Changelog for Release server-2021-03-01 (#6233 )

* Update Changelog Co-authored-by: release[bot] <actions@users.noreply.github.com> Co-authored-by: chris48s <chris48s@users.noreply.github.com>
ensure redirect target path is correctly encoded (#6229 )
2021-03-01 19:20:59 +00:00 · 2021-02-28 16:28:20 +00:00 · 2021-02-27 19:32:09 +00:00 · 2021-02-27 15:59:48 +00:00 · 2021-02-27 15:51:30 +00:00 · 2021-02-27 02:58:35 +00:00
639 changed files with 21799 additions and 16804 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -86,33 +86,6 @@ services_steps: &services_steps
    - store_test_results:
        path: junit

-run_package_tests: &run_package_tests
-  when: always
-  command: |
-    # https://discuss.circleci.com/t/switch-nodejs-version-on-machine-executor-solved/26675/3
-    set +e
-    export NVM_DIR="/opt/circleci/.nvm"
-    [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
-    nvm install $NODE_VERSION
-    nvm use $NODE_VERSION
-    node --version
-
-    # install the shields.io dependencies
-    npm ci
-
-    # run the package tests
-    npm run test:package
-    npm run check-types:package
-
-    # delete the sheilds.io dependencies
-    rm -rf node_modules/
-
-    # run a smoke test (render a badge with the CLI)
-    # with only the package dependencies installed
-    cd badge-maker
-    npm link
-    badge cactus grown :green @flat
-
 package_steps: &package_steps
  steps:
    - checkout
@@ -132,31 +105,31 @@ package_steps: &package_steps
    # https://nodejs.org/en/about/releases/

    - run:
-        <<: *run_package_tests
        environment:
          mocha_reporter: mocha-junit-reporter
          MOCHA_FILE: junit/badge-maker/v10/results.xml
          NODE_VERSION: v10
          CYPRESS_INSTALL_BINARY: 0
        name: Run package tests on Node 10
+        command: scripts/run_package_tests.sh

    - run:
-        <<: *run_package_tests
        environment:
          mocha_reporter: mocha-junit-reporter
          MOCHA_FILE: junit/badge-maker/v12/results.xml
          NODE_VERSION: v12
          CYPRESS_INSTALL_BINARY: 0
        name: Run package tests on Node 12
+        command: scripts/run_package_tests.sh

    - run:
-        <<: *run_package_tests
        environment:
          mocha_reporter: mocha-junit-reporter
          MOCHA_FILE: junit/badge-maker/v14/results.xml
          NODE_VERSION: v14
          CYPRESS_INSTALL_BINARY: 0
        name: Run package tests on Node 14
+        command: scripts/run_package_tests.sh

    - store_test_results:
        path: junit
--- a/.dependabot/config.yml
+++ b/.dependabot/config.yml
@@ -14,9 +14,6 @@ update_configs:
      - match:
          dependency_name: 'eslint*'
          update_type: 'semver:minor'
-      - match:
-          dependency_name: 'enzyme*'
-          update_type: 'semver:minor'
      - match:
          dependency_name: 'mocha*'
          update_type: 'semver:minor'
@@ -34,3 +31,8 @@ update_configs:
  - package_manager: 'javascript'
    directory: '/badge-maker'
    update_schedule: 'weekly'
+
+  # approve-bot package dependencies
+  - package_manager: 'javascript'
+    directory: '.github/actions/approve-bot'
+    update_schedule: 'weekly'
--- a/.eslintignore
+++ b/.eslintignore
@@ -4,3 +4,4 @@
 /__snapshots__
 /public
 badge-maker/node_modules/
+!.github/
--- a/.eslintrc.yml
+++ b/.eslintrc.yml
@@ -1,5 +1,6 @@
 extends:
  - standard
+  - standard-jsx
  - standard-react
  - plugin:@typescript-eslint/recommended
  - prettier
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,4 +1,7 @@
 contact_links:
+  - name: 🎨 Simple Icons
+    url: https://github.com/badges/shields/discussions/5369
+    about: Please read this before posting a question about SimpleIcons
  - name: ❓ Support Question
    url: https://github.com/badges/shields/discussions
    about: Ask a question about Shields.io
--- a/.github/actions/approve-bot/action.yml
+++ b/.github/actions/approve-bot/action.yml
@@ -0,0 +1,12 @@
+name: 'Auto Approve'
+description: 'Automatically approve/close selected pull requests for shields.io'
+branding:
+  icon: 'check-circle'
+  color: 'green'
+inputs:
+  github-token:
+    description: 'The GITHUB_TOKEN secret'
+    required: true
+runs:
+  using: 'node12'
+  main: 'index.js'
--- a/.github/actions/approve-bot/helpers.js
+++ b/.github/actions/approve-bot/helpers.js
@@ -0,0 +1,65 @@
+'use strict'
+
+function findChangelogStart(lines) {
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i]
+    if (
+      line === '<summary>Changelog</summary>' &&
+      lines[i + 2] === '<blockquote>'
+    ) {
+      return i + 3
+    }
+  }
+  return null
+}
+
+function findChangelogEnd(lines, start) {
+  for (let i = start; i < lines.length; i++) {
+    const line = lines[i]
+    if (line === '</blockquote>') {
+      return i
+    }
+  }
+  return null
+}
+
+function allChangelogLinesAreVersionBump(changelogLines) {
+  return (
+    changelogLines.length > 0 &&
+    changelogLines.length ===
+      changelogLines.filter(line =>
+        line.includes('Version bump only for package')
+      ).length
+  )
+}
+
+function isPointlessGatsbyBump(body) {
+  const lines = body.split(/\r?\n/)
+  if (
+    !lines[0].includes('https://github.com/gatsbyjs/gatsby') // lgtm [js/incomplete-url-substring-sanitization]
+  ) {
+    return false
+  }
+  const start = findChangelogStart(lines)
+  const end = findChangelogEnd(lines, start)
+  if (!start || !end) {
+    return false
+  }
+  const changelogLines = lines
+    .slice(start, end)
+    .filter(line => !line.startsWith('<h'))
+    .filter(line => !line.startsWith('<p>All notable changes'))
+    .filter(
+      line => !line.startsWith('See <a href="https://conventionalcommits.org">')
+    )
+    .filter(line => !line.startsWith('<!--'))
+  return allChangelogLinesAreVersionBump(changelogLines)
+}
+
+function shouldAutoMerge(body) {
+  return body.includes(
+    'If all status checks pass Dependabot will automatically merge this pull request'
+  )
+}
+
+module.exports = { isPointlessGatsbyBump, shouldAutoMerge }
--- a/.github/actions/approve-bot/index.js
+++ b/.github/actions/approve-bot/index.js
@@ -0,0 +1,56 @@
+'use strict'
+
+const core = require('@actions/core')
+const github = require('@actions/github')
+const { isPointlessGatsbyBump, shouldAutoMerge } = require('./helpers')
+
+async function run() {
+  try {
+    const token = core.getInput('github-token', { required: true })
+
+    const { pull_request: pr } = github.context.payload
+    if (!pr) {
+      throw new Error('Event payload missing `pull_request`')
+    }
+
+    const client = github.getOctokit(token)
+
+    if (
+      ['dependabot[bot]', 'dependabot-preview[bot]'].includes(pr.user.login)
+    ) {
+      if (isPointlessGatsbyBump(pr.body)) {
+        core.debug(`Closing pull request #${pr.number}`)
+        await client.pulls.update({
+          owner: github.context.repo.owner,
+          repo: github.context.repo.repo,
+          pull_number: pr.number,
+          state: 'closed',
+        })
+
+        core.debug(`Done.`)
+      } else if (shouldAutoMerge(pr.body)) {
+        core.debug(`Adding label to pull request #${pr.number}`)
+        await client.issues.addLabels({
+          owner: github.context.repo.owner,
+          repo: github.context.repo.repo,
+          issue_number: pr.number,
+          labels: ['squash when passing'],
+        })
+
+        core.debug(`Creating approving review for pull request #${pr.number}`)
+        await client.pulls.createReview({
+          owner: github.context.repo.owner,
+          repo: github.context.repo.repo,
+          pull_number: pr.number,
+          event: 'APPROVE',
+        })
+
+        core.debug(`Done.`)
+      }
+    }
+  } catch (error) {
+    core.setFailed(error.message)
+  }
+}
+
+run()
--- a/.github/actions/approve-bot/package-lock.json
+++ b/.github/actions/approve-bot/package-lock.json
@@ -0,0 +1,177 @@
+{
+  "name": "approve-bot",
+  "version": "0.0.0",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "@actions/core": {
+      "version": "1.2.6",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.6.tgz",
+      "integrity": "sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA=="
+    },
+    "@actions/github": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/@actions/github/-/github-4.0.0.tgz",
+      "integrity": "sha512-Ej/Y2E+VV6sR9X7pWL5F3VgEWrABaT292DRqRU6R4hnQjPtC/zD3nagxVdXWiRQvYDh8kHXo7IDmG42eJ/dOMA==",
+      "requires": {
+        "@actions/http-client": "^1.0.8",
+        "@octokit/core": "^3.0.0",
+        "@octokit/plugin-paginate-rest": "^2.2.3",
+        "@octokit/plugin-rest-endpoint-methods": "^4.0.0"
+      }
+    },
+    "@actions/http-client": {
+      "version": "1.0.9",
+      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-1.0.9.tgz",
+      "integrity": "sha512-0O4SsJ7q+MK0ycvXPl2e6bMXV7dxAXOGjrXS1eTF9s2S401Tp6c/P3c3Joz04QefC1J6Gt942Wl2jbm3f4mLcg==",
+      "requires": {
+        "tunnel": "0.0.6"
+      }
+    },
+    "@octokit/auth-token": {
+      "version": "2.4.5",
+      "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.4.5.tgz",
+      "integrity": "sha512-BpGYsPgJt05M7/L/5FoE1PiAbdxXFZkX/3kDYcsvd1v6UhlnE5e96dTDr0ezX/EFwciQxf3cNV0loipsURU+WA==",
+      "requires": {
+        "@octokit/types": "^6.0.3"
+      }
+    },
+    "@octokit/core": {
+      "version": "3.2.5",
+      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-3.2.5.tgz",
+      "integrity": "sha512-+DCtPykGnvXKWWQI0E1XD+CCeWSBhB6kwItXqfFmNBlIlhczuDPbg+P6BtLnVBaRJDAjv+1mrUJuRsFSjktopg==",
+      "requires": {
+        "@octokit/auth-token": "^2.4.4",
+        "@octokit/graphql": "^4.5.8",
+        "@octokit/request": "^5.4.12",
+        "@octokit/types": "^6.0.3",
+        "before-after-hook": "^2.1.0",
+        "universal-user-agent": "^6.0.0"
+      }
+    },
+    "@octokit/endpoint": {
+      "version": "6.0.11",
+      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-6.0.11.tgz",
+      "integrity": "sha512-fUIPpx+pZyoLW4GCs3yMnlj2LfoXTWDUVPTC4V3MUEKZm48W+XYpeWSZCv+vYF1ZABUm2CqnDVf1sFtIYrj7KQ==",
+      "requires": {
+        "@octokit/types": "^6.0.3",
+        "is-plain-object": "^5.0.0",
+        "universal-user-agent": "^6.0.0"
+      }
+    },
+    "@octokit/graphql": {
+      "version": "4.5.9",
+      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-4.5.9.tgz",
+      "integrity": "sha512-c+0yofIugUNqo+ktrLaBlWSbjSq/UF8ChAyxQzbD3X74k1vAuyLKdDJmPwVExUFSp6+U1FzWe+3OkeRsIqV0vg==",
+      "requires": {
+        "@octokit/request": "^5.3.0",
+        "@octokit/types": "^6.0.3",
+        "universal-user-agent": "^6.0.0"
+      }
+    },
+    "@octokit/openapi-types": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-3.3.0.tgz",
+      "integrity": "sha512-s3dd32gagPmKaSLNJ9aPNok7U+tl69YLESf6DgQz5Ml/iipPZtif3GLvWpNXoA6qspFm1LFUZX+C3SqWX/Y/TQ=="
+    },
+    "@octokit/plugin-paginate-rest": {
+      "version": "2.9.0",
+      "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-2.9.0.tgz",
+      "integrity": "sha512-XxbOg45r2n/2QpU6hnGDxQNDRrJ7gjYpMXeDbUCigWTHECmjoyFLizkFO2jMEtidMkfiELn7AF8GBAJ/cbPTnA==",
+      "requires": {
+        "@octokit/types": "^6.6.0"
+      }
+    },
+    "@octokit/plugin-rest-endpoint-methods": {
+      "version": "4.9.0",
+      "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-4.9.0.tgz",
+      "integrity": "sha512-EAr2epvY8JfXSi/cdMsyyfBctdKkolDH7xSgu3MKBqPRm0WfQ2QvI050jz61XZXoVK3ZgrhdMCyd1GgOFz7CSw==",
+      "requires": {
+        "@octokit/types": "^6.6.0",
+        "deprecation": "^2.3.1"
+      }
+    },
+    "@octokit/request": {
+      "version": "5.4.13",
+      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.4.13.tgz",
+      "integrity": "sha512-WcNRH5XPPtg7i1g9Da5U9dvZ6YbTffw9BN2rVezYiE7couoSyaRsw0e+Tl8uk1fArHE7Dn14U7YqUDy59WaqEw==",
+      "requires": {
+        "@octokit/endpoint": "^6.0.1",
+        "@octokit/request-error": "^2.0.0",
+        "@octokit/types": "^6.0.3",
+        "deprecation": "^2.0.0",
+        "is-plain-object": "^5.0.0",
+        "node-fetch": "^2.6.1",
+        "once": "^1.4.0",
+        "universal-user-agent": "^6.0.0"
+      }
+    },
+    "@octokit/request-error": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.0.5.tgz",
+      "integrity": "sha512-T/2wcCFyM7SkXzNoyVNWjyVlUwBvW3igM3Btr/eKYiPmucXTtkxt2RBsf6gn3LTzaLSLTQtNmvg+dGsOxQrjZg==",
+      "requires": {
+        "@octokit/types": "^6.0.3",
+        "deprecation": "^2.0.0",
+        "once": "^1.4.0"
+      }
+    },
+    "@octokit/types": {
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.6.0.tgz",
+      "integrity": "sha512-nmFoU3HCbw1AmnZU/eto2VvzV06+N7oAqXwMmAHGlNDF+KFykksh/VlAl85xc1P5T7Mw8fKYvXNaImNHCCH/rg==",
+      "requires": {
+        "@octokit/openapi-types": "^3.3.0",
+        "@types/node": ">= 8"
+      }
+    },
+    "@types/node": {
+      "version": "14.14.22",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.14.22.tgz",
+      "integrity": "sha512-g+f/qj/cNcqKkc3tFqlXOYjrmZA+jNBiDzbP3kH+B+otKFqAdPgVTGP1IeKRdMml/aE69as5S4FqtxAbl+LaMw=="
+    },
+    "before-after-hook": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.1.0.tgz",
+      "integrity": "sha512-IWIbu7pMqyw3EAJHzzHbWa85b6oud/yfKYg5rqB5hNE8CeMi3nX+2C2sj0HswfblST86hpVEOAb9x34NZd6P7A=="
+    },
+    "deprecation": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz",
+      "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ=="
+    },
+    "is-plain-object": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz",
+      "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q=="
+    },
+    "node-fetch": {
+      "version": "2.6.1",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz",
+      "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw=="
+    },
+    "once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
+      "requires": {
+        "wrappy": "1"
+      }
+    },
+    "tunnel": {
+      "version": "0.0.6",
+      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
+      "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
+    },
+    "universal-user-agent": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",
+      "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w=="
+    },
+    "wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
+    }
+  }
+}
--- a/.github/actions/approve-bot/package.json
+++ b/.github/actions/approve-bot/package.json
@@ -0,0 +1,16 @@
+{
+  "name": "approve-bot",
+  "version": "0.0.0",
+  "description": "",
+  "main": "index.js",
+  "private": true,
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "chris48s",
+  "license": "CC0",
+  "dependencies": {
+    "@actions/core": "^1.2.6",
+    "@actions/github": "^4.0.0"
+  }
+}
--- a/.github/actions/draft-release/Dockerfile
+++ b/.github/actions/draft-release/Dockerfile
@@ -0,0 +1,8 @@
+FROM node:12-buster
+
+RUN apt-get update
+RUN apt-get install -y jq
+RUN apt-get install -y uuid-runtime
+COPY entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
--- a/.github/actions/draft-release/action.yml
+++ b/.github/actions/draft-release/action.yml
@@ -0,0 +1,5 @@
+name: 'draft-release'
+description: 'Generate a changelog and propose a release PR'
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
--- a/.github/actions/draft-release/entrypoint.sh
+++ b/.github/actions/draft-release/entrypoint.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+# Set up a git user
+git config user.name "release[bot]"
+git config user.email "actions@users.noreply.github.com"
+
+# Find last server-YYYY-MM-DD tag
+git fetch --unshallow --tags
+LAST_TAG=$(git tag | grep server | tail -n 1)
+
+# Find the marker in CHANGELOG.md
+INSERT_POINT=$(grep -n "^\-\-\-$" CHANGELOG.md | cut -f1 -d:)
+INSERT_POINT=$((INSERT_POINT+1))
+
+# Generate a release name
+RELEASE_NAME="server-$(date --rfc-3339=date)"
+
+# Assemble changelog entry
+rm -f temp-changes.txt
+touch temp-changes.txt
+{
+    echo "## $RELEASE_NAME"
+    echo ""
+    git log "$LAST_TAG"..HEAD --no-merges --oneline --pretty="format:- %s" --perl-regexp --author='^((?!dependabot).*)$'
+    echo $'\n- Dependency updates\n'
+} >> temp-changes.txt
+BASE_URL="https:\/\/github.com\/badges\/shields\/issues\/"
+sed -r -i "s/\((\#)([0-9]+)\)$/\[\1\2\]\($BASE_URL\2\)/g" temp-changes.txt
+
+# Write the changelog
+sed -i "${INSERT_POINT} r temp-changes.txt" CHANGELOG.md
+
+# Cleanup
+rm temp-changes.txt
+
+# Run prettier (to ensure the markdown file doesn't fail CI)
+npx prettier@$(cat package.json | jq -r .devDependencies.prettier) --write "CHANGELOG.md"
+
+# Generate a unique branch name
+BRANCH_NAME="$RELEASE_NAME"-$(uuidgen | head -c 8)
+git checkout -b "$BRANCH_NAME"
+
+# Commit + push changelog
+git add CHANGELOG.md
+git commit -m "Update Changelog"
+git push origin "$BRANCH_NAME"
+
+# Submit a PR
+TITLE="Changelog for Release $RELEASE_NAME"
+PR_RESP=$(curl https://api.github.com/repos/"$REPO_NAME"/pulls \
+    -X POST \
+    -H "Authorization: token $GITHUB_TOKEN" \
+    --data '{"title": "'"$TITLE"'", "body": "'"$TITLE"'", "head": "'"$BRANCH_NAME"'", "base": "master"}')
+
+# Add the 'release' label to the PR
+PR_API_URL=$(echo "$PR_RESP" | jq -r ._links.issue.href)
+curl "$PR_API_URL" \
+    -X POST \
+    -H "Authorization: token $GITHUB_TOKEN" \
+    --data '{"labels":["release"]}'
--- a/.github/probot.js
+++ b/.github/probot.js
@@ -1,10 +0,0 @@
-on('pull_request.closed')
-  .filter(context => context.payload.pull_request.merged)
-  .filter(
-    context =>
-      context.payload.pull_request.head.ref.slice(0, 11) !== 'dependabot/'
-  )
-  .filter(context => context.payload.pull_request.base.ref === 'master')
-  .comment(`This pull request was merged to [{{ pull_request.base.ref }}]({{ repository.html_url }}/tree/{{ pull_request.base.ref }}) branch. This change is now waiting for deployment, which will usually happen within a few days. Stay tuned by joining our \`#ops\` channel on [Discord](https://discordapp.com/invite/HjJCwm5)!
-  
-After deployment, changes are copied to [gh-pages]({{ repository.html_url }}/tree/gh-pages) branch: ![](https://img.shields.io/github/commit-status/{{ repository.full_name }}/gh-pages/{{ pull_request.merge_commit_sha }}.svg?label=deploy%20status)`)
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -0,0 +1,7 @@
+<!--
+    Be sure to review our Contributing guidelines to help streamline the merging of your PR!
+
+    * PR title conventions - https://github.com/badges/shields/blob/master/CONTRIBUTING.md#running-service-tests-in-pull-requests
+    * Code formatting - https://github.com/badges/shields/blob/master/CONTRIBUTING.md#prettier
+    * Merge processes and reminders - https://github.com/badges/shields/blob/master/CONTRIBUTING.md#pull-requests
+-->
--- a/.github/workflows/auto-approve.yml
+++ b/.github/workflows/auto-approve.yml
@@ -5,6 +5,12 @@ jobs:
  build:
    runs-on: ubuntu-latest
    steps:
-      - uses: chris48s/approve-bot@2.0.1
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Install action dependencies
+        run: cd .github/actions/approve-bot && npm ci
+
+      - uses: ./.github/actions/approve-bot
        with:
          github-token: '${{ secrets.GITHUB_TOKEN }}'
--- a/.github/workflows/deploy-docs.yml
+++ b/.github/workflows/deploy-docs.yml
@@ -0,0 +1,26 @@
+name: Deploy Documentation
+on:
+  push:
+    branches:
+      - master
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2.3.1
+        with:
+          persist-credentials: false
+
+      - name: Build
+        run: |
+          npm ci
+          npm run build-docs
+
+      - name: Deploy
+        uses: JamesIves/github-pages-deploy-action@3.7.1
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          BRANCH: gh-pages
+          FOLDER: api-docs
+          CLEAN: true
--- a/.github/workflows/draft-release.yml
+++ b/.github/workflows/draft-release.yml
@@ -0,0 +1,19 @@
+name: Draft Release
+on:
+  schedule:
+    - cron: '0 1 1 * *'
+    # At 01:00 on the first day of every month
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Draft Release
+        uses: ./.github/actions/draft-release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO_NAME: ${{ github.repository }}
--- a/.github/workflows/tag-release.yml
+++ b/.github/workflows/tag-release.yml
@@ -0,0 +1,31 @@
+name: Tag Release
+
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  tag-release:
+    if: |
+      github.event_name == 'pull_request' &&
+      github.event.action == 'closed' &&
+      github.event.pull_request.merged == true &&
+      contains(github.event.pull_request.labels.*.name, 'release')
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Get current date
+        id: date
+        run: echo "::set-output name=date::$(date --rfc-3339=date)"
+
+      - name: Checkout branch "master"
+        uses: actions/checkout@v2
+        with:
+          ref: 'master'
+
+      - name: Tag Release
+        uses: tvdias/github-tagger@v0.0.2
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          tag: server-${{ steps.date.outputs.date }}
--- a/.nycrc.json
+++ b/.nycrc.json
@@ -10,6 +10,7 @@
    "**/*-test-helpers.js",
    "**/*-fixtures.js",
    "**/mocha-*.js",
+    "**/*.test-d.ts",
    "dangerfile.js",
    "gatsby-*.js",
    "core/service-test-runner",
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -1,7 +1,3 @@
 {
-  "recommendations": [
-    "esbenp.prettier-vscode",
-    "EditorConfig.EditorConfig",
-    "dbaeumer.vscode-eslint"
-  ]
+  "recommendations": ["esbenp.prettier-vscode", "dbaeumer.vscode-eslint"]
 }
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -0,0 +1,28 @@
+# Changelog
+
+Note: this changelog is for the shields.io server. The changelog for the badge-maker NPM package is at https://github.com/badges/shields/blob/master/badge-maker/CHANGELOG.md
+
+---
+
+## server-2021-03-01
+
+- ensure redirect target path is correctly encoded [#6229](https://github.com/badges/shields/issues/6229)
+- [SecurityHeaders] Added a possibility for no follow redirects [#6212](https://github.com/badges/shields/issues/6212)
+- catch URL parse error in [endpoint] badge [#6214](https://github.com/badges/shields/issues/6214)
+- [Homebrew] Add homebrew downloads badge [#6209](https://github.com/badges/shields/issues/6209)
+- update [pkgreview] url [#6189](https://github.com/badges/shields/issues/6189)
+- Make [Twitch] a social badge [#6183](https://github.com/badges/shields/issues/6183)
+- update [flathub] error handling [#6185](https://github.com/badges/shields/issues/6185)
+- Add [Testspace] badges [#6162](https://github.com/badges/shields/issues/6162)
+- Dependency updates
+
+## server-2021-02-01
+
+- Docs.rs badge (#6098)
+- Fix feedz service in case the package page gets paginated (#6101)
+- [Bitbucket] Server Adding Auth Tokens and Resolving Pull Request api … (#6076)
+- Dependency updates
+
+## server-2021-01-18
+
+- Gotta start somewhere
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -101,7 +101,7 @@ There are three places to get help:
  used by developers or which are widely used by developers.
 - The left-hand side of a badge should not advertise. It should be a lowercase _noun_
  succinctly describing the meaning of the right-hand side.
- Except for badges using the `social` style, logos should be _turned off by
+- Except for badges using the `social` style, logos and links should be _turned off by
  default_.
 - Badges should not obtain data from undocumented or reverse-engineered API endpoints.
 - Badges should not obtain data by scraping web pages - these are likely to break frequently.
@@ -131,13 +131,7 @@ Prettier before a commit by default.

