ -131,15 +131,18 @@ describe('AuthHelper', function () {
      forCases([
        given({ url: 'http://example.test' }),
        given({ url: 'http://example.test', options: {} }),
-        given({ url: 'http://example.test', options: { strictSSL: true } }),
        given({
          url: 'http://example.test',
-          options: { strictSSL: undefined },
+          options: { https: { rejectUnauthorized: true } },
+        }),
+        given({
+          url: 'http://example.test',
+          options: { https: { rejectUnauthorized: undefined } },
        }),
      ]).expect(false)
      given({
        url: 'http://example.test',
-        options: { strictSSL: false },
+        options: { https: { rejectUnauthorized: false } },
      }).expect(true)
    })
  })
@@ -163,7 +166,9 @@ describe('AuthHelper', function () {
      })
      it('throws for insecure requests', function () {
        expect(() =>
-          authHelper.enforceStrictSsl({ options: { strictSSL: false } })
+          authHelper.enforceStrictSsl({
+            options: { https: { rejectUnauthorized: false } },
+          })
        ).to.throw(InvalidParameter)
      })
    })
@@ -185,7 +190,9 @@ describe('AuthHelper', function () {
      })
      it('does not throw for insecure requests', function () {
        expect(() =>
-          authHelper.enforceStrictSsl({ options: { strictSSL: false } })
+          authHelper.enforceStrictSsl({
+            options: { https: { rejectUnauthorized: false } },
+          })
        ).not.to.throw()
      })
    })
@@ -220,7 +227,7 @@ describe('AuthHelper', function () {
        test(shouldAuthenticateRequest, () => {
          given({
            url: 'https://myci.test/api',
-            options: { strictSSL: false },
+            options: { https: { rejectUnauthorized: false } },
          }).expect(false)
        })
      })
@@ -258,7 +265,7 @@ describe('AuthHelper', function () {
        test(shouldAuthenticateRequest, () => {
          given({
            url: 'https://myci.test',
-            options: { strictSSL: false },
+            options: { https: { rejectUnauthorized: false } },
          }).expect(true)
        })
      })
@@ -323,7 +330,8 @@ describe('AuthHelper', function () {
        }).expect({
          url: 'https://myci.test/api',
          options: {
-            auth: { user: 'admin', pass: 'abc123' },
+            username: 'admin',
+            password: 'abc123',
          },
        })
        given({
@@ -335,7 +343,8 @@ describe('AuthHelper', function () {
          url: 'https://myci.test/api',
          options: {
            headers: { Accept: 'application/json' },
-            auth: { user: 'admin', pass: 'abc123' },
+            username: 'admin',
+            password: 'abc123',
          },
        })
      })
@@ -366,7 +375,7 @@ describe('AuthHelper', function () {
      expect(() =>
        withBasicAuth({
          url: 'https://myci.test/api',
-          options: { strictSSL: false },
+          options: { https: { rejectUnauthorized: false } },
        })
      ).to.throw(InvalidParameter)
    })
--- a/core/base-service/base-graphql.js
+++ b/core/base-service/base-graphql.js
@@ -38,8 +38,8 @@ class BaseGraphqlService extends BaseService {
   *    representing the query clause of GraphQL POST body
   *    e.g. gql`{ query { ... } }`
   * @param {object} attrs.variables Variables clause of GraphQL POST body
-   * @param {object} [attrs.options={}] Options to pass to request. See
-   *    [documentation](https://github.com/request/request#requestoptions-callback)
+   * @param {object} [attrs.options={}] Options to pass to got. See
+   *    [documentation](https://github.com/sindresorhus/got/blob/main/documentation/2-options.md)
   * @param {object} [attrs.httpErrorMessages={}] Key-value map of HTTP status codes
   *    and custom error messages e.g: `{ 404: 'package not found' }`.
   *    This can be used to extend or override the
@@ -53,7 +53,7 @@ class BaseGraphqlService extends BaseService {
   *    The default is to return the first entry of the `errors` array as
   *    an InvalidResponse.
   * @returns {object} Parsed response
-   * @see https://github.com/request/request#requestoptions-callback
+   * @see https://github.com/sindresorhus/got/blob/main/documentation/2-options.md
   */
  async _requestGraphql({
    schema,
--- a/core/base-service/base-graphql.spec.js
+++ b/core/base-service/base-graphql.spec.js
@@ -29,9 +29,9 @@ class DummyGraphqlService extends BaseGraphqlService {

 describe('BaseGraphqlService', function () {
  describe('Making requests', function () {
-    let sendAndCacheRequest
+    let requestFetcher
    beforeEach(function () {
-      sendAndCacheRequest = sinon.stub().returns(
+      requestFetcher = sinon.stub().returns(
        Promise.resolve({
          buffer: '{"some": "json"}',
          res: { statusCode: 200 },
@@ -39,13 +39,13 @@ describe('BaseGraphqlService', function () {
      )
    })

-    it('invokes _sendAndCacheRequest', async function () {
+    it('invokes _requestFetcher', async function () {
      await DummyGraphqlService.invoke(
-        { sendAndCacheRequest },
+        { requestFetcher },
        { handleInternalErrors: false }
      )

-      expect(sendAndCacheRequest).to.have.been.calledOnceWith(
+      expect(requestFetcher).to.have.been.calledOnceWith(
        'http://example.com/graphql',
        {
          body: '{"query":"{\\n  requiredString\\n}\\n","variables":{}}',
@@ -55,7 +55,7 @@ describe('BaseGraphqlService', function () {
      )
    })

-    it('forwards options to _sendAndCacheRequest', async function () {
+    it('forwards options to _requestFetcher', async function () {
      class WithOptions extends DummyGraphqlService {
        async handle() {
          const { value } = await this._requestGraphql({
@@ -66,24 +66,24 @@ describe('BaseGraphqlService', function () {
                requiredString
              }
            `,
-            options: { qs: { queryParam: 123 } },
+            options: { searchParams: { queryParam: 123 } },
          })
          return { message: value }
        }
      }

      await WithOptions.invoke(
-        { sendAndCacheRequest },
+        { requestFetcher },
        { handleInternalErrors: false }
      )

-      expect(sendAndCacheRequest).to.have.been.calledOnceWith(
+      expect(requestFetcher).to.have.been.calledOnceWith(
        'http://example.com/graphql',
        {
          body: '{"query":"{\\n  requiredString\\n}\\n","variables":{}}',
          headers: { Accept: 'application/json' },
          method: 'POST',
-          qs: { queryParam: 123 },
+          searchParams: { queryParam: 123 },
        }
      )
    })
@@ -91,13 +91,13 @@ describe('BaseGraphqlService', function () {

  describe('Making badges', function () {
    it('handles valid json responses', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: '{"requiredString": "some-string"}',
        res: { statusCode: 200 },
      })
      expect(
        await DummyGraphqlService.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
@@ -106,13 +106,13 @@ describe('BaseGraphqlService', function () {
    })

    it('handles json responses which do not match the schema', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: '{"unexpectedKey": "some-string"}',
        res: { statusCode: 200 },
      })
      expect(
        await DummyGraphqlService.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
@@ -123,13 +123,13 @@ describe('BaseGraphqlService', function () {
    })

    it('handles unparseable json responses', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: 'not json',
        res: { statusCode: 200 },
      })
      expect(
        await DummyGraphqlService.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
@@ -142,13 +142,13 @@ describe('BaseGraphqlService', function () {

  describe('Error handling', function () {
    it('handles generic error', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: '{ "errors": [ { "message": "oh noes!!" } ] }',
        res: { statusCode: 200 },
      })
      expect(
        await DummyGraphqlService.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
@@ -181,13 +181,13 @@ describe('BaseGraphqlService', function () {
        }
      }

-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: '{ "errors": [ { "message": "oh noes!!" } ] }',
        res: { statusCode: 200 },
      })
      expect(
        await WithErrorHandler.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
--- a/core/base-service/base-json.js
+++ b/core/base-service/base-json.js
@@ -28,14 +28,14 @@ class BaseJsonService extends BaseService {
   * @param {object} attrs Refer to individual attrs
   * @param {Joi} attrs.schema Joi schema to validate the response against
   * @param {string} attrs.url URL to request
-   * @param {object} [attrs.options={}] Options to pass to request. See
-   *    [documentation](https://github.com/request/request#requestoptions-callback)
+   * @param {object} [attrs.options={}] Options to pass to got. See
+   *    [documentation](https://github.com/sindresorhus/got/blob/main/documentation/2-options.md)
   * @param {object} [attrs.errorMessages={}] Key-value map of status codes
   *    and custom error messages e.g: `{ 404: 'package not found' }`.
   *    This can be used to extend or override the
   *    [default](https://github.com/badges/shields/blob/master/core/base-service/check-error-response.js#L5)
   * @returns {object} Parsed response
-   * @see https://github.com/request/request#requestoptions-callback
+   * @see https://github.com/sindresorhus/got/blob/main/documentation/2-options.md
   */
  async _requestJson({ schema, url, options = {}, errorMessages = {} }) {
    const mergedOptions = {
--- a/core/base-service/base-json.spec.js
+++ b/core/base-service/base-json.spec.js
@@ -22,9 +22,9 @@ class DummyJsonService extends BaseJsonService {

 describe('BaseJsonService', function () {
  describe('Making requests', function () {
-    let sendAndCacheRequest
+    let requestFetcher
    beforeEach(function () {
-      sendAndCacheRequest = sinon.stub().returns(
+      requestFetcher = sinon.stub().returns(
        Promise.resolve({
          buffer: '{"some": "json"}',
          res: { statusCode: 200 },
@@ -32,13 +32,13 @@ describe('BaseJsonService', function () {
      )
    })

-    it('invokes _sendAndCacheRequest', async function () {
+    it('invokes _requestFetcher', async function () {
      await DummyJsonService.invoke(
-        { sendAndCacheRequest },
+        { requestFetcher },
        { handleInternalErrors: false }
      )

-      expect(sendAndCacheRequest).to.have.been.calledOnceWith(
+      expect(requestFetcher).to.have.been.calledOnceWith(
        'http://example.com/foo.json',
        {
          headers: { Accept: 'application/json' },
@@ -46,29 +46,29 @@ describe('BaseJsonService', function () {
      )
    })

-    it('forwards options to _sendAndCacheRequest', async function () {
+    it('forwards options to _requestFetcher', async function () {
      class WithOptions extends DummyJsonService {
        async handle() {
          const { value } = await this._requestJson({
            schema: dummySchema,
            url: 'http://example.com/foo.json',
-            options: { method: 'POST', qs: { queryParam: 123 } },
+            options: { method: 'POST', searchParams: { queryParam: 123 } },
          })
          return { message: value }
        }
      }

      await WithOptions.invoke(
-        { sendAndCacheRequest },
+        { requestFetcher },
        { handleInternalErrors: false }
      )

-      expect(sendAndCacheRequest).to.have.been.calledOnceWith(
+      expect(requestFetcher).to.have.been.calledOnceWith(
        'http://example.com/foo.json',
        {
          headers: { Accept: 'application/json' },
          method: 'POST',
-          qs: { queryParam: 123 },
+          searchParams: { queryParam: 123 },
        }
      )
    })
@@ -76,13 +76,13 @@ describe('BaseJsonService', function () {

  describe('Making badges', function () {
    it('handles valid json responses', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: '{"requiredString": "some-string"}',
        res: { statusCode: 200 },
      })
      expect(
        await DummyJsonService.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
@@ -91,13 +91,13 @@ describe('BaseJsonService', function () {
    })

    it('handles json responses which do not match the schema', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: '{"unexpectedKey": "some-string"}',
        res: { statusCode: 200 },
      })
      expect(
        await DummyJsonService.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
@@ -108,13 +108,13 @@ describe('BaseJsonService', function () {
    })

    it('handles unparseable json responses', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: 'not json',
        res: { statusCode: 200 },
      })
      expect(
        await DummyJsonService.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
--- a/core/base-service/base-svg-scraping.js
+++ b/core/base-service/base-svg-scraping.js
@@ -51,14 +51,14 @@ class BaseSvgScrapingService extends BaseService {
   * @param {RegExp} attrs.valueMatcher
   *    RegExp to match the value we want to parse from the SVG
   * @param {string} attrs.url URL to request
-   * @param {object} [attrs.options={}] Options to pass to request. See
-   *    [documentation](https://github.com/request/request#requestoptions-callback)
+   * @param {object} [attrs.options={}] Options to pass to got. See
+   *    [documentation](https://github.com/sindresorhus/got/blob/main/documentation/2-options.md)
   * @param {object} [attrs.errorMessages={}] Key-value map of status codes
   *    and custom error messages e.g: `{ 404: 'package not found' }`.
   *    This can be used to extend or override the
   *    [default](https://github.com/badges/shields/blob/master/core/base-service/check-error-response.js#L5)
   * @returns {object} Parsed response
-   * @see https://github.com/request/request#requestoptions-callback
+   * @see https://github.com/sindresorhus/got/blob/main/documentation/2-options.md
   */
  async _requestSvg({
    schema,
--- a/core/base-service/base-svg-scraping.spec.js
+++ b/core/base-service/base-svg-scraping.spec.js
@@ -34,9 +34,9 @@ describe('BaseSvgScrapingService', function () {
  })

  describe('Making requests', function () {
-    let sendAndCacheRequest
+    let requestFetcher
    beforeEach(function () {
-      sendAndCacheRequest = sinon.stub().returns(
+      requestFetcher = sinon.stub().returns(
        Promise.resolve({
          buffer: exampleSvg,
          res: { statusCode: 200 },
@@ -44,13 +44,13 @@ describe('BaseSvgScrapingService', function () {
      )
    })

-    it('invokes _sendAndCacheRequest with the expected header', async function () {
+    it('invokes _requestFetcher with the expected header', async function () {
      await DummySvgScrapingService.invoke(
-        { sendAndCacheRequest },
+        { requestFetcher },
        { handleInternalErrors: false }
      )

-      expect(sendAndCacheRequest).to.have.been.calledOnceWith(
+      expect(requestFetcher).to.have.been.calledOnceWith(
        'http://example.com/foo.svg',
        {
          headers: { Accept: 'image/svg+xml' },
@@ -58,7 +58,7 @@ describe('BaseSvgScrapingService', function () {
      )
    })

-    it('forwards options to _sendAndCacheRequest', async function () {
+    it('forwards options to _requestFetcher', async function () {
      class WithCustomOptions extends DummySvgScrapingService {
        async handle() {
          const { message } = await this._requestSvg({
@@ -66,7 +66,7 @@ describe('BaseSvgScrapingService', function () {
            url: 'http://example.com/foo.svg',
            options: {
              method: 'POST',
-              qs: { queryParam: 123 },
+              searchParams: { queryParam: 123 },
            },
          })
          return { message }
@@ -74,16 +74,16 @@ describe('BaseSvgScrapingService', function () {
      }

      await WithCustomOptions.invoke(
-        { sendAndCacheRequest },
+        { requestFetcher },
        { handleInternalErrors: false }
      )

-      expect(sendAndCacheRequest).to.have.been.calledOnceWith(
+      expect(requestFetcher).to.have.been.calledOnceWith(
        'http://example.com/foo.svg',
        {
          method: 'POST',
          headers: { Accept: 'image/svg+xml' },
-          qs: { queryParam: 123 },
+          searchParams: { queryParam: 123 },
        }
      )
    })
@@ -91,13 +91,13 @@ describe('BaseSvgScrapingService', function () {

  describe('Making badges', function () {
    it('handles valid svg responses', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: exampleSvg,
        res: { statusCode: 200 },
      })
      expect(
        await DummySvgScrapingService.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
@@ -117,13 +117,13 @@ describe('BaseSvgScrapingService', function () {
          })
        }
      }
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: '<desc>a different message</desc>',
        res: { statusCode: 200 },
      })
      expect(
        await WithValueMatcher.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
@@ -132,13 +132,13 @@ describe('BaseSvgScrapingService', function () {
    })

    it('handles unparseable svg responses', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: 'not svg yo',
        res: { statusCode: 200 },
      })
      expect(
        await DummySvgScrapingService.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
--- a/core/base-service/base-xml.js
+++ b/core/base-service/base-xml.js
@@ -4,7 +4,7 @@

 // See available emoji at http://emoji.muan.co/
 import emojic from 'emojic'
-import fastXmlParser from 'fast-xml-parser'
+import { XMLParser, XMLValidator } from 'fast-xml-parser'
 import BaseService from './base.js'
 import trace from './trace.js'
 import { InvalidResponse } from './errors.js'
@@ -22,8 +22,8 @@ class BaseXmlService extends BaseService {
   * @param {object} attrs Refer to individual attrs
   * @param {Joi} attrs.schema Joi schema to validate the response against
   * @param {string} attrs.url URL to request
-   * @param {object} [attrs.options={}] Options to pass to request. See
-   *    [documentation](https://github.com/request/request#requestoptions-callback)
+   * @param {object} [attrs.options={}] Options to pass to got. See
+   *    [documentation](https://github.com/sindresorhus/got/blob/main/documentation/2-options.md)
   * @param {object} [attrs.errorMessages={}] Key-value map of status codes
   *    and custom error messages e.g: `{ 404: 'package not found' }`.
   *    This can be used to extend or override the
@@ -31,7 +31,7 @@ class BaseXmlService extends BaseService {
   * @param {object} [attrs.parserOptions={}] Options to pass to fast-xml-parser. See
   *    [documentation](https://github.com/NaturalIntelligence/fast-xml-parser#xml-to-json)
   * @returns {object} Parsed response
-   * @see https://github.com/request/request#requestoptions-callback
+   * @see https://github.com/sindresorhus/got/blob/main/documentation/2-options.md
   * @see https://github.com/NaturalIntelligence/fast-xml-parser#xml-to-json
   */
  async _requestXml({
@@ -51,14 +51,15 @@ class BaseXmlService extends BaseService {
      options: mergedOptions,
      errorMessages,
    })
-    const validateResult = fastXmlParser.validate(buffer)
+    const validateResult = XMLValidator.validate(buffer)
    if (validateResult !== true) {
      throw new InvalidResponse({
        prettyMessage: 'unparseable xml response',
        underlyingError: validateResult.err,
      })
    }
-    const xml = fastXmlParser.parse(buffer, parserOptions)
+    const parser = new XMLParser(parserOptions)
+    const xml = parser.parse(buffer)
    logTrace(emojic.dart, 'Response XML (before validation)', xml, {
      deep: true,
    })
--- a/core/base-service/base-xml.spec.js
+++ b/core/base-service/base-xml.spec.js
@@ -22,9 +22,9 @@ class DummyXmlService extends BaseXmlService {

 describe('BaseXmlService', function () {
  describe('Making requests', function () {
-    let sendAndCacheRequest
+    let requestFetcher
    beforeEach(function () {
-      sendAndCacheRequest = sinon.stub().returns(
+      requestFetcher = sinon.stub().returns(
        Promise.resolve({
          buffer: '<requiredString>some-string</requiredString>',
          res: { statusCode: 200 },
@@ -32,13 +32,13 @@ describe('BaseXmlService', function () {
      )
    })

-    it('invokes _sendAndCacheRequest', async function () {
+    it('invokes _requestFetcher', async function () {
      await DummyXmlService.invoke(
-        { sendAndCacheRequest },
+        { requestFetcher },
        { handleInternalErrors: false }
      )