 ### Tests

-When adding or changing a service [please write tests][service-tests].
-
-When opening a pull request, include your service name in brackets in the pull
-request title. That way, those service tests will run in CI.
-
-e.g. **[Travis] Fix timeout issues**
-
+When adding or changing a service [please write tests][service-tests], and ensure the [title of your Pull Requests follows the required conventions](#running-service-tests-in-pull-requests) to ensure your tests are executed.
 When changing other code, please add unit tests.

 To run the integration tests, you must have redis installed and in your PATH.
@@ -153,3 +147,35 @@ There is a [High-level code walkthrough](doc/code-walkthrough.md) describing the
 ### Logos

 We have [documentation for logo usage](doc/logos.md) which includes [contribution guidance](doc/logos.md#contributing-logos)
+
+## Pull Requests
+
+All code changes are incorporated via pull requests, and pull requests are always squashed into a single commit on merging. Therefore there's no requirement to squash commits within your PR, but feel free to squash or restructure the commits on your PR branch if you think it will be helpful. PRs with well structured commits are always easier to review!
+
+Because all changes are pulled into the main branch via squash merges from PRs, we do **not** support overwriting any aspects of the git history once it hits our main branch. Notably this means we do not support amending commit messages, nor adjusting commit author information once merged.
+
+Accordingly, it is the responsibility of contributors to review this type of information and adjust as needed before marking PRs as ready for review and merging.
+
+You can review and modify your local [git configuration][git-config] via `git config`, and also find more information about amending your commit messages [here][amending-commits].
+
+[git-config]: https://git-scm.com/book/en/v2/Customizing-Git-Git-Configuration
+[amending-commits]: https://docs.github.com/en/github/committing-changes-to-your-project/changing-a-commit-message#rewriting-the-most-recent-commit-message
+
+### Running service tests in pull requests
+
+The affected service names must be included in square brackets in the pull request title so that the CI engine will run those service tests. When a pull request affects multiple services, they should be separated with spaces. The test runner is case-insensitive, so they should be capitalized for readability.
+
+For example:
+
+- **[Travis] Fix timeout issues**
+- **[Travis Sonar] Support user token authentication**
+- **Add tests for [CRAN] and [CPAN]**
+
+Note that many services are part of a "family" of related services. Depending on the changes in your PR you may need to run the tests for just a single service, or for _all_ the services within a family.
+
+For example, a PR title of **[GitHubForks] Foo** will only run the service tests specifically for the GitHub Forks badge, whereas a title of **[GitHub] Foo** will run the service tests for all of the GitHub badges.
+
+In the rare case when it's necessary to see the output of a full service-test
+run in a PR (all 2,000+ tests), include `[*****]` in the title. Unless all the tests pass, the build
+will fail, so likely it will be necessary to remove it and re-run the tests
+before merging.
--- a/70
+++ b/70
@@ -1,70 +0,0 @@
-SHELL:=/bin/bash
-
-SERVER_TMP=${TMPDIR}shields-server-deploy
-FRONTEND_TMP=${TMPDIR}shields-frontend-deploy
-
-# This branch is reserved for the deploy process and should not be used for
-# development. The deploy script will clobber it. To avoid accidentally
-# pushing secrets to GitHub, this branch is configured to reject pushes.
-WORKING_BRANCH=server-deploy-working-branch
-
-all: test
-
-deploy: deploy-s0 deploy-s1 deploy-s2 clean-server-deploy deploy-gh-pages deploy-gh-pages-clean
-
-deploy-s0: prepare-server-deploy push-s0
-deploy-s1: prepare-server-deploy push-s1
-deploy-s2: prepare-server-deploy push-s2
-
-prepare-server-deploy:
-	# Ship a copy of the front end to each server for debugging.
-	# https://github.com/badges/shields/issues/1220
-	INCLUDE_DEV_PAGES=false \
-		npm run build
-	rm -rf ${SERVER_TMP}
-	git worktree prune
-	git worktree add -B ${WORKING_BRANCH} ${SERVER_TMP}
-	cp -r public ${SERVER_TMP}
-	git -C ${SERVER_TMP} add -f public/
-	git -C ${SERVER_TMP} commit --no-verify -m '[DEPLOY] Add frontend for debugging'
-	cp config/local-shields-io-production.yml ${SERVER_TMP}/config/
-	git -C ${SERVER_TMP} add -f config/local-shields-io-production.yml
-	git -C ${SERVER_TMP} commit --no-verify -m '[DEPLOY] MUST NOT BE ON GITHUB'
-
-clean-server-deploy:
-	rm -rf ${SERVER_TMP}
-	git worktree prune
-
-push-s0:
-	git push -f s0 ${WORKING_BRANCH}:master
-
-push-s1:
-	git push -f s1 ${WORKING_BRANCH}:master
-
-push-s2:
-	git push -f s2 ${WORKING_BRANCH}:master
-
-deploy-gh-pages:
-	rm -rf ${FRONTEND_TMP}
-	git worktree prune
-	GATSBY_BASE_URL=https://img.shields.io \
-		INCLUDE_DEV_PAGES=false \
-		npm run build
-	git worktree add -B gh-pages ${FRONTEND_TMP}
-	git -C ${FRONTEND_TMP} ls-files | xargs git -C ${FRONTEND_TMP} rm
-	git -C ${FRONTEND_TMP} commit --no-verify -m '[DEPLOY] Completely clean the index'
-	cp -r public/* ${FRONTEND_TMP}
-	echo shields.io > ${FRONTEND_TMP}/CNAME
-	touch ${FRONTEND_TMP}/.nojekyll
-	git -C ${FRONTEND_TMP} add .
-	git -C ${FRONTEND_TMP} commit --no-verify -m '[DEPLOY] Add built site'
-	git push -f origin gh-pages
-
-deploy-gh-pages-clean:
-	rm -rf ${FRONTEND_TMP}
-	git worktree prune
-
-test:
-	npm test
-
-.PHONY: all deploy prepare-server-deploy clean-server-deploy deploy-s0 deploy-s1 deploy-s2 push-s0 push-s1 push-s2 deploy-gh-pages deploy-gh-pages-clean deploy-heroku setup redis test
--- a/4
+++ b/4
@@ -1 +1,5 @@
 web: npm run start:server:prod
+scale4: npm run heroku:scale 4
+scale5: npm run heroku:scale 5
+scale6: npm run heroku:scale 6
+scale7: npm run heroku:scale 7
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 <p align="center">
-    <img src="https://raw.githubusercontent.com/badges/shields/master/frontend/images/logo.svg?sanitize=true"
+    <img src="https://raw.githubusercontent.com/badges/shields/master/readme-logo.svg?sanitize=true"
        height="130">
 </p>
 <p align="center">
@@ -22,9 +22,6 @@
    <a href="https://lgtm.com/projects/g/badges/shields/alerts/">
        <img src="https://img.shields.io/lgtm/alerts/g/badges/shields"
            alt="Total alerts"/></a>
-    <a href="https://github.com/badges/shields/compare/gh-pages...master">
-        <img src="https://img.shields.io/github/commits-since/badges/shields/gh-pages?label=commits%20to%20be%20deployed"
-            alt="commits to be deployed"></a>
    <a href="https://discord.gg/HjJCwm5">
        <img src="https://img.shields.io/discord/308323056592486420?logo=discord"
            alt="chat on Discord"></a>
@@ -86,12 +83,12 @@ and pull requests! You can peruse the [contributing guidelines][contributing].
 When adding or changing a service [please add tests][service-tests].

 This project has quite a backlog of suggestions! If you're new to the project,
-maybe you'd like to open a pull request to address one of them:
-
-[![GitHub issues by-label](https://img.shields.io/github/issues/badges/shields/good%20first%20issue)](https://github.com/badges/shields/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22)
+maybe you'd like to open a pull request to address one of them.

 You can read a [tutorial on how to add a badge][tutorial].

+[![GitHub issues by-label](https://img.shields.io/github/issues/badges/shields/good%20first%20issue)](https://github.com/badges/shields/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22)
+
 [service-tests]: https://github.com/badges/shields/blob/master/doc/service-tests.md
 [tutorial]: doc/TUTORIAL.md
 [contributing]: CONTRIBUTING.md
--- a/snapshots/make-badge.spec.js
+++ b/snapshots/make-badge.spec.js
--- a/badge-maker/CHANGELOG.md
+++ b/badge-maker/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog

+## 3.3.0
+
+- Readability improvements: a dark font color is automatically used when the badge's background is too light. For example: ![](https://img.shields.io/badge/hello-world-white)
+- Better CSS color compliance: thanks to a switch from _is-css-color_ to _[css-color-converter](https://www.npmjs.com/package/css-color-converter)_, you can use a wider range of color formats from the latest CSS specification, for example `rgb(0 255 0)`
+- Less dependencies: _badge-maker_ no longer depends on _camelcase_
+
 ## 3.2.0

 - Accessibility improvements: Help users of assistive technologies to read the badges when used inline
--- a/badge-maker/lib/badge-renderers.js
+++ b/badge-maker/lib/badge-renderers.js
@@ -14,14 +14,9 @@ function capitalize(s) {

 function colorsForBackground(color) {
  if (brightness(color) <= brightnessThreshold) {
-    return {
-      textColor: '#fff',
-      shadowColor: '#010101',
-    }
-  }
-  return {
-    textColor: '#333',
-    shadowColor: '#ccc',
+    return { textColor: '#fff', shadowColor: '#010101' }
+  } else {
+    return { textColor: '#333', shadowColor: '#ccc' }
  }
 }

@@ -39,19 +34,12 @@ function escapeXml(s) {
 }

 function roundUpToOdd(val) {
-  // Increase chances of pixel grid alignment.
  return val % 2 === 0 ? val + 1 : val
 }

-function preferredWidthOf(str) {
-  return roundUpToOdd((anafanafo(str) / 10) | 0)
-}
-
-function computeWidths({ label, message }) {
-  return {
-    labelWidth: preferredWidthOf(label),
-    messageWidth: preferredWidthOf(message),
-  }
+function preferredWidthOf(str, options) {
+  // Increase chances of pixel grid alignment.
+  return roundUpToOdd(anafanafo(str, options) | 0)
 }

 function createAccessibleText({ label, message }) {
@@ -89,22 +77,19 @@ function renderLogo({
  logoWidth = 14,
  logoPadding = 0,
 }) {
-  if (!logo) {
+  if (logo) {
+    const logoHeight = 14
+    const y = (badgeHeight - logoHeight) / 2
+    const x = horizPadding
    return {
-      hasLogo: false,
-      totalLogoWidth: 0,
-      renderedLogo: '',
+      hasLogo: true,
+      totalLogoWidth: logoWidth + logoPadding,
+      renderedLogo: `<image x="${x}" y="${y}" width="${logoWidth}" height="${logoHeight}" xlink:href="${escapeXml(
+        logo
+      )}"/>`,
    }
-  }
-  const logoHeight = 14
-  const y = (badgeHeight - logoHeight) / 2
-  const x = horizPadding
-  return {
-    hasLogo: true,
-    totalLogoWidth: logoWidth + logoPadding,
-    renderedLogo: `<image x="${x}" y="${y}" width="${logoWidth}" height="14" xlink:href="${escapeXml(
-      logo
-    )}"/>`,
+  } else {
+    return { hasLogo: false, totalLogoWidth: 0, renderedLogo: '' }
  }
 }

@@ -139,7 +124,7 @@ function renderText({
    return { renderedText: '', width: 0 }
  }

-  const textLength = preferredWidthOf(content)
+  const textLength = preferredWidthOf(content, { font: '11px Verdana' })
  const escapedContent = escapeXml(content)

  const shadowMargin = 150 + verticalMargin
@@ -191,10 +176,6 @@ function renderBadge(
    </svg>`
 }

-function stripXmlWhitespace(xml) {
-  return xml.replace(/>\s+/g, '>').replace(/<\s+/g, '<').trim()
-}
-
 class Badge {
  static get fontFamily() {
    throw new Error('Not implemented')
@@ -301,6 +282,10 @@ class Badge {
    this.renderedMessage = renderedMessage
  }

+  static render(params) {
+    return new this(params).render()
+  }
+
  render() {
    throw new Error('Not implemented')
  }
@@ -451,30 +436,6 @@ class FlatSquare extends Badge {
  }
 }

-function plastic(params) {
-  const badge = new Plastic(params)
-  if (params.minify) {
-    return stripXmlWhitespace(badge.render())
-  }
-  return badge.render()
-}
-
-function flat(params) {
-  const badge = new Flat(params)
-  if (params.minify) {
-    return stripXmlWhitespace(badge.render())
-  }
-  return badge.render()
-}
-
-function flatSquare(params) {
-  const badge = new FlatSquare(params)
-  if (params.minify) {
-    return stripXmlWhitespace(badge.render())
-  }
-  return badge.render()
-}
-
 function social({
  label,
  message,
@@ -484,7 +445,6 @@ function social({
  logoPadding,
  color = '#4c1',
  labelColor = '#555',
-  minify,
 }) {
  // Social label is styled with a leading capital. Convert to caps here so
  // width can be measured using the correct characters.
@@ -492,24 +452,23 @@ function social({

  const externalHeight = 20
  const internalHeight = 19
-  const horizPadding = 5
+  const labelHorizPadding = 5
+  const messageHorizPadding = 4
+  const horizGutter = 6
  const { totalLogoWidth, renderedLogo } = renderLogo({
    logo,
    badgeHeight: externalHeight,
-    horizPadding,
+    horizPadding: labelHorizPadding,
    logoWidth,
    logoPadding,
  })
  const hasMessage = message.length

-  let { labelWidth, messageWidth } = computeWidths({ label, message })
-  labelWidth += 10 + totalLogoWidth
-  messageWidth += 10
-  messageWidth -= 4
-
-  const labelTextX = ((labelWidth + totalLogoWidth) / 2) * 10
-  const labelTextLength = (labelWidth - (10 + totalLogoWidth)) * 10
-  const escapedLabel = escapeXml(label)
+  const font = 'bold 11px Helvetica'
+  const labelTextWidth = preferredWidthOf(label, { font })
+  const messageTextWidth = preferredWidthOf(message, { font })
+  const labelRectWidth = labelTextWidth + totalLogoWidth + 2 * labelHorizPadding
+  const messageRectWidth = messageTextWidth + 2 * messageHorizPadding

  let [leftLink, rightLink] = links
  leftLink = escapeXml(leftLink)
@@ -519,29 +478,35 @@ function social({
  const accessibleText = createAccessibleText({ label, message })

  function renderMessageBubble() {
-    const messageBubbleMainX = labelWidth + 6.5
-    const messageBubbleNotchX = labelWidth + 6
+    const messageBubbleMainX = labelRectWidth + horizGutter + 0.5
+    const messageBubbleNotchX = labelRectWidth + horizGutter
    return `
-      <rect x="${messageBubbleMainX}" y="0.5" width="${messageWidth}" height="${internalHeight}" rx="2" fill="#fafafa"/>
+      <rect x="${messageBubbleMainX}" y="0.5" width="${messageRectWidth}" height="${internalHeight}" rx="2" fill="#fafafa"/>
      <rect x="${messageBubbleNotchX}" y="7.5" width="0.5" height="5" stroke="#fafafa"/>
      <path d="M${messageBubbleMainX} 6.5 l-3 3v1 l3 3" stroke="d5d5d5" fill="#fafafa"/>
    `
  }

  function renderLabelText() {
-    const rect = `<rect id="llink" stroke="#d5d5d5" fill="url(#a)" x=".5" y=".5" width="${labelWidth}" height="${internalHeight}" rx="2" />`
+    const labelTextX =
+      10 * (totalLogoWidth + labelTextWidth / 2 + labelHorizPadding)
+    const labelTextLength = 10 * labelTextWidth
+    const escapedLabel = escapeXml(label)
+    const shouldWrapWithLink = hasLeftLink && !shouldWrapBodyWithLink({ links })
+
+    const rect = `<rect id="llink" stroke="#d5d5d5" fill="url(#a)" x=".5" y=".5" width="${labelRectWidth}" height="${internalHeight}" rx="2" />`
    const shadow = `<text aria-hidden="true" x="${labelTextX}" y="150" fill="#fff" transform="scale(.1)" textLength="${labelTextLength}">${escapedLabel}</text>`
    const text = `<text x="${labelTextX}" y="140" transform="scale(.1)" textLength="${labelTextLength}">${escapedLabel}</text>`
-    if (hasLeftLink && !shouldWrapBodyWithLink({ links })) {
-      return `
+
+    return shouldWrapWithLink
+      ? `
        <a target="_blank" xlink:href="${leftLink}">
          ${shadow}
          ${text}
          ${rect}
        </a>
      `
-    }
-    return `
+      : `
      ${rect}
      ${shadow}
      ${text}
@@ -549,34 +514,36 @@ function social({
  }

  function renderMessageText() {
-    const messageTextX = (labelWidth + messageWidth / 2 + 6) * 10
-    const messageTextLength = (messageWidth - 8) * 10
+    const messageTextX =
+      10 * (labelRectWidth + horizGutter + messageRectWidth / 2)
+    const messageTextLength = 10 * messageTextWidth
    const escapedMessage = escapeXml(message)
-    const rect = `<rect width="${messageWidth + 1}" x="${
-      labelWidth + 6
+
+    const rect = `<rect width="${messageRectWidth + 1}" x="${
+      labelRectWidth + horizGutter
    }" height="${internalHeight + 1}" fill="rgba(0,0,0,0)" />`
    const shadow = `<text aria-hidden="true" x="${messageTextX}" y="150" fill="#fff" transform="scale(.1)" textLength="${messageTextLength}">${escapedMessage}</text>`
    const text = `<text id="rlink" x="${messageTextX}" y="140" transform="scale(.1)" textLength="${messageTextLength}">${escapedMessage}</text>`
-    if (hasRightLink) {
-      return `
+
+    return hasRightLink
+      ? `
        <a target="_blank" xlink:href="${rightLink}">
          ${rect}
          ${shadow}
          ${text}
        </a>
      `
-    }
-    return `
+      : `
      ${shadow}
      ${text}
    `
  }

-  const badge = renderBadge(
+  return renderBadge(
    {
      links,
-      leftWidth: labelWidth + 1,
-      rightWidth: hasMessage ? messageWidth + 6 : 0,
+      leftWidth: labelRectWidth + 1,
+      rightWidth: hasMessage ? horizGutter + messageRectWidth : 0,
      accessibleText,
      height: externalHeight,
    },
@@ -591,7 +558,7 @@ function social({
      <stop offset="1" stop-opacity=".1"/>
    </linearGradient>
    <g stroke="#d5d5d5">
-      <rect stroke="none" fill="#fcfcfc" x="0.5" y="0.5" width="${labelWidth}" height="${internalHeight}" rx="2"/>
+      <rect stroke="none" fill="#fcfcfc" x="0.5" y="0.5" width="${labelRectWidth}" height="${internalHeight}" rx="2"/>
      ${hasMessage ? renderMessageBubble() : ''}
    </g>
    ${renderedLogo}
@@ -601,11 +568,6 @@ function social({
    </g>
    `
  )
-
-  if (minify) {
-    return stripXmlWhitespace(badge)
-  }
-  return badge
 }

 function forTheBadge({
@@ -617,14 +579,15 @@ function forTheBadge({
  logoPadding,
  color = '#4c1',
  labelColor,
-  minify,
 }) {
  // For the Badge is styled in all caps. Convert to caps here so widths can
  // be measured using the correct characters.
  label = label.toUpperCase()
  message = message.toUpperCase()

-  let { labelWidth, messageWidth } = computeWidths({ label, message })
+  let labelWidth = preferredWidthOf(label, { font: '10px Verdana' }) || 0
+  let messageWidth =
+    preferredWidthOf(message, { font: 'bold 10px Verdana' }) || 0
  const height = 28
  const hasLabel = label.length || labelColor
  if (labelColor == null) {
@@ -641,7 +604,9 @@ function forTheBadge({

  labelWidth += 10 + totalLogoWidth
  if (label.length) {
-    labelWidth += 10 + label.length * 1.5
+    // Add 10 px of padding, plus approximately 1 px of letter spacing per
+    // character.
+    labelWidth += 10 + 2 * label.length
  } else if (hasLogo) {
    if (hasLabel) {
      labelWidth += 7
@@ -652,8 +617,9 @@ function forTheBadge({
    labelWidth -= 11
  }

-  messageWidth += 10
-  messageWidth += 10 + message.length * 2
+  // Add 20 px of padding, plus approximately 1.5 px of letter spacing per
+  // character.
+  messageWidth += 20 + 1.5 * message.length
  const leftWidth = hasLogo && !hasLabel ? 0 : labelWidth
  const rightWidth =
    hasLogo && !hasLabel ? messageWidth + labelWidth : messageWidth
@@ -675,7 +641,9 @@ function forTheBadge({
    const labelTextX = ((labelWidth + totalLogoWidth) / 2) * 10
    const labelTextLength = (labelWidth - (24 + totalLogoWidth)) * 10
    const escapedLabel = escapeXml(label)
+
    const text = `<text fill="${textColor}" x="${labelTextX}" y="175" transform="scale(.1)" textLength="${labelTextLength}">${escapedLabel}</text>`
+
    if (hasLeftLink && !shouldWrapBodyWithLink({ links })) {
      return `
        <a target="_blank" xlink:href="${leftLink}">
@@ -683,18 +651,21 @@ function forTheBadge({
          ${text}
        </a>
      `
+    } else {
+      return text
    }
-    return text
  }

  function renderMessageText() {
    const { textColor } = colorsForBackground(color)
+
    const text = `<text fill="${textColor}" x="${
      (labelWidth + messageWidth / 2) * 10
    }" y="175" font-weight="bold" transform="scale(.1)" textLength="${
      (messageWidth - 24) * 10
    }">
      ${escapeXml(message)}</text>`
+
    if (hasRightLink) {
      return `
        <a target="_blank" xlink:href="${rightLink}">
@@ -702,11 +673,12 @@ function forTheBadge({
          ${text}
        </a>
      `
+    } else {
+      return text
    }
-    return text
  }

-  const badge = renderBadge(
+  return renderBadge(
    {
      links,
      leftWidth,
@@ -725,17 +697,12 @@ function forTheBadge({
      ${renderMessageText()}
    </g>`
  )
-
-  if (minify) {
-    return stripXmlWhitespace(badge)
-  }
-  return badge
 }

 module.exports = {
-  plastic,
-  flat,
+  plastic: params => Plastic.render(params),
+  flat: params => Flat.render(params),
+  'flat-square': params => FlatSquare.render(params),
  social,
-  'flat-square': flatSquare,
  'for-the-badge': forTheBadge,
 }
--- a/badge-maker/lib/color.js
+++ b/badge-maker/lib/color.js
@@ -1,6 +1,6 @@
 'use strict'

-const cssColorConverter = require('css-color-converter')
+const { fromString } = require('css-color-converter')

 // When updating these, be sure also to update the list in `badge-maker/README.md`.
 const namedColors = {
@@ -38,10 +38,7 @@ function isHexColor(s = '') {
 }

 function isCSSColor(color) {
-  return (
-    typeof color === 'string' &&
-    typeof cssColorConverter(color.trim()).toRgbaArray() !== 'undefined'
-  )
+  return typeof color === 'string' && fromString(color.trim())
 }

 function normalizeColor(color) {
@@ -73,8 +70,9 @@ function toSvgColor(color) {

 function brightness(color) {
  if (color) {
-    const rgb = cssColorConverter(color).toRgbaArray()
-    if (rgb) {
+    const cssColor = fromString(color)
+    if (cssColor) {
+      const rgb = cssColor.toRgbaArray()
      return +((rgb[0] * 299 + rgb[1] * 587 + rgb[2] * 114) / 255000).toFixed(2)
    }
  }
--- a/badge-maker/lib/color.spec.js
+++ b/badge-maker/lib/color.spec.js
@@ -37,7 +37,7 @@ test(normalizeColor, () => {
  given('  blue ').expect('  blue ')
  given('rgb(100%, 200%, 222%)').expect('rgb(100%, 200%, 222%)')
  given('rgb(122, 200, 222)').expect('rgb(122, 200, 222)')
-  given('rgb(100%, 200, 222)').expect('rgb(100%, 200, 222)')
+  given('rgb(122, 200, 222, 1)').expect('rgb(122, 200, 222, 1)')
  given('rgba(100, 20, 111, 1)').expect('rgba(100, 20, 111, 1)')
  given('hsl(122, 200%, 222%)').expect('hsl(122, 200%, 222%)')
  given('hsla(122, 200%, 222%, 1)').expect('hsla(122, 200%, 222%, 1)')
@@ -46,8 +46,8 @@ test(normalizeColor, () => {
    given(''),
    given('not-a-color'),
    given('#ABCFGH'),
-    given('rgb(122, 200, 222, 1)'),
    given('rgb(-100, 20, 111)'),
+    given('rgb(100%, 200, 222)'),
    given('rgba(-100, 20, 111, 1.1)'),
    given('hsl(122, 200, 222, 1)'),
    given('hsl(122, 200, 222)'),
--- a/badge-maker/lib/index.js
+++ b/badge-maker/lib/index.js
@@ -51,14 +51,8 @@ function _clean(format) {
    }
  })

-  // convert "public" format to "internal" format
-  cleaned.text = [cleaned.label || '', cleaned.message]
-  delete cleaned.label
-  delete cleaned.message
-  if ('style' in cleaned) {
-    cleaned.template = cleaned.style
-    delete cleaned.style
-  }
+  // Legacy.
+  cleaned.label = cleaned.label || ''

  return cleaned
 }
--- a/badge-maker/lib/make-badge.js
+++ b/badge-maker/lib/make-badge.js
@@ -3,14 +3,19 @@
 const { normalizeColor, toSvgColor } = require('./color')
 const badgeRenderers = require('./badge-renderers')

+function stripXmlWhitespace(xml) {
+  return xml.replace(/>\s+/g, '>').replace(/<\s+/g, '<').trim()
+}
+
 /*
 note: makeBadge() is fairly thinly wrapped so if we are making changes here
 it is likely this will impact on the package's public interface in index.js
 */
 module.exports = function makeBadge({
  format,
-  template = 'flat',
-  text,
+  style = 'flat',
+  label,
+  message,
  color,
  labelColor,
  logo,
@@ -19,9 +24,8 @@ module.exports = function makeBadge({
  links = ['', ''],
 }) {
  // String coercion and whitespace removal.
-  text = text.map(value => `${value}`.trim())
-
-  const [label, message] = text
+  label = `${label}`.trim()
+  message = `${message}`.trim()

  // This ought to be the responsibility of the server, not `makeBadge`.
  if (format === 'json') {
@@ -39,23 +43,24 @@ module.exports = function makeBadge({
    })
  }

-  const render = badgeRenderers[template]
+  const render = badgeRenderers[style]
  if (!render) {
-    throw new Error(`Unknown template: '${template}'`)
+    throw new Error(`Unknown badge style: '${style}'`)
  }

  logoWidth = +logoWidth || (logo ? 14 : 0)

-  return render({
-    label,
-    message,
-    links,
-    logo,
-    logoPosition,
-    logoWidth,
-    logoPadding: logo && label.length ? 3 : 0,
-    color: toSvgColor(color),
-    labelColor: toSvgColor(labelColor),
-    minify: true,
-  })
+  return stripXmlWhitespace(
+    render({
+      label,
+      message,
+      links,
+      logo,
+      logoPosition,
+      logoWidth,
+      logoPadding: logo && label.length ? 3 : 0,
+      color: toSvgColor(color),
+      labelColor: toSvgColor(labelColor),
+    })
+  )
 }
--- a/badge-maker/lib/make-badge.spec.js
+++ b/badge-maker/lib/make-badge.spec.js
@@ -4,12 +4,18 @@ const { test, given, forCases } = require('sazerac')
 const { expect } = require('chai')
 const snapshot = require('snap-shot-it')
 const isSvg = require('is-svg')
+const prettier = require('prettier')
 const makeBadge = require('./make-badge')

+function expectBadgeToMatchSnapshot(format) {
+  snapshot(prettier.format(makeBadge(format), { parser: 'html' }))
+}
+
 function testColor(color = '', colorAttr = 'color') {
  return JSON.parse(
    makeBadge({
-      text: ['name', 'Bob'],
+      label: 'name',
+      message: 'Bob',
      [colorAttr]: color,
      format: 'json',
    })
@@ -34,10 +40,14 @@ describe('The badge generator', function () {
      ]).expect('#abc123')
      // valid rgb(a)
      given('rgb(0,128,255)').expect('rgb(0,128,255)')
+      given('rgb(220,128,255,0.5)').expect('rgb(220,128,255,0.5)')
+      given('rgba(0,0,255)').expect('rgba(0,0,255)')
      given('rgba(0,128,255,0)').expect('rgba(0,128,255,0)')
      // valid hsl(a)
      given('hsl(100, 56%, 10%)').expect('hsl(100, 56%, 10%)')
+      given('hsl(360,50%,50%,0.5)').expect('hsl(360,50%,50%,0.5)')
      given('hsla(25,20%,0%,0.1)').expect('hsla(25,20%,0%,0.1)')
+      given('hsla(0,50%,101%)').expect('hsla(0,50%,101%)')
      // CSS named color.
      given('papayawhip').expect('papayawhip')
      // Shields named color.
@@ -53,12 +63,6 @@ describe('The badge generator', function () {
        // invalid hex
        given('#123red'), // contains letter above F
        given('#red'), // contains letter above F
-        // invalid rgb(a)
-        given('rgb(220,128,255,0.5)'), // has alpha
-        given('rgba(0,0,255)'), // no alpha
-        // invalid hsl(a)
-        given('hsl(360,50%,50%,0.5)'), // has alpha
-        given('hsla(0,50%,101%)'), // no alpha
        // neither a css named color nor colorscheme
        given('notacolor'),
        given('bluish'),
@@ -77,23 +81,26 @@ describe('The badge generator', function () {

  describe('SVG', function () {
    it('should produce SVG', function () {
-      const svg = makeBadge({ text: ['cactus', 'grown'], format: 'svg' })
-      expect(svg)
+      expect(makeBadge({ label: 'cactus', message: 'grown', format: 'svg' }))
        .to.satisfy(isSvg)
        .and.to.include('cactus')
        .and.to.include('grown')
    })

    it('should match snapshot', function () {
-      const svg = makeBadge({ text: ['cactus', 'grown'], format: 'svg' })
-      snapshot(svg)
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+      })
    })
  })

  describe('JSON', function () {
    it('should produce the expected JSON', function () {
      const json = makeBadge({
-        text: ['cactus', 'grown'],
+        label: 'cactus',
+        message: 'grown',
        format: 'json',
        links: ['https://example.com/', 'https://other.example.com/'],
      })
@@ -106,484 +113,471 @@ describe('The badge generator', function () {
      })
    })

-    it('should replace undefined svg template with "flat"', function () {
+    it('should replace undefined svg badge style with "flat"', function () {
      const jsonBadgeWithUnknownStyle = makeBadge({
-        text: ['name', 'Bob'],
+        label: 'name',
+        message: 'Bob',
        format: 'svg',
      })
      const jsonBadgeWithDefaultStyle = makeBadge({
-        text: ['name', 'Bob'],
+        label: 'name',
+        message: 'Bob',
        format: 'svg',
-        template: 'flat',
+        style: 'flat',
      })
      expect(jsonBadgeWithUnknownStyle)
        .to.equal(jsonBadgeWithDefaultStyle)
        .and.to.satisfy(isSvg)
    })

-    it('should fail with unknown svg template', function () {
+    it('should fail with unknown svg badge style', function () {
      expect(() =>
        makeBadge({
-          text: ['name', 'Bob'],
+          label: 'name',
+          message: 'Bob',
          format: 'svg',
-          template: 'unknown_style',
+          style: 'unknown_style',
        })
-      ).to.throw(Error, "Unknown template: 'unknown_style'")
+      ).to.throw(Error, "Unknown badge style: 'unknown_style'")
    })
  })

  describe('"flat" template badge generation', function () {
    it('should match snapshots: message/label, no logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'flat',
-          color: '#b3e',
-          labelColor: '#0f0',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'flat',
+        color: '#b3e',
+        labelColor: '#0f0',
+      })
    })

    it('should match snapshots: message/label, with logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'flat',
-          color: '#b3e',
-          labelColor: '#0f0',
-          logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'flat',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+      })
    })

    it('should match snapshots: message only, no logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['', 'grown'],
-          format: 'svg',
-          template: 'flat',
-          color: '#b3e',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: '',
+        message: 'grown',
+        format: 'svg',
+        style: 'flat',
+        color: '#b3e',
+      })
    })

    it('should match snapshots: message only, with logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['', 'grown'],
-          format: 'svg',
-          template: 'flat',
-          color: '#b3e',
-          logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: '',
+        message: 'grown',
+        format: 'svg',
+        style: 'flat',
+        color: '#b3e',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+      })
    })

    it('should match snapshots: message only, with logo and labelColor', function () {
-      snapshot(
-        makeBadge({
-          text: ['', 'grown'],
-          format: 'svg',
-          template: 'flat',
-          color: '#b3e',
-          labelColor: '#0f0',
-          logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: '',
+        message: 'grown',
+        format: 'svg',
+        style: 'flat',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+      })
    })

    it('should match snapshots: message/label, with links', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'flat',
-          color: '#b3e',
-          labelColor: '#0f0',
-          links: ['https://shields.io/', 'https://www.google.co.uk/'],
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'flat',
+        color: '#b3e',
+        labelColor: '#0f0',
+        links: ['https://shields.io/', 'https://www.google.co.uk/'],
+      })
    })
  })

  describe('"flat-square" template badge generation', function () {
    it('should match snapshots: message/label, no logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'flat-square',
-          color: '#b3e',
-          labelColor: '#0f0',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'flat-square',
+        color: '#b3e',
+        labelColor: '#0f0',
+      })
    })

    it('should match snapshots: message/label, with logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'flat-square',
-          color: '#b3e',
-          labelColor: '#0f0',
-          logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'flat-square',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+      })
    })

    it('should match snapshots: message only, no logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['', 'grown'],
-          format: 'svg',
-          template: 'flat-square',
-          color: '#b3e',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: '',
+        message: 'grown',
+        format: 'svg',
+        style: 'flat-square',
+        color: '#b3e',
+      })
    })

    it('should match snapshots: message only, with logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['', 'grown'],
-          format: 'svg',
-          template: 'flat-square',
-          color: '#b3e',
-          logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: '',
+        message: 'grown',
+        format: 'svg',
+        style: 'flat-square',
+        color: '#b3e',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+      })
    })

    it('should match snapshots: message only, with logo and labelColor', function () {
-      snapshot(
-        makeBadge({
-          text: ['', 'grown'],
-          format: 'svg',
-          template: 'flat-square',
-          color: '#b3e',
-          labelColor: '#0f0',
-          logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: '',
+        message: 'grown',
+        format: 'svg',
+        style: 'flat-square',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+      })
    })

    it('should match snapshots: message/label, with links', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'flat-square',
-          color: '#b3e',
-          labelColor: '#0f0',
-          links: ['https://shields.io/', 'https://www.google.co.uk/'],
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'flat-square',
+        color: '#b3e',
+        labelColor: '#0f0',
+        links: ['https://shields.io/', 'https://www.google.co.uk/'],
+      })
    })
  })

  describe('"plastic" template badge generation', function () {
    it('should match snapshots: message/label, no logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'plastic',
-          color: '#b3e',
-          labelColor: '#0f0',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'plastic',
+        color: '#b3e',
+        labelColor: '#0f0',
+      })
    })

    it('should match snapshots: message/label, with logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'plastic',
-          color: '#b3e',
-          labelColor: '#0f0',
-          logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'plastic',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+      })
    })

    it('should match snapshots: message only, no logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['', 'grown'],
-          format: 'svg',
-          template: 'plastic',
-          color: '#b3e',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: '',
+        message: 'grown',
+        format: 'svg',
+        style: 'plastic',
+        color: '#b3e',
+      })
    })

    it('should match snapshots: message only, with logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['', 'grown'],
-          format: 'svg',
-          template: 'plastic',
-          color: '#b3e',
-          logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: '',
+        message: 'grown',
+        format: 'svg',
+        style: 'plastic',
+        color: '#b3e',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+      })
    })