-      expect(sendAndCacheRequest).to.have.been.calledOnceWith(
+      expect(requestFetcher).to.have.been.calledOnceWith(
        'http://example.com/foo.xml',
        {
          headers: { Accept: 'application/xml, text/xml' },
@@ -46,7 +46,7 @@ describe('BaseXmlService', function () {
      )
    })

-    it('forwards options to _sendAndCacheRequest', async function () {
+    it('forwards options to _requestFetcher', async function () {
      class WithCustomOptions extends BaseXmlService {
        static route = {}

@@ -54,23 +54,23 @@ describe('BaseXmlService', function () {
          const { requiredString } = await this._requestXml({
            schema: dummySchema,
            url: 'http://example.com/foo.xml',
-            options: { method: 'POST', qs: { queryParam: 123 } },
+            options: { method: 'POST', searchParams: { queryParam: 123 } },
          })
          return { message: requiredString }
        }
      }

      await WithCustomOptions.invoke(
-        { sendAndCacheRequest },
+        { requestFetcher },
        { handleInternalErrors: false }
      )

-      expect(sendAndCacheRequest).to.have.been.calledOnceWith(
+      expect(requestFetcher).to.have.been.calledOnceWith(
        'http://example.com/foo.xml',
        {
          headers: { Accept: 'application/xml, text/xml' },
          method: 'POST',
-          qs: { queryParam: 123 },
+          searchParams: { queryParam: 123 },
        }
      )
    })
@@ -78,13 +78,13 @@ describe('BaseXmlService', function () {

  describe('Making badges', function () {
    it('handles valid xml responses', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: '<requiredString>some-string</requiredString>',
        res: { statusCode: 200 },
      })
      expect(
        await DummyXmlService.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
@@ -104,14 +104,14 @@ describe('BaseXmlService', function () {
          return { message: requiredString }
        }
      }
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer:
          '<requiredString>some-string with trailing whitespace   </requiredString>',
        res: { statusCode: 200 },
      })
      expect(
        await DummyXmlServiceWithParserOption.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
@@ -120,13 +120,13 @@ describe('BaseXmlService', function () {
    })

    it('handles xml responses which do not match the schema', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: '<unexpectedAttribute>some-string</unexpectedAttribute>',
        res: { statusCode: 200 },
      })
      expect(
        await DummyXmlService.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
@@ -137,13 +137,13 @@ describe('BaseXmlService', function () {
    })

    it('handles unparseable xml responses', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: 'not xml',
        res: { statusCode: 200 },
      })
      expect(
        await DummyXmlService.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
--- a/core/base-service/base-yaml.js
+++ b/core/base-service/base-yaml.js
@@ -21,15 +21,15 @@ class BaseYamlService extends BaseService {
   * @param {object} attrs Refer to individual attrs
   * @param {Joi} attrs.schema Joi schema to validate the response against
   * @param {string} attrs.url URL to request
-   * @param {object} [attrs.options={}] Options to pass to request. See
-   *    [documentation](https://github.com/request/request#requestoptions-callback)
+   * @param {object} [attrs.options={}] Options to pass to got. See
+   *    [documentation](https://github.com/sindresorhus/got/blob/main/documentation/2-options.md)
   * @param {object} [attrs.errorMessages={}] Key-value map of status codes
   *    and custom error messages e.g: `{ 404: 'package not found' }`.
   *    This can be used to extend or override the
   *    [default](https://github.com/badges/shields/blob/master/core/base-service/check-error-response.js#L5)
   * @param {object} [attrs.encoding='utf8'] Character encoding
   * @returns {object} Parsed response
-   * @see https://github.com/request/request#requestoptions-callback
+   * @see https://github.com/sindresorhus/got/blob/main/documentation/2-options.md
   */
  async _requestYaml({
    schema,
--- a/core/base-service/base-yaml.spec.js
+++ b/core/base-service/base-yaml.spec.js
@@ -38,9 +38,9 @@ foo: baz

 describe('BaseYamlService', function () {
  describe('Making requests', function () {
-    let sendAndCacheRequest
+    let requestFetcher
    beforeEach(function () {
-      sendAndCacheRequest = sinon.stub().returns(
+      requestFetcher = sinon.stub().returns(
        Promise.resolve({
          buffer: expectedYaml,
          res: { statusCode: 200 },
@@ -48,13 +48,13 @@ describe('BaseYamlService', function () {
      )
    })

-    it('invokes _sendAndCacheRequest', async function () {
+    it('invokes _requestFetcher', async function () {
      await DummyYamlService.invoke(
-        { sendAndCacheRequest },
+        { requestFetcher },
        { handleInternalErrors: false }
      )

-      expect(sendAndCacheRequest).to.have.been.calledOnceWith(
+      expect(requestFetcher).to.have.been.calledOnceWith(
        'http://example.com/foo.yaml',
        {
          headers: {
@@ -65,24 +65,24 @@ describe('BaseYamlService', function () {
      )
    })

-    it('forwards options to _sendAndCacheRequest', async function () {
+    it('forwards options to _requestFetcher', async function () {
      class WithOptions extends DummyYamlService {
        async handle() {
          const { requiredString } = await this._requestYaml({
            schema: dummySchema,
            url: 'http://example.com/foo.yaml',
-            options: { method: 'POST', qs: { queryParam: 123 } },
+            options: { method: 'POST', searchParams: { queryParam: 123 } },
          })
          return { message: requiredString }
        }
      }

      await WithOptions.invoke(
-        { sendAndCacheRequest },
+        { requestFetcher },
        { handleInternalErrors: false }
      )

-      expect(sendAndCacheRequest).to.have.been.calledOnceWith(
+      expect(requestFetcher).to.have.been.calledOnceWith(
        'http://example.com/foo.yaml',
        {
          headers: {
@@ -90,7 +90,7 @@ describe('BaseYamlService', function () {
              'text/x-yaml, text/yaml, application/x-yaml, application/yaml, text/plain',
          },
          method: 'POST',
-          qs: { queryParam: 123 },
+          searchParams: { queryParam: 123 },
        }
      )
    })
@@ -98,13 +98,13 @@ describe('BaseYamlService', function () {

  describe('Making badges', function () {
    it('handles valid yaml responses', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: expectedYaml,
        res: { statusCode: 200 },
      })
      expect(
        await DummyYamlService.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
@@ -113,13 +113,13 @@ describe('BaseYamlService', function () {
    })

    it('handles yaml responses which do not match the schema', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: unexpectedYaml,
        res: { statusCode: 200 },
      })
      expect(
        await DummyYamlService.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
@@ -130,13 +130,13 @@ describe('BaseYamlService', function () {
    })

    it('handles unparseable yaml responses', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: invalidYaml,
        res: { statusCode: 200 },
      })
      expect(
        await DummyYamlService.invoke(
-          { sendAndCacheRequest },
+          { requestFetcher },
          { handleInternalErrors: false }
        )
      ).to.deep.equal({
--- a/core/base-service/base.js
+++ b/core/base-service/base.js
@@ -20,7 +20,7 @@ import {
  Deprecated,
 } from './errors.js'
 import { validateExample, transformExample } from './examples.js'
-import { fetchFactory } from './got.js'
+import { fetch } from './got.js'
 import {
  makeFullUrl,
  assertValidRoute,
@@ -108,11 +108,14 @@ class BaseService {
   *
   * See also the config schema in `./server.js` and `doc/server-secrets.md`.
   *
-   * To use the configured auth in the handler or fetch method, pass the
-   * credentials to the request. For example:
-   * - `{ options: { auth: this.authHelper.basicAuth } }`
-   * - `{ options: { headers: this.authHelper.bearerAuthHeader } }`
-   * - `{ options: { qs: { token: this.authHelper._pass } } }`
+   * To use the configured auth in the handler or fetch method, wrap the
+   * _request() input params in a call to one of:
+   * - this.authHelper.withBasicAuth()
+   * - this.authHelper.withBearerAuthHeader()
+   * - this.authHelper.withQueryStringAuth()
+   *
+   * For example:
+   * this._request(this.authHelper.withBasicAuth({ url, schema, options }))
   *
   * @abstract
   * @type {module:core/base-service/base~Auth}
@@ -144,6 +147,7 @@ class BaseService {
      version: 300,
      debug: 60,
      downloads: 900,
+      rating: 900,
      social: 900,
    }
    return cacheLengths[this.category]
@@ -204,10 +208,10 @@ class BaseService {
  }

  constructor(
-    { sendAndCacheRequest, authHelper, metricHelper },
+    { requestFetcher, authHelper, metricHelper },
    { handleInternalErrors }
  ) {
-    this._requestFetcher = sendAndCacheRequest
+    this._requestFetcher = requestFetcher
    this.authHelper = authHelper
    this._handleInternalErrors = handleInternalErrors
    this._metricHelper = metricHelper
@@ -217,10 +221,10 @@ class BaseService {
    const logTrace = (...args) => trace.logTrace('fetch', ...args)
    let logUrl = url
    const logOptions = Object.assign({}, options)
-    if ('qs' in options) {
-      const params = new URLSearchParams(options.qs)
+    if ('searchParams' in options) {
+      const params = new URLSearchParams(options.searchParams)
      logUrl = `${url}?${params.toString()}`
-      delete logOptions.qs
+      delete logOptions.searchParams
    }
    logTrace(
      emojic.bowAndArrow,
@@ -275,7 +279,7 @@ class BaseService {
  /**
   * Asynchronous function to handle requests for this service. Take the route
   * parameters (as defined in the `route` property), perform a request using
-   * `this._sendAndCacheRequest`, and return the badge data.
+   * `this._requestFetcher`, and return the badge data.
   *
   * @abstract
   * @param {object} namedParams Params parsed from route pattern
@@ -420,10 +424,16 @@ class BaseService {
  }

  static register(
-    { camp, handleRequest, githubApiProvider, metricInstance },
+    {
+      camp,
+      handleRequest,
+      githubApiProvider,
+      librariesIoApiProvider,
+      metricInstance,
+    },
    serviceConfig
  ) {
-    const { cacheHeaders: cacheHeaderConfig, fetchLimitBytes } = serviceConfig
+    const { cacheHeaders: cacheHeaderConfig } = serviceConfig
    const { regex, captureNames } = prepareRoute(this.route)
    const queryParams = getQueryParamNames(this.route)

@@ -432,21 +442,19 @@ class BaseService {
      ServiceClass: this,
    })

-    const fetcher = fetchFactory(fetchLimitBytes)
-
    camp.route(
      regex,
      handleRequest(cacheHeaderConfig, {
        queryParams,
-        handler: async (queryParams, match, sendBadge, request) => {
+        handler: async (queryParams, match, sendBadge) => {
          const metricHandle = metricHelper.startRequest()

          const namedParams = namedParamsForMatch(captureNames, match, this)
          const serviceData = await this.invoke(
            {
-              sendAndCacheRequest: fetcher,
-              sendAndCacheRequestWithCallbacks: request,
+              requestFetcher: fetch,
              githubApiProvider,
+              librariesIoApiProvider,
              metricHelper,
            },
            serviceConfig,
@@ -467,7 +475,6 @@ class BaseService {
          metricHandle.noteResponseSent()
        },
        cacheLength: this._cacheLength,
-        fetchLimitBytes,
      })
    )
  }
--- a/core/base-service/base.spec.js
+++ b/core/base-service/base.spec.js
@@ -124,15 +124,11 @@ describe('BaseService', function () {
  })

  describe('Logging', function () {
-    let sandbox
    beforeEach(function () {
-      sandbox = sinon.createSandbox()
+      sinon.stub(trace, 'logTrace')
    })
    afterEach(function () {
-      sandbox.restore()
-    })
-    beforeEach(function () {
-      sandbox.stub(trace, 'logTrace')
+      sinon.restore()
    })
    it('Invokes the logger as expected', async function () {
      await DummyService.invoke(
@@ -426,24 +422,20 @@ describe('BaseService', function () {
  })

  describe('request', function () {
-    let sandbox
    beforeEach(function () {
-      sandbox = sinon.createSandbox()
+      sinon.stub(trace, 'logTrace')
    })
    afterEach(function () {
-      sandbox.restore()
-    })
-    beforeEach(function () {
-      sandbox.stub(trace, 'logTrace')
+      sinon.restore()
    })

    it('logs appropriate information', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: '',
        res: { statusCode: 200 },
      })
      const serviceInstance = new DummyService(
-        { sendAndCacheRequest },
+        { requestFetcher },
        defaultConfig
      )

@@ -466,12 +458,12 @@ describe('BaseService', function () {
    })

    it('handles errors', async function () {
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: '',
        res: { statusCode: 404 },
      })
      const serviceInstance = new DummyService(
-        { sendAndCacheRequest },
+        { requestFetcher },
        defaultConfig
      )

@@ -498,13 +490,13 @@ describe('BaseService', function () {
        metricInstance: new PrometheusMetrics({ register }),
        ServiceClass: DummyServiceWithServiceResponseSizeMetricEnabled,
      })
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: 'x'.repeat(65536 + 1),
        res: { statusCode: 200 },
      })
      const serviceInstance =
        new DummyServiceWithServiceResponseSizeMetricEnabled(
-          { sendAndCacheRequest, metricHelper },
+          { requestFetcher, metricHelper },
          defaultConfig
        )

@@ -524,12 +516,12 @@ describe('BaseService', function () {
        metricInstance: new PrometheusMetrics({ register }),
        ServiceClass: DummyService,
      })
-      const sendAndCacheRequest = async () => ({
+      const requestFetcher = async () => ({
        buffer: 'x',
        res: { statusCode: 200 },
      })
      const serviceInstance = new DummyService(
-        { sendAndCacheRequest, metricHelper },
+        { requestFetcher, metricHelper },
        defaultConfig
      )

--- a/core/base-service/cache-headers.spec.js
+++ b/core/base-service/cache-headers.spec.js
@@ -99,14 +99,11 @@ describe('Cache header functions', function () {
  })

  describe('setHeadersForCacheLength', function () {
-    let sandbox
    beforeEach(function () {
-      sandbox = sinon.createSandbox()
-      sandbox.useFakeTimers()
+      sinon.useFakeTimers()
    })
    afterEach(function () {
-      sandbox.restore()
-      sandbox = undefined
+      sinon.restore()
    })

    it('should set the correct Date header', function () {
--- a/core/base-service/got-config.js
+++ b/core/base-service/got-config.js
@@ -0,0 +1,26 @@
+import bytes from 'bytes'
+import configModule from 'config'
+import Joi from 'joi'
+import { fileSize } from '../../services/validators.js'
+
+const schema = Joi.object({
+  fetchLimit: fileSize,
+  userAgentBase: Joi.string().required(),
+}).required()
+const config = configModule.util.toObject()
+const publicConfig = Joi.attempt(config.public, schema, { allowUnknown: true })
+
+const fetchLimitBytes = bytes(publicConfig.fetchLimit)
+
+function getUserAgent(userAgentBase = publicConfig.userAgentBase) {
+  let version = 'dev'
+  if (process.env.DOCKER_SHIELDS_VERSION) {
+    version = process.env.DOCKER_SHIELDS_VERSION
+  }
+  if (process.env.HEROKU_SLUG_COMMIT) {
+    version = process.env.HEROKU_SLUG_COMMIT.substring(0, 7)
+  }
+  return `${userAgentBase}/${version}`
+}
+
+export { fetchLimitBytes, getUserAgent }
--- a/core/base-service/got-config.spec.js
+++ b/core/base-service/got-config.spec.js
@@ -0,0 +1,27 @@
+import { expect } from 'chai'
+import { getUserAgent } from './got-config.js'
+
+describe('getUserAgent function', function () {
+  afterEach(function () {
+    delete process.env.HEROKU_SLUG_COMMIT
+    delete process.env.DOCKER_SHIELDS_VERSION
+  })
+
+  it('uses the default userAgentBase', function () {
+    expect(getUserAgent()).to.equal('shields (self-hosted)/dev')
+  })
+
+  it('applies custom userAgentBase', function () {
+    expect(getUserAgent('custom')).to.equal('custom/dev')
+  })
+
+  it('uses short commit SHA from HEROKU_SLUG_COMMIT if available', function () {
+    process.env.HEROKU_SLUG_COMMIT = '92090bd44742a5fac03bcb117002088fc7485834'
+    expect(getUserAgent('custom')).to.equal('custom/92090bd')
+  })
+
+  it('uses short commit SHA from DOCKER_SHIELDS_VERSION if available', function () {
+    process.env.DOCKER_SHIELDS_VERSION = 'server-2021-11-22'
+    expect(getUserAgent('custom')).to.equal('custom/server-2021-11-22')
+  })
+})
--- a/core/base-service/got.js
+++ b/core/base-service/got.js
@@ -1,61 +1,23 @@
-import got from 'got'
+import got, { CancelError } from 'got'
 import { Inaccessible, InvalidResponse } from './errors.js'
+import {
+  fetchLimitBytes as fetchLimitBytesDefault,
+  getUserAgent,
+} from './got-config.js'

-const userAgent = 'Shields.io/2003a'
-
-function requestOptions2GotOptions(options) {
-  const requestOptions = Object.assign({}, options)
-  const gotOptions = {}
-  const interchangableOptions = ['body', 'form', 'headers', 'method', 'url']
-
-  interchangableOptions.forEach(function (opt) {
-    if (opt in requestOptions) {
-      gotOptions[opt] = requestOptions[opt]
-      delete requestOptions[opt]
-    }
-  })
-
-  if ('qs' in requestOptions) {
-    gotOptions.searchParams = requestOptions.qs
-    delete requestOptions.qs
-  }
-
-  if ('gzip' in requestOptions) {
-    gotOptions.decompress = requestOptions.gzip
-    delete requestOptions.gzip
-  }
-
-  if ('strictSSL' in requestOptions) {
-    gotOptions.https = {
-      rejectUnauthorized: requestOptions.strictSSL,
-    }
-    delete requestOptions.strictSSL
-  }
-
-  if ('auth' in requestOptions) {
-    gotOptions.username = requestOptions.auth.user
-    gotOptions.password = requestOptions.auth.pass
-    delete requestOptions.auth
-  }
-
-  if (Object.keys(requestOptions).length > 0) {
-    throw new Error(`Found unrecognised options ${Object.keys(requestOptions)}`)
-  }
-
-  return gotOptions
-}
+const userAgent = getUserAgent()

 async function sendRequest(gotWrapper, url, options) {
-  const gotOptions = requestOptions2GotOptions(options)
+  const gotOptions = Object.assign({}, options)
  gotOptions.throwHttpErrors = false
-  gotOptions.retry = 0
+  gotOptions.retry = { limit: 0 }
  gotOptions.headers = gotOptions.headers || {}
  gotOptions.headers['User-Agent'] = userAgent
  try {
    const resp = await gotWrapper(url, gotOptions)
    return { res: resp, buffer: resp.body }
  } catch (err) {
-    if (err instanceof got.CancelError) {
+    if (err instanceof CancelError) {
      throw new InvalidResponse({
        underlyingError: new Error('Maximum response size exceeded'),
      })
@@ -64,7 +26,7 @@ async function sendRequest(gotWrapper, url, options) {
  }
 }

-function fetchFactory(fetchLimitBytes) {
+function _fetchFactory(fetchLimitBytes = fetchLimitBytesDefault) {
  const gotWithLimit = got.extend({
    handlers: [
      (options, next) => {
@@ -93,4 +55,6 @@ function fetchFactory(fetchLimitBytes) {
  return sendRequest.bind(sendRequest, gotWithLimit)
 }