    it('should match snapshots: message only, with logo and labelColor', function () {
-      snapshot(
-        makeBadge({
-          text: ['', 'grown'],
-          format: 'svg',
-          template: 'plastic',
-          color: '#b3e',
-          labelColor: '#0f0',
-          logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: '',
+        message: 'grown',
+        format: 'svg',
+        style: 'plastic',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+      })
    })

    it('should match snapshots: message/label, with links', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'plastic',
-          color: '#b3e',
-          labelColor: '#0f0',
-          links: ['https://shields.io/', 'https://www.google.co.uk/'],
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'plastic',
+        color: '#b3e',
+        labelColor: '#0f0',
+        links: ['https://shields.io/', 'https://www.google.co.uk/'],
+      })
    })
  })

  describe('"for-the-badge" template badge generation', function () {
    // https://github.com/badges/shields/issues/1280
    it('numbers should produce a string', function () {
-      const svg = makeBadge({
-        text: [1998, 1999],
-        format: 'svg',
-        template: 'for-the-badge',
-      })
-      expect(svg).to.include('1998').and.to.include('1999')
+      expect(
+        makeBadge({
+          label: 1998,
+          message: 1999,
+          format: 'svg',
+          style: 'for-the-badge',
+        })
+      )
+        .to.include('1998')
+        .and.to.include('1999')
    })

    it('lowercase/mixedcase string should produce uppercase string', function () {
-      const svg = makeBadge({
-        text: ['Label', '1 string'],
-        format: 'svg',
-        template: 'for-the-badge',
-      })
-      expect(svg).to.include('LABEL').and.to.include('1 STRING')
+      expect(
+        makeBadge({
+          label: 'Label',
+          message: '1 string',
+          format: 'svg',
+          style: 'for-the-badge',
+        })
+      )
+        .to.include('LABEL')
+        .and.to.include('1 STRING')
    })

    it('should match snapshots: message/label, no logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'for-the-badge',
-          color: '#b3e',
-          labelColor: '#0f0',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'for-the-badge',
+        color: '#b3e',
+        labelColor: '#0f0',
+      })
    })

    it('should match snapshots: message/label, with logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'for-the-badge',
-          color: '#b3e',
-          labelColor: '#0f0',
-          logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'for-the-badge',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+      })
    })

    it('should match snapshots: message only, no logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['', 'grown'],
-          format: 'svg',
-          template: 'for-the-badge',
-          color: '#b3e',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: '',
+        message: 'grown',
+        format: 'svg',
+        style: 'for-the-badge',
+        color: '#b3e',
+      })
    })

    it('should match snapshots: message only, with logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['', 'grown'],
-          format: 'svg',
-          template: 'for-the-badge',
-          color: '#b3e',
-          logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: '',
+        message: 'grown',
+        format: 'svg',
+        style: 'for-the-badge',
+        color: '#b3e',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+      })
    })

    it('should match snapshots: message only, with logo and labelColor', function () {
-      snapshot(
-        makeBadge({
-          text: ['', 'grown'],
-          format: 'svg',
-          template: 'for-the-badge',
-          color: '#b3e',
-          labelColor: '#0f0',
-          logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: '',
+        message: 'grown',
+        format: 'svg',
+        style: 'for-the-badge',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+      })
    })

    it('should match snapshots: message/label, with links', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'for-the-badge',
-          color: '#b3e',
-          labelColor: '#0f0',
-          links: ['https://shields.io/', 'https://www.google.co.uk/'],
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'for-the-badge',
+        color: '#b3e',
+        labelColor: '#0f0',
+        links: ['https://shields.io/', 'https://www.google.co.uk/'],
+      })
    })
  })

  describe('"social" template badge generation', function () {
    it('should produce capitalized string for badge key', function () {
-      const svg = makeBadge({
-        text: ['some-key', 'some-value'],
-        format: 'svg',
-        template: 'social',
-      })
-      expect(svg).to.include('Some-key').and.to.include('some-value')
+      expect(
+        makeBadge({
+          label: 'some-key',
+          message: 'some-value',
+          format: 'svg',
+          style: 'social',
+        })
+      )
+        .to.include('Some-key')
+        .and.to.include('some-value')
    })

    // https://github.com/badges/shields/issues/1606
    it('should handle empty strings used as badge keys', function () {
-      const svg = makeBadge({
-        text: ['', 'some-value'],
-        format: 'json',
-        template: 'social',
-      })
-      expect(svg).to.include('""').and.to.include('some-value')
+      expect(
+        makeBadge({
+          label: '',
+          message: 'some-value',
+          format: 'json',
+          style: 'social',
+        })
+      )
+        .to.include('""')
+        .and.to.include('some-value')
    })

    it('should match snapshots: message/label, no logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'social',
-          color: '#b3e',
-          labelColor: '#0f0',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'social',
+        color: '#b3e',
+        labelColor: '#0f0',
+      })
    })

    it('should match snapshots: message/label, with logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'social',
-          color: '#b3e',
-          labelColor: '#0f0',
-          logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'social',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+      })
    })

    it('should match snapshots: message only, no logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['', 'grown'],
-          format: 'svg',
-          template: 'social',
-          color: '#b3e',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: '',
+        message: 'grown',
+        format: 'svg',
+        style: 'social',
+        color: '#b3e',
+      })
    })

    it('should match snapshots: message only, with logo', function () {
-      snapshot(
-        makeBadge({
-          text: ['', 'grown'],
-          format: 'svg',
-          template: 'social',
-          color: '#b3e',
-          logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: '',
+        message: 'grown',
+        format: 'svg',
+        style: 'social',
+        color: '#b3e',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+      })
    })

    it('should match snapshots: message only, with logo and labelColor', function () {
-      snapshot(
-        makeBadge({
-          text: ['', 'grown'],
-          format: 'svg',
-          template: 'social',
-          color: '#b3e',
-          labelColor: '#0f0',
-          logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: '',
+        message: 'grown',
+        format: 'svg',
+        style: 'social',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+      })
    })

    it('should match snapshots: message/label, with links', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'social',
-          color: '#b3e',
-          labelColor: '#0f0',
-          links: ['https://shields.io/', 'https://www.google.co.uk/'],
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'social',
+        color: '#b3e',
+        labelColor: '#0f0',
+        links: ['https://shields.io/', 'https://www.google.co.uk/'],
+      })
    })
  })

  describe('badges with logos should always produce the same badge', function () {
    it('badge with logo', function () {
-      const svg = makeBadge({
-        text: ['label', 'message'],
+      expectBadgeToMatchSnapshot({
+        label: 'label',
+        message: 'message',
        format: 'svg',
        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
      })
-      snapshot(svg)
    })
  })

  describe('text colors', function () {
    it('should use black text when the label color is light', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'flat',
-          color: '#000',
-          labelColor: '#f3f3f3',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'flat',
+        color: '#000',
+        labelColor: '#f3f3f3',
+      })
    })

    it('should use black text when the message color is light', function () {
-      snapshot(
-        makeBadge({
-          text: ['cactus', 'grown'],
-          format: 'svg',
-          template: 'for-the-badge',
-          color: '#e2ffe1',
-          labelColor: '#000',
-        })
-      )
+      expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'for-the-badge',
+        color: '#e2ffe1',
+        labelColor: '#000',
+      })
    })
  })
 })
--- a/badge-maker/package.json
+++ b/badge-maker/package.json
@@ -1,6 +1,6 @@
 {
  "name": "badge-maker",
-  "version": "3.2.0",
+  "version": "3.3.0",
  "description": "Shields.io badge library",
  "keywords": [
    "GitHub",
@@ -35,8 +35,8 @@
    "logo": "https://opencollective.com/opencollective/logo.txt"
  },
  "dependencies": {
-    "anafanafo": "^1.0.0",
-    "css-color-converter": "^1.1.1"
+    "anafanafo": "2.0.0",
+    "css-color-converter": "^2.0.0"
  },
  "scripts": {
    "test": "echo 'Run tests from parent dir'; false"
--- a/config/custom-environment-variables.yml
+++ b/config/custom-environment-variables.yml
@@ -21,7 +21,7 @@ public:
    key: 'HTTPS_KEY'
    cert: 'HTTPS_CRT'

-  redirectUri: 'REDIRECT_URI'
+  redirectUrl: 'REDIRECT_URI'

  rasterUrl: 'RASTER_URL'

@@ -30,9 +30,6 @@ public:
      __name: 'ALLOWED_ORIGIN'
      __format: 'json'

-  persistence:
-    dir: 'PERSISTENCE_DIR'
-
  services:
    bitbucketServer:
      authorizedOrigins: 'BITBUCKET_SERVER_ORIGINS'
@@ -64,6 +61,8 @@ public:

  fetchLimit: 'FETCH_LIMIT'

+  requireCloudflare: 'REQUIRE_CLOUDFLARE'
+
 private:
  azure_devops_token: 'AZURE_DEVOPS_TOKEN'
  bintray_user: 'BINTRAY_USER'
--- a/config/default.yml
+++ b/config/default.yml
@@ -16,9 +16,6 @@ public:
  cors:
    allowedOrigin: []

-  persistence:
-    dir: './private'
-
  services:
    github:
      baseUri: 'https://api.github.com/'
@@ -36,4 +33,6 @@ public:

  fetchLimit: '10MB'

+  requireCloudflare: false
+
 private: {}
--- a/config/shields-io-production.yml
+++ b/config/shields-io-production.yml
@@ -15,10 +15,4 @@ public:
  cors:
    allowedOrigin: ['http://shields.io', 'https://shields.io']

-  redirectUrl: 'https://shields.io/'
-
  rasterUrl: 'https://raster.shields.io'
-
-private:
-  # These are not really private; they should be moved to `public`.
-  shields_ips: ['192.99.59.72', '51.254.114.150', '149.56.96.133']
--- a/core/badge-urls/path-helpers.js
+++ b/core/badge-urls/path-helpers.js
@@ -5,11 +5,8 @@
 function escapeFormat(t) {
  return (
    t
-      // Inline single underscore.
-      .replace(/([^_])_([^_])/g, '$1 $2')
-      // Leading or trailing underscore.
-      .replace(/([^_])_$/, '$1 ')
-      .replace(/^_([^_])/, ' $1')
+      // Single underscore.
+      .replace(/(^|[^_])((?:__)*)_(?!_)/g, '$1$2 ')
      // Double underscore and double dash.
      .replace(/__/g, '_')
      .replace(/--/g, '-')
--- a/core/badge-urls/path-helpers.spec.js
+++ b/core/badge-urls/path-helpers.spec.js
@@ -0,0 +1,21 @@
+'use strict'
+
+const { test, given } = require('sazerac')
+const { escapeFormat } = require('./path-helpers')
+
+describe('Badge URL helper functions', function () {
+  test(escapeFormat, () => {
+    given('_single leading underscore').expect(' single leading underscore')
+    given('single trailing underscore_').expect('single trailing underscore ')
+    given('__double leading underscores').expect('_double leading underscores')
+    given('double trailing underscores__').expect(
+      'double trailing underscores_'
+    )
+    given('treble___underscores').expect('treble_ underscores')
+    given('fourfold____underscores').expect('fourfold__underscores')
+    given('double--dashes').expect('double-dashes')
+    given('treble---dashes').expect('treble--dashes')
+    given('fourfold----dashes').expect('fourfold--dashes')
+    given('once_in_a_blue--moon').expect('once in a blue-moon')
+  })
+})
--- a/core/base-service/base-graphql.spec.js
+++ b/core/base-service/base-graphql.spec.js
@@ -1,6 +1,6 @@
 'use strict'

-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const { expect } = require('chai')
 const gql = require('graphql-tag')
 const sinon = require('sinon')
--- a/core/base-service/base-json.spec.js
+++ b/core/base-service/base-json.spec.js
@@ -1,6 +1,6 @@
 'use strict'

-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const { expect } = require('chai')
 const sinon = require('sinon')
 const BaseJsonService = require('./base-json')
--- a/core/base-service/base-non-memory-caching.js
+++ b/core/base-service/base-non-memory-caching.js
@@ -1,74 +0,0 @@
-'use strict'
-
-const makeBadge = require('../../badge-maker/lib/make-badge')
-const BaseService = require('./base')
-const { MetricHelper } = require('./metric-helper')
-const { setCacheHeaders } = require('./cache-headers')
-const { makeSend } = require('./legacy-result-sender')
-const coalesceBadge = require('./coalesce-badge')
-const { prepareRoute, namedParamsForMatch } = require('./route')
-
-// Badges are subject to two independent types of caching: in-memory and
-// downstream.
-//
-// Services deriving from `NonMemoryCachingBaseService` are not cached in
-// memory on the server. This means that each request that hits the server
-// triggers another call to the handler. When using badges for server
-// diagnostics, that's useful!
-//
-// In contrast, The `handle()` function of most other `BaseService`
-// subclasses is wrapped in onboard, in-memory caching. See `lib /request-
-// handler.js` and `BaseService.prototype.register()`.
-//
-// All services, including those extending NonMemoryCachingBaseServices, may
-// be cached _downstream_. This is governed by cache headers, which are
-// configured by the service, the user's request, and the server's default
-// cache length.
-module.exports = class NonMemoryCachingBaseService extends BaseService {
-  static register({ camp, metricInstance }, serviceConfig) {
-    const { cacheHeaders: cacheHeaderConfig } = serviceConfig
-    const { _cacheLength: serviceDefaultCacheLengthSeconds } = this
-    const { regex, captureNames } = prepareRoute(this.route)
-
-    const metricHelper = MetricHelper.create({
-      metricInstance,
-      ServiceClass: this,
-    })
-
-    camp.route(regex, async (queryParams, match, end, ask) => {
-      const metricHandle = metricHelper.startRequest()
-
-      const namedParams = namedParamsForMatch(captureNames, match, this)
-      const serviceData = await this.invoke(
-        {},
-        serviceConfig,
-        namedParams,
-        queryParams
-      )
-
-      const badgeData = coalesceBadge(
-        queryParams,
-        serviceData,
-        this.defaultBadgeData,
-        this
-      )
-
-      // The final capture group is the extension.
-      const format = (match.slice(-1)[0] || '.svg').replace(/^\./, '')
-      badgeData.format = format
-
-      const svg = makeBadge(badgeData)
-
-      setCacheHeaders({
-        cacheHeaderConfig,
-        serviceDefaultCacheLengthSeconds,
-        queryParams,
-        res: ask.res,
-      })
-
-      makeSend(format, ask.res, end)(svg)
-
-      metricHandle.noteResponseSent()
-    })
-  }
-}
--- a/core/base-service/base-svg-scraping.spec.js
+++ b/core/base-service/base-svg-scraping.spec.js
@@ -2,14 +2,10 @@

 const { expect } = require('chai')
 const sinon = require('sinon')
-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const makeBadge = require('../../badge-maker/lib/make-badge')
 const BaseSvgScrapingService = require('./base-svg-scraping')

-function makeExampleSvg({ label, message }) {
-  return makeBadge({ text: ['this is the label', 'this is the result!'] })
-}
-
 const schema = Joi.object({
  message: Joi.string().required(),
 }).required()
@@ -29,10 +25,7 @@ class DummySvgScrapingService extends BaseSvgScrapingService {
 describe('BaseSvgScrapingService', function () {
  const exampleLabel = 'this is the label'
  const exampleMessage = 'this is the result!'
-  const exampleSvg = makeExampleSvg({
-    label: exampleLabel,
-    message: exampleMessage,
-  })
+  const exampleSvg = makeBadge({ label: exampleLabel, message: exampleMessage })

  describe('valueFromSvgBadge', function () {
    it('should find the correct value', function () {
--- a/core/base-service/base-xml.spec.js
+++ b/core/base-service/base-xml.spec.js
@@ -1,6 +1,6 @@
 'use strict'

-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const { expect } = require('chai')
 const sinon = require('sinon')
 const BaseXmlService = require('./base-xml')
--- a/core/base-service/base-yaml.js
+++ b/core/base-service/base-yaml.js
@@ -57,7 +57,7 @@ class BaseYamlService extends BaseService {
    })
    let parsed
    try {
-      parsed = yaml.safeLoad(buffer.toString(), encoding)
+      parsed = yaml.load(buffer.toString(), encoding)
    } catch (err) {
      logTrace(emojic.dart, 'Response YAML (unparseable)', buffer)
      throw new InvalidResponse({
--- a/core/base-service/base-yaml.spec.js
+++ b/core/base-service/base-yaml.spec.js
@@ -1,6 +1,6 @@
 'use strict'

-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const { expect } = require('chai')
 const sinon = require('sinon')
 const BaseYamlService = require('./base-yaml')
--- a/core/base-service/base.js
+++ b/core/base-service/base.js
@@ -5,7 +5,7 @@

 // See available emoji at http://emoji.muan.co/
 const emojic = require('emojic')
-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const log = require('../server/log')
 const { AuthHelper } = require('./auth-helper')
 const { MetricHelper, MetricNames } = require('./metric-helper')
@@ -213,7 +213,18 @@ class BaseService {

  async _request({ url, options = {}, errorMessages = {} }) {
    const logTrace = (...args) => trace.logTrace('fetch', ...args)
-    logTrace(emojic.bowAndArrow, 'Request', url, '\n', options)
+    let logUrl = url
+    const logOptions = Object.assign({}, options)
+    if ('qs' in options) {
+      const params = new URLSearchParams(options.qs)
+      logUrl = `${url}?${params.toString()}`
+      delete logOptions.qs
+    }
+    logTrace(
+      emojic.bowAndArrow,
+      'Request',
+      `${logUrl}\n${JSON.stringify(logOptions, null, 2)}`
+    )
    const { res, buffer } = await this._requestFetcher(url, options)
    await this._meterResponse(res, buffer)
    logTrace(emojic.dart, 'Response status code', res.statusCode)
--- a/core/base-service/base.spec.js
+++ b/core/base-service/base.spec.js
@@ -1,6 +1,6 @@
 'use strict'

-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const chai = require('chai')
 const { expect } = chai
 const sinon = require('sinon')
@@ -329,7 +329,7 @@ describe('BaseService', function () {
  describe('ScoutCamp integration', function () {
    // TODO Strangly, without the useless escape the regexes do not match in Node 12.
    // eslint-disable-next-line no-useless-escape
-    const expectedRouteRegex = /^\/foo\/([^\/]+?)(|\.svg|\.json)$/
+    const expectedRouteRegex = /^\/foo(?:\/([^\/#\?]+?))(|\.svg|\.json)$/

    let mockCamp
    let mockHandleRequest
@@ -373,9 +373,10 @@ describe('BaseService', function () {
      const expectedFormat = 'svg'
      expect(mockSendBadge).to.have.been.calledOnce
      expect(mockSendBadge).to.have.been.calledWith(expectedFormat, {
-        text: ['cat', 'Hello namedParamA: bar with queryParamA: ?'],
+        label: 'cat',
+        message: 'Hello namedParamA: bar with queryParamA: ?',
        color: 'lightgrey',
-        template: 'flat',
+        style: 'flat',
        namedLogo: undefined,
        logo: undefined,
        logoWidth: undefined,
@@ -462,9 +463,7 @@ describe('BaseService', function () {
        'fetch',
        sinon.match.string,
        'Request',
-        url,
-        '\n',
-        options
+        `${url}\n${JSON.stringify(options, null, 2)}`
      )
      expect(trace.logTrace).to.be.calledWithMatch(
        'fetch',
@@ -518,7 +517,7 @@ describe('BaseService', function () {

      await serviceInstance._request({ url })

-      expect(register.getSingleMetricAsString('service_response_bytes'))
+      expect(await register.getSingleMetricAsString('service_response_bytes'))
        .to.contain(
          'service_response_bytes_bucket{le="65536",category="other",family="undefined",service="dummy_service_with_service_response_size_metric_enabled"} 0\n'
        )
@@ -544,7 +543,7 @@ describe('BaseService', function () {
      await serviceInstance._request({ url })

      expect(
-        register.getSingleMetricAsString('service_response_bytes')
+        await register.getSingleMetricAsString('service_response_bytes')
      ).to.not.contain('service_response_bytes_bucket')
    })
  })
--- a/core/base-service/cache-headers.js
+++ b/core/base-service/cache-headers.js
@@ -1,7 +1,7 @@
 'use strict'

 const assert = require('assert')
-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const coalesce = require('./coalesce')

 const serverStartTimeGMTString = new Date().toGMTString()
--- a/core/base-service/categories.js
+++ b/core/base-service/categories.js
@@ -1,6 +1,6 @@
 'use strict'