-export { requestOptions2GotOptions, fetchFactory }
+const fetch = _fetchFactory()
+
+export { fetch, _fetchFactory }
--- a/core/base-service/got.spec.js
+++ b/core/base-service/got.spec.js
@@ -1,50 +1,15 @@
 import { expect } from 'chai'
 import nock from 'nock'
-import { requestOptions2GotOptions, fetchFactory } from './got.js'
+import { _fetchFactory } from './got.js'
 import { Inaccessible, InvalidResponse } from './errors.js'

-describe('requestOptions2GotOptions function', function () {
-  it('translates valid options', function () {
-    expect(
-      requestOptions2GotOptions({
-        body: 'body',
-        form: 'form',
-        headers: 'headers',
-        method: 'method',
-        url: 'url',
-        qs: 'qs',
-        gzip: 'gzip',
-        strictSSL: 'strictSSL',
-        auth: { user: 'user', pass: 'pass' },
-      })
-    ).to.deep.equal({
-      body: 'body',
-      form: 'form',
-      headers: 'headers',
-      method: 'method',
-      url: 'url',
-      searchParams: 'qs',
-      decompress: 'gzip',
-      https: { rejectUnauthorized: 'strictSSL' },
-      username: 'user',
-      password: 'pass',
-    })
-  })
-
-  it('throws if unrecognised options are found', function () {
-    expect(() =>
-      requestOptions2GotOptions({ body: 'body', foobar: 'foobar' })
-    ).to.throw(Error, 'Found unrecognised options foobar')
-  })
-})
-
 describe('got wrapper', function () {
  it('should not throw an error if the response <= fetchLimitBytes', async function () {
    nock('https://www.google.com')
      .get('/foo/bar')
      .once()
      .reply(200, 'x'.repeat(100))
-    const sendRequest = fetchFactory(100)
+    const sendRequest = _fetchFactory(100)
    const { res } = await sendRequest('https://www.google.com/foo/bar')
    expect(res.statusCode).to.equal(200)
  })
@@ -54,7 +19,7 @@ describe('got wrapper', function () {
      .get('/foo/bar')
      .once()
      .reply(200, 'x'.repeat(101))
-    const sendRequest = fetchFactory(100)
+    const sendRequest = _fetchFactory(100)
    return expect(
      sendRequest('https://www.google.com/foo/bar')
    ).to.be.rejectedWith(InvalidResponse, 'Maximum response size exceeded')
@@ -62,7 +27,7 @@ describe('got wrapper', function () {

  it('should throw an Inaccessible error if the request throws a (non-HTTP) error', async function () {
    nock('https://www.google.com').get('/foo/bar').replyWithError('oh no')
-    const sendRequest = fetchFactory(1024)
+    const sendRequest = _fetchFactory(1024)
    return expect(
      sendRequest('https://www.google.com/foo/bar')
    ).to.be.rejectedWith(Inaccessible, 'oh no')
@@ -71,7 +36,7 @@ describe('got wrapper', function () {
  it('should throw an Inaccessible error if the host can not be accessed', async function () {
    this.timeout(5000)
    nock.disableNetConnect()
-    const sendRequest = fetchFactory(1024)
+    const sendRequest = _fetchFactory(1024)
    return expect(
      sendRequest('https://www.google.com/foo/bar')
    ).to.be.rejectedWith(
@@ -84,14 +49,14 @@ describe('got wrapper', function () {
    nock('https://www.google.com', {
      reqheaders: {
        'user-agent': function (agent) {
-          return agent.startsWith('Shields.io')
+          return agent.startsWith('shields (self-hosted)')
        },
      },
    })
      .get('/foo/bar')
      .once()
      .reply(200)
-    const sendRequest = fetchFactory(1024)
+    const sendRequest = _fetchFactory(1024)
    await sendRequest('https://www.google.com/foo/bar')
  })

--- a/core/base-service/index.js
+++ b/core/base-service/index.js
@@ -13,6 +13,7 @@ import {
  Inaccessible,
  InvalidParameter,
  Deprecated,
+  ImproperlyConfigured,
 } from './errors.js'

 export {
@@ -29,5 +30,6 @@ export {
  InvalidResponse,
  Inaccessible,
  InvalidParameter,
+  ImproperlyConfigured,
  Deprecated,
 }
--- a/core/base-service/legacy-request-handler.js
+++ b/core/base-service/legacy-request-handler.js
@@ -1,12 +1,8 @@
-import request from 'request'
 import makeBadge from '../../badge-maker/lib/make-badge.js'
 import { setCacheHeaders } from './cache-headers.js'
-import { Inaccessible, InvalidResponse, ShieldsRuntimeError } from './errors.js'
 import { makeSend } from './legacy-result-sender.js'
 import coalesceBadge from './coalesce-badge.js'

-const userAgent = 'Shields.io/2003a'
-
 // These query parameters are available to any badge. They are handled by
 // `coalesceBadge`.
 const globalQueryParams = new Set([
@@ -32,32 +28,12 @@ function flattenQueryParams(queryParams) {
  return Array.from(union).sort()
 }

-function promisify(cachingRequest) {
-  return (uri, options) =>
-    new Promise((resolve, reject) => {
-      cachingRequest(uri, options, (err, res, buffer) => {
-        if (err) {
-          if (err instanceof ShieldsRuntimeError) {
-            reject(err)
-          } else {
-            // Wrap the error in an Inaccessible so it can be identified
-            // by the BaseService handler.
-            reject(new Inaccessible({ underlyingError: err }))
-          }
-        } else {
-          resolve({ res, buffer })
-        }
-      })
-    })
-}
-
 // handlerOptions can contain:
 // - handler: The service's request handler function
 // - queryParams: An array of the field names of any custom query parameters
 //   the service uses
 // - cacheLength: An optional badge or category-specific cache length
 //   (in number of seconds) to be used in preference to the default
-// - fetchLimitBytes: A limit on the response size we're willing to parse
 //
 // For safety, the service must declare the query parameters it wants to use.
 // Only the declared parameters (and the global parameters) are provided to
@@ -77,8 +53,7 @@ function handleRequest(cacheHeaderConfig, handlerOptions) {
  }

  const allowedKeys = flattenQueryParams(handlerOptions.queryParams)
-  const { cacheLength: serviceDefaultCacheLengthSeconds, fetchLimitBytes } =
-    handlerOptions
+  const { cacheLength: serviceDefaultCacheLengthSeconds } = handlerOptions

  return (queryParams, match, end, ask) => {
    /*
@@ -139,40 +114,6 @@ function handleRequest(cacheHeaderConfig, handlerOptions) {
      makeSend(extension, ask.res, end)(svg)
    }, 25000)

-    function cachingRequest(uri, options, callback) {
-      if (typeof options === 'function' && !callback) {
-        callback = options
-      }
-      if (options && typeof options === 'object') {
-        options.uri = uri
-      } else if (typeof uri === 'string') {
-        options = { uri }
-      } else {
-        options = uri
-      }
-      options.headers = options.headers || {}
-      options.headers['User-Agent'] = userAgent
-
-      let bufferLength = 0
-      const r = request(options, callback)
-      r.on('data', chunk => {
-        bufferLength += chunk.length
-        if (bufferLength > fetchLimitBytes) {
-          r.abort()
-          r.emit(
-            'error',
-            new InvalidResponse({
-              prettyMessage: 'Maximum response size exceeded',
-            })
-          )
-        }
-      })
-    }
-
-    // Wrapper around `cachingRequest` that returns a promise rather than needing
-    // to pass a callback.
-    cachingRequest.asPromise = promisify(cachingRequest)
-
    const result = handlerOptions.handler(
      filteredQueryParams,
      match,
@@ -187,8 +128,7 @@ function handleRequest(cacheHeaderConfig, handlerOptions) {
        const svg = makeBadge(badgeData)
        setCacheHeadersOnResponse(ask.res, badgeData.cacheLengthSeconds)
        makeSend(format, ask.res, end)(svg)
-      },
-      cachingRequest
+      }
    )
    // eslint-disable-next-line promise/prefer-await-to-then
    if (result && result.catch) {
@@ -200,4 +140,4 @@ function handleRequest(cacheHeaderConfig, handlerOptions) {
  }
 }

-export { handleRequest, promisify, userAgent }
+export { handleRequest }
--- a/core/base-service/legacy-request-handler.spec.js
+++ b/core/base-service/legacy-request-handler.spec.js
@@ -1,5 +1,4 @@
 import { expect } from 'chai'
-import nock from 'nock'
 import portfinder from 'portfinder'
 import Camp from '@shields_io/camp'
 import got from '../got-test-client.js'
@@ -42,28 +41,6 @@ function createFakeHandlerWithCacheLength(cacheLengthSeconds) {
  }
 }

-function fakeHandlerWithNetworkIo(queryParams, match, sendBadge, request) {
-  const [, someValue, format] = match
-  request('https://www.google.com/foo/bar', (err, res, buffer) => {
-    let message
-    if (err) {
-      message = err.prettyMessage
-    } else {
-      message = someValue
-    }
-    const badgeData = coalesceBadge(
-      queryParams,
-      {
-        label: 'testing',
-        message,
-        format,
-      },
-      {}
-    )
-    sendBadge(format, badgeData)
-  })
-}
-
 describe('The request handler', function () {
  let port, baseUrl
  beforeEach(async function () {
@@ -133,60 +110,6 @@ describe('The request handler', function () {
    })
  })

-  describe('the response size limit', function () {
-    beforeEach(function () {
-      camp.route(
-        /^\/testing\/([^/]+)\.(svg|png|gif|jpg|json)$/,
-        handleRequest(standardCacheHeaders, {
-          handler: fakeHandlerWithNetworkIo,
-          fetchLimitBytes: 100,
-        })
-      )
-    })
-
-    it('should not throw an error if the response <= fetchLimitBytes', async function () {
-      nock('https://www.google.com')
-        .get('/foo/bar')
-        .once()
-        .reply(200, 'x'.repeat(100))
-      const { statusCode, body } = await got(`${baseUrl}/testing/123.json`, {
-        responseType: 'json',
-      })
-      expect(statusCode).to.equal(200)
-      expect(body).to.deep.equal({
-        name: 'testing',
-        value: '123',
-        label: 'testing',
-        message: '123',
-        color: 'lightgrey',
-        link: [],
-      })
-    })
-
-    it('should throw an error if the response is > fetchLimitBytes', async function () {
-      nock('https://www.google.com')
-        .get('/foo/bar')
-        .once()
-        .reply(200, 'x'.repeat(101))
-      const { statusCode, body } = await got(`${baseUrl}/testing/123.json`, {
-        responseType: 'json',
-      })
-      expect(statusCode).to.equal(200)
-      expect(body).to.deep.equal({
-        name: 'testing',
-        value: 'Maximum response size exceeded',
-        label: 'testing',
-        message: 'Maximum response size exceeded',
-        color: 'lightgrey',
-        link: [],
-      })
-    })
-
-    afterEach(function () {
-      nock.cleanAll()
-    })
-  })
-
  describe('caching', function () {
    describe('standard query parameters', function () {
      function register({ cacheHeaderConfig }) {
--- a/core/base-service/legacy-result-sender.js
+++ b/core/base-service/legacy-result-sender.js
@@ -11,12 +11,14 @@ function streamFromString(str) {

 function sendSVG(res, askres, end) {
  askres.setHeader('Content-Type', 'image/svg+xml;charset=utf-8')
+  askres.setHeader('Content-Length', Buffer.byteLength(res, 'utf8'))
  end(null, { template: streamFromString(res) })
 }

 function sendJSON(res, askres, end) {
  askres.setHeader('Content-Type', 'application/json')
  askres.setHeader('Access-Control-Allow-Origin', '*')
+  askres.setHeader('Content-Length', Buffer.byteLength(res, 'utf8'))
  end(null, { template: streamFromString(res) })
 }

--- a/core/base-service/resource-cache.js
+++ b/core/base-service/resource-cache.js
@@ -0,0 +1,67 @@
+/**
+ * @module
+ */
+
+import { InvalidResponse } from './errors.js'
+import { fetch } from './got.js'
+import checkErrorResponse from './check-error-response.js'
+
+const oneDay = 24 * 3600 * 1000 // 1 day in milliseconds
+
+// Map from URL to { timestamp: last fetch time, data: data }.
+let resourceCache = Object.create(null)
+
+/**
+ * Make a HTTP request using an in-memory cache
+ *
+ * @param {object} attrs Refer to individual attrs
+ * @param {string} attrs.url URL to request
+ * @param {number} attrs.ttl Number of milliseconds to keep cached value for
+ * @param {boolean} [attrs.json=true] True if we expect to parse the response as JSON
+ * @param {Function} [attrs.scraper=buffer => buffer] Function to extract value from the response
+ * @param {object} [attrs.options={}] Options to pass to got
+ * @param {Function} [attrs.requestFetcher=fetch] Custom fetch function
+ * @returns {*} Parsed response
+ */
+async function getCachedResource({
+  url,
+  ttl = oneDay,
+  json = true,
+  scraper = buffer => buffer,
+  options = {},
+  requestFetcher = fetch,
+}) {
+  const timestamp = Date.now()
+  const cached = resourceCache[url]
+  if (cached != null && timestamp - cached.timestamp < ttl) {
+    return cached.data
+  }
+
+  const { buffer } = await checkErrorResponse({})(
+    await requestFetcher(url, options)
+  )
+
+  let reqData
+  if (json) {
+    try {
+      reqData = JSON.parse(buffer)
+    } catch (e) {
+      throw new InvalidResponse({
+        prettyMessage: 'unparseable intermediate json response',
+        underlyingError: e,
+      })
+    }
+  } else {
+    reqData = buffer
+  }
+
+  const data = scraper(reqData)
+  resourceCache[url] = { timestamp, data }
+  return data
+}
+
+function clearResourceCache() {
+  resourceCache = Object.create(null)
+}
+
+export { getCachedResource, clearResourceCache }
--- a/core/base-service/resource-cache.spec.js
+++ b/core/base-service/resource-cache.spec.js
@@ -0,0 +1,47 @@
+import { expect } from 'chai'
+import nock from 'nock'
+import { getCachedResource, clearResourceCache } from './resource-cache.js'
+
+describe('Resource Cache', function () {
+  beforeEach(function () {
+    clearResourceCache()
+  })
+
+  it('should use cached response if valid', async function () {
+    let resp
+
+    nock('https://www.foobar.com').get('/baz').reply(200, { value: 1 })
+    resp = await getCachedResource({ url: 'https://www.foobar.com/baz' })
+    expect(resp).to.deep.equal({ value: 1 })
+    expect(nock.isDone()).to.equal(true)
+    nock.cleanAll()
+
+    nock('https://www.foobar.com').get('/baz').reply(200, { value: 2 })
+    resp = await getCachedResource({ url: 'https://www.foobar.com/baz' })
+    expect(resp).to.deep.equal({ value: 1 })
+    expect(nock.isDone()).to.equal(false)
+    nock.cleanAll()
+  })
+
+  it('should not use cached response if expired', async function () {
+    let resp
+
+    nock('https://www.foobar.com').get('/baz').reply(200, { value: 1 })
+    resp = await getCachedResource({
+      url: 'https://www.foobar.com/baz',
+      ttl: 1,
+    })
+    expect(resp).to.deep.equal({ value: 1 })
+    expect(nock.isDone()).to.equal(true)
+    nock.cleanAll()
+
+    nock('https://www.foobar.com').get('/baz').reply(200, { value: 2 })
+    resp = await getCachedResource({
+      url: 'https://www.foobar.com/baz',
+      ttl: 1,
+    })
+    expect(resp).to.deep.equal({ value: 2 })
+    expect(nock.isDone()).to.equal(true)
+    nock.cleanAll()
+  })
+})
--- a/core/base-service/validate.spec.js
+++ b/core/base-service/validate.spec.js
@@ -10,15 +10,11 @@ describe('validate', function () {
    requiredString: Joi.string().required(),
  }).required()

-  let sandbox
  beforeEach(function () {
-    sandbox = sinon.createSandbox()
+    sinon.stub(trace, 'logTrace')
  })
  afterEach(function () {
-    sandbox.restore()
-  })
-  beforeEach(function () {
-    sandbox.stub(trace, 'logTrace')
+    sinon.restore()
  })

  const ErrorClass = InvalidParameter
--- a/core/got-test-client.js
+++ b/core/got-test-client.js
@@ -1,4 +1,4 @@
 import got from 'got'

 // https://github.com/nock/nock/issues/1523
-export default got.extend({ retry: 0 })
+export default got.extend({ retry: { limit: 0 } })
--- a/core/legacy/regular-update.js
+++ b/core/legacy/regular-update.js
@@ -1,97 +0,0 @@
-import requestModule from 'request'
-import { Inaccessible, InvalidResponse } from '../base-service/errors.js'
-
-// Map from URL to { timestamp: last fetch time, data: data }.
-let regularUpdateCache = Object.create(null)
-
-// url: a string, scraper: a function that takes string data at that URL.
-// interval: number in milliseconds.
-// cb: a callback function that takes an error and data returned by the scraper.
-//
-// To use this from a service:
-//
-// import { promisify } from 'util'
-// import { regularUpdate } from '../../core/legacy/regular-update.js'
-//
-// function getThing() {
-//   return promisify(regularUpdate)({
-//     url: ...,
-//     ...
-//   })
-// }
-//
-// in handle():
-//
-// const thing = await getThing()
-
-function regularUpdate(
-  {
-    url,
-    intervalMillis,
-    json = true,
-    scraper = buffer => buffer,
-    options = {},
-    request = requestModule,
-  },
-  cb
-) {
-  const timestamp = Date.now()
-  const cached = regularUpdateCache[url]
-  if (cached != null && timestamp - cached.timestamp < intervalMillis) {
-    cb(null, cached.data)
-    return
-  }
-  request(url, options, (err, res, buffer) => {
-    if (err != null) {
-      cb(
-        new Inaccessible({
-          prettyMessage: 'intermediate resource inaccessible',
-          underlyingError: err,
-        })
-      )
-      return
-    }
-
-    if (res.statusCode < 200 || res.statusCode >= 300) {
-      cb(
-        new InvalidResponse({
-          prettyMessage: 'intermediate resource inaccessible',
-        })
-      )
-    }
-
-    let reqData
-    if (json) {
-      try {
-        reqData = JSON.parse(buffer)
-      } catch (e) {
-        cb(
-          new InvalidResponse({
-            prettyMessage: 'unparseable intermediate json response',
-            underlyingError: e,
-          })
-        )
-        return
-      }
-    } else {
-      reqData = buffer
-    }
-
-    let data
-    try {
-      data = scraper(reqData)
-    } catch (e) {
-      cb(e)
-      return
-    }
-
-    regularUpdateCache[url] = { timestamp, data }
-    cb(null, data)
-  })
-}
-
-function clearRegularUpdateCache() {
-  regularUpdateCache = Object.create(null)
-}
-
-export { regularUpdate, clearRegularUpdateCache }
--- a/core/server/influx-metrics.js
+++ b/core/server/influx-metrics.js
@@ -16,7 +16,7 @@ export default class InfluxMetrics {
      url: this._config.url,
      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
      body: await this.metrics(),
-      timeout: this._config.timeoutMillseconds,
+      timeout: { request: this._config.timeoutMillseconds },
      username: this._config.username,
      password: this._config.password,
      throwHttpErrors: false,
--- a/core/server/influx-metrics.spec.js
+++ b/core/server/influx-metrics.spec.js
@@ -5,6 +5,7 @@ import { expect } from 'chai'
 import log from './log.js'
 import InfluxMetrics from './influx-metrics.js'
 import '../register-chai-plugins.spec.js'
+
 describe('Influx metrics', function () {
  const metricInstance = {
    metrics() {
--- a/core/server/secret-is-valid.js
+++ b/core/server/secret-is-valid.js
@@ -1,18 +0,0 @@
-function constEq(a, b) {
-  if (a.length !== b.length) {
-    return false
-  }
-  let zero = 0
-  for (let i = 0; i < a.length; i++) {
-    zero |= a.charCodeAt(i) ^ b.charCodeAt(i)
-  }
-  return zero === 0
-}
-
-function makeSecretIsValid(shieldsSecret) {
-  return function secretIsValid(secret = '') {
-    return shieldsSecret && constEq(secret, shieldsSecret)
-  }
-}
-
-export { makeSecretIsValid }
--- a/core/server/server.js
+++ b/core/server/server.js
@@ -6,18 +6,18 @@ import path from 'path'
 import url, { fileURLToPath } from 'url'
 import { bootstrap } from 'global-agent'
 import cloudflareMiddleware from 'cloudflare-middleware'
-import bytes from 'bytes'
 import Camp from '@shields_io/camp'
 import originalJoi from 'joi'
 import makeBadge from '../../badge-maker/lib/make-badge.js'
 import GithubConstellation from '../../services/github/github-constellation.js'
+import LibrariesIoConstellation from '../../services/librariesio/librariesio-constellation.js'
 import { setRoutes } from '../../services/suggest.js'
 import { loadServiceClasses } from '../base-service/loader.js'
 import { makeSend } from '../base-service/legacy-result-sender.js'
 import { handleRequest } from '../base-service/legacy-request-handler.js'
-import { clearRegularUpdateCache } from '../legacy/regular-update.js'
+import { clearResourceCache } from '../base-service/resource-cache.js'
 import { rasterRedirectUrl } from '../badge-urls/make-badge-url.js'
-import { nonNegativeInteger } from '../../services/validators.js'
+import { fileSize, nonNegativeInteger } from '../../services/validators.js'
 import log from './log.js'
 import PrometheusMetrics from './prometheus-metrics.js'
 import InfluxMetrics from './influx-metrics.js'
@@ -134,6 +134,7 @@ const publicConfigSchema = Joi.object({
    }).default({ authorizedOrigins: [] }),
    nexus: defaultService,
    npm: defaultService,
+    obs: defaultService,
    sonar: defaultService,
    teamcity: defaultService,
    weblate: defaultService,
@@ -141,7 +142,8 @@ const publicConfigSchema = Joi.object({
  }).required(),
  cacheHeaders: { defaultCacheLengthSeconds: nonNegativeInteger },
  handleInternalErrors: Joi.boolean().required(),
-  fetchLimit: Joi.string().regex(/^[0-9]+(b|kb|mb|gb|tb)$/i),
+  fetchLimit: fileSize,
+  userAgentBase: Joi.string().required(),
  requestTimeoutSeconds: nonNegativeInteger,
  requestTimeoutMaxAgeSeconds: nonNegativeInteger,
  documentRoot: Joi.string().default(
@@ -169,12 +171,14 @@ const privateConfigSchema = Joi.object({
  jira_pass: Joi.string(),
  bitbucket_server_username: Joi.string(),
  bitbucket_server_password: Joi.string(),
+  librariesio_tokens: Joi.arrayFromString().items(Joi.string()),
  nexus_user: Joi.string(),
  nexus_pass: Joi.string(),
  npm_token: Joi.string(),
+  obs_user: Joi.string(),
+  obs_pass: Joi.string(),
  redis_url: Joi.string().uri({ scheme: ['redis', 'rediss'] }),
  sentry_dsn: Joi.string(),
-  shields_secret: Joi.string(),
  sl_insight_userUuid: Joi.string(),
  sl_insight_apiToken: Joi.string(),
  sonarqube_token: Joi.string(),
@@ -239,6 +243,10 @@ class Server {
      private: privateConfig,
    })

+    this.librariesioConstellation = new LibrariesIoConstellation({
+      private: privateConfig,
+    })
+
    if (publicConfig.metrics.prometheus.enabled) {
      this.metricInstance = new PrometheusMetrics()
      if (publicConfig.metrics.influx.enabled) {
@@ -411,14 +419,20 @@ class Server {
  async registerServices() {
    const { config, camp, metricInstance } = this
    const { apiProvider: githubApiProvider } = this.githubConstellation
-
+    const { apiProvider: librariesIoApiProvider } =
+      this.librariesioConstellation
    ;(await loadServiceClasses()).forEach(serviceClass =>
      serviceClass.register(
-        { camp, handleRequest, githubApiProvider, metricInstance },
+        {
+          camp,
+          handleRequest,
+          githubApiProvider,
+          librariesIoApiProvider,
+          metricInstance,
+        },
        {
          handleInternalErrors: config.public.handleInternalErrors,
          cacheHeaders: config.public.cacheHeaders,
-          fetchLimitBytes: bytes(config.public.fetchLimit),
          rasterUrl: config.public.rasterUrl,
          private: config.private,
          public: config.public,
@@ -492,6 +506,12 @@ class Server {
    const { apiProvider: githubApiProvider } = this.githubConstellation
    setRoutes(allowedOrigin, githubApiProvider, camp)

+    // https://github.com/badges/shields/issues/3273
+    camp.handle((req, res, next) => {
+      res.setHeader('Access-Control-Allow-Origin', '*')
+      next()
+    })
+
    this.registerErrorHandlers()
    this.registerRedirects()
    await this.registerServices()
@@ -517,7 +537,7 @@ class Server {
  static resetGlobalState() {
    // This state should be migrated to instance state. When possible, do not add new
    // global state.
-    clearRegularUpdateCache()
+    clearResourceCache()
  }

  reset() {
--- a/core/server/server.spec.js
+++ b/core/server/server.spec.js
@@ -64,6 +64,12 @@ describe('The server', function () {
      expect(headers['cache-control']).to.equal('max-age=3600, s-maxage=3600')
    })

+    it('should return cors header for the request', async function () {
+      const { statusCode, headers } = await got(`${baseUrl}npm/v/express.svg`)
+      expect(statusCode).to.equal(200)
+      expect(headers['access-control-allow-origin']).to.equal('*')
+    })
+
    it('should redirect colorscheme PNG badges as configured', async function () {
      const { statusCode, headers } = await got(
        `${baseUrl}:fruit-apple-green.png`,
@@ -87,12 +93,28 @@ describe('The server', function () {
      )
    })

-    it('should produce json badges', async function () {
+    it('should produce SVG badges with expected headers', async function () {
+      const { statusCode, headers } = await got(
+        `${baseUrl}:fruit-apple-green.svg`
+      )
+      expect(statusCode).to.equal(200)
+      expect(headers['content-type']).to.equal('image/svg+xml;charset=utf-8')
+      expect(headers['content-length']).to.equal('1130')
+    })
+
+    it('correctly calculates the content-length header for multi-byte unicode characters', async function () {
+      const { headers } = await got(`${baseUrl}:fruit-apple🍏-green.json`)
+      expect(headers['content-length']).to.equal('100')
+    })
+
+    it('should produce JSON badges with expected headers', async function () {
      const { statusCode, body, headers } = await got(
-        `${baseUrl}twitter/follow/_Pyves.json`
+        `${baseUrl}:fruit-apple-green.json`
      )
      expect(statusCode).to.equal(200)
      expect(headers['content-type']).to.equal('application/json')
+      expect(headers['access-control-allow-origin']).to.equal('*')
+      expect(headers['content-length']).to.equal('92')
      expect(() => JSON.parse(body)).not.to.throw()
    })

@@ -185,6 +207,12 @@ describe('The server', function () {
        .and.to.include('410')
        .and.to.include('jpg no longer available')
    })
+
+    it('should return cors header for the request', async function () {
+      const { statusCode, headers } = await got(`${baseUrl}npm/v/express.svg`)
+      expect(statusCode).to.equal(200)
+      expect(headers['access-control-allow-origin']).to.equal('*')
+    })
  })

  context('`requireCloudflare` is enabled', function () {
--- a/core/service-test-runner/icedfrisby-shields.js
+++ b/core/service-test-runner/icedfrisby-shields.js
@@ -49,14 +49,29 @@ const factory = superclass =>
      return this
    }

-    expectBadge({ label, message, logoWidth, labelColor, color, link }) {
+    expectBadge(badge) {
+      const expectedKeys = [
+        'label',
+        'message',
+        'logoWidth',
+        'labelColor',
+        'color',
+        'link',
+      ]
+
+      for (const key of Object.keys(badge)) {
+        if (!expectedKeys.includes(key)) {
+          throw new Error(`Found unexpected object key '${key}'`)
+        }
+      }
+
      return this.afterJSON(json => {
-        this.constructor._expectField(json, 'label', label)
-        this.constructor._expectField(json, 'message', message)
-        this.constructor._expectField(json, 'logoWidth', logoWidth)
-        this.constructor._expectField(json, 'labelColor', labelColor)
-        this.constructor._expectField(json, 'color', color)
-        this.constructor._expectField(json, 'link', link)
+        this.constructor._expectField(json, 'label', badge.label)
+        this.constructor._expectField(json, 'message', badge.message)
+        this.constructor._expectField(json, 'logoWidth', badge.logoWidth)
+        this.constructor._expectField(json, 'labelColor', badge.labelColor)
+        this.constructor._expectField(json, 'color', badge.color)
+        this.constructor._expectField(json, 'link', badge.link)
      })
    }

--- a/core/token-pooling/token-pool.js
+++ b/core/token-pooling/token-pool.js
@@ -80,6 +80,10 @@ class Token {
    return this.usesRemaining <= 0 && !this.hasReset
  }

+  get decrementedUsesRemaining() {
+    return this._usesRemaining - 1
+  }
+
  /**
   * Update the uses remaining and next reset time for a token.
   *
@@ -328,29 +332,6 @@ class TokenPool {
    this.fifoQueue.forEach(visit)
    this.priorityQueue.forEach(visit)
  }
-
-  allValidTokenIds() {
-    const result = []
-    this.forEach(({ id }) => result.push(id))
-    return result
-  }
-
-  serializeDebugInfo({ sanitize = true } = {}) {
-    const maybeSanitize = sanitize ? id => sanitizeToken(id) : id => id
-
-    const priorityQueue = []
-    this.priorityQueue.forEach(t =>
-      priorityQueue.push(t.getDebugInfo({ sanitize }))
-    )
-
-    return {
-      utcEpochSeconds: getUtcEpochSeconds(),
-      allValidTokenIds: this.allValidTokenIds().map(maybeSanitize),
-      fifoQueue: this.fifoQueue.map(t => t.getDebugInfo({ sanitize })),
-      priorityQueue,
-      sanitized: sanitize,
-    }
-  }
 }

 export { sanitizeToken, Token, TokenPool }
--- a/core/token-pooling/token-pool.spec.js
+++ b/core/token-pooling/token-pool.spec.js
@@ -19,10 +19,6 @@ describe('The token pool', function () {
    ids.forEach(id => tokenPool.add(id))
  })

-  it('allValidTokenIds() should return the full list', function () {
-    expect(tokenPool.allValidTokenIds()).to.deep.equal(ids)
-  })
-
  it('should yield the expected tokens', function () {
    ids.forEach(id =>
      times(batchSize, () => expect(tokenPool.next().id).to.equal(id))
@@ -38,67 +34,6 @@ describe('The token pool', function () {
    )
  })

-  describe('serializeDebugInfo should initially return the expected', function () {
-    beforeEach(function () {
-      sinon.useFakeTimers({ now: 1544307744484 })
-    })
-
-    afterEach(function () {
-      sinon.restore()
-    })
-
-    context('sanitize is not specified', function () {
-      it('returns fully sanitized results', function () {
-        // This is `sha()` of '1', '2', '3', '4', '5'. These are written
-        // literally for avoidance of doubt as to whether sanitization is
-        // happening.
-        const sanitizedIds = [
-          '6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b',
-          'd4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35',
-          '4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce',
-          '4b227777d4dd1fc61c6f884f48641d02b4d121d3fd328cb08b5531fcacdabf8a',
-          'ef2d127de37b942baad06145e54b0c619a1f22327b2ebbcfbec78f5564afe39d',
-        ]
-
-        expect(tokenPool.serializeDebugInfo()).to.deep.equal({
-          allValidTokenIds: sanitizedIds,
-          priorityQueue: [],
-          fifoQueue: sanitizedIds.map(id => ({
-            data: '[redacted]',
-            id,
-            isFrozen: false,
-            isValid: true,
-            nextReset: Token.nextResetNever,
-            usesRemaining: batchSize,
-          })),
-          sanitized: true,
-          utcEpochSeconds: 1544307744,
-        })
-      })
-    })
-
-    context('with sanitize: false', function () {
-      it('returns unsanitized results', function () {
-        expect(tokenPool.serializeDebugInfo({ sanitize: false })).to.deep.equal(
-          {
-            allValidTokenIds: ids,
-            priorityQueue: [],
-            fifoQueue: ids.map(id => ({
-              data: undefined,
-              id,
-              isFrozen: false,
-              isValid: true,
-              nextReset: Token.nextResetNever,
-              usesRemaining: batchSize,
-            })),
-            sanitized: false,
-            utcEpochSeconds: 1544307744,
-          }
-        )
-      })
-    })
-  })
-
  context('tokens are marked exhausted immediately', function () {
    it('should be exhausted', function () {
      ids.forEach(() => {
--- a/doc/TUTORIAL.md
+++ b/doc/TUTORIAL.md
@@ -25,7 +25,7 @@ and learn about the [GitHub workflow](http://try.github.io/).

 #### Node, NPM

-Node >=14 and NPM >=7 is required. If you don't already have them,
+Node >=16 and NPM >=7 is required. If you don't already have them,
 install node and npm: https://nodejs.org/en/download/

 ### Setup a dev install
@@ -228,14 +228,14 @@ Description of the code:
 9. Working our way upward, the `async fetch()` method is responsible for calling an API endpoint to get data. Extending `BaseJsonService` gives us the helper function `_requestJson()`. Note here that we pass the schema we defined in step 4 as an argument. `_requestJson()` will deal with validating the response against the schema and throwing an error if necessary.

   - `_requestJson()` automatically adds an Accept header, checks the status code, parses the response as JSON, and returns the parsed response.
-   - `_requestJson()` uses [request](https://github.com/request/request) to perform the HTTP request. Options can be passed to request, including method, query string, and headers. If headers are provided they will override the ones automatically set by `_requestJson()`. There is no need to specify json, as the JSON parsing is handled by `_requestJson()`. See the `request` docs for [supported options](https://github.com/request/request#requestoptions-callback).
+   - `_requestJson()` uses [got](https://github.com/sindresorhus/got) to perform the HTTP request. Options can be passed to got, including method, query string, and headers. If headers are provided they will override the ones automatically set by `_requestJson()`. There is no need to specify json, as the JSON parsing is handled by `_requestJson()`. See the `got` docs for [supported options](https://github.com/sindresorhus/got/blob/main/documentation/2-options.md).
   - Error messages corresponding to each status code can be returned by passing a dictionary of status codes -> messages in `errorMessages`.
   - A more complex call to `_requestJson()` might look like this:
     ```js
     return this._requestJson({
       schema: mySchema,
       url,
-       options: { qs: { branch: 'master' } },
+       options: { searchParams: { branch: 'master' } },
       errorMessages: {
         401: 'private application not supported',
         404: 'application not found',
--- a/doc/adding-new-config-values.md
+++ b/doc/adding-new-config-values.md
@@ -0,0 +1,22 @@
+# Adding New Config Values
+
+The Badge Server supports a [variety of methods for defining configuration settings and secrets](./server-secrets.md), and provides a framework for loading those values during bootstrapping.
+
+Any new configuration setting or secret must be correctly registered so that it will be loaded at startup along with the others.
+
+This generally includes adding the corresponding information for your new setting(s)/secret(s) to the following locations:
+
+- [core/server/server.js](https://github.com/badges/shields/blob/master/core/server/server.js) - Add the new values to the [schemas](https://github.com/badges/shields/blob/master/core/server/server.js#L118-L193). Secrets/tokens/etc. should go in the `privateConfigSchema` while non-secret configuration settings should go in the `publicConfigSchema`.
+- [config/custom-environment-variables.yml](https://github.com/badges/shields/blob/master/config/custom-environment-variables.yml)
+- [docs/server-secrets.md](https://github.com/badges/shields/blob/master/doc/server-secrets.md) (only applicable for secrets)
+- [config/default.yml](https://github.com/badges/shields/blob/master/config/default.yml) (optional)
+- Any other template config files (e.g. `config/local.template.yml`) (optional)
+
+The exact values needed will depend on what type of secret/setting you are adding, but for reference a few commits are included below which added secrets and or settings:
+
+- (secret) [8a9efb2fc99f97e78ab133c836ab1685803bf4df](https://github.com/badges/shields/commit/8a9efb2fc99f97e78ab133c836ab1685803bf4df)
+- (secret) [bd6f4ee1465d14a8f188c37823748a21b6a46762](https://github.com/badges/shields/commit/bd6f4ee1465d14a8f188c37823748a21b6a46762)
+- (secret) [0fd557d7bb623e3852c92cebac586d5f6d6d89d8](https://github.com/badges/shields/commit/0fd557d7bb623e3852c92cebac586d5f6d6d89d8)
+- (configuration setting) [b1fc4925928c061234e9492f3794c0797467e123](https://github.com/badges/shields/commit/b1fc4925928c061234e9492f3794c0797467e123)
+
+Don't hesitate to reach out if you're unsure of the exact values needed for your new secret/setting, or have any other questions. Feel free to post questions on your corresponding Issue/Pull Request, and/or ping us on the `contributing` channel on our Discord server.
--- a/doc/code-walkthrough.md
+++ b/doc/code-walkthrough.md
@@ -96,7 +96,7 @@ test this kind of logic through unit tests (e.g. of `render()` and
    is created in a legacy helper function in
    [`legacy-request-handler.js`][legacy-request-handler]. This callback
    delegates to a callback in `BaseService.register` with four different
-    parameters `( queryParams, match, sendBadge, request )`, which
+    parameters `( queryParams, match, sendBadge )`, which
    then runs `BaseService.invoke`. `BaseService.invoke` instantiates the
    service and runs `BaseService#handle`.