-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const categories = require('../../services/categories')

 const isRealCategory = Joi.equal(...categories.map(({ id }) => id)).required()
--- a/core/base-service/coalesce-badge.js
+++ b/core/base-service/coalesce-badge.js
@@ -160,12 +160,10 @@ module.exports = function coalesceBadge(
  }

  return {
-    text: [
-      // Use `coalesce()` to support empty labels and messages, as in the
-      // static badge.
-      coalesce(overrideLabel, serviceLabel, defaultLabel, category),
-      coalesce(serviceMessage, 'n/a'),
-    ],
+    // Use `coalesce()` to support empty labels and messages, as in the static
+    // badge.
+    label: coalesce(overrideLabel, serviceLabel, defaultLabel, category),
+    message: coalesce(serviceMessage, 'n/a'),
    color: coalesce(
      // In case of an error, disregard user's color override.
      isError ? undefined : overrideColor,
@@ -179,7 +177,7 @@ module.exports = function coalesceBadge(
      serviceLabelColor,
      defaultLabelColor
    ),
-    template: style,
+    style,
    namedLogo,
    logo: logoSvgBase64,
    logoWidth,
--- a/core/base-service/coalesce-badge.spec.js
+++ b/core/base-service/coalesce-badge.spec.js
@@ -7,63 +7,61 @@ const coalesceBadge = require('./coalesce-badge')
 describe('coalesceBadge', function () {
  describe('Label', function () {
    it('uses the default label', function () {
-      expect(coalesceBadge({}, {}, { label: 'heyo' }).text).to.deep.equal([
-        'heyo',
-        'n/a',
-      ])
+      expect(coalesceBadge({}, {}, { label: 'heyo' })).to.include({
+        label: 'heyo',
+      })
    })

    // This behavior isn't great and we might want to remove it.
    it('uses the category as a default label', function () {
-      expect(
-        coalesceBadge({}, {}, {}, { category: 'cat' }).text
-      ).to.deep.equal(['cat', 'n/a'])
+      expect(coalesceBadge({}, {}, {}, { category: 'cat' })).to.include({
+        label: 'cat',
+      })
    })

    it('preserves an empty label', function () {
-      expect(
-        coalesceBadge({}, { label: '', message: '10k' }, {}).text
-      ).to.deep.equal(['', '10k'])
+      expect(coalesceBadge({}, { label: '', message: '10k' }, {})).to.include({
+        label: '',
+      })
    })

    it('overrides the label', function () {
      expect(
-        coalesceBadge({ label: 'purr count' }, { label: 'purrs' }, {}).text
-      ).to.deep.equal(['purr count', 'n/a'])
+        coalesceBadge({ label: 'purr count' }, { label: 'purrs' }, {})
+      ).to.include({ label: 'purr count' })
    })
  })

  describe('Message', function () {
    it('applies the service message', function () {
-      expect(coalesceBadge({}, { message: '10k' }, {}).text).to.deep.equal([
-        undefined,
-        '10k',
-      ])
+      expect(coalesceBadge({}, { message: '10k' }, {})).to.include({
+        message: '10k',
+      })
    })

-    it('applies a numeric service message', function () {
+    // https://github.com/badges/shields/issues/1280
+    it('converts a number to a string', function () {
      // While a number of badges use this, in the long run we may want
      // `render()` to always return a string.
-      expect(coalesceBadge({}, { message: 10 }, {}).text).to.deep.equal([
-        undefined,
-        10,
-      ])
+      expect(coalesceBadge({}, { message: 10 }, {})).to.include({
+        message: 10,
+      })
    })
  })

  describe('Right color', function () {
    it('uses the default color', function () {
-      expect(coalesceBadge({}, {}, {}).color).to.equal('lightgrey')
+      expect(coalesceBadge({}, {}, {})).to.include({ color: 'lightgrey' })
    })

    it('overrides the color', function () {
      expect(
-        coalesceBadge({ color: '10ADED' }, { color: 'red' }, {}).color
-      ).to.equal('10ADED')
+        coalesceBadge({ color: '10ADED' }, { color: 'red' }, {})
+      ).to.include({ color: '10ADED' })
      // also expected for legacy name
      expect(
-        coalesceBadge({ colorB: 'B0ADED' }, { color: 'red' }, {}).color
-      ).to.equal('B0ADED')
+        coalesceBadge({ colorB: 'B0ADED' }, { color: 'red' }, {})
+      ).to.include({ color: 'B0ADED' })
    })

    context('In case of an error', function () {
@@ -73,21 +71,23 @@ describe('coalesceBadge', function () {
            { color: '10ADED' },
            { isError: true, color: 'lightgray' },
            {}
-          ).color
-        ).to.equal('lightgray')
+          )
+        ).to.include({ color: 'lightgray' })
        // also expected for legacy name
        expect(
          coalesceBadge(
            { colorB: 'B0ADED' },
            { isError: true, color: 'lightgray' },
            {}
-          ).color
-        ).to.equal('lightgray')
+          )
+        ).to.include({ color: 'lightgray' })
      })
    })

    it('applies the service color', function () {
-      expect(coalesceBadge({}, { color: 'red' }, {}).color).to.equal('red')
+      expect(coalesceBadge({}, { color: 'red' }, {})).to.include({
+        color: 'red',
+      })
    })
  })

@@ -97,20 +97,19 @@ describe('coalesceBadge', function () {
    })

    it('applies the service label color', function () {
-      expect(coalesceBadge({}, { labelColor: 'red' }, {}).labelColor).to.equal(
-        'red'
-      )
+      expect(coalesceBadge({}, { labelColor: 'red' }, {})).to.include({
+        labelColor: 'red',
+      })
    })

    it('overrides the label color', function () {
      expect(
        coalesceBadge({ labelColor: '42f483' }, { color: 'green' }, {})
-          .labelColor
-      ).to.equal('42f483')
+      ).to.include({ labelColor: '42f483' })
      // also expected for legacy name
      expect(
-        coalesceBadge({ colorA: 'B2f483' }, { color: 'green' }, {}).labelColor
-      ).to.equal('B2f483')
+        coalesceBadge({ colorA: 'B2f483' }, { color: 'green' }, {})
+      ).to.include({ labelColor: 'B2f483' })
    })

    it('converts a query-string numeric color to a string', function () {
@@ -120,8 +119,8 @@ describe('coalesceBadge', function () {
          { color: 123 },
          { color: 'green' },
          {}
-        ).color
-      ).to.equal('123')
+        )
+      ).to.include({ color: '123' })
      // also expected for legacy name
      expect(
        coalesceBadge(
@@ -129,8 +128,8 @@ describe('coalesceBadge', function () {
          { colorB: 123 },
          { color: 'green' },
          {}
-        ).color
-      ).to.equal('123')
+        )
+      ).to.include({ color: '123' })
    })
  })

@@ -148,9 +147,9 @@ describe('coalesceBadge', function () {
    })

    it('applies the named logo', function () {
-      expect(coalesceBadge({}, { namedLogo: 'npm' }, {}).namedLogo).to.equal(
-        'npm'
-      )
+      expect(coalesceBadge({}, { namedLogo: 'npm' }, {})).to.include({
+        namedLogo: 'npm',
+      })
      expect(coalesceBadge({}, { namedLogo: 'npm' }, {}).logo).to.equal(
        getShieldsIcon({ name: 'npm' })
      ).and.not.to.be.empty
@@ -219,8 +218,8 @@ describe('coalesceBadge', function () {
    it('overrides the logo with custom svg', function () {
      const logoSvg = 'data:image/svg+xml;base64,PHN2ZyB4bWxu'
      expect(
-        coalesceBadge({ logo: logoSvg }, { namedLogo: 'appveyor' }, {}).logo
-      ).to.equal(logoSvg)
+        coalesceBadge({ logo: logoSvg }, { namedLogo: 'appveyor' }, {})
+      ).to.include({ logo: logoSvg })
    })

    it('ignores the color when custom svg is provided', function () {
@@ -230,35 +229,36 @@ describe('coalesceBadge', function () {
          { logo: logoSvg, logoColor: 'brightgreen' },
          { namedLogo: 'appveyor' },
          {}
-        ).logo
-      ).to.equal(logoSvg)
+        )
+      ).to.include({ logo: logoSvg })
    })
  })

  describe('Logo width', function () {
    it('overrides the logoWidth', function () {
-      expect(coalesceBadge({ logoWidth: 20 }, {}, {}).logoWidth).to.equal(20)
+      expect(coalesceBadge({ logoWidth: 20 }, {}, {})).to.include({
+        logoWidth: 20,
+      })
    })

    it('applies the logo width', function () {
      expect(
-        coalesceBadge({}, { namedLogo: 'npm', logoWidth: 275 }, {}).logoWidth
-      ).to.equal(275)
+        coalesceBadge({}, { namedLogo: 'npm', logoWidth: 275 }, {})
+      ).to.include({ logoWidth: 275 })
    })
  })

  describe('Logo position', function () {
    it('overrides the logoPosition', function () {
-      expect(
-        coalesceBadge({ logoPosition: -10 }, {}, {}).logoPosition
-      ).to.equal(-10)
+      expect(coalesceBadge({ logoPosition: -10 }, {}, {})).to.include({
+        logoPosition: -10,
+      })
    })

    it('applies the logo position', function () {
      expect(
        coalesceBadge({}, { namedLogo: 'npm', logoPosition: -10 }, {})
-          .logoPosition
-      ).to.equal(-10)
+      ).to.include({ logoPosition: -10 })
    })
  })

@@ -279,20 +279,24 @@ describe('coalesceBadge', function () {

  describe('Style', function () {
    it('falls back to flat with invalid style', function () {
-      expect(coalesceBadge({ style: 'pill' }, {}, {}).template).to.equal('flat')
-      expect(coalesceBadge({ style: 7 }, {}, {}).template).to.equal('flat')
-      expect(coalesceBadge({ style: undefined }, {}, {}).template).to.equal(
-        'flat'
-      )
+      expect(coalesceBadge({ style: 'pill' }, {}, {})).to.include({
+        style: 'flat',
+      })
+      expect(coalesceBadge({ style: 7 }, {}, {})).to.include({
+        style: 'flat',
+      })
+      expect(coalesceBadge({ style: undefined }, {}, {})).to.include({
+        style: 'flat',
+      })
    })

    it('replaces legacy popout styles', function () {
-      expect(coalesceBadge({ style: 'popout' }, {}, {}).template).to.equal(
-        'flat'
-      )
-      expect(
-        coalesceBadge({ style: 'popout-square' }, {}, {}).template
-      ).to.equal('flat-square')
+      expect(coalesceBadge({ style: 'popout' }, {}, {})).to.include({
+        style: 'flat',
+      })
+      expect(coalesceBadge({ style: 'popout-square' }, {}, {})).to.include({
+        style: 'flat-square',
+      })
    })
  })

@@ -300,8 +304,7 @@ describe('coalesceBadge', function () {
    it('overrides the cache length', function () {
      expect(
        coalesceBadge({ style: 'pill' }, { cacheSeconds: 123 }, {})
-          .cacheLengthSeconds
-      ).to.equal(123)
+      ).to.include({ cacheLengthSeconds: 123 })
    })
  })
 })
--- a/core/base-service/deprecated-service.js
+++ b/core/base-service/deprecated-service.js
@@ -1,6 +1,6 @@
 'use strict'

-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const camelcase = require('camelcase')
 const BaseService = require('./base')
 const { isValidCategory } = require('./categories')
--- a/core/base-service/examples.js
+++ b/core/base-service/examples.js
@@ -1,6 +1,6 @@
 'use strict'

-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const { pathToRegexp, compile } = require('path-to-regexp')
 const categories = require('../../services/categories')
 const coalesceBadge = require('./coalesce-badge')
@@ -124,12 +124,7 @@ function transformExample(inExample, index, ServiceClass) {
    documentation,
  } = validateExample(inExample, index, ServiceClass)

-  const {
-    text: [label, message],
-    color,
-    template: style,
-    namedLogo,
-  } = coalesceBadge(
+  const { label, message, color, style, namedLogo } = coalesceBadge(
    {},
    staticPreview,
    ServiceClass.defaultBadgeData,
--- a/core/base-service/index.js
+++ b/core/base-service/index.js
@@ -3,7 +3,6 @@
 const BaseService = require('./base')
 const BaseJsonService = require('./base-json')
 const BaseGraphqlService = require('./base-graphql')
-const NonMemoryCachingBaseService = require('./base-non-memory-caching')
 const BaseStaticService = require('./base-static')
 const BaseSvgScrapingService = require('./base-svg-scraping')
 const BaseXmlService = require('./base-xml')
@@ -22,7 +21,6 @@ module.exports = {
  BaseService,
  BaseJsonService,
  BaseGraphqlService,
-  NonMemoryCachingBaseService,
  BaseStaticService,
  BaseSvgScrapingService,
  BaseXmlService,
--- a/core/base-service/legacy-request-handler.js
+++ b/core/base-service/legacy-request-handler.js
@@ -1,7 +1,6 @@
 'use strict'

 const request = require('request')
-const queryString = require('query-string')
 const makeBadge = require('../../badge-maker/lib/make-badge')
 const { setCacheHeaders } = require('./cache-headers')
 const {
@@ -10,27 +9,10 @@ const {
  ShieldsRuntimeError,
 } = require('./errors')
 const { makeSend } = require('./legacy-result-sender')
-const LruCache = require('./lru-cache')
 const coalesceBadge = require('./coalesce-badge')

 const userAgent = 'Shields.io/2003a'

-// We avoid calling the vendor's server for computation of the information in a
-// number of badges.
-const minAccuracy = 0.75
-
-// The quotient of (vendor) data change frequency by badge request frequency
-// must be lower than this to trigger sending the cached data *before*
-// updating our data from the vendor's server.
-// Indeed, the accuracy of our badges are:
-// A(Δt) = 1 - min(# data change over Δt, # requests over Δt)
-//             / (# requests over Δt)
-//       = 1 - max(1, df) / rf
-const freqRatioMax = 1 - minAccuracy
-
-// Request cache size of 5MB (~5000 bytes/image).
-const requestCache = new LruCache(1000)
-
 // These query parameters are available to any badge. They are handled by
 // `coalesceBadge`.
 const globalQueryParams = new Set([
@@ -121,8 +103,6 @@ function handleRequest(cacheHeaderConfig, handlerOptions) {
      return
    }

-    const reqTime = new Date()
-
    // `defaultCacheLengthSeconds` can be overridden by
    // `serviceDefaultCacheLengthSeconds` (either by category or on a badge-
    // by-badge basis). Then in turn that can be overridden by
@@ -151,49 +131,10 @@ function handleRequest(cacheHeaderConfig, handlerOptions) {
      filteredQueryParams[key] = queryParams[key]
    })

-    // Use sindresorhus query-string because it sorts the keys, whereas the
-    // builtin querystring module relies on the iteration order.
-    const stringified = queryString.stringify(filteredQueryParams)
-    const cacheIndex = `${match[0]}?${stringified}`
-
-    // Should we return the data right away?
-    const cached = requestCache.get(cacheIndex)
-    let cachedVersionSent = false
-    if (cached !== undefined) {
-      // A request was made not long ago.
-      const tooSoon = +reqTime - cached.time < cached.interval
-      if (tooSoon || cached.dataChange / cached.reqs <= freqRatioMax) {
-        const svg = makeBadge(cached.data.badgeData)
-        setCacheHeadersOnResponse(
-          ask.res,
-          cached.data.badgeData.cacheLengthSeconds
-        )
-        makeSend(cached.data.format, ask.res, end)(svg)
-        cachedVersionSent = true
-        // We do not wish to call the vendor servers.
-        if (tooSoon) {
-          return
-        }
-      }
-    }
-
    // In case our vendor servers are unresponsive.
    let serverUnresponsive = false
    const serverResponsive = setTimeout(() => {
      serverUnresponsive = true
-      if (cachedVersionSent) {
-        return
-      }
-      if (requestCache.has(cacheIndex)) {
-        const cached = requestCache.get(cacheIndex)
-        const svg = makeBadge(cached.data.badgeData)
-        setCacheHeadersOnResponse(
-          ask.res,
-          cached.data.badgeData.cacheLengthSeconds
-        )
-        makeSend(cached.data.format, ask.res, end)(svg)
-        return
-      }
      ask.res.setHeader('Cache-Control', 'no-cache, no-store, must-revalidate')
      const badgeData = coalesceBadge(
        filteredQueryParams,
@@ -206,8 +147,6 @@ function handleRequest(cacheHeaderConfig, handlerOptions) {
      makeSend(extension, ask.res, end)(svg)
    }, 25000)

-    // Only call vendor servers when last request is older than…
-    let cacheInterval = 5000 // milliseconds
    function cachingRequest(uri, options, callback) {
      if (typeof options === 'function' && !callback) {
        callback = options
@@ -223,20 +162,7 @@ function handleRequest(cacheHeaderConfig, handlerOptions) {
      options.headers['User-Agent'] = userAgent

      let bufferLength = 0
-      const r = request(options, (err, res, body) => {
-        if (res != null && res.headers != null) {
-          const cacheControl = res.headers['cache-control']
-          if (cacheControl != null) {
-            const age = cacheControl.match(/max-age=([0-9]+)/)
-            // Would like to get some more test coverage on this before changing it.
-            // eslint-disable-next-line no-self-compare
-            if (age != null && +age[1] === +age[1]) {
-              cacheInterval = +age[1] * 1000
-            }
-          }
-        }
-        callback(err, res, body)
-      })
+      const r = request(options, callback)
      r.on('data', chunk => {
        bufferLength += chunk.length
        if (bufferLength > fetchLimitBytes) {
@@ -264,30 +190,11 @@ function handleRequest(cacheHeaderConfig, handlerOptions) {
          return
        }
        clearTimeout(serverResponsive)
-        // Check for a change in the data.
-        let dataHasChanged = false
-        if (
-          cached !== undefined &&
-          cached.data.badgeData.text[1] !== badgeData.text[1]
-        ) {
-          dataHasChanged = true
-        }
        // Add format to badge data.
        badgeData.format = format
-        // Update information in the cache.
-        const updatedCache = {
-          reqs: cached ? cached.reqs + 1 : 1,
-          dataChange: cached ? cached.dataChange + (dataHasChanged ? 1 : 0) : 1,
-          time: +reqTime,
-          interval: cacheInterval,
-          data: { format, badgeData },
-        }
-        requestCache.set(cacheIndex, updatedCache)
-        if (!cachedVersionSent) {
-          const svg = makeBadge(badgeData)
-          setCacheHeadersOnResponse(ask.res, badgeData.cacheLengthSeconds)
-          makeSend(format, ask.res, end)(svg)
-        }
+        const svg = makeBadge(badgeData)
+        setCacheHeadersOnResponse(ask.res, badgeData.cacheLengthSeconds)
+        makeSend(format, ask.res, end)(svg)
      },
      cachingRequest
    )
@@ -299,15 +206,8 @@ function handleRequest(cacheHeaderConfig, handlerOptions) {
  }
 }

-function clearRequestCache() {
-  requestCache.clear()
-}
-
 module.exports = {
  handleRequest,
  promisify,
-  clearRequestCache,
-  // Expose for testing.
-  _requestCache: requestCache,
  userAgent,
 }
--- a/core/base-service/legacy-request-handler.spec.js
+++ b/core/base-service/legacy-request-handler.spec.js
@@ -6,11 +6,7 @@ const portfinder = require('portfinder')
 const Camp = require('@shields_io/camp')
 const got = require('../got-test-client')
 const coalesceBadge = require('./coalesce-badge')
-const {
-  handleRequest,
-  clearRequestCache,
-  _requestCache,
-} = require('./legacy-request-handler')
+const { handleRequest } = require('./legacy-request-handler')

 async function performTwoRequests(baseUrl, first, second) {
  expect((await got(`${baseUrl}${first}`)).statusCode).to.equal(200)
@@ -83,7 +79,6 @@ describe('The request handler', function () {
    camp.on('listening', () => done())
  })
  afterEach(function (done) {
-    clearRequestCache()
    if (camp) {
      camp.close(() => done())
      camp = null
@@ -196,57 +191,18 @@ describe('The request handler', function () {

  describe('caching', function () {
    describe('standard query parameters', function () {
-      let handlerCallCount
-      beforeEach(function () {
-        handlerCallCount = 0
-      })
-
      function register({ cacheHeaderConfig }) {
        camp.route(
          /^\/testing\/([^/]+)\.(svg|png|gif|jpg|json)$/,
          handleRequest(
            cacheHeaderConfig,
            (queryParams, match, sendBadge, request) => {
-              ++handlerCallCount
              fakeHandler(queryParams, match, sendBadge, request)
            }
          )
        )
      }