@@ -129,12 +129,12 @@ test this kind of logic through unit tests (e.g. of `render()` and
    handle unresponsive service code and the next callback is invoked: the
    legacy handler function.
 3.  The legacy handler function receives
-    `( queryParams, match, sendBadge, request )`. Its job is to extract data
-    from the regex `match` and `queryParams`, invoke `request` to fetch
-    whatever data it needs, and then invoke `sendBadge` with the result.
+    `( queryParams, match, sendBadge )`. Its job is to extract data
+    from the regex `match` and `queryParams`, and then invoke `sendBadge`
+    with the result.
 4.  The implementation of this function is in `BaseService.register`. It
    works by running `BaseService.invoke`, which instantiates the service,
-    injects more dependencies, and invokes `BaseService#handle` which is
+    injects more dependencies, and invokes `BaseService.handle` which is
    implemented by the service subclass.
 5.  The job of `handle()`, which should be implemented by each service
    subclass, is to return an object which partially describes a badge or
--- a/doc/deprecating-badges.md
+++ b/doc/deprecating-badges.md
@@ -94,6 +94,8 @@ Here is a listing of all deleted badges that were once part of the Shields.io se
 - Cauditor
 - CocoaPods Apps
 - CocoaPods Downloads
+- Codetally
+- continuousphp
 - Coverity
 - Dockbit
 - Dotnet Status
--- a/doc/production-hosting.md
+++ b/doc/production-hosting.md
@@ -16,14 +16,12 @@ Production hosting is managed by the Shields ops team:

 | Component                     | Subcomponent                    | People with access                                              |
 | ----------------------------- | ------------------------------- | --------------------------------------------------------------- |
-| shields-production-us         | Account owner                   | @paulmelnikow                                                   |
+| shields-production-us         | Account owner                   | @calebcartwright, @paulmelnikow                                 |
 | shields-production-us         | Full access                     | @calebcartwright, @chris48s, @paulmelnikow, @pyvesb             |
 | shields-production-us         | Access management               | @calebcartwright, @chris48s, @paulmelnikow, @pyvesb             |
 | Compose.io Redis              | Account owner                   | @paulmelnikow                                                   |
 | Compose.io Redis              | Account access                  | @paulmelnikow                                                   |
 | Compose.io Redis              | Database connection credentials | @calebcartwright, @chris48s, @paulmelnikow, @pyvesb             |
-| Zeit Now                      | Team owner                      | @paulmelnikow                                                   |
-| Zeit Now                      | Team members                    | @paulmelnikow, @chris48s, @calebcartwright, @platan             |
 | Raster server                 | Full access as team members     | @paulmelnikow, @chris48s, @calebcartwright, @platan             |
 | shields-server.com redirector | Full access as team members     | @paulmelnikow, @chris48s, @calebcartwright, @platan             |
 | Cloudflare (CDN)              | Account owner                   | @espadrine                                                      |
@@ -49,11 +47,11 @@ Shields has mercifully little persistent state:
 1. The GitHub tokens we collect are saved on each server in a cloud Redis
   database. They can also be fetched from the [GitHub auth admin endpoint][]
   for debugging.
-2. The server keeps the [regular-update cache][] in memory. It is neither
+2. The server keeps the [resource cache][] in memory. It is neither
   persisted nor inspectable.

 [github auth admin endpoint]: https://github.com/badges/shields/blob/master/services/github/auth/admin.js
-[regular-update cache]: https://github.com/badges/shields/blob/master/core/legacy/regular-update.js
+[resource cache]: https://github.com/badges/shields/blob/master/core/base-service/resource-cache.js

 ## Configuration

@@ -94,11 +92,8 @@ Cloudflare is configured to respect the servers' cache headers.
 ## Raster server

 The raster server `raster.shields.io` (a.k.a. the rasterizing proxy) is
-hosted on [Zeit Now][]. It's managed in the
-[svg-to-image-proxy repo][svg-to-image-proxy].
-
-[zeit now]: https://zeit.co/now
-[svg-to-image-proxy]: https://github.com/badges/svg-to-image-proxy
+hosted on Heroku. It's managed in the
+[squint](https://github.com/badges/squint/) repo.

 ### Heroku Deployment

--- a/doc/releases.md
+++ b/doc/releases.md
@@ -2,7 +2,7 @@

 Shields is a community project that is stewarded by a handful of core maintainers who contribute on a volunteer basis. We do our best to maintain the availability and reliability of the service, and enhance and improve the project overall. However, if you've spotted something wrong or would like to see a specific feature implemented, please consider helping us resolve it by submitting a pull request. All community contributions, even documentation improvements, are welcome!

-https://github.com/badges/shields is a monorepo and hosts the Shields frontend and server code as well as the [badge-maker][npm package] NPM library (and the [badge design specification](https://github.com/badges/shields/tree/master/spec)). The packaging and release processes for these items is described in the respective sections below.
+https://github.com/badges/shields is a monorepo and hosts the Shields frontend and server code as well as the [badge-maker][npm package] NPM library (and the [badge design specification](https://github.com/badges/shields/tree/master/spec)). The packaging and release processes for these items are described in the respective sections below.

 ## badge-maker package

--- a/doc/self-hosting.md
+++ b/doc/self-hosting.md
@@ -4,13 +4,13 @@ This document describes how to host your own shields server either from source o

 ## Installing from Source

-You will need Node 14 or later, which you can install using a
+You will need Node 16 or later, which you can install using a
 [package manager][].

 On Ubuntu / Debian:

 ```sh
-curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -; sudo apt-get install -y nodejs
+curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash -; sudo apt-get install -y nodejs
 ```

 ```sh
@@ -94,20 +94,18 @@ Sending build context to Docker daemon 3.923 MB
 Successfully built 4471b442c220
 ```

-Optionally, create a file called `shields.env` that contains the needed
-configuration. See [server-secrets.md](server-secrets.md) and [config/custom-environment-variables.yml](/config/custom-environment-variables.yml) for examples.
+Optionally, alter the default values for configuration by setting them via [environment variables](https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables--e---env---env-file).
+See [server-secrets.md](server-secrets.md) and [config/custom-environment-variables.yml](/config/custom-environment-variables.yml) for possible values.
+In [config/custom-environment-variables.yml](/config/custom-environment-variables.yml), environment variable names are specified as the quoted, uppercase key values (e.g. `GH_TOKEN`).

-Then run the container:
+Then run the container, and be sure to specify the same mapped port as the one Shields is listening on :

 ```console
-$ docker run --rm -p 8080:80 --name shields shields
-# or if you have shields.env file, run the following instead
-$ docker run --rm -p 8080:80 --env-file shields.env --name shields shields
+$ docker run --rm -p 8080:8080 --env PORT=8080 --name shields shieldsio/shields:next

-> badge-maker@3.0.0 start /usr/src/app
-> node server.js
-
-http://[::1]/
+Configuration:
+...
+0916211515 Server is starting up: http://0.0.0.0:8080/
 ```

 Assuming Docker is running locally, you should be able to get to the
@@ -117,15 +115,11 @@ If you run Docker in a virtual machine (such as boot2docker or Docker Machine)
 then you will need to replace `localhost` with the IP address of that virtual
 machine.

-[shields.example.env]: ../shields.example.env
-
 ## Raster server

 If you want to host PNG badges, you can also self-host a [raster server][]
-which points to your badge server. It's designed as a web function which is
-tested on Zeit Now, though you may be able to run it on AWS Lambda. It's
-built on the [micro][] framework, and comes with a `start` script that allows
-it to run as a standalone Node service.
+which points to your badge server. It's a docker container. We host it on
+Heroku but should be possible to host on a wide variety of platforms.

 - In your raster instance, set `BASE_URL` to your Shields instance, e.g.
  `https://shields.example.co`.
@@ -134,11 +128,9 @@ it to run as a standalone Node service.
  for the legacy raster URLs instead of 404's.

 If anyone has set this up, more documentation on how to do this would be
-welcome! It would also be nice to ship a Docker image that includes a
-preconfigured raster server.
+welcome!

-[raster server]: https://github.com/badges/svg-to-image-proxy
-[micro]: https://github.com/zeit/micro
+[raster server]: https://github.com/badges/squint

 ## Server secrets

--- a/doc/server-secrets.md
+++ b/doc/server-secrets.md
@@ -174,6 +174,24 @@ access to a private Jenkins CI instance.
 Provide a username and password to give your self-hosted Shields installation
 access to a private JIRA instance.

+### Libraries.io/Bower
+
+- `LIBRARIESIO_TOKENS` (yml: `private.librariesio_tokens`)
+
+Note that the Bower badges utilize the Libraries.io API, so use this secret for both Libraries.io badges and/or Bower badges.
+
+Just like the `*_ORIGINS` type secrets, this value can accept a single token as a string, or a group of tokens provided as an array of strings. For example:
+
+```yaml
+private:
+  librariesio_tokens: my-token
+## Or
+private:
+  librariesio_tokens: [my-token some-other-token]
+```
+
+When using the environment variable with multiple tokens, be sure to use a space to separate the tokens, e.g. `LIBRARIESIO_TOKENS="my-token some-other-token"`
+
 ### Nexus

 - `NEXUS_ORIGINS` (yml: `public.services.nexus.authorizedOrigins`)
@@ -193,6 +211,21 @@ installation access to private npm packages

 [npm token]: https://docs.npmjs.com/getting-started/working_with_tokens

+## Open Build Service
+
+- `OBS_USER` (yml: `private.obs_user`)
+- `OBS_PASS` (yml: `private.obs_user`)
+
+Only authenticated users are allowed to access the Open Build Service API.
+Authentication is done by sending a Basic HTTP Authorisation header. A user
+account for the [reference instance](https://build.opensuse.org) is a SUSE
+IdP account, which can be created [here](https://idp-portal.suse.com/univention/self-service/#page=createaccount).
+
+While OBS supports [API tokens](https://openbuildservice.org/help/manuals/obs-user-guide/cha.obs.authorization.token.html#id-1.5.10.16.4),
+they can only be scoped to execute specific actions on a POST request. This
+means however, that an actual account is required to read the build status
+of a package.
+
 ### SymfonyInsight (formerly Sensiolabs)

 - `SL_INSIGHT_USER_UUID` (yml: `private.sl_insight_userUuid`)
--- a/doc/service-tests.md
+++ b/doc/service-tests.md
@@ -254,7 +254,7 @@ By checking code coverage, we can make sure we've covered all our bases.
 We can generate a coverage report and open it:

 ```
-npm run coverage:test:services -- --only=wercker
+npm run coverage:test:services -- -- --only=wercker
 npm run coverage:report:open
 ```

--- a/frontend/components/badge-examples.tsx
+++ b/frontend/components/badge-examples.tsx
@@ -43,9 +43,12 @@ function Example({
  exampleData: RenderableExample
  isBadgeSuggestion: boolean
 }): JSX.Element {
-  function handleClick(): void {
-    onClick(exampleData, isBadgeSuggestion)
-  }
+  const handleClick = React.useCallback(
+    function (): void {
+      onClick(exampleData, isBadgeSuggestion)
+    },
+    [exampleData, isBadgeSuggestion, onClick]
+  )

  let exampleUrl, previewUrl
  if (isBadgeSuggestion) {
--- a/frontend/components/customizer/copied-content-indicator.tsx
+++ b/frontend/components/customizer/copied-content-indicator.tsx
@@ -50,13 +50,16 @@ function _CopiedContentIndicator(
    },
  }))

-  function handlePoseComplete(): void {
-    if (pose === 'effectStart') {
-      setPose('effectEnd')
-    } else {
-      setPose('hidden')
-    }
-  }
+  const handlePoseComplete = React.useCallback(
+    function (): void {
+      if (pose === 'effectStart') {
+        setPose('effectEnd')
+      } else {
+        setPose('hidden')
+      }
+    },
+    [pose, setPose]
+  )

  return (
    <ContentAnchor>
--- a/frontend/components/customizer/customizer.tsx
+++ b/frontend/components/customizer/customizer.tsx
@@ -40,10 +40,13 @@ export default function Customizer({
  const [markup, setMarkup] = useState<string>()
  const [message, setMessage] = useState<string>()

-  function generateBuiltBadgeUrl(): string {
-    const suffix = queryString ? `?${queryString}` : ''
-    return `${baseUrl}${path}${suffix}`
-  }
+  const generateBuiltBadgeUrl = React.useCallback(
+    function (): string {
+      const suffix = queryString ? `?${queryString}` : ''
+      return `${baseUrl}${path}${suffix}`
+    },
+    [baseUrl, path, queryString]
+  )

  function renderLivePreview(): JSX.Element {
    // There are some usability issues here. It would be better if the message
@@ -67,28 +70,31 @@ export default function Customizer({
    )
  }

-  async function copyMarkup(markupFormat: MarkupFormat): Promise<void> {
-    const builtBadgeUrl = generateBuiltBadgeUrl()
-    const markup = generateMarkup({
-      badgeUrl: builtBadgeUrl,
-      link,
-      title,
-      markupFormat,
-    })
+  const copyMarkup = React.useCallback(
+    async function (markupFormat: MarkupFormat): Promise<void> {
+      const builtBadgeUrl = generateBuiltBadgeUrl()
+      const markup = generateMarkup({
+        badgeUrl: builtBadgeUrl,
+        link,
+        title,
+        markupFormat,
+      })
+
+      try {
+        await clipboardCopy(markup)
+      } catch (e) {
+        setMessage('Copy failed')
+        setMarkup(markup)
+        return
+      }

-    try {
-      await clipboardCopy(markup)
-    } catch (e) {
-      setMessage('Copy failed')
      setMarkup(markup)
-      return
-    }
-
-    setMarkup(markup)
-    if (indicatorRef.current) {
-      indicatorRef.current.trigger()
-    }
-  }
+      if (indicatorRef.current) {
+        indicatorRef.current.trigger()
+      }
+    },
+    [generateBuiltBadgeUrl, link, title, setMessage, setMarkup]
+  )

  function renderMarkupAndLivePreview(): JSX.Element {
    return (
@@ -110,26 +116,32 @@ export default function Customizer({
    )
  }

-  function handlePathChange({
-    path,
-    isComplete,
-  }: {
-    path: string
-    isComplete: boolean
-  }): void {
-    setPath(path)
-    setPathIsComplete(isComplete)
-  }
+  const handlePathChange = React.useCallback(
+    function ({
+      path,
+      isComplete,
+    }: {
+      path: string
+      isComplete: boolean
+    }): void {
+      setPath(path)
+      setPathIsComplete(isComplete)
+    },
+    [setPath, setPathIsComplete]
+  )

-  function handleQueryStringChange({
-    queryString,
-    isComplete,
-  }: {
-    queryString: string
-    isComplete: boolean
-  }): void {
-    setQueryString(queryString)
-  }
+  const handleQueryStringChange = React.useCallback(
+    function ({
+      queryString,
+      isComplete,
+    }: {
+      queryString: string
+      isComplete: boolean
+    }): void {
+      setQueryString(queryString)
+    },
+    [setQueryString]
+  )

  return (
    <form action="">
--- a/frontend/components/customizer/path-builder.tsx
+++ b/frontend/components/customizer/path-builder.tsx
@@ -149,14 +149,17 @@ export default function PathBuilder({
    }
  }, [tokens, namedParams, onChange])

-  function handleTokenChange({
-    target: { name, value },
-  }: ChangeEvent<HTMLInputElement | HTMLSelectElement>): void {
-    setNamedParams({
-      ...namedParams,
-      [name]: value,
-    })
-  }
+  const handleTokenChange = React.useCallback(
+    function ({
+      target: { name, value },
+    }: ChangeEvent<HTMLInputElement | HTMLSelectElement>): void {
+      setNamedParams({
+        ...namedParams,
+        [name]: value,
+      })
+    },
+    [setNamedParams, namedParams]
+  )

  function renderLiteral(
    literal: string,
--- a/frontend/components/customizer/query-string-builder.tsx
+++ b/frontend/components/customizer/query-string-builder.tsx
@@ -270,18 +270,24 @@ export default function QueryStringBuilder({
    }, {} as Record<BadgeOptionName, string>)
  )

-  function handleServiceQueryParamChange({
-    target: { name, type: targetType, checked, value },
-  }: ChangeEvent<HTMLInputElement>): void {
-    const outValue = targetType === 'checkbox' ? checked : value
-    setQueryParams({ ...queryParams, [name]: outValue })
-  }
+  const handleServiceQueryParamChange = React.useCallback(
+    function ({
+      target: { name, type: targetType, checked, value },
+    }: ChangeEvent<HTMLInputElement>): void {
+      const outValue = targetType === 'checkbox' ? checked : value
+      setQueryParams({ ...queryParams, [name]: outValue })
+    },
+    [setQueryParams, queryParams]
+  )

-  function handleBadgeOptionChange({
-    target: { name, value },
-  }: ChangeEvent<HTMLInputElement>): void {
-    setBadgeOptions({ ...badgeOptions, [name]: value })
-  }
+  const handleBadgeOptionChange = React.useCallback(
+    function ({
+      target: { name, value },
+    }: ChangeEvent<HTMLInputElement>): void {
+      setBadgeOptions({ ...badgeOptions, [name]: value })
+    },
+    [setBadgeOptions, badgeOptions]
+  )

  useEffect(() => {
    if (onChange) {
--- a/frontend/components/customizer/request-markup-button.tsx
+++ b/frontend/components/customizer/request-markup-button.tsx
@@ -86,24 +86,30 @@ export default function GetMarkupButton({
    Select<Option>
  >

-  async function onControlMouseDown(event: MouseEvent): Promise<void> {
-    if (onMarkupRequested) {
-      await onMarkupRequested('link')
-    }
-    if (selectRef.current) {
-      selectRef.current.blur()
-    }
-  }
+  const onControlMouseDown = React.useCallback(
+    async function (event: MouseEvent): Promise<void> {
+      if (onMarkupRequested) {
+        await onMarkupRequested('link')
+      }
+      if (selectRef.current) {
+        selectRef.current.blur()
+      }
+    },
+    [onMarkupRequested, selectRef]
+  )

-  async function onOptionClick(
-    // Eeesh.
-    value: Option | readonly Option[] | null | undefined
-  ): Promise<void> {
-    const { value: markupFormat } = value as Option
-    if (onMarkupRequested) {
-      await onMarkupRequested(markupFormat)
-    }
-  }
+  const onOptionClick = React.useCallback(
+    async function onOptionClick(
+      // Eeesh.
+      value: Option | readonly Option[] | null | undefined
+    ): Promise<void> {
+      const { value: markupFormat } = value as Option
+      if (onMarkupRequested) {
+        await onMarkupRequested(markupFormat)
+      }
+    },
+    [onMarkupRequested]
+  )

  return (
    // TODO It doesn't seem to be possible to check the types and wrap with
--- a/frontend/components/dynamic-badge-maker.tsx
+++ b/frontend/components/dynamic-badge-maker.tsx
@@ -44,33 +44,39 @@ export default function DynamicBadgeMaker({
  const isValid =
    values.datatype && values.label && values.dataUrl && values.query

-  function onChange({
-    target: { name, value },
-  }: ChangeEvent<HTMLInputElement | HTMLSelectElement>): void {
-    setValues({
-      ...values,
-      [name]: value,
-    })
-  }
+  const onChange = React.useCallback(
+    function ({
+      target: { name, value },
+    }: ChangeEvent<HTMLInputElement | HTMLSelectElement>): void {
+      setValues({
+        ...values,
+        [name]: value,
+      })
+    },
+    [values]
+  )

-  function onSubmit(e: React.FormEvent): void {
-    e.preventDefault()
+  const onSubmit = React.useCallback(
+    function onSubmit(e: React.FormEvent): void {
+      e.preventDefault()