-      context('With standard cache settings', function () {
-        beforeEach(function () {
-          register({ cacheHeaderConfig: standardCacheHeaders })
-        })
-
-        it('should cache identical requests', async function () {
-          await performTwoRequests(
-            baseUrl,
-            '/testing/123.svg',
-            '/testing/123.svg'
-          )
-          expect(handlerCallCount).to.equal(1)
-        })
-
-        it('should differentiate known query parameters', async function () {
-          await performTwoRequests(
-            baseUrl,
-            '/testing/123.svg?label=foo',
-            '/testing/123.svg?label=bar'
-          )
-          expect(handlerCallCount).to.equal(2)
-        })
-
-        it('should ignore unknown query parameters', async function () {
-          await performTwoRequests(
-            baseUrl,
-            '/testing/123.svg?foo=1',
-            '/testing/123.svg?foo=2'
-          )
-          expect(handlerCallCount).to.equal(1)
-        })
-      })
-
      it('should set the expires header to current time + defaultCacheLengthSeconds', async function () {
        register({ cacheHeaderConfig: { defaultCacheLengthSeconds: 900 } })
        const { headers } = await got(`${baseUrl}/testing/123.json`)
@@ -277,7 +233,6 @@ describe('The request handler', function () {
          handleRequest(
            { defaultCacheLengthSeconds: 300 },
            (queryParams, match, sendBadge, request) => {
-              ++handlerCallCount
              createFakeHandlerWithCacheLength(400)(
                queryParams,
                match,
@@ -298,7 +253,6 @@ describe('The request handler', function () {
          handleRequest(
            { defaultCacheLengthSeconds: 300 },
            (queryParams, match, sendBadge, request) => {
-              ++handlerCallCount
              createFakeHandlerWithCacheLength(200)(
                queryParams,
                match,
@@ -345,21 +299,6 @@ describe('The request handler', function () {
          'no-cache, no-store, must-revalidate'
        )
      })
-
-      describe('the cache key', function () {
-        beforeEach(function () {
-          register({ cacheHeaderConfig: standardCacheHeaders })
-        })
-        const expectedCacheKey = '/testing/123.json?color=123&label=foo'
-        it('should match expected and use canonical order - 1', async function () {
-          await got(`${baseUrl}/testing/123.json?color=123&label=foo`)
-          expect(_requestCache.cache).to.have.keys(expectedCacheKey)
-        })
-        it('should match expected and use canonical order - 2', async function () {
-          await got(`${baseUrl}/testing/123.json?label=foo&color=123`)
-          expect(_requestCache.cache).to.have.keys(expectedCacheKey)
-        })
-      })
    })

    describe('custom query parameters', function () {
--- a/core/base-service/lru-cache.js
+++ b/core/base-service/lru-cache.js
@@ -1,136 +0,0 @@
-'use strict'
-
-// In-memory KV, remove the oldest data when the capacity is reached.
-
-const typeEnum = {
-  unit: 0,
-  heap: 1,
-}
-
-// In bytes.
-let heapSize
-function computeHeapSize() {
-  return (heapSize = process.memoryUsage().heapTotal)
-}
-
-let heapSizeTimeout
-function getHeapSize() {
-  if (heapSizeTimeout == null) {
-    // Compute the heap size every 60 seconds.
-    heapSizeTimeout = setInterval(computeHeapSize, 60 * 1000)
-    return computeHeapSize()
-  } else {
-    return heapSize
-  }
-}
-
-function CacheSlot(key, value) {
-  this.key = key
-  this.value = value
-  this.older = null // Newest slot that is older than this slot.
-  this.newer = null // Oldest slot that is newer than this slot.
-}
-
-function Cache(capacity, type) {
-  type = type || 'unit'
-  this.capacity = capacity
-  this.type = typeEnum[type]
-  this.cache = new Map() // Maps cache keys to CacheSlots.
-  this.newest = null // Newest slot in the cache.
-  this.oldest = null
-}
-
-Cache.prototype = {
-  set: function addToCache(cacheKey, cached) {
-    let slot = this.cache.get(cacheKey)
-    if (slot === undefined) {
-      slot = new CacheSlot(cacheKey, cached)
-      this.cache.set(cacheKey, slot)
-    }
-    this.makeNewest(slot)
-    const numItemsToRemove = this.limitReached()
-    if (numItemsToRemove > 0) {
-      for (let i = 0; i < numItemsToRemove; i++) {
-        this.removeOldest()
-      }
-    }
-  },
-
-  get: function getFromCache(cacheKey) {
-    const slot = this.cache.get(cacheKey)
-    if (slot !== undefined) {
-      this.makeNewest(slot)
-      return slot.value
-    }
-  },
-
-  has: function hasInCache(cacheKey) {
-    return this.cache.has(cacheKey)
-  },
-
-  makeNewest: function makeNewestSlot(slot) {
-    const previousNewest = this.newest
-    if (previousNewest === slot) {
-      return
-    }
-    const older = slot.older
-    const newer = slot.newer
-
-    if (older !== null) {
-      older.newer = newer
-    } else if (newer !== null) {
-      this.oldest = newer
-    }
-    if (newer !== null) {
-      newer.older = older
-    }
-    this.newest = slot
-
-    if (previousNewest !== null) {
-      slot.older = previousNewest
-      slot.newer = null
-      previousNewest.newer = slot
-    } else {
-      // If previousNewest is null, the cache used to be empty.
-      this.oldest = slot
-    }
-  },
-
-  removeOldest: function removeOldest() {
-    const cacheKey = this.oldest.key
-    if (this.oldest !== null) {
-      this.oldest = this.oldest.newer
-      if (this.oldest !== null) {
-        this.oldest.older = null
-      }
-    }
-    this.cache.delete(cacheKey)
-  },
-
-  // Returns the number of elements to remove if we're past the limit.
-  limitReached: function heuristic() {
-    if (this.type === typeEnum.unit) {
-      // Remove the excess.
-      return Math.max(0, this.cache.size - this.capacity)
-    } else if (this.type === typeEnum.heap) {
-      if (getHeapSize() >= this.capacity) {
-        console.log('LRU HEURISTIC heap:', getHeapSize())
-        // Remove half of them.
-        return this.cache.size >> 1
-      } else {
-        return 0
-      }
-    } else {
-      console.error(`Unknown heuristic '${this.type}' for LRU cache.`)
-      return 1
-    }
-  },
-
-  clear: function () {
-    this.cache.clear()
-    this.newest = null
-    this.oldest = null
-  },
-}
-
-module.exports = Cache
--- a/core/base-service/lru-cache.spec.js
+++ b/core/base-service/lru-cache.spec.js
@@ -1,134 +0,0 @@
-'use strict'
-
-const { expect } = require('chai')
-const LRU = require('./lru-cache')
-
-function expectCacheSlots(cache, keys) {
-  expect(cache.cache.size).to.equal(keys.length)
-
-  const slots = keys.map(k => cache.cache.get(k))
-
-  const first = slots[0]
-  const last = slots.slice(-1)[0]
-
-  expect(cache.oldest).to.equal(first)
-  expect(cache.newest).to.equal(last)
-
-  expect(first.older).to.be.null
-  expect(last.newer).to.be.null
-
-  for (let i = 0; i + 1 < slots.length; ++i) {
-    const current = slots[i]
-    const next = slots[i + 1]
-    expect(current.newer).to.equal(next)
-    expect(next.older).to.equal(current)
-  }
-}
-
-describe('The LRU cache', function () {
-  it('should support a zero capacity', function () {
-    const cache = new LRU(0)
-    cache.set('key', 'value')
-    expect(cache.cache.size).to.equal(0)
-  })
-
-  it('should support a one capacity', function () {
-    const cache = new LRU(1)
-    cache.set('key1', 'value1')
-    expectCacheSlots(cache, ['key1'])
-    cache.set('key2', 'value2')
-    expectCacheSlots(cache, ['key2'])
-    expect(cache.get('key1')).to.be.undefined
-    expect(cache.get('key2')).to.equal('value2')
-  })
-
-  it('should remove the oldest element when reaching capacity', function () {
-    const cache = new LRU(2)
-
-    cache.set('key1', 'value1')
-    cache.set('key2', 'value2')
-    cache.set('key3', 'value3')
-    cache.cache.get('key1')
-
-    expectCacheSlots(cache, ['key2', 'key3'])
-    expect(cache.cache.get('key1')).to.be.undefined
-    expect(cache.get('key1')).to.be.undefined
-    expect(cache.get('key2')).to.equal('value2')
-    expect(cache.get('key3')).to.equal('value3')
-  })
-
-  it('should make sure that resetting a key in cache makes it newest', function () {
-    const cache = new LRU(2)
-
-    cache.set('key', 'value')
-    cache.set('key2', 'value2')
-
-    expectCacheSlots(cache, ['key', 'key2'])
-
-    cache.set('key', 'value')
-
-    expectCacheSlots(cache, ['key2', 'key'])
-  })
-
-  describe('getting a key in the cache', function () {
-    context('when the requested key is oldest', function () {
-      it('should leave the keys in the expected order', function () {
-        const cache = new LRU(2)
-        cache.set('key1', 'value1')
-        cache.set('key2', 'value2')
-
-        expectCacheSlots(cache, ['key1', 'key2'])
-
-        expect(cache.get('key1')).to.equal('value1')
-
-        expectCacheSlots(cache, ['key2', 'key1'])
-      })
-    })
-
-    context('when the requested key is newest', function () {
-      it('should leave the keys in the expected order', function () {
-        const cache = new LRU(2)
-        cache.set('key1', 'value1')
-        cache.set('key2', 'value2')
-
-        expect(cache.get('key2')).to.equal('value2')
-
-        expectCacheSlots(cache, ['key1', 'key2'])
-      })
-    })
-
-    context('when the requested key is in the middle', function () {
-      it('should leave the keys in the expected order', function () {
-        const cache = new LRU(3)
-        cache.set('key1', 'value1')
-        cache.set('key2', 'value2')
-        cache.set('key3', 'value3')
-
-        expectCacheSlots(cache, ['key1', 'key2', 'key3'])
-
-        expect(cache.get('key2')).to.equal('value2')
-
-        expectCacheSlots(cache, ['key1', 'key3', 'key2'])
-      })
-    })
-  })
-
-  it('should clear', function () {
-    // Set up.
-    const cache = new LRU(2)
-    cache.set('key1', 'value1')
-    cache.set('key2', 'value2')
-
-    // Confidence check.
-    expect(cache.get('key1')).to.equal('value1')
-    expect(cache.get('key2')).to.equal('value2')
-
-    // Run.
-    cache.clear()
-
-    // Test.
-    expect(cache.get('key1')).to.be.undefined
-    expect(cache.get('key2')).to.be.undefined
-    expect(cache.cache.size).to.equal(0)
-  })
-})
--- a/core/base-service/redirector.js
+++ b/core/base-service/redirector.js
@@ -2,7 +2,7 @@

 const camelcase = require('camelcase')
 const emojic = require('emojic')
-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const queryString = require('query-string')
 const BaseService = require('./base')
 const {
@@ -82,7 +82,7 @@ module.exports = function redirector(attrs) {
        trace.logTrace('inbound', emojic.ticket, 'Named params', namedParams)
        trace.logTrace('inbound', emojic.crayon, 'Query params', queryParams)

-        const targetPath = transformPath(namedParams)
+        const targetPath = encodeURI(transformPath(namedParams))
        trace.logTrace('validate', emojic.dart, 'Target', targetPath)

        let urlSuffix = ask.uri.search || ''
--- a/core/base-service/redirector.spec.js
+++ b/core/base-service/redirector.spec.js
@@ -121,6 +121,20 @@ describe('Redirector', function () {
      )
    })

+    it('should correctly encode the redirect URL', async function () {
+      const { statusCode, headers } = await got(
+        `${baseUrl}/very/old/service/hello%0Dworld.svg?foobar=a%0Db`,
+        {
+          followRedirect: false,
+        }
+      )
+
+      expect(statusCode).to.equal(301)
+      expect(headers.location).to.equal(
+        '/new/service/hello%0Dworld.svg?foobar=a%0Db'
+      )
+    })
+
    describe('transformQueryParams', function () {
      const route = {
        base: 'another/old/service',
--- a/core/base-service/route.js
+++ b/core/base-service/route.js
@@ -1,7 +1,7 @@
 'use strict'

 const escapeStringRegexp = require('escape-string-regexp')
-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const { pathToRegexp } = require('path-to-regexp')

 function makeFullUrl(base, partialUrl) {
--- a/core/base-service/route.spec.js
+++ b/core/base-service/route.spec.js
@@ -1,7 +1,7 @@
 'use strict'

 const { expect } = require('chai')
-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const { test, given, forCases } = require('sazerac')
 const {
  prepareRoute,
--- a/core/base-service/service-definitions.js
+++ b/core/base-service/service-definitions.js
@@ -1,6 +1,6 @@
 'use strict'

-const Joi = require('@hapi/joi')
+const Joi = require('joi')

 // This should be kept in sync with the schema in
 // `frontend/lib/service-definitions/index.ts`.
--- a/core/base-service/validate.js
+++ b/core/base-service/validate.js
@@ -1,7 +1,7 @@
 'use strict'

 const emojic = require('emojic')
-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const trace = require('./trace')

 function validate(
--- a/core/base-service/validate.spec.js
+++ b/core/base-service/validate.spec.js
@@ -1,6 +1,6 @@
 'use strict'

-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const { expect } = require('chai')
 const sinon = require('sinon')
 const trace = require('./trace')
--- a/core/server/influx-metrics.js
+++ b/core/server/influx-metrics.js
@@ -22,7 +22,7 @@ module.exports = class InfluxMetrics {
    const request = {
      uri: this._config.url,
      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-      body: this.metrics(),
+      body: await this.metrics(),
      timeout: this._config.timeoutMillseconds,
      auth,
    }
@@ -51,8 +51,8 @@ module.exports = class InfluxMetrics {
    )
  }

-  metrics() {
-    return promClientJsonToInfluxV2(this._metricInstance.metrics(), {
+  async metrics() {
+    return promClientJsonToInfluxV2(await this._metricInstance.metrics(), {
      env: this._config.envLabel,
      application: 'shields',
      instance: this._instanceId,
--- a/core/server/influx-metrics.spec.js
+++ b/core/server/influx-metrics.spec.js
@@ -36,7 +36,7 @@ describe('Influx metrics', function () {
        instanceIdEnvVarName: 'INSTANCE_ID',
      })

-      expect(influxMetrics.metrics()).to.contain('instance=instance3')
+      expect(await influxMetrics.metrics()).to.contain('instance=instance3')
    })

    it('should use a hostname as an instance label', async function () {
@@ -46,7 +46,9 @@ describe('Influx metrics', function () {
      }
      const influxMetrics = new InfluxMetrics(metricInstance, customConfig)

-      expect(influxMetrics.metrics()).to.be.contain('instance=test-hostname')
+      expect(await influxMetrics.metrics()).to.be.contain(
+        'instance=test-hostname'
+      )
    })

    it('should use a random string as an instance label', async function () {
@@ -55,7 +57,7 @@ describe('Influx metrics', function () {
      }
      const influxMetrics = new InfluxMetrics(metricInstance, customConfig)

-      expect(influxMetrics.metrics()).to.be.match(/instance=\w+ /)
+      expect(await influxMetrics.metrics()).to.be.match(/instance=\w+ /)
    })

    it('should use a hostname alias as an instance label', async function () {
@@ -66,7 +68,7 @@ describe('Influx metrics', function () {
      }
      const influxMetrics = new InfluxMetrics(metricInstance, customConfig)

-      expect(influxMetrics.metrics()).to.be.contain(
+      expect(await influxMetrics.metrics()).to.be.contain(
        'instance=test-hostname-alias'
      )
    })
--- a/core/server/metrics/format-converters.js
+++ b/core/server/metrics/format-converters.js
@@ -2,26 +2,26 @@
 const groupBy = require('lodash.groupby')

 function promClientJsonToInfluxV2(metrics, extraLabels = {}) {
-  // TODO Replace with Array.prototype.flatMap() after migrating to Node.js >= 11
-  const flatMap = (f, arr) => arr.reduce((acc, x) => acc.concat(f(x)), [])
-  return flatMap(metric => {
-    const valuesByLabels = groupBy(metric.values, value =>
-      JSON.stringify(Object.entries(value.labels).sort())
-    )
-    return Object.values(valuesByLabels).map(metricsWithSameLabel => {
-      const labels = Object.entries(metricsWithSameLabel[0].labels)
-        .concat(Object.entries(extraLabels))
-        .sort((a, b) => a[0].localeCompare(b[0]))
-        .map(labelEntry => `${labelEntry[0]}=${labelEntry[1]}`)
-        .join(',')
-      const labelsFormatted = labels ? `,${labels}` : ''
-      const values = metricsWithSameLabel
-        .sort((a, b) => a.metricName.localeCompare(b.metricName))
-        .map(value => `${value.metricName || metric.name}=${value.value}`)
-        .join(',')
-      return `prometheus${labelsFormatted} ${values}`
-    })
-  }, metrics).join('\n')
+  return metrics
+    .flatMap(metric => {
+      const valuesByLabels = groupBy(metric.values, value =>
+        JSON.stringify(Object.entries(value.labels).sort())
+      )
+      return Object.values(valuesByLabels).map(metricsWithSameLabel => {
+        const labels = Object.entries(metricsWithSameLabel[0].labels)
+          .concat(Object.entries(extraLabels))
+          .sort((a, b) => a[0].localeCompare(b[0]))
+          .map(labelEntry => `${labelEntry[0]}=${labelEntry[1]}`)
+          .join(',')
+        const labelsFormatted = labels ? `,${labels}` : ''
+        const values = metricsWithSameLabel
+          .sort((a, b) => a.metricName.localeCompare(b.metricName))
+          .map(value => `${value.metricName || metric.name}=${value.value}`)
+          .join(',')
+        return `prometheus${labelsFormatted} ${values}`
+      })
+    }, metrics)
+    .join('\n')
 }

 module.exports = { promClientJsonToInfluxV2 }
--- a/core/server/metrics/format-converters.spec.js
+++ b/core/server/metrics/format-converters.spec.js
@@ -22,7 +22,7 @@ describe('Metric format converters', function () {
      expect(influx).to.be.equal('prometheus counter1=11')
    })

-    it('converts a counter (from prometheus registry)', function () {
+    it('converts a counter (from prometheus registry)', async function () {
      const register = new prometheus.Registry()
      const counter = new prometheus.Counter({
        name: 'counter1',
@@ -31,7 +31,7 @@ describe('Metric format converters', function () {
      })
      counter.inc(11)

-      const influx = promClientJsonToInfluxV2(register.getMetricsAsJSON())
+      const influx = promClientJsonToInfluxV2(await register.getMetricsAsJSON())

      expect(influx).to.be.equal('prometheus counter1=11')
    })
@@ -52,7 +52,7 @@ describe('Metric format converters', function () {
      expect(influx).to.be.equal('prometheus gauge1=20')
    })

-    it('converts a gauge (from prometheus registry)', function () {
+    it('converts a gauge (from prometheus registry)', async function () {
      const register = new prometheus.Registry()
      const gauge = new prometheus.Gauge({
        name: 'gauge1',
@@ -61,7 +61,7 @@ describe('Metric format converters', function () {
      })
      gauge.inc(20)

-      const influx = promClientJsonToInfluxV2(register.getMetricsAsJSON())
+      const influx = promClientJsonToInfluxV2(await register.getMetricsAsJSON())

      expect(influx).to.be.equal('prometheus gauge1=20')
    })
@@ -101,7 +101,7 @@ prometheus histogram1_count=3,histogram1_sum=111`)
      )
    })

-    it('converts a histogram (from prometheus registry)', function () {
+    it('converts a histogram (from prometheus registry)', async function () {
      const register = new prometheus.Registry()
      const histogram = new prometheus.Histogram({
        name: 'histogram1',
@@ -113,7 +113,7 @@ prometheus histogram1_count=3,histogram1_sum=111`)
      histogram.observe(10)
      histogram.observe(1)

-      const influx = promClientJsonToInfluxV2(register.getMetricsAsJSON())
+      const influx = promClientJsonToInfluxV2(await register.getMetricsAsJSON())

      expect(sortLines(influx)).to.be.equal(
        sortLines(`prometheus,le=+Inf histogram1_bucket=3
@@ -151,7 +151,7 @@ prometheus summary1_count=3,summary1_sum=111`)
      )
    })

-    it('converts a summary (from prometheus registry)', function () {
+    it('converts a summary (from prometheus registry)', async function () {
      const register = new prometheus.Registry()
      const summary = new prometheus.Summary({
        name: 'summary1',
@@ -163,7 +163,7 @@ prometheus summary1_count=3,summary1_sum=111`)
      summary.observe(10)
      summary.observe(1)