-    const { datatype, label, dataUrl, query, color, prefix, suffix } = values
-    window.open(
-      dynamicBadgeUrl({
-        baseUrl,
-        datatype,
-        label,
-        dataUrl,
-        query,
-        color,
-        prefix,
-        suffix,
-      }),
-      '_blank'
-    )
-  }
+      const { datatype, label, dataUrl, query, color, prefix, suffix } = values
+      window.open(
+        dynamicBadgeUrl({
+          baseUrl,
+          datatype,
+          label,
+          dataUrl,
+          query,
+          color,
+          prefix,
+          suffix,
+        }),
+        '_blank'
+      )
+    },
+    [baseUrl, values]
+  )

  return (
    <form onSubmit={onSubmit}>
--- a/frontend/components/main.tsx
+++ b/frontend/components/main.tsx
@@ -54,24 +54,28 @@ export default function Main({
  const searchTimeout = useRef(0)
  const baseUrl = getBaseUrl()

-  function performSearch(query: string): void {
-    setSearchIsInProgress(false)
+  const performSearch = React.useCallback(
+    function (query: string): void {
+      setSearchIsInProgress(false)

-    setQueryIsTooShort(query.length === 1)
+      setQueryIsTooShort(query.length === 1)

-    if (query.length >= 2) {
-      const flat = ServiceDefinitionSetHelper.create(services)
-        .notDeprecated()
-        .search(query)
-        .toArray()
-      setSearchResults(groupBy(flat, 'category'))
-    } else {
-      setSearchResults(undefined)
-    }
-  }
+      if (query.length >= 2) {
+        const flat = ServiceDefinitionSetHelper.create(services)
+          .notDeprecated()
+          .search(query)
+          .toArray()
+        setSearchResults(groupBy(flat, 'category'))
+      } else {
+        setSearchResults(undefined)
+      }
+    },
+    [setSearchIsInProgress, setQueryIsTooShort, setSearchResults]
+  )

-  function searchQueryChanged(query: string): void {
-    /*
+  const searchQueryChanged = React.useCallback(
+    function (query: string): void {
+      /*
    Add a small delay before showing search results
    so that we wait until the user has stopped typing
    before we start loading stuff.
@@ -81,22 +85,27 @@ export default function Main({
    b) stops the page from 'flashing' as the user types, like this:
    https://user-images.githubusercontent.com/7288322/42600206-9b278470-85b5-11e8-9f63-eb4a0c31cb4a.gif
    */
-    setSearchIsInProgress(true)
-    window.clearTimeout(searchTimeout.current)
-    searchTimeout.current = window.setTimeout(() => performSearch(query), 500)
-  }
+      setSearchIsInProgress(true)
+      window.clearTimeout(searchTimeout.current)
+      searchTimeout.current = window.setTimeout(() => performSearch(query), 500)
+    },
+    [setSearchIsInProgress, performSearch]
+  )

-  function exampleClicked(
-    example: RenderableExample,
-    isSuggestion: boolean
-  ): void {
-    setSelectedExample(example)
-    setSelectedExampleIsSuggestion(isSuggestion)
-  }
+  const exampleClicked = React.useCallback(
+    function (example: RenderableExample, isSuggestion: boolean): void {
+      setSelectedExample(example)
+      setSelectedExampleIsSuggestion(isSuggestion)
+    },
+    [setSelectedExample, setSelectedExampleIsSuggestion]
+  )

-  function dismissMarkupModal(): void {
-    setSelectedExample(undefined)
-  }
+  const dismissMarkupModal = React.useCallback(
+    function (): void {
+      setSelectedExample(undefined)
+    },
+    [setSelectedExample]
+  )

  function Category({
    category,
--- a/frontend/components/static-badge-maker.tsx
+++ b/frontend/components/static-badge-maker.tsx
@@ -18,21 +18,27 @@ export default function StaticBadgeMaker({

  const isValid = values.message && values.color

-  function onChange({
-    target: { name, value },
-  }: ChangeEvent<HTMLInputElement | HTMLSelectElement>): void {
-    setValues({
-      ...values,
-      [name]: value,
-    })
-  }
+  const onChange = React.useCallback(
+    function onChange({
+      target: { name, value },
+    }: ChangeEvent<HTMLInputElement | HTMLSelectElement>): void {
+      setValues({
+        ...values,
+        [name]: value,
+      })
+    },
+    [setValues, values]
+  )

-  function onSubmit(e: React.FormEvent): void {
-    e.preventDefault()
+  const onSubmit = React.useCallback(
+    function (e: React.FormEvent): void {
+      e.preventDefault()

-    const { label, message, color } = values
-    window.open(staticBadgeUrl({ baseUrl, label, message, color }), '_blank')
-  }
+      const { label, message, color } = values
+      window.open(staticBadgeUrl({ baseUrl, label, message, color }), '_blank')
+    },
+    [baseUrl, values]
+  )

  return (
    <form onSubmit={onSubmit}>
--- a/frontend/components/suggestion-and-search.tsx
+++ b/frontend/components/suggestion-and-search.tsx
@@ -41,41 +41,47 @@ export default function SuggestionAndSearch({
  const [projectUrl, setProjectUrl] = useState<string>()
  const [suggestions, setSuggestions] = useState<SuggestionItem[]>([])

-  function onQueryChanged({
-    target: { value: query },
-  }: ChangeEvent<HTMLInputElement>): void {
-    const isUrl = query.startsWith('https://') || query.startsWith('http://')
-    setIsUrl(isUrl)
-    setProjectUrl(isUrl ? query : undefined)
+  const onQueryChanged = React.useCallback(
+    function ({
+      target: { value: query },
+    }: ChangeEvent<HTMLInputElement>): void {
+      const isUrl = query.startsWith('https://') || query.startsWith('http://')
+      setIsUrl(isUrl)
+      setProjectUrl(isUrl ? query : undefined)

-    queryChangedDebounced.current(query)
-  }
+      queryChangedDebounced.current(query)
+    },
+    [setIsUrl, setProjectUrl, queryChangedDebounced]
+  )

-  async function getSuggestions(): Promise<void> {
-    if (!projectUrl) {
-      setSuggestions([])
-      return
-    }
+  const getSuggestions = React.useCallback(
+    async function (): Promise<void> {
+      if (!projectUrl) {
+        setSuggestions([])
+        return
+      }

-    setInProgress(true)
+      setInProgress(true)

-    const fetch = window.fetch || fetchPonyfill
-    const res = await fetch(
-      `${baseUrl}/$suggest/v1?url=${encodeURIComponent(projectUrl)}`
-    )
-    let suggestions = [] as SuggestionItem[]
-    try {
-      const json = (await res.json()) as SuggestionResponse
-      // This doesn't validate the response. The default value here prevents
-      // a crash if the server returns {"err":"Disallowed"}.
-      suggestions = json.suggestions || []
-    } catch (e) {
-      suggestions = []
-    }
+      const fetch = window.fetch || fetchPonyfill
+      const res = await fetch(
+        `${baseUrl}/$suggest/v1?url=${encodeURIComponent(projectUrl)}`
+      )
+      let suggestions = [] as SuggestionItem[]
+      try {
+        const json = (await res.json()) as SuggestionResponse
+        // This doesn't validate the response. The default value here prevents
+        // a crash if the server returns {"err":"Disallowed"}.
+        suggestions = json.suggestions || []
+      } catch (e) {
+        suggestions = []
+      }

-    setInProgress(false)
-    setSuggestions(suggestions)
-  }
+      setInProgress(false)
+      setSuggestions(suggestions)
+    },
+    [setSuggestions, setInProgress, baseUrl, projectUrl]
+  )

  function renderSuggestions(): JSX.Element | null {
    if (suggestions.length === 0) {
@@ -105,6 +111,8 @@ export default function SuggestionAndSearch({
    )
  }

+  // TODO: Warning: A future version of React will block javascript: URLs as a security precaution
+  // how else to do this?
  return (
    <section>
      <form action="javascript:void 0" autoComplete="off">
--- a/frontend/constants.ts
+++ b/frontend/constants.ts
@@ -21,11 +21,14 @@ export function getBaseUrl(): string {
  https://img.shields.io/
  */
  try {
-    const { protocol, hostname } = window.location
+    const { protocol, hostname, port } = window.location
    if (['shields.io', 'www.shields.io'].includes(hostname)) {
      return 'https://img.shields.io'
    }
-    return `${protocol}//${hostname}`
+    if (!port) {
+      return `${protocol}//${hostname}`
+    }
+    return `${protocol}//${hostname}:${port}`
  } catch (e) {
    // server-side rendering
    return ''
--- a/frontend/pages/community.tsx
+++ b/frontend/pages/community.tsx
@@ -5,7 +5,6 @@ import Meta from '../components/meta'
 import Header from '../components/header'
 import Footer from '../components/footer'
 import { BaseFont, GlobalStyle, H3 } from '../components/common'
-import Heroku from '../../static/images/heroku-logotype-horizontal-purple.svg'
 import NodePing from '../../static/images/nodeping.svg'
 import Sentry from '../../static/images/sentry-logo-black.svg'
 const MainContainer = styled(BaseFont)`
@@ -43,11 +42,6 @@ export default function SponsorsPage(): JSX.Element {
        ❤️ These companies help us by donating their services to shields:
        <ul style={{ listStyleType: 'none' }}>
          <SponsorItems>
-            <li>
-              <a href="https://www.heroku.com/">
-                <Heroku alt="heroku_logo" height={120} />
-              </a>
-            </li>
            <li>
              <a href="https://nodeping.com/">
                <NodePing alt="nodeping_logo" height={60} />
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -12,8 +12,7 @@
  ],
  "homepage": "https://shields.io",
  "bugs": {
-    "url": "https://github.com/badges/shields/issues",
-    "email": "thaddee.tyl@gmail.com"
+    "url": "https://github.com/badges/shields/issues"
  },
  "license": "CC0-1.0",
  "author": "Thaddée Tyl <thaddee.tyl@gmail.com>",
@@ -22,29 +21,29 @@
    "url": "https://github.com/badges/shields"
  },
  "dependencies": {
-    "@fontsource/lato": "^4.5.0",
-    "@fontsource/lekton": "^4.5.0",
-    "@sentry/node": "^6.12.0",
+    "@fontsource/lato": "^4.5.2",
+    "@fontsource/lekton": "^4.5.3",
+    "@sentry/node": "^6.18.0",
    "@shields_io/camp": "^18.1.1",
    "badge-maker": "file:badge-maker",
-    "bytes": "^3.1.0",
-    "camelcase": "^6.2.0",
-    "chalk": "^4.1.2",
-    "check-node-version": "^4.1.0",
+    "bytes": "^3.1.2",
+    "camelcase": "^6.3.0",
+    "chalk": "^5.0.0",
+    "check-node-version": "^4.2.1",
    "cloudflare-middleware": "^1.0.4",
-    "config": "^3.3.6",
+    "config": "^3.3.7",
    "cross-env": "^7.0.3",
-    "decamelize": "^5.0.0",
+    "decamelize": "^3.2.0",
    "emojic": "^1.1.16",
    "escape-string-regexp": "^4.0.0",
-    "fast-xml-parser": "^3.20.0",
-    "glob": "^7.1.7",
+    "fast-xml-parser": "^4.0.3",
+    "glob": "^7.2.0",
    "global-agent": "^3.0.0",
-    "got": "11.8.2",
-    "graphql": "^15.5.3",
-    "graphql-tag": "^2.12.5",
-    "ioredis": "4.27.9",
-    "joi": "17.4.2",
+    "got": "^12.0.1",
+    "graphql": "^15.6.1",
+    "graphql-tag": "^2.12.6",
+    "ioredis": "4.28.5",
+    "joi": "17.6.0",
    "joi-extension-semver": "5.0.0",
    "js-yaml": "^4.1.0",
    "jsonpath": "~1.1.1",
@@ -53,17 +52,16 @@
    "lodash.times": "^4.3.2",
    "moment": "^2.29.1",
    "node-env-flag": "^0.1.0",
-    "parse-link-header": "^1.0.1",
+    "parse-link-header": "^2.0.0",
    "path-to-regexp": "^6.2.0",
-    "pretty-bytes": "^5.6.0",
+    "pretty-bytes": "^6.0.0",
    "priorityqueuejs": "^2.0.0",
-    "prom-client": "^13.2.0",
-    "qs": "^6.10.1",
-    "query-string": "^7.0.1",
-    "request": "~2.88.2",
+    "prom-client": "^14.0.1",
+    "qs": "^6.10.3",
+    "query-string": "^7.1.1",
    "semver": "~7.3.5",
-    "simple-icons": "5.14.0",
-    "webextension-store-meta": "^1.0.4",
+    "simple-icons": "6.11.0",
+    "webextension-store-meta": "^1.0.5",
    "xmldom": "~0.6.0",
    "xpath": "~0.0.32"
  },
@@ -99,7 +97,7 @@
    "test": "run-s --silent --continue-on-error lint test:frontend test:package test:core test:entrypoint check-types:package check-types:frontend prettier:check",
    "check-types:package": "tsd badge-maker",
    "check-types:frontend": "tsc --noEmit --project .",
-    "depcheck": "check-node-version --node \">= 14.0\"",
+    "depcheck": "check-node-version --node \">= 16.0\"",
    "prebuild": "run-s --silent depcheck",
    "features": "node scripts/export-supported-features-cli.js > ./frontend/supported-features.json",
    "defs": "node scripts/export-service-definitions-cli.js > ./frontend/service-definitions.yml",
@@ -142,118 +140,110 @@
    ]
  },
  "devDependencies": {
-    "@babel/core": "^7.15.5",
+    "@babel/core": "^7.17.5",
    "@babel/polyfill": "^7.12.1",
-    "@babel/register": "7.15.3",
+    "@babel/register": "7.17.0",
+    "@istanbuljs/schema": "^0.1.3",
    "@mapbox/react-click-to-select": "^2.2.1",
-    "@types/chai": "^4.2.21",
+    "@types/chai": "^4.3.0",
    "@types/lodash.debounce": "^4.0.6",
    "@types/lodash.groupby": "^4.6.6",
-    "@types/mocha": "^9.0.0",
+    "@types/mocha": "^9.1.0",
    "@types/node": "^16.7.10",
-    "@types/react-helmet": "^6.1.2",
-    "@types/react-modal": "^3.12.1",
+    "@types/react-helmet": "^6.1.5",
+    "@types/react-modal": "^3.13.1",
    "@types/react-select": "^4.0.17",
-    "@types/styled-components": "5.1.14",
-    "@typescript-eslint/eslint-plugin": "^4.31.0",
-    "@typescript-eslint/parser": "^4.30.0",
+    "@types/styled-components": "5.1.23",
+    "@typescript-eslint/eslint-plugin": "^5.12.1",
+    "@typescript-eslint/parser": "^5.10.0",
    "babel-plugin-inline-react-svg": "^2.0.1",
-    "babel-plugin-istanbul": "^6.0.0",
-    "babel-preset-gatsby": "^1.13.0",
-    "c8": "^7.9.0",
+    "babel-preset-gatsby": "^2.5.1",
+    "c8": "^7.11.0",
    "caller": "^1.0.1",
-    "chai": "^4.3.4",
+    "chai": "^4.3.6",
    "chai-as-promised": "^7.1.1",
    "chai-datetime": "^1.8.0",
    "chai-string": "^1.4.0",
    "child-process-promise": "^2.2.1",
    "clipboard-copy": "^4.0.1",
-    "concurrently": "^6.2.1",
-    "cypress": "^8.4.0",
-    "danger": "^10.6.6",
+    "concurrently": "^7.0.0",
+    "cypress": "^9.5.0",
+    "danger": "^11.0.2",
    "danger-plugin-no-test-shortcuts": "^2.0.0",
    "deepmerge": "^4.2.2",
    "eslint": "^7.32.0",
-    "eslint-config-prettier": "^8.3.0",
+    "eslint-config-prettier": "^8.4.0",
    "eslint-config-standard": "^16.0.3",
    "eslint-config-standard-jsx": "^10.0.0",
    "eslint-config-standard-react": "^11.0.1",
    "eslint-plugin-chai-friendly": "^0.7.2",
    "eslint-plugin-cypress": "^2.12.1",
-    "eslint-plugin-import": "^2.24.2",
-    "eslint-plugin-jsdoc": "^36.1.0",
-    "eslint-plugin-mocha": "^9.0.0",
+    "eslint-plugin-import": "^2.25.4",
+    "eslint-plugin-jsdoc": "^37.9.4",
+    "eslint-plugin-mocha": "^10.0.3",
    "eslint-plugin-no-extension-in-require": "^0.2.0",
    "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-promise": "^5.1.0",
-    "eslint-plugin-react": "^7.24.0",
-    "eslint-plugin-react-hooks": "^4.2.0",
-    "eslint-plugin-sort-class-members": "^1.11.0",
+    "eslint-plugin-promise": "^6.0.0",
+    "eslint-plugin-react": "^7.29.1",
+    "eslint-plugin-react-hooks": "^4.3.0",
+    "eslint-plugin-sort-class-members": "^1.14.1",
    "fetch-ponyfill": "^7.1.0",
    "form-data": "^4.0.0",
-    "gatsby": "3.13.1",
-    "gatsby-plugin-catch-links": "^3.13.0",
-    "gatsby-plugin-page-creator": "^3.13.0",
-    "gatsby-plugin-react-helmet": "^4.13.0",
-    "gatsby-plugin-remove-trailing-slashes": "^3.13.0",
-    "gatsby-plugin-styled-components": "^4.13.0",
-    "gatsby-plugin-typescript": "^3.2.0",
+    "gatsby": "4.6.2",
+    "gatsby-plugin-catch-links": "^4.5.0",
+    "gatsby-plugin-page-creator": "^4.7.0",
+    "gatsby-plugin-react-helmet": "^5.2.0",
+    "gatsby-plugin-remove-trailing-slashes": "^4.7.0",
+    "gatsby-plugin-styled-components": "^5.2.0",
+    "gatsby-plugin-typescript": "^4.2.0",
    "humanize-string": "^2.1.0",
    "icedfrisby": "4.0.0",
    "icedfrisby-nock": "^2.1.0",
-    "is-svg": "^4.3.1",
+    "is-svg": "^4.3.2",
    "js-yaml-loader": "^1.2.2",
-    "jsdoc": "^3.6.7",
-    "lint-staged": "^11.1.2",
+    "jsdoc": "^3.6.10",
+    "lint-staged": "^12.3.4",
    "lodash.debounce": "^4.0.8",
    "lodash.difference": "^4.5.0",
    "minimist": "^1.2.5",
-    "mocha": "^9.1.1",
+    "mocha": "^9.2.1",
    "mocha-env-reporter": "^4.0.0",
-    "mocha-junit-reporter": "^2.0.0",
+    "mocha-junit-reporter": "^2.0.2",
    "mocha-yaml-loader": "^1.0.3",
-    "nock": "13.1.3",
-    "node-mocks-http": "^1.10.1",
-    "nodemon": "^2.0.12",
+    "nock": "13.2.4",
+    "node-mocks-http": "^1.11.0",
+    "nodemon": "^2.0.15",
    "npm-run-all": "^4.1.5",
    "open-cli": "^7.0.1",
    "portfinder": "^1.0.28",
-    "prettier": "2.4.1",
+    "prettier": "2.5.1",
    "react": "^17.0.2",
    "react-dom": "^17.0.2",
-    "react-error-overlay": "^6.0.9",
+    "react-error-overlay": "^6.0.10",
    "react-helmet": "^6.1.0",
-    "react-modal": "^3.14.3",
+    "react-modal": "^3.14.4",
    "react-pose": "^4.0.10",
    "react-select": "^4.3.1",
    "read-all-stdin-sync": "^1.0.5",
    "redis-server": "^1.2.2",
    "rimraf": "^3.0.2",
    "sazerac": "^2.0.0",
-    "simple-git-hooks": "^2.6.1",
-    "sinon": "^11.1.2",
+    "simple-git-hooks": "^2.7.0",
+    "sinon": "^13.0.1",
    "sinon-chai": "^3.7.0",
    "snap-shot-it": "^7.9.6",
    "start-server-and-test": "1.14.0",
-    "styled-components": "^5.3.1",
-    "ts-mocha": "^8.0.0",
-    "tsd": "^0.17.0",
-    "typescript": "^4.4.3"
+    "styled-components": "^5.3.3",
+    "ts-mocha": "^9.0.2",
+    "tsd": "^0.19.1",
+    "typescript": "^4.5.5",
+    "url": "^0.11.0"
  },
  "engines": {
-    "node": "^14.17.1",
+    "node": "^16.13.0",
    "npm": ">=7.0.0"
  },
  "type": "module",
-  "babel": {
-    "env": {
-      "test": {
-        "plugins": [
-          "istanbul"
-        ]
-      }
-    }
-  },
  "collective": {
    "type": "opencollective",
    "url": "https://opencollective.com/shields",
--- a/scripts/github_token_backup.fish
+++ b/scripts/github_token_backup.fish
@@ -1,19 +0,0 @@
-#!/usr/bin/env fish
-#
-# Back up the GitHub tokens from each production server.
-#
-
-if test (count $argv) -lt 1
-  echo Usage: (basename (status -f)) shields_secret
-end
-
-set shields_secret $argv[1]
-
-function do_backup
-  set server $argv[1]
-  curl --insecure -u ":$shields_secret" "https://$server.servers.shields.io/\$github-auth/tokens" > "$server""_tokens.json"
-end
-
-for server in s0 s1 s2
-  do_backup $server
-end
--- a/services/amo/amo-base.js
+++ b/services/amo/amo-base.js
@@ -21,7 +21,7 @@ class BaseAmoService extends BaseJsonService {
  async fetch({ addonId }) {
    return this._requestJson({
      schema,
-      url: `https://addons.mozilla.org/api/v3/addons/addon/${addonId}`,
+      url: `https://addons.mozilla.org/api/v4/addons/addon/${addonId}/`,
    })
  }
 }
--- a/services/amo/amo-downloads.service.js
+++ b/services/amo/amo-downloads.service.js
@@ -1,5 +1,4 @@
-import { metric } from '../text-formatters.js'
-import { downloadCount } from '../color-formatters.js'
+import { renderDownloadsBadge } from '../downloads.js'
 import { redirector } from '../index.js'
 import { BaseAmoService, keywords } from './amo-base.js'