-      const influx = promClientJsonToInfluxV2(register.getMetricsAsJSON())
+      const influx = promClientJsonToInfluxV2(await register.getMetricsAsJSON())

      expect(sortLines(influx)).to.be.equal(
        sortLines(`prometheus,quantile=0.99 summary1=100
--- a/core/server/monitor.js
+++ b/core/server/monitor.js
@@ -1,20 +1,6 @@
 'use strict'

-const config = require('config').util.toObject()
-const secretIsValid = require('./secret-is-valid')
 const RateLimit = require('./rate-limit')
-const log = require('./log')
-
-function secretInvalid(req, res) {
-  if (!secretIsValid(req.password)) {
-    // An unknown entity tries to connect. Let the connection linger for a minute.
-    setTimeout(() => {
-      res.json({ errors: [{ code: 'invalid_secrets' }] })
-    }, 10000)
-    return true
-  }
-  return false
-}

 function setRoutes({ rateLimit }, { server, metricInstance }) {
  const ipRateLimit = new RateLimit({
@@ -29,12 +15,6 @@ function setRoutes({ rateLimit }, { server, metricInstance }) {
  })

  server.handle((req, res, next) => {
-    if (req.url.startsWith('/sys/')) {
-      if (secretInvalid(req, res)) {
-        return
-      }
-    }
-
    if (rateLimit) {
      const ip =
        (req.headers['x-forwarded-for'] || '').split(', ')[0] ||
@@ -59,27 +39,6 @@ function setRoutes({ rateLimit }, { server, metricInstance }) {
    next()
  })

-  server.get('/sys/network', (req, res) => {
-    res.json({ ips: config.public.shields_ips })
-  })
-
-  server.ws('/sys/logs', socket => {
-    const listener = (...msg) => socket.send(msg.join(' '))
-    socket.on('close', () => log.removeListener(listener))
-    socket.on('message', msg => {
-      let req
-      try {
-        req = JSON.parse(msg)
-      } catch (e) {
-        return
-      }
-      if (!secretIsValid(req.secret)) {
-        return socket.close()
-      }
-      log.addListener(listener)
-    })
-  })
-
  server.get('/sys/rate-limit', (req, res) => {
    res.json({
      ip: ipRateLimit.toJSON(),
@@ -95,6 +54,4 @@ function setRoutes({ rateLimit }, { server, metricInstance }) {
  }
 }

-module.exports = {
-  setRoutes,
-}
+module.exports = { setRoutes }
--- a/core/server/prometheus-metrics.js
+++ b/core/server/prometheus-metrics.js
@@ -76,9 +76,9 @@ module.exports = class PrometheusMetrics {
  async registerMetricsEndpoint(server) {
    const { register } = this

-    server.route(/^\/metrics$/, (data, match, end, ask) => {
+    server.route(/^\/metrics$/, async (data, match, end, ask) => {
      ask.res.setHeader('Content-Type', register.contentType)
-      ask.res.end(register.metrics())
+      ask.res.end(await register.metrics())
    })
  }

@@ -90,8 +90,8 @@ module.exports = class PrometheusMetrics {
    }
  }

-  metrics() {
-    return this.register.getMetricsAsJSON()
+  async metrics() {
+    return await this.register.getMetricsAsJSON()
  }

  /**
--- a/core/server/secret-is-valid.js
+++ b/core/server/secret-is-valid.js
@@ -1,7 +1,5 @@
 'use strict'

-const serverSecrets = require('../../lib/server-secrets')
-
 function constEq(a, b) {
  if (a.length !== b.length) {
    return false
@@ -13,9 +11,10 @@ function constEq(a, b) {
  return zero === 0
 }

-module.exports = function secretIsValid(secret = '') {
-  return (
-    serverSecrets.shields_secret &&
-    constEq(secret, serverSecrets.shields_secret)
-  )
+function makeSecretIsValid(shieldsSecret) {
+  return function secretIsValid(secret = '') {
+    return shieldsSecret && constEq(secret, shieldsSecret)
+  }
 }
+
+module.exports = { makeSecretIsValid }
--- a/core/server/server.js
+++ b/core/server/server.js
@@ -6,18 +6,16 @@
 const path = require('path')
 const url = require('url')
 const { URL } = url
+const cloudflareMiddleware = require('cloudflare-middleware')
 const bytes = require('bytes')
 const Camp = require('@shields_io/camp')
-const originalJoi = require('@hapi/joi')
+const originalJoi = require('joi')
 const makeBadge = require('../../badge-maker/lib/make-badge')
 const GithubConstellation = require('../../services/github/github-constellation')
 const suggest = require('../../services/suggest')
 const { loadServiceClasses } = require('../base-service/loader')
 const { makeSend } = require('../base-service/legacy-result-sender')
-const {
-  handleRequest,
-  clearRequestCache,
-} = require('../base-service/legacy-request-handler')
+const { handleRequest } = require('../base-service/legacy-request-handler')
 const { clearRegularUpdateCache } = require('../legacy/regular-update')
 const { rasterRedirectUrl } = require('../badge-urls/make-badge-url')
 const log = require('./log')
@@ -89,10 +87,10 @@ const publicConfigSchema = Joi.object({
        .integer()
        .min(1)
        .when('enabled', { is: true, then: Joi.required() }),
-      intervalSeconds: Joi.number()
-        .integer()
-        .min(1)
-        .when('enabled', { is: true, then: Joi.required() }),
+      intervalSeconds: Joi.number().integer().min(1).when('enabled', {
+        is: true,
+        then: Joi.required(),
+      }),
      instanceIdFrom: Joi.string()
        .equal('hostname', 'env-var', 'random')
        .when('enabled', { is: true, then: Joi.required() }),
@@ -117,9 +115,6 @@ const publicConfigSchema = Joi.object({
  cors: {
    allowedOrigin: Joi.array().items(optionalUrl).required(),
  },
-  persistence: {
-    dir: Joi.string().required(),
-  },
  services: Joi.object({
    bitbucketServer: defaultService,
    drone: defaultService,
@@ -148,6 +143,10 @@ const publicConfigSchema = Joi.object({
  rateLimit: Joi.boolean().required(),
  handleInternalErrors: Joi.boolean().required(),
  fetchLimit: Joi.string().regex(/^[0-9]+(b|kb|mb|gb|tb)$/i),
+  documentRoot: Joi.string().default(
+    path.resolve(__dirname, '..', '..', 'public')
+  ),
+  requireCloudflare: Joi.boolean().required(),
 }).required()

 const privateConfigSchema = Joi.object({
@@ -163,12 +162,13 @@ const privateConfigSchema = Joi.object({
  jenkins_pass: Joi.string(),
  jira_user: Joi.string(),
  jira_pass: Joi.string(),
+  bitbucket_server_username: Joi.string(),
+  bitbucket_server_password: Joi.string(),
  nexus_user: Joi.string(),
  nexus_pass: Joi.string(),
  npm_token: Joi.string(),
  redis_url: Joi.string().uri({ scheme: ['redis', 'rediss'] }),
  sentry_dsn: Joi.string(),
-  shields_ips: Joi.array().items(Joi.string().ip()),
  shields_secret: Joi.string(),
  sl_insight_userUuid: Joi.string(),
  sl_insight_apiToken: Joi.string(),
@@ -186,6 +186,11 @@ const privateMetricsInfluxConfigSchema = privateConfigSchema.append({
  influx_username: Joi.string().required(),
  influx_password: Joi.string().required(),
 })
+
+function addHandlerAtIndex(camp, index, handlerFn) {
+  camp.stack.splice(index, 0, handlerFn)
+}
+
 /**
 * The Server is based on the web framework Scoutcamp. It creates
 * an http server, sets up helpers for token persistence and monitoring.
@@ -224,7 +229,6 @@ class Server {
    }

    this.githubConstellation = new GithubConstellation({
-      persistence: publicConfig.persistence,
      service: publicConfig.services.github,
      private: privateConfig,
    })
@@ -278,6 +282,23 @@ class Server {
    })
  }

+  // See https://www.viget.com/articles/heroku-cloudflare-the-right-way/
+  requireCloudflare() {
+    // Set `req.ip`, which is expected by `cloudflareMiddleware()`. This is set
+    // by Express but not Scoutcamp.
+    addHandlerAtIndex(this.camp, 0, function (req, res, next) {
+      // On Heroku, `req.socket.remoteAddress` is the Heroku router. However,
+      // the router ensures that the last item in the `X-Forwarded-For` header
+      // is the real origin.
+      // https://stackoverflow.com/a/18517550/893113
+      req.ip = process.env.DYNO
+        ? req.headers['x-forwarded-for'].split(', ').pop()
+        : req.socket.remoteAddress
+      next()
+    })
+    addHandlerAtIndex(this.camp, 1, cloudflareMiddleware())
+  }
+
  /**
   * Set up Scoutcamp routes for 404/not found responses
   */
@@ -295,7 +316,8 @@ class Server {
        end
      )(
        makeBadge({
-          text: ['410', `${format} no longer available`],
+          label: '410',
+          message: `${format} no longer available`,
          color: 'lightgray',
          format: 'svg',
        })
@@ -310,7 +332,8 @@ class Server {
          end
        )(
          makeBadge({
-            text: ['404', 'raster badges not available'],
+            label: '404',
+            message: 'raster badges not available',
            color: 'lightgray',
            format: 'svg',
          })
@@ -328,7 +351,8 @@ class Server {
        end
      )(
        makeBadge({
-          text: ['404', 'badge not found'],
+          label: '404',
+          message: 'badge not found',
          color: 'red',
          format,
        })
@@ -409,19 +433,25 @@ class Server {
      ssl: { isSecure: secure, cert, key },
      cors: { allowedOrigin },
      rateLimit,
+      requireCloudflare,
    } = this.config.public

    log(`Server is starting up: ${this.baseUrl}`)

    const camp = (this.camp = Camp.create({
-      documentRoot: path.resolve(__dirname, '..', '..', 'public'),
+      documentRoot: this.config.public.documentRoot,
      port,
      hostname,
      secure,
+      staticMaxAge: 300,
      cert,
      key,
    }))

+    if (requireCloudflare) {
+      this.requireCloudflare()
+    }
+
    const { metricInstance } = this
    this.cleanupMonitor = sysMonitor.setRoutes(
      { rateLimit },
@@ -454,7 +484,6 @@ class Server {
  static resetGlobalState() {
    // This state should be migrated to instance state. When possible, do not add new
    // global state.
-    clearRequestCache()
    clearRegularUpdateCache()
  }

--- a/core/server/server.spec.js
+++ b/core/server/server.spec.js
@@ -1,8 +1,11 @@
 'use strict'

+const path = require('path')
 const { expect } = require('chai')
 const isSvg = require('is-svg')
 const config = require('config')
+const nock = require('nock')
+const sinon = require('sinon')
 const got = require('../got-test-client')
 const Server = require('./server')
 const { createTestServer } = require('./in-process-server-test-helpers')
@@ -13,7 +16,11 @@ describe('The server', function () {
    before('Start the server', async function () {
      // Fixes https://github.com/badges/shields/issues/2611
      this.timeout(10000)
-      server = await createTestServer()
+      server = await createTestServer({
+        public: {
+          documentRoot: path.resolve(__dirname, 'test-public'),
+        },
+      })
      baseUrl = server.baseUrl
      await server.start()
    })
@@ -45,6 +52,16 @@ describe('The server', function () {
        .and.to.include('apple')
    })

+    it('should serve front-end with default maxAge', async function () {
+      const { headers } = await got(`${baseUrl}/`)
+      expect(headers['cache-control']).to.equal('max-age=300, s-maxage=300')
+    })
+
+    it('should serve badges with custom maxAge', async function () {
+      const { headers } = await got(`${baseUrl}npm/l/express`)
+      expect(headers['cache-control']).to.equal('max-age=3600, s-maxage=3600')
+    })
+
    it('should redirect colorscheme PNG badges as configured', async function () {
      const { statusCode, headers } = await got(
        `${baseUrl}:fruit-apple-green.png`,
@@ -168,6 +185,28 @@ describe('The server', function () {
    })
  })

+  context('`requireCloudflare` is enabled', function () {
+    let server
+    afterEach(async function () {
+      if (server) {
+        server.stop()
+      }
+    })
+
+    it('should reject requests from localhost with an empty 200 response', async function () {
+      this.timeout(10000)
+      server = await createTestServer({ public: { requireCloudflare: true } })
+      await server.start()
+
+      const { statusCode, body } = await got(
+        `${server.baseUrl}badge/foo-bar-blue.svg`
+      )
+
+      expect(statusCode).to.be.equal(200)
+      expect(body).to.equal('')
+    })
+  })
+
  describe('configuration', function () {
    let server
    afterEach(async function () {
@@ -329,4 +368,67 @@ describe('The server', function () {
      })
    })
  })
+
+  describe('running with metrics enabled', function () {
+    let server, baseUrl, scope, clock
+    const metricsPushIntervalSeconds = 1
+    before('Start the server', async function () {
+      // Fixes https://github.com/badges/shields/issues/2611
+      this.timeout(10000)
+      process.env.INSTANCE_ID = 'test-instance'
+      server = await createTestServer({
+        public: {
+          metrics: {
+            prometheus: { enabled: true },
+            influx: {
+              enabled: true,
+              url: 'http://localhost:1112/metrics',
+              instanceIdFrom: 'env-var',
+              instanceIdEnvVarName: 'INSTANCE_ID',
+              envLabel: 'localhost-env',
+              intervalSeconds: metricsPushIntervalSeconds,
+            },
+          },
+        },
+        private: {
+          influx_username: 'influx-username',
+          influx_password: 'influx-password',
+        },
+      })
+      clock = sinon.useFakeTimers()
+      baseUrl = server.baseUrl
+      await server.start()
+    })
+    after('Shut down the server', async function () {
+      if (server) {
+        await server.stop()
+      }
+      server = undefined
+      nock.cleanAll()
+      delete process.env.INSTANCE_ID
+      clock.restore()
+    })
+
+    it('should push custom metrics', async function () {
+      scope = nock('http://localhost:1112', {
+        reqheaders: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+        },
+      })
+        .post(
+          '/metrics',
+          /prometheus,application=shields,category=static,env=localhost-env,family=static-badge,instance=test-instance,service=static_badge service_requests_total=1\n/
+        )
+        .basicAuth({ user: 'influx-username', pass: 'influx-password' })
+        .reply(200)
+      await got(`${baseUrl}badge/fruit-apple-green.svg`)
+
+      await clock.tickAsync(1000 * metricsPushIntervalSeconds + 500)
+
+      expect(scope.isDone()).to.be.equal(
+        true,
+        `pending mocks: ${scope.pendingMocks()}`
+      )
+    })
+  })
 })
--- a/core/server/test-public/index.html
+++ b/core/server/test-public/index.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <title>shields.io</title>
+  </head>
+  <body>
+    concise, consistent, legible
+  </body>
+</html>
--- a/core/service-test-runner/icedfrisby-shields.js
+++ b/core/service-test-runner/icedfrisby-shields.js
@@ -3,7 +3,7 @@
 * @module
 */

-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const { expect } = require('chai')

 /**
--- a/core/token-pooling/fs-token-persistence.js
+++ b/core/token-pooling/fs-token-persistence.js
@@ -1,51 +0,0 @@
-'use strict'
-
-const fsos = require('fsos')
-const TokenPersistence = require('./token-persistence')
-
-class FsTokenPersistence extends TokenPersistence {
-  constructor({ path }) {
-    super()
-    this.path = path
-  }
-
-  async initialize() {
-    let contents
-    try {
-      contents = await fsos.get(this.path)
-    } catch (e) {
-      if (e.code === 'ENOENT') {
-        contents = '[]'
-      } else {
-        throw e
-      }
-    }
-
-    const tokens = JSON.parse(contents)
-    this._tokens = new Set(tokens)
-    return tokens
-  }
-
-  async save() {
-    const tokens = Array.from(this._tokens)
-    await fsos.set(this.path, JSON.stringify(tokens))
-  }
-
-  async onTokenAdded(token) {
-    if (!this._tokens) {
-      throw Error('initialize() has not been called')
-    }
-    this._tokens.add(token)
-    await this.save()
-  }
-
-  async onTokenRemoved(token) {
-    if (!this._tokens) {
-      throw Error('initialize() has not been called')
-    }
-    this._tokens.delete(token)
-    await this.save()
-  }
-}
-
-module.exports = FsTokenPersistence
--- a/core/token-pooling/fs-token-persistence.spec.js
+++ b/core/token-pooling/fs-token-persistence.spec.js
@@ -1,72 +0,0 @@
-'use strict'
-
-const fs = require('fs')
-const tmp = require('tmp')
-const readFile = require('fs-readfile-promise')
-const { expect } = require('chai')
-const FsTokenPersistence = require('./fs-token-persistence')
-
-describe('File system token persistence', function () {
-  let path, persistence
-  beforeEach(function () {
-    path = tmp.tmpNameSync()
-    persistence = new FsTokenPersistence({ path })
-  })
-
-  context('when the file does not exist', function () {
-    it('does nothing', async function () {
-      const tokens = await persistence.initialize()
-      expect(tokens).to.deep.equal([])
-    })
-
-    it('saving creates an empty file', async function () {
-      await persistence.initialize()
-
-      await persistence.save()
-
-      const json = JSON.parse(await readFile(path))
-      expect(json).to.deep.deep.equal([])
-    })
-  })
-
-  context('when the file exists', function () {
-    const initialTokens = ['a', 'b', 'c'].map(char => char.repeat(40))
-
-    beforeEach(async function () {
-      fs.writeFileSync(path, JSON.stringify(initialTokens))
-    })
-
-    it('loads the contents', async function () {
-      const tokens = await persistence.initialize()
-      expect(tokens).to.deep.equal(initialTokens)
-    })
-
-    context('when tokens are added', function () {
-      it('saves the change', async function () {
-        const newToken = 'e'.repeat(40)
-        const expected = Array.from(initialTokens)
-        expected.push(newToken)
-
-        await persistence.initialize()
-        await persistence.noteTokenAdded(newToken)
-
-        const savedTokens = JSON.parse(await readFile(path))
-        expect(savedTokens).to.deep.equal(expected)
-      })
-    })
-
-    context('when tokens are removed', function () {
-      it('saves the change', async function () {
-        const expected = Array.from(initialTokens)
-        const toRemove = expected.pop()
-
-        await persistence.initialize()
-
-        await persistence.noteTokenRemoved(toRemove)
-
-        const savedTokens = JSON.parse(await readFile(path))
-        expect(savedTokens).to.deep.equal(expected)
-      })
-    })
-  })
-})
--- a/core/token-pooling/redis-token-persistence.js
+++ b/core/token-pooling/redis-token-persistence.js
@@ -3,13 +3,13 @@
 const { URL } = require('url')
 const Redis = require('ioredis')
 const log = require('../server/log')
-const TokenPersistence = require('./token-persistence')

-module.exports = class RedisTokenPersistence extends TokenPersistence {
+module.exports = class RedisTokenPersistence {
  constructor({ url, key }) {
-    super()
    this.url = url
    this.key = key
+    this.noteTokenAdded = this.noteTokenAdded.bind(this)
+    this.noteTokenRemoved = this.noteTokenRemoved.bind(this)
  }

  async initialize() {
@@ -40,4 +40,20 @@ module.exports = class RedisTokenPersistence extends TokenPersistence {
  async onTokenRemoved(token) {
    await this.redis.srem(this.key, token)
  }
+
+  async noteTokenAdded(token) {
+    try {
+      await this.onTokenAdded(token)
+    } catch (e) {
+      log.error(e)
+    }
+  }
+
+  async noteTokenRemoved(token) {
+    try {
+      await this.onTokenRemoved(token)
+    } catch (e) {
+      log.error(e)
+    }
+  }
 }
--- a/core/token-pooling/token-persistence.js
+++ b/core/token-pooling/token-persistence.js
@@ -1,44 +0,0 @@
-'use strict'
-
-const log = require('../server/log')
-
-// This is currently bound to the legacy github auth code. That will be
-// replaced with a dependency-injected token provider.
-class TokenPersistence {
-  constructor() {
-    this.noteTokenAdded = this.noteTokenAdded.bind(this)
-    this.noteTokenRemoved = this.noteTokenRemoved.bind(this)
-  }
-
-  async initialize() {
-    throw Error('initialize() is not implemented')
-  }
-
-  async stop() {}
-
-  async onTokenAdded(token) {
-    throw Error('onTokenAdded() is not implemented')
-  }
-
-  async noteTokenAdded(token) {
-    try {
-      await this.onTokenAdded(token)
-    } catch (e) {
-      log.error(e)
-    }
-  }
-
-  async onTokenRemoved(token) {
-    throw Error('onTokenRemoved() is not implemented')
-  }
-
-  async noteTokenRemoved(token) {
-    try {
-      await this.onTokenRemoved(token)
-    } catch (e) {
-      log.error(e)
-    }
-  }
-}
-
-module.exports = TokenPersistence
--- a/dangerfile.js
+++ b/dangerfile.js
@@ -111,10 +111,7 @@ if (allFiles.length > 100) {

    // eslint-disable-next-line promise/prefer-await-to-then
    danger.git.diffForFile(file).then(({ diff }) => {
-      if (
-        (diff.includes('authHelper') || diff.includes('serverSecrets')) &&
-        !secretsDocs.modified
-      ) {
+      if (diff.includes('authHelper') && !secretsDocs.modified) {
        warn(
          [
            `:books: Remember to ensure any changes to \`config.private\` `,
@@ -134,11 +131,11 @@ if (allFiles.length > 100) {
        )
      }

-      if (diff.includes("require('joi')")) {
+      if (diff.includes("require('@hapi/joi')")) {
        fail(
          [
-            `Found import of 'joi' in \`${file}\`. <br>`,
-            "Joi must be imported as '@hapi/joi'.",
+            `Found import of '@hapi/joi' in \`${file}\`. <br>`,
+            "Joi must be imported as 'joi'.",
          ].join('')
        )
      }
--- a/doc/TUTORIAL.md
+++ b/doc/TUTORIAL.md
@@ -179,7 +179,7 @@ const { renderVersionBadge } = require('..//version')
 const { BaseJsonService } = require('..')