@@ -25,13 +24,12 @@ class AmoWeeklyDownloads extends BaseAmoService {
    },
  ]

+  static _cacheLength = 21600
+
  static defaultBadgeData = { label: 'downloads' }

  static render({ downloads }) {
-    return {
-      message: `${metric(downloads)}/week`,
-      color: downloadCount(downloads),
-    }
+    return renderDownloadsBadge({ downloads, interval: 'week' })
  }

  async handle({ addonId }) {
--- a/services/amo/amo-rating.service.js
+++ b/services/amo/amo-rating.service.js
@@ -23,6 +23,8 @@ export default class AmoRating extends BaseAmoService {
    },
  ]

+  static _cacheLength = 7200
+
  static render({ format, rating }) {
    rating = Math.round(rating)
    return {
--- a/services/amo/amo-users.service.js
+++ b/services/amo/amo-users.service.js
@@ -1,4 +1,4 @@
-import { metric } from '../text-formatters.js'
+import { renderDownloadsBadge } from '../downloads.js'
 import { BaseAmoService, keywords } from './amo-base.js'

 export default class AmoUsers extends BaseAmoService {
@@ -14,13 +14,12 @@ export default class AmoUsers extends BaseAmoService {
    },
  ]

+  static _cacheLength = 21600
+
  static defaultBadgeData = { label: 'users' }

-  static render({ users }) {
-    return {
-      message: metric(users),
-      color: 'blue',
-    }
+  static render({ users: downloads }) {
+    return renderDownloadsBadge({ downloads, colorOverride: 'blue' })
  }

  async handle({ addonId }) {
--- a/services/ansible/ansible-role.service.js
+++ b/services/ansible/ansible-role.service.js
@@ -1,6 +1,5 @@
 import Joi from 'joi'
-import { downloadCount } from '../color-formatters.js'
-import { metric } from '../text-formatters.js'
+import { renderDownloadsBadge } from '../downloads.js'
 import { nonNegativeInteger } from '../validators.js'
 import { BaseJsonService } from '../index.js'

@@ -32,22 +31,15 @@ class AnsibleGalaxyRoleDownloads extends AnsibleGalaxyRole {
    {
      title: 'Ansible Role',
      namedParams: { roleId: '3078' },
-      staticPreview: this.render({ downloads: 76 }),
+      staticPreview: renderDownloadsBadge({ downloads: 76 }),
    },
  ]

  static defaultBadgeData = { label: 'role downloads' }

-  static render({ downloads }) {
-    return {
-      message: metric(downloads),
-      color: downloadCount(downloads),
-    }
-  }
-
  async handle({ roleId }) {
    const json = await this.fetch({ roleId })
-    return this.constructor.render({ downloads: json.download_count })
+    return renderDownloadsBadge({ downloads: json.download_count })
  }
 }

--- a/services/apm/apm.service.js
+++ b/services/apm/apm.service.js
@@ -1,7 +1,7 @@
 import Joi from 'joi'
 import { renderLicenseBadge } from '../licenses.js'
 import { renderVersionBadge } from '../version.js'
-import { metric } from '../text-formatters.js'
+import { renderDownloadsBadge } from '../downloads.js'
 import { nonNegativeInteger } from '../validators.js'
 import { BaseJsonService, InvalidResponse } from '../index.js'

@@ -45,7 +45,7 @@ class APMDownloads extends BaseAPMService {
  static defaultBadgeData = { label: 'downloads' }

  static render({ downloads }) {
-    return { message: metric(downloads), color: 'green' }
+    return renderDownloadsBadge({ downloads, colorOverride: 'green' })
  }

  async handle({ packageName }) {
--- a/services/appveyor/appveyor-tests.service.js
+++ b/services/appveyor/appveyor-tests.service.js
@@ -1,31 +1,10 @@
 import {
  testResultQueryParamSchema,
  renderTestResultBadge,
+  documentation,
 } from '../test-results.js'
 import AppVeyorBase from './appveyor-base.js'

-const documentation = `
-<p>
-  You may change the "passed", "failed" and "skipped" text on this badge by supplying query parameters <code>&passed_label=</code>, <code>&failed_label=</code> and <code>&skipped_label=</code> respectively.
-</p>
-
-<p>
-  For example, if you want to use a different terminology:
-  <br>
-  <code>/appveyor/tests/NZSmartie/coap-net-iu0to.svg?passed_label=good&failed_label=bad&skipped_label=n%2Fa</code>
-</p>
-
-<p>
-  Or symbols:
-  <br>
-  <code>/appveyor/tests/NZSmartie/coap-net-iu0to.svg?compact_message&passed_label=%F0%9F%8E%89&failed_label=%F0%9F%92%A2&skipped_label=%F0%9F%A4%B7</code>
-</p>
-
-<p>
-  There is also a <code>&compact_message</code> query parameter, which will default to displaying ✔, ✘ and ➟, separated by a horizontal bar |.
-</p>
-`
-
 const commonPreviewProps = {
  passed: 477,
  failed: 2,
@@ -35,6 +14,7 @@ const commonPreviewProps = {
 }

 export default class AppVeyorTests extends AppVeyorBase {
+  static category = 'test-results'
  static route = {
    ...this.buildRoute('appveyor/tests'),
    queryParamSchema: testResultQueryParamSchema,
--- a/services/appveyor/appveyor-tests.tester.js
+++ b/services/appveyor/appveyor-tests.tester.js
@@ -1,38 +1,26 @@
-import queryString from 'querystring'
-import Joi from 'joi'
+import {
+  isDefaultTestTotals,
+  isDefaultCompactTestTotals,
+  isCustomTestTotals,
+  isCustomCompactTestTotals,
+} from '../test-validators.js'
 import { createServiceTester } from '../tester.js'
 export const t = await createServiceTester()

-const isAppveyorTestTotals = Joi.string().regex(
-  /^[0-9]+ passed(, [0-9]+ failed)?(, [0-9]+ skipped)?$/
-)
-
-const isCompactAppveyorTestTotals = Joi.string().regex(
-  /^✔ [0-9]+( \| ✘ [0-9]+)?( \| ➟ [0-9]+)?$/
-)
-
-const isCustomAppveyorTestTotals = Joi.string().regex(
-  /^[0-9]+ good(, [0-9]+ bad)?(, [0-9]+ n\/a)?$/
-)
-
-const isCompactCustomAppveyorTestTotals = Joi.string().regex(
-  /^💃 [0-9]+( \| 🤦‍♀️ [0-9]+)?( \| 🤷 [0-9]+)?$/
-)
-
 t.create('Test status')
  .timeout(10000)
  .get('/NZSmartie/coap-net-iu0to.json')
-  .expectBadge({ label: 'tests', message: isAppveyorTestTotals })
+  .expectBadge({ label: 'tests', message: isDefaultTestTotals })

 t.create('Test status on branch')
  .timeout(10000)
  .get('/NZSmartie/coap-net-iu0to/master.json')
-  .expectBadge({ label: 'tests', message: isAppveyorTestTotals })
+  .expectBadge({ label: 'tests', message: isDefaultTestTotals })

 t.create('Test status with compact message')
  .timeout(10000)
  .get('/NZSmartie/coap-net-iu0to.json?compact_message')
-  .expectBadge({ label: 'tests', message: isCompactAppveyorTestTotals })
+  .expectBadge({ label: 'tests', message: isDefaultCompactTestTotals })

 t.create('Test status with custom labels')
  .timeout(10000)
@@ -43,21 +31,21 @@ t.create('Test status with custom labels')
      skipped_label: 'n/a',
    },
  })
-  .expectBadge({ label: 'tests', message: isCustomAppveyorTestTotals })
+  .expectBadge({ label: 'tests', message: isCustomTestTotals })

 t.create('Test status with compact message and custom labels')
  .timeout(10000)
-  .get(
-    `/NZSmartie/coap-net-iu0to.json?${queryString.stringify({
+  .get('/NZSmartie/coap-net-iu0to.json', {
+    qs: {
      compact_message: null,
      passed_label: '💃',
      failed_label: '🤦‍♀️',
      skipped_label: '🤷',
-    })}`
-  )
+    },
+  })
  .expectBadge({
    label: 'tests',
-    message: isCompactCustomAppveyorTestTotals,
+    message: isCustomCompactTestTotals,
  })

 t.create('Test status on non-existent project')
--- a/services/aur/aur.service.js
+++ b/services/aur/aur.service.js
@@ -42,8 +42,8 @@ class BaseAurService extends BaseJsonService {
    // https://wiki.archlinux.org/index.php/Aurweb_RPC_interface
    return this._requestJson({
      schema: aurSchema,
-      url: 'https://aur.archlinux.org/rpc.php',
-      options: { qs: { v: 5, type: 'info', arg: packageName } },
+      url: 'https://aur.archlinux.org/rpc',
+      options: { searchParams: { v: 5, type: 'info', arg: packageName } },
    })
  }
 }
--- a/services/aur/aur.tester.js
+++ b/services/aur/aur.tester.js
@@ -45,7 +45,7 @@ t.create('license (no license)')
  .get('/license/vscodium-bin.json')
  .intercept(nock =>
    nock('https://aur.archlinux.org')
-      .get('/rpc.php')
+      .get('/rpc')
      .query({
        v: 5,
        type: 'info',
--- a/services/azure-devops/azure-devops-base.js
+++ b/services/azure-devops/azure-devops-base.js
@@ -40,7 +40,7 @@ export default class AzureDevOpsBase extends BaseJsonService {
    // Microsoft documentation: https://docs.microsoft.com/en-us/rest/api/azure/devops/build/builds/list?view=azure-devops-rest-5.0
    const url = `https://dev.azure.com/${organization}/${project}/_apis/build/builds`
    const options = {
-      qs: {
+      searchParams: {
        definitions: definitionId,
        $top: 1,
        statusFilter: 'completed',
@@ -49,7 +49,7 @@ export default class AzureDevOpsBase extends BaseJsonService {
    }

    if (branch) {
-      options.qs.branchName = `refs/heads/${branch}`
+      options.searchParams.branchName = `refs/heads/${branch}`
    }

    const json = await this.fetch({
--- a/services/azure-devops/azure-devops-build.service.js
+++ b/services/azure-devops/azure-devops-build.service.js
@@ -104,7 +104,7 @@ export default class AzureDevOpsBuild extends BaseSvgScrapingService {
    // Microsoft documentation: https://docs.microsoft.com/en-us/rest/api/vsts/build/status/get
    const { status } = await fetch(this, {
      url: `https://dev.azure.com/${organization}/${projectId}/_apis/build/status/${definitionId}`,
-      qs: {
+      searchParams: {
        branchName: branch,
        stageName: stage,
        jobName: job,
--- a/services/azure-devops/azure-devops-coverage.service.js
+++ b/services/azure-devops/azure-devops-coverage.service.js
@@ -101,7 +101,7 @@ export default class AzureDevOpsCoverage extends AzureDevOpsBase {
    // Microsoft documentation: https://docs.microsoft.com/en-us/rest/api/azure/devops/test/code%20coverage/get%20build%20code%20coverage?view=azure-devops-rest-5.0
    const url = `https://dev.azure.com/${organization}/${project}/_apis/test/codecoverage`
    const options = {
-      qs: {
+      searchParams: {
        buildId,
        'api-version': '5.0-preview.1',
      },
--- a/services/azure-devops/azure-devops-helpers.js
+++ b/services/azure-devops/azure-devops-helpers.js
@@ -15,12 +15,15 @@ const schema = Joi.object({
    .required(),
 }).required()

-async function fetch(serviceInstance, { url, qs = {}, errorMessages }) {
+async function fetch(
+  serviceInstance,
+  { url, searchParams = {}, errorMessages }
+) {
  // Microsoft documentation: https://docs.microsoft.com/en-us/rest/api/vsts/build/status/get
  const { message: status } = await serviceInstance._requestSvg({
    schema,
    url,
-    options: { qs },
+    options: { searchParams },
    errorMessages,
  })
  return { status }
--- a/services/azure-devops/azure-devops-tests.service.js
+++ b/services/azure-devops/azure-devops-tests.service.js
@@ -2,11 +2,24 @@ import Joi from 'joi'
 import {
  testResultQueryParamSchema,
  renderTestResultBadge,
+  documentation as commonDocumentation,
 } from '../test-results.js'
 import AzureDevOpsBase from './azure-devops-base.js'

 const commonAttrs = {
  keywords: ['vso', 'vsts', 'azure-devops'],
+  namedParams: {
+    organization: 'azuredevops-powershell',
+    project: 'azuredevops-powershell',
+    definitionId: '1',
+    branch: 'master',
+  },
+  queryParams: {
+    passed_label: 'passed',
+    failed_label: 'failed',
+    skipped_label: 'skipped',
+    compact_message: null,
+  },
  documentation: `
 <p>
  To obtain your own badge, you need to get 3 pieces of information:
@@ -26,19 +39,7 @@ const commonAttrs = {
  Optionally, you can specify a named branch:
  <code>https://img.shields.io/azure-devops/tests/ORGANIZATION/PROJECT/DEFINITION_ID/NAMED_BRANCH.svg</code>.
 </p>
-<p>
-  You may change the "passed", "failed" and "skipped" text on this badge by supplying query parameters <code>&passed_label=</code>, <code>&failed_label=</code> and <code>&skipped_label=</code> respectively.
-  <br>
-  There is also a <code>&compact_message</code> query parameter, which will default to displaying ✔, ✘ and ➟, separated by a horizontal bar |.
-  <br>
-  For example, if you want to use a different terminology:
-  <br>
-  <code>/azure-devops/tests/ORGANIZATION/PROJECT/DEFINITION_ID.svg?passed_label=good&failed_label=bad&skipped_label=n%2Fa</code>
-  <br>
-  Or, use symbols:
-  <br>
-  <code>/azure-devops/tests/ORGANIZATION/PROJECT/DEFINITION_ID.svg?compact_message&passed_label=%F0%9F%8E%89&failed_label=%F0%9F%92%A2&skipped_label=%F0%9F%A4%B7</code>
-</p>
+${commonDocumentation}
 `,
 }

@@ -60,8 +61,7 @@ const buildTestResultSummarySchema = Joi.object({
 }).required()

 export default class AzureDevOpsTests extends AzureDevOpsBase {
-  static category = 'build'
-
+  static category = 'test-results'
  static route = {
    base: 'azure-devops/tests',
    pattern: ':organization/:project/:definitionId/:branch*',
@@ -71,29 +71,6 @@ export default class AzureDevOpsTests extends AzureDevOpsBase {
  static examples = [
    {
      title: 'Azure DevOps tests',
-      pattern: ':organization/:project/:definitionId',
-      namedParams: {
-        organization: 'azuredevops-powershell',
-        project: 'azuredevops-powershell',
-        definitionId: '1',
-      },
-      staticPreview: this.render({
-        passed: 20,
-        failed: 1,
-        skipped: 1,
-        total: 22,
-      }),
-      ...commonAttrs,
-    },
-    {
-      title: 'Azure DevOps tests (branch)',
-      pattern: ':organization/:project/:definitionId/:branch',
-      namedParams: {
-        organization: 'azuredevops-powershell',
-        project: 'azuredevops-powershell',
-        definitionId: '1',
-        branch: 'master',
-      },
      staticPreview: this.render({
        passed: 20,
        failed: 1,
@@ -104,15 +81,6 @@ export default class AzureDevOpsTests extends AzureDevOpsBase {
    },
    {
      title: 'Azure DevOps tests (compact)',
-      pattern: ':organization/:project/:definitionId',
-      namedParams: {
-        organization: 'azuredevops-powershell',
-        project: 'azuredevops-powershell',
-        definitionId: '1',
-      },
-      queryParams: {
-        compact_message: null,
-      },
      staticPreview: this.render({
        passed: 20,
        failed: 1,
@@ -124,16 +92,11 @@ export default class AzureDevOpsTests extends AzureDevOpsBase {
    },
    {
      title: 'Azure DevOps tests with custom labels',
-      pattern: ':organization/:project/:definitionId',
-      namedParams: {
-        organization: 'azuredevops-powershell',
-        project: 'azuredevops-powershell',
-        definitionId: '1',
-      },
      queryParams: {
        passed_label: 'good',
        failed_label: 'bad',
        skipped_label: 'n/a',
+        compact_message: null,
      },
      staticPreview: this.render({
        passed: 20,
@@ -172,15 +135,16 @@ export default class AzureDevOpsTests extends AzureDevOpsBase {
    })
  }

-  async handle(
-    { organization, project, definitionId, branch },
-    {
-      compact_message: compactMessage,
-      passed_label: passedLabel,
-      failed_label: failedLabel,
-      skipped_label: skippedLabel,
-    }
-  ) {
+  static transform({ aggregatedResultsAnalysis }) {
+    const { totalTests: total, resultsByOutcome } = aggregatedResultsAnalysis
+    const passed = resultsByOutcome.Passed ? resultsByOutcome.Passed.count : 0
+    const failed = resultsByOutcome.Failed ? resultsByOutcome.Failed.count : 0
+    // assume the rest has been skipped
+    const skipped = total - passed - failed
+    return { passed, failed, skipped, total }
+  }
+
+  async fetchTestResults({ organization, project, definitionId, branch }) {
    const errorMessages = {
      404: 'build pipeline or test result summary not found',
    }
@@ -193,33 +157,32 @@ export default class AzureDevOpsTests extends AzureDevOpsBase {
    )

    // https://dev.azure.com/azuredevops-powershell/azuredevops-powershell/_apis/test/ResultSummaryByBuild?buildId=20
-
-    const json = await this.fetch({
+    return await this.fetch({
      url: `https://dev.azure.com/${organization}/${project}/_apis/test/ResultSummaryByBuild`,
      options: {
-        qs: { buildId },
+        searchParams: { buildId },
      },
      schema: buildTestResultSummarySchema,
      errorMessages,
    })
+  }

-    const total = json.aggregatedResultsAnalysis.totalTests
-
-    let passed = 0
-    const passedTests = json.aggregatedResultsAnalysis.resultsByOutcome.Passed
-    if (passedTests) {
-      passed = passedTests.count
+  async handle(
+    { organization, project, definitionId, branch },
+    {
+      compact_message: compactMessage,
+      passed_label: passedLabel,
+      failed_label: failedLabel,
+      skipped_label: skippedLabel,
    }
-
-    let failed = 0
-    const failedTests = json.aggregatedResultsAnalysis.resultsByOutcome.Failed
-    if (failedTests) {
-      failed = failedTests.count
-    }
-
-    // assume the rest has been skipped
-    const skipped = total - passed - failed
-    const isCompact = compactMessage !== undefined
+  ) {
+    const json = await this.fetchTestResults({
+      organization,
+      project,
+      definitionId,
+      branch,
+    })
+    const { passed, failed, skipped, total } = this.constructor.transform(json)
    return this.constructor.render({
      passed,
      failed,
@@ -228,7 +191,7 @@ export default class AzureDevOpsTests extends AzureDevOpsBase {
      passedLabel,
      failedLabel,
      skippedLabel,
-      isCompact,
+      isCompact: compactMessage !== undefined,
    })
  }
 }
--- a/services/azure-devops/azure-devops-tests.tester.js
+++ b/services/azure-devops/azure-devops-tests.tester.js
@@ -1,149 +1,27 @@
-import Joi from 'joi'
+import {
+  isDefaultTestTotals,
+  isDefaultCompactTestTotals,
+  isCustomTestTotals,
+  isCustomCompactTestTotals,
+} from '../test-validators.js'
 import { createServiceTester } from '../tester.js'
 export const t = await createServiceTester()

-const org = 'azuredevops-powershell'
-const project = 'azuredevops-powershell'
-const definitionId = 1
-const nonExistentDefinitionId = 9999
-const buildId = 20
-const uriPrefix = `/${org}/${project}`
-const azureDevOpsApiBaseUri = `https://dev.azure.com/${org}/${project}/_apis`
-const mockBadgeUriPath = `${uriPrefix}/${definitionId}`
-const mockBadgeUri = `${mockBadgeUriPath}.json`
-const mockBranchBadgeUri = `${mockBadgeUriPath}/master.json`
-const mockLatestBuildApiUriPath = `/build/builds?definitions=${definitionId}&%24top=1&statusFilter=completed&api-version=5.0-preview.4`
-const mockLatestBranchBuildApiUriPath = `/build/builds?definitions=${definitionId}&%24top=1&statusFilter=completed&api-version=5.0-preview.4&branchName=refs%2Fheads%2Fmaster`
-const mockNonExistentBuildApiUriPath = `/build/builds?definitions=${nonExistentDefinitionId}&%24top=1&statusFilter=completed&api-version=5.0-preview.4`
-const mockTestResultSummaryApiUriPath = `/test/ResultSummaryByBuild?buildId=${buildId}`
-const latestBuildResponse = {
-  count: 1,
-  value: [{ id: buildId }],
-}
-const mockEmptyTestResultSummaryResponse = {
-  aggregatedResultsAnalysis: {
-    totalTests: 0,
-    resultsByOutcome: {},
-  },
-}
-const mockTestResultSummaryResponse = {
-  aggregatedResultsAnalysis: {
-    totalTests: 3,
-    resultsByOutcome: {
-      Passed: {
-        count: 1,
-      },
-      Failed: {
-        count: 1,
-      },
-      Skipped: {
-        count: 1,
-      },
-    },
-  },
-}
-const mockTestResultSummarySetup = nock =>
-  nock(azureDevOpsApiBaseUri)
-    .get(mockLatestBuildApiUriPath)
-    .reply(200, latestBuildResponse)
-    .get(mockTestResultSummaryApiUriPath)
-    .reply(200, mockTestResultSummaryResponse)
-const mockBranchTestResultSummarySetup = nock =>
-  nock(azureDevOpsApiBaseUri)
-    .get(mockLatestBranchBuildApiUriPath)
-    .reply(200, latestBuildResponse)
-    .get(mockTestResultSummaryApiUriPath)
-    .reply(200, mockTestResultSummaryResponse)
-
-const expectedDefaultAzureDevOpsTestTotals = '1 passed, 1 failed, 1 skipped'
-const expectedCompactAzureDevOpsTestTotals = '✔ 1 | ✘ 1 | ➟ 1'
-const expectedCustomAzureDevOpsTestTotals = '1 good, 1 bad, 1 n/a'
-const expectedCompactCustomAzureDevOpsTestTotals = '💃 1 | 🤦‍♀️ 1 | 🤷 1'
-
-function getLabelRegex(label, isCompact) {
-  return isCompact ? `(?:${label} [0-9]*)` : `(?:[0-9]* ${label})`
-}
-
-function isAzureDevOpsTestTotals(
-  passedLabel,
-  failedLabel,
-  skippedLabel,
-  isCompact
-) {
-  const passedRegex = getLabelRegex(passedLabel, isCompact)
-  const failedRegex = getLabelRegex(failedLabel, isCompact)
-  const skippedRegex = getLabelRegex(skippedLabel, isCompact)
-  const separator = isCompact ? ' | ' : ', '
-  const regexStrings = [
-    `^${passedRegex}$`,
-    `^${failedRegex}$`,
-    `^${skippedRegex}$`,
-    `^${passedRegex}${separator}${failedRegex}$`,
-    `^${failedRegex}${separator}${skippedRegex}$`,
-    `^${passedRegex}${separator}${skippedRegex}$`,
-    `^${passedRegex}${separator}${failedRegex}${separator}${skippedRegex}$`,
-    `^no tests$`,
-  ]
-
-  return Joi.alternatives().try(
-    ...regexStrings.map(regexStr => Joi.string().regex(new RegExp(regexStr)))
-  )
-}
-
-const isDefaultAzureDevOpsTestTotals = isAzureDevOpsTestTotals(
-  'passed',
-  'failed',
-  'skipped'
-)
-const isCompactAzureDevOpsTestTotals = isAzureDevOpsTestTotals(
-  '✔',
-  '✘',
-  '➟',
-  true
-)
-const isCustomAzureDevOpsTestTotals = isAzureDevOpsTestTotals(
-  'good',
-  'bad',
-  'n\\/a'
-)
-const isCompactCustomAzureDevOpsTestTotals = isAzureDevOpsTestTotals(
-  '💃',
-  '🤦‍♀️',
-  '🤷',
-  true
-)
-
 t.create('unknown build definition')
-  .get(`${uriPrefix}/${nonExistentDefinitionId}.json`)
+  .get(`/swellaby/opensource/99999999.json`)
  .expectBadge({ label: 'tests', message: 'build pipeline not found' })

 t.create('404 latest build error response')
-  .get(mockBadgeUri)
+  .get('/swellaby/fake/14.json')
  .intercept(nock =>
-    nock(azureDevOpsApiBaseUri).get(mockLatestBuildApiUriPath).reply(404)
-  )
-  .expectBadge({
-    label: 'tests',
-    message: 'build pipeline or test result summary not found',
-  })
-
-t.create('no build response')
-  .get(`${uriPrefix}/${nonExistentDefinitionId}.json`)
-  .intercept(nock =>
-    nock(azureDevOpsApiBaseUri).get(mockNonExistentBuildApiUriPath).reply(200, {
-      count: 0,
-      value: [],
-    })
-  )
-  .expectBadge({ label: 'tests', message: 'build pipeline not found' })
-
-t.create('no test result summary response')
-  .get(mockBadgeUri)
-  .intercept(nock =>
-    nock(azureDevOpsApiBaseUri)
-      .get(mockLatestBuildApiUriPath)
-      .reply(200, latestBuildResponse)
-      .get(mockTestResultSummaryApiUriPath)
+    nock('https://dev.azure.com/swellaby/fake/_apis')
+      .get('/build/builds')
+      .query({
+        definitions: 14,
+        $top: 1,
+        statusFilter: 'completed',
+        'api-version': '5.0-preview.4',
+      })
      .reply(404)
  )
  .expectBadge({
@@ -151,113 +29,73 @@ t.create('no test result summary response')
    message: 'build pipeline or test result summary not found',
  })

-t.create('invalid test result summary response')
-  .get(mockBadgeUri)
+t.create('no test result summary response')
+  .get('/swellaby/fake/14.json')
  .intercept(nock =>
-    nock(azureDevOpsApiBaseUri)
-      .get(mockLatestBuildApiUriPath)
-      .reply(200, latestBuildResponse)
-      .get(mockTestResultSummaryApiUriPath)
-      .reply(200, {})
+    nock('https://dev.azure.com/swellaby/fake/_apis')
+      .get('/build/builds')
+      .query({
+        definitions: 14,
+        $top: 1,
+        statusFilter: 'completed',
+        'api-version': '5.0-preview.4',
+      })
+      .reply(200, { count: 1, value: [{ id: 1234 }] })
+      .get('/test/ResultSummaryByBuild')
+      .query({ buildId: 1234 })
+      .reply(404)
  )
-  .expectBadge({ label: 'tests', message: 'invalid response data' })
-
-t.create('no tests in test result summary response')
-  .get(mockBadgeUri)
-  .intercept(nock =>
-    nock(azureDevOpsApiBaseUri)
-      .get(mockLatestBuildApiUriPath)
-      .reply(200, latestBuildResponse)
-      .get(mockTestResultSummaryApiUriPath)
-      .reply(200, mockEmptyTestResultSummaryResponse)
-  )
-  .expectBadge({ label: 'tests', message: 'no tests' })
-
-t.create('test status')
-  .get(mockBadgeUri)
-  .intercept(mockTestResultSummarySetup)
  .expectBadge({
    label: 'tests',
-    message: expectedDefaultAzureDevOpsTestTotals,
+    message: 'build pipeline or test result summary not found',
  })

+t.create('no build response')
+  .get(`/swellaby/opensource/174.json`)
+  .expectBadge({ label: 'tests', message: 'build pipeline not found' })
+
+t.create('no tests in test result summary response')
+  .get('/swellaby/opensource/14.json')
+  .expectBadge({ label: 'tests', message: 'no tests' })
+
+t.create('test status').get('/swellaby/opensource/25.json').expectBadge({
+  label: 'tests',
+  message: isDefaultTestTotals,
+})
+
 t.create('test status on branch')
-  .get(mockBranchBadgeUri)
-  .intercept(mockBranchTestResultSummarySetup)
+  .get('/swellaby/opensource/25/master.json')
  .expectBadge({
    label: 'tests',
-    message: expectedDefaultAzureDevOpsTestTotals,
+    message: isDefaultTestTotals,
  })

 t.create('test status with compact message')
-  .get(mockBadgeUri, {
+  .get('/swellaby/opensource/25.json', {
    qs: {
      compact_message: null,
    },
  })
-  .intercept(mockTestResultSummarySetup)
  .expectBadge({
    label: 'tests',
-    message: expectedCompactAzureDevOpsTestTotals,
+    message: isDefaultCompactTestTotals,
  })

 t.create('test status with custom labels')
-  .get(mockBadgeUri, {
+  .get('/swellaby/opensource/25.json', {
    qs: {
      passed_label: 'good',
      failed_label: 'bad',
      skipped_label: 'n/a',
    },
  })
-  .intercept(mockTestResultSummarySetup)
  .expectBadge({
    label: 'tests',
-    message: expectedCustomAzureDevOpsTestTotals,
+    message: isCustomTestTotals,
  })

 t.create('test status with compact message and custom labels')
-  .get(mockBadgeUri, {
-    qs: {
-      compact_message: null,
-      passed_label: '💃',
-      failed_label: '🤦‍♀️',
-      skipped_label: '🤷',
-    },
-  })
-  .intercept(mockTestResultSummarySetup)
-  .expectBadge({
-    label: 'tests',
-    message: expectedCompactCustomAzureDevOpsTestTotals,
-  })
-
-t.create('live test status')
-  .get(mockBadgeUri)
-  .expectBadge({ label: 'tests', message: isDefaultAzureDevOpsTestTotals })
-
-t.create('live test status on branch')
-  .get(mockBranchBadgeUri)
-  .expectBadge({ label: 'tests', message: isDefaultAzureDevOpsTestTotals })
-
-t.create('live test status with compact message')
-  .get(mockBadgeUri, {
-    qs: {
-      compact_message: null,
-    },
-  })
-  .expectBadge({ label: 'tests', message: isCompactAzureDevOpsTestTotals })
-
-t.create('live test status with custom labels')
-  .get(mockBadgeUri, {
-    qs: {
-      passed_label: 'good',
-      failed_label: 'bad',
-      skipped_label: 'n/a',
-    },
-  })
-  .expectBadge({ label: 'tests', message: isCustomAzureDevOpsTestTotals })
-
-t.create('live test status with compact message and custom labels')
-  .get(mockBadgeUri, {
+  .get('/swellaby/opensource/25.json', {
    qs: {
      compact_message: null,
      passed_label: '💃',
@@ -267,5 +105,5 @@ t.create('live test status with compact message and custom labels')
  })
  .expectBadge({
    label: 'tests',
-    message: isCompactCustomAzureDevOpsTestTotals,
+    message: isCustomCompactTestTotals,
  })
--- a/services/bitbucket/bitbucket-issues.service.js
+++ b/services/bitbucket/bitbucket-issues.service.js
@@ -44,7 +44,7 @@ function issueClassGenerator(raw) {
        schema: bitbucketIssuesSchema,
        // https://developer.atlassian.com/bitbucket/api/2/reference/meta/filtering#query-issues
        options: {
-          qs: { limit: 0, q: '(state = "new" OR state = "open")' },
+          searchParams: { limit: 0, q: '(state = "new" OR state = "open")' },
        },
        errorMessages: { 403: 'private repo' },
      })
--- a/services/bitbucket/bitbucket-pipelines.service.js
+++ b/services/bitbucket/bitbucket-pipelines.service.js
@@ -54,7 +54,7 @@ class BitbucketPipelines extends BaseJsonService {
      url,
      schema: bitbucketPipelinesSchema,
      options: {
-        qs: {
+        searchParams: {
          fields: 'values.state',
          page: 1,
          pagelen: 2,
--- a/services/bitbucket/bitbucket-pull-request.service.js
+++ b/services/bitbucket/bitbucket-pull-request.service.js
@@ -86,7 +86,7 @@ function pullRequestClassGenerator(raw) {
        this.bitbucketAuthHelper.withBasicAuth({
          url: `https://bitbucket.org/api/2.0/repositories/${user}/${repo}/pullrequests/`,
          schema,
-          options: { qs: { state: 'OPEN', limit: 0 } },
+          options: { searchParams: { state: 'OPEN', limit: 0 } },
          errorMessages,
        })
      )
@@ -99,7 +99,7 @@ function pullRequestClassGenerator(raw) {
          url: `${server}/rest/api/1.0/projects/${user}/repos/${repo}/pull-requests`,
          schema,
          options: {
-            qs: {
+            searchParams: {
              state: 'OPEN',
              limit: 100,
              withProperties: false,
--- a/services/bitrise/bitrise.service.js
+++ b/services/bitrise/bitrise.service.js
@@ -53,7 +53,7 @@ export default class Bitrise extends BaseJsonService {
      url: `https://app.bitrise.io/app/${encodeURIComponent(
        appId
      )}/status.json`,
-      options: { qs: { token, branch } },
+      options: { searchParams: { token, branch } },
      schema,
      errorMessages: {
        403: 'app not found or invalid token',
--- a/services/bower/bower-base.js
+++ b/services/bower/bower-base.js
@@ -1,5 +1,5 @@
 import Joi from 'joi'
-import { BaseJsonService } from '../index.js'
+import LibrariesIoBase from '../librariesio/librariesio-base.js'

 const schema = Joi.object()
  .keys({
@@ -17,11 +17,11 @@ const schema = Joi.object()
  })
  .required()

-export default class BaseBowerService extends BaseJsonService {
+export default class BaseBowerService extends LibrariesIoBase {
  async fetch({ packageName }) {
    return this._requestJson({
      schema,
-      url: `https://libraries.io/api/bower/${packageName}`,
+      url: `/bower/${packageName}`,
      errorMessages: {
        404: 'package not found',
      },
--- a/services/bower/bower-license.tester.js
+++ b/services/bower/bower-license.tester.js
@@ -6,15 +6,6 @@ t.create('licence')
  .get('/bootstrap.json')
  .expectBadge({ label: 'license', message: 'MIT' })

-t.create('license not declared')
-  .get('/bootstrap.json')
-  .intercept(nock =>
-    nock('https://libraries.io')
-      .get('/api/bower/bootstrap')
-      .reply(200, { normalized_licenses: [] })
-  )
-  .expectBadge({ label: 'license', message: 'missing' })
-
 t.create('licence for Invalid Package')
  .timeout(10000)
  .get('/it-is-a-invalid-package-should-error.json')
--- a/services/bower/bower-version.service.js
+++ b/services/bower/bower-version.service.js
@@ -27,9 +27,7 @@ class BowerVersion extends BaseBowerService {

  static defaultBadgeData = { label: 'bower' }

-  async handle({ packageName }, queryParams) {
-    const data = await this.fetch({ packageName })
-    const includePrereleases = queryParams.include_prereleases !== undefined
+  static transform(data, includePrereleases) {
    const version = includePrereleases
      ? data.latest_release_number
      : data.latest_stable_release_number
@@ -38,6 +36,14 @@ class BowerVersion extends BaseBowerService {
      throw new InvalidResponse({ prettyMessage: 'no releases' })
    }

+    return version
+  }
+
+  async handle({ packageName }, queryParams) {
+    const data = await this.fetch({ packageName })
+    const includePrereleases = queryParams.include_prereleases !== undefined
+    const version = this.constructor.transform(data, includePrereleases)
+
    return renderVersionBadge({ version })
  }
 }
--- a/Show More
+++ b/Show More