 // (4)
-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const schema = Joi.object({
  version: Joi.string().required(),
 }).required()
@@ -226,7 +226,7 @@ Description of the code:
   - [text-formatters.js](https://github.com/badges/shields/blob/master/services/text-formatters.js)
   - [version.js](https://github.com/badges/shields/blob/master/services/version.js)
 3. Our badge will query a JSON API so we will extend `BaseJsonService` instead of `BaseService`. This contains some helpers to reduce the need for boilerplate when calling a JSON API.
-4. We perform input validation by defining a schema which we expect the JSON we receive to conform to. This is done using [Joi](https://github.com/hapijs/joi). Defining a schema means we can ensure the JSON we receive meets our expectations and throw an error if we receive unexpected input without having to explicitly code validation checks. The schema also acts as a filter on the JSON object. Any properties we're going to reference need to be validated, otherwise they will be filtered out. In this case our schema declares that we expect to receive an object which must have a property called 'version', which is a string.
+4. We perform input validation by defining a schema which we expect the JSON we receive to conform to. This is done using [Joi](https://github.com/hapijs/joi). Defining a schema means we can ensure the JSON we receive meets our expectations and throw an error if we receive unexpected input without having to explicitly code validation checks. The schema also acts as a filter on the JSON object. Any properties we're going to reference need to be validated, otherwise they will be filtered out. In this case our schema declares that we expect to receive an object which must have a property called 'version', which is a string. There is further documentation on [input validation](input-validation.md).
 5. Our module exports a class which extends `BaseJsonService`
 6. Returns the name of the category to sort this badge into (eg. "build"). Used to sort the examples on the main [shields.io](https://shields.io) website. [Here](https://github.com/badges/shields/blob/master/services/categories.js) is the list of the valid categories. See [section 4.4](#44-adding-an-example-to-the-front-page) for more details on examples.
 7. As with our previous badge, we need to declare a route. This time we will capture a variable called `gem`.
@@ -311,7 +311,7 @@ Save, run `npm start`, and you can see it [locally](http://127.0.0.1:3000/).

 If you update `examples`, you don't have to restart the server. Run `npm run defs` in another terminal window and the frontend will update.

-### (4.5) Write Tests <!-- Change the link below when you change the heading -->
+### (4.5) Write Tests<!-- Change the link below when you change the heading -->

 [write tests]: #45-write-tests

--- a/doc/code-walkthrough.md
+++ b/doc/code-walkthrough.md
@@ -125,10 +125,9 @@ test this kind of logic through unit tests (e.g. of `render()` and
    registered.)
 2.  Scoutcamp invokes a callback with the four parameters:
    `( queryParams, match, end, ask )`. This callback is defined in
-    [`legacy-request-handler`][legacy-request-handler]. If the badge result
-    is found in a relatively small in-memory cache, the response is sent
-    immediately. Otherwise a timeout is set to handle unresponsive service
-    code and the next callback is invoked: the legacy handler function.
+    [`legacy-request-handler`][legacy-request-handler]. A timeout is set to
+    handle unresponsive service code and the next callback is invoked: the
+    legacy handler function.
 3.  The legacy handler function receives
    `( queryParams, match, sendBadge, request )`. Its job is to extract data
    from the regex `match` and `queryParams`, invoke `request` to fetch
@@ -162,8 +161,8 @@ test this kind of logic through unit tests (e.g. of `render()` and
    service’s defaults to produce an object that fully describes the badge to
    be rendered.
 9.  `sendBadge` is invoked with that object. It does some housekeeping on the
-    timeout and caches the result. Then it renders the badge to svg or raster
-    and pushes out the result over the HTTPS connection.
+    timeout. Then it renders the badge to svg or raster and pushes out the
+    result over the HTTPS connection.

 [error reporting]: https://github.com/badges/shields/blob/master/doc/production-hosting.md#error-reporting
 [coalescebadge]: https://github.com/badges/shields/blob/master/core/base-service/coalesce-badge.js
--- a/doc/input-validation.md
+++ b/doc/input-validation.md
@@ -0,0 +1,50 @@
+# Input Data Validation
+
+When we receive input data from an upstream API, we perform input validation to:
+
+- Ensure we won't throw a runtime error trying to render a badge
+- Ensure we won't render badges with spurious or unexpected output e.g: ![](https://img.shields.io/badge/version-null-blue) ![](https://img.shields.io/badge/coverage-NaN%25-red) ![](https://img.shields.io/badge/build-undefined-red) ![](https://img.shields.io/badge/coverage---10%25-critical) etc
+- Express and document our understanding of the input data
+
+## Writing schemas and validation
+
+- The default validation mechanism should be to use [Joi](https://github.com/sideway/joi) to define a schema for the input data. Validation against Joi schemas is implemented in the base classes and inherited by every service class that extends them. Sometimes additional manual validation is needed which can't be covered by Joi and plugins in which case we implement it by hand.
+
+- If validation is implemented manually (because we need to enforce a constraint that can't be expressed with Joi), invalid data should throw an [InvalidResponse](https://contributing.shields.io/module-core_base-service_errors-InvalidResponse.html) exception.
+
+- Our definition of "valid" should not be stricter than the upstream API's definition of "valid".
+
+- The schema/validation we choose is informed by the assumptions we're making about the data. e.g:
+
+  - If we're going to use a value, make sure it exists.
+  - If we need to multiply it by something, we check it's a number.
+  - If we're going to call `.split()` on it, we make sure it's a string.
+  - If we're going to address `foo[0]`, `foo` must be an array.
+  - If we're going to sort a version on the assumption it is a semver, check it's a semver
+
+- We don't need to validate characteristics we don't rely on. For example, if we're just going to render a version on a badge with the same exact value from the API response and do not need to sort or transform the value, then it doesn't matter what format the version number is in. We can use a very relaxed schema to validate in this case, e.g. `Joi.string().required()`
+
+- If theory (docs) and practice (real-world API responses) conflict, real-world outputs take precedence over documented behaviour. e.g: if the docs say version is a semver but we learn that there are real-world packages where the version number is `0.3b` or `1.2.1.27` then we should accept those values in preference to enforcing the documented API behaviour.
+
+- Shields is descriptive rather than prescriptive. We reflect the established norms of the communities we serve.
+
+- It is fine to define a single schema which is applied to multiple badges. For example, we could define a schema that says:
+
+  ```js
+  const schema = Joi.object({
+    license: Joi.string().required(),
+    version: Joi.string().required(),
+  }).required()
+  ```
+
+  and have both the license and version badges validate the response against that schema.
+
+- For build status badges there is a shared [isBuildStatus](https://github.com/badges/shields/blob/master/services/build-status.js) validator. In most cases build status badges should use `isBuildStatus` or input validation and `renderBuildStatusBadge` should be used for rendering. Any additional status values can be added to the relevant color arrays.
+
+## Identifying problems
+
+- If we know of a real-world example of a package/repo/etc that causes us to render an invalid value on a badge (e.g: ![](https://img.shields.io/badge/version-null-blue) ![](https://img.shields.io/badge/coverage-NaN%25-red) ![](https://img.shields.io/badge/build-undefined-red) ) our input validation is broken and we should fix it.
+
+- If we know of a real-world example of a package/repo/etc that causes us to throw an unhandled runtime exception, our input validation is broken and we should fix it.
+
+- We should not fail to render a badge because of a validation failure on a field that isn't necessary to render the badge. In the above example of a shared license/version schema: If we become aware of a real-world example of a package/repo/etc that has a `version` key but not a `license` key then we should split the schema (or make `version` optional and handle the error in code).
--- a/doc/production-hosting.md
+++ b/doc/production-hosting.md
@@ -14,55 +14,43 @@ Production hosting is managed by the Shields ops team:
 [operations issues]: https://github.com/badges/shields/issues?q=is%3Aissue+is%3Aopen+label%3Aoperations
 [ops discord]: https://discordapp.com/channels/308323056592486420/480747695879749633

-| Component                     | Subcomponent                    | People with access                                                                         |
-| ----------------------------- | ------------------------------- | ------------------------------------------------------------------------------------------ |
-| shields-production-us         | Account owner                   | @paulmelnikow                                                                              |
-| shields-production-us         | Full access                     | @calebcartwright, @chris48s, @paulmelnikow, @pyvesb                                        |
-| shields-production-us         | Access management               | @calebcartwright, @chris48s, @paulmelnikow, @pyvesb                                        |
-| Compose.io Redis              | Account owner                   | @paulmelnikow                                                                              |
-| Compose.io Redis              | Account access                  | @paulmelnikow                                                                              |
-| Compose.io Redis              | Database connection credentials | @calebcartwright, @chris48s, @paulmelnikow, @pyvesb                                        |
-| Zeit Now                      | Team owner                      | @paulmelnikow                                                                              |
-| Zeit Now                      | Team members                    | @paulmelnikow, @chris48s, @calebcartwright, @platan                                        |
-| Raster server                 | Full access as team members     | @paulmelnikow, @chris48s, @calebcartwright, @platan                                        |
-| shields-server.com redirector | Full access as team members     | @paulmelnikow, @chris48s, @calebcartwright, @platan                                        |
-| Legacy badge servers          | Account owner                   | @espadrine                                                                                 |
-| Legacy badge servers          | ssh, logs                       | @espadrine                                                                                 |
-| Legacy badge servers          | Deployment                      | @espadrine, @paulmelnikow                                                                  |
-| Legacy badge servers          | Admin endpoints                 | @espadrine, @paulmelnikow                                                                  |
-| Cloudflare (CDN)              | Account owner                   | @espadrine                                                                                 |
-| Cloudflare (CDN)              | Access management               | @espadrine                                                                                 |
-| Cloudflare (CDN)              | Admin access                    | @calebcartwright, @chris48s, @espadrine, @paulmelnikow, @PyvesB                            |
-| Twitch                        | OAuth app                       | @PyvesB                                                                                    |
-| Discord                       | OAuth app                       | @PyvesB                                                                                    |
-| YouTube                       | Account owner                   | @PyvesB                                                                                    |
-| OpenStreetMap (for Wheelmap)  | Account owner                   | @paulmelnikow                                                                              |
-| DNS                           | Account owner                   | @olivierlacan                                                                              |
-| DNS                           | Read-only account access        | @espadrine, @paulmelnikow, @chris48s                                                       |
-| Sentry                        | Error reports                   | @espadrine, @paulmelnikow                                                                  |
-| Frontend                      | Deployment                      | Technically anyone with push access but in practice must be deployed with the badge server |
-| Metrics server                | Owner                           | @platan                                                                                    |
-| UptimeRobot                   | Account owner                   | @paulmelnikow                                                                              |
-| More metrics                  | Owner                           | @RedSparr0w                                                                                |
-| Netlify (documentation site)  | Owner                           | @chris48s                                                                                  |
-
-There are [too many bottlenecks][issue 2577]!
-
-[issue 2577]: https://github.com/badges/shields/issues/2577
+| Component                     | Subcomponent                    | People with access                                              |
+| ----------------------------- | ------------------------------- | --------------------------------------------------------------- |
+| shields-production-us         | Account owner                   | @paulmelnikow                                                   |
+| shields-production-us         | Full access                     | @calebcartwright, @chris48s, @paulmelnikow, @pyvesb             |
+| shields-production-us         | Access management               | @calebcartwright, @chris48s, @paulmelnikow, @pyvesb             |
+| Compose.io Redis              | Account owner                   | @paulmelnikow                                                   |
+| Compose.io Redis              | Account access                  | @paulmelnikow                                                   |
+| Compose.io Redis              | Database connection credentials | @calebcartwright, @chris48s, @paulmelnikow, @pyvesb             |
+| Zeit Now                      | Team owner                      | @paulmelnikow                                                   |
+| Zeit Now                      | Team members                    | @paulmelnikow, @chris48s, @calebcartwright, @platan             |
+| Raster server                 | Full access as team members     | @paulmelnikow, @chris48s, @calebcartwright, @platan             |
+| shields-server.com redirector | Full access as team members     | @paulmelnikow, @chris48s, @calebcartwright, @platan             |
+| Cloudflare (CDN)              | Account owner                   | @espadrine                                                      |
+| Cloudflare (CDN)              | Access management               | @espadrine                                                      |
+| Cloudflare (CDN)              | Admin access                    | @calebcartwright, @chris48s, @espadrine, @paulmelnikow, @PyvesB |
+| Twitch                        | OAuth app                       | @PyvesB                                                         |
+| Discord                       | OAuth app                       | @PyvesB                                                         |
+| YouTube                       | Account owner                   | @PyvesB                                                         |
+| OpenStreetMap (for Wheelmap)  | Account owner                   | @paulmelnikow                                                   |
+| DNS                           | Account owner                   | @olivierlacan                                                   |
+| DNS                           | Read-only account access        | @espadrine, @paulmelnikow, @chris48s                            |
+| Sentry                        | Error reports                   | @espadrine, @paulmelnikow                                       |
+| Metrics server                | Owner                           | @platan                                                         |
+| UptimeRobot                   | Account owner                   | @paulmelnikow                                                   |
+| More metrics                  | Owner                           | @RedSparr0w                                                     |

 ## Attached state

 Shields has mercifully little persistent state:

-1.  The GitHub tokens we collect are saved on each server in a cloud Redis database.
-    They can also be fetched from the [GitHub auth admin endpoint][] for debugging.
-2.  The server keeps a few caches in memory. These are neither persisted nor
-    inspectable.
-    - The [request cache][]
-    - The [regular-update cache][]
+1. The GitHub tokens we collect are saved on each server in a cloud Redis
+   database. They can also be fetched from the [GitHub auth admin endpoint][]
+   for debugging.
+2. The server keeps the [regular-update cache][] in memory. It is neither
+   persisted nor inspectable.

 [github auth admin endpoint]: https://github.com/badges/shields/blob/master/services/github/auth/admin.js
-[request cache]: https://github.com/badges/shields/blob/master/core/base-service/legacy-request-handler.js#L29-L30
 [regular-update cache]: https://github.com/badges/shields/blob/master/core/legacy/regular-update.js

 ## Configuration
@@ -90,32 +78,17 @@ files:
 [shields-io-production.yml]: ../config/shields-io-production.yml
 [default.yml]: ../config/default.yml

-The project ships with `dotenv`, however there is no `.env` in production.
-
 ## Badge CDN

 Sitting in front of the three servers is a Cloudflare Free account which
 provides several services:

- Global CDN, caching, and SSL gateway for `img.shields.io`
+- Global CDN, caching, and SSL gateway for `img.shields.io` and `shields.io`
 - Analytics through the Cloudflare dashboard
- DNS hosting for `shields.io`
+- DNS resolution for `shields.io` (and subdomains)

 Cloudflare is configured to respect the servers' cache headers.

-## Frontend
-
-The frontend is served by [GitHub Pages][] via the [gh-pages branch][gh-pages]. SSL is enforced.
-
-`shields.io` resolves to the GitHub Pages hosts. It is not proxied through
-Cloudflare.
-
-Technically any maintainer can push to `gh-pages`, but in practice the frontend must be deployed
-with the badge server via the deployment process described below.
-
-[github pages]: https://pages.github.com/
-[gh-pages]: https://github.com/badges/shields/tree/gh-pages
-
 ## Raster server

 The raster server `raster.shields.io` (a.k.a. the rasterizing proxy) is
@@ -125,28 +98,14 @@ hosted on [Zeit Now][]. It's managed in the
 [zeit now]: https://zeit.co/now
 [svg-to-image-proxy]: https://github.com/badges/svg-to-image-proxy

-## Deployment
+### Heroku Deployment

-The deployment is done in two stages: the badge server (heroku) and the front-end (gh-pages).
-
-### Heroku
+Both the badge server and frontend are served from Heroku.

 After merging a commit to master, heroku should create a staging deploy. Check this has deployed correctly in the `shields-staging` pipeline and review http://shields-staging.herokuapp.com/

 If we're happy with it, "promote to production". This will deploy what's on staging to the `shields-production-eu` and `shields-production-us` pieplines.

-### Frontend
-
-To deploy the front-end to GH pages, use a clean clone of the shields repo.
-
-```sh
-$ git pull  # update the working copy
-$ npm ci  # install dependencies (devDependencies are needed to build the frontend)
-$ make deploy-gh-pages  # build the frontend and push it to the gh-pages branch
-```
-
-No secrets are required to build or deploy the frontend.
-
 ## DNS

 DNS is registered with [DNSimple][].
@@ -169,6 +128,13 @@ the server. It's generously donated by [Sentry][sentry home]. We bundle
 [sentry home]: https://sentry.io/shields/
 [sentry configuration]: https://github.com/badges/shields/blob/master/doc/self-hosting.md#sentry

+## URLs
+
+The canonical and only recommended domain for badge URLs is `img.shields.io`. Currently it is possible to request badges on both `img.shields.io` and `shields.io` i.e: https://img.shields.io/badge/build-passing-brightgreen and https://shields.io/badge/build-passing-brightgreen will both work. However:
+
+- We never show or generate the `img.`-less URL format on https://shields.io/
+- We make no guarantees about the `img.`-less URL format. At some future point we may remove the ability to serve badges on `shields.io` (without `img.`) without any warning. `img.shields.io` should always be used for badge urls.
+
 ## Monitoring

 Overall server performance and requests by service are monitored using
@@ -188,19 +154,3 @@ Request performance is monitored in two places:
 [monitor]: https://shields.redsparr0w.com/1568/
 [notifications]: http://shields.redsparr0w.com/discord_notification
 [monitor discord]: https://discordapp.com/channels/308323056592486420/470700909182320646
-
-## Legacy servers
-
-There are three legacy servers on OVH VPS’s which are currently used for proxying.
-
-| Cname                       | Hostname             | Type | IP             | Location           |
-| --------------------------- | -------------------- | ---- | -------------- | ------------------ |
-| [s0.servers.shields.io][s0] | vps71670.vps.ovh.ca  | VPS  | 192.99.59.72   | Quebec, Canada     |
-| [s1.servers.shields.io][s1] | vps244529.ovh.net    | VPS  | 51.254.114.150 | Gravelines, France |
-| [s2.servers.shields.io][s2] | vps117870.vps.ovh.ca | VPS  | 149.56.96.133  | Quebec, Canada     |
-
-[s0]: https://s0.servers.shields.io/index.html
-[s1]: https://s1.servers.shields.io/index.html
-[s2]: https://s2.servers.shields.io/index.html
-
-The only way to inspect the commit on the server is with `git ls-remote`.
--- a/doc/rewriting-services.md
+++ b/doc/rewriting-services.md
@@ -145,7 +145,7 @@ Once the route is working, fill out `render()` and `handle()`.
 <details>

 ```js
-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const { errorMessagesFor } = require('./github-helpers')

 const issueSchema = Joi.object({
@@ -174,7 +174,7 @@ or create an abstract superclass like **PypiBase**:
 <details>

 ```js
-const Joi = require('@hapi/joi')
+const Joi = require('joi')
 const BaseJsonService = require('../base-json')

 const schema = Joi.object({
--- a/doc/self-hosting.md
+++ b/doc/self-hosting.md
@@ -184,19 +184,30 @@ Start the server using the Sentry DSN. You can set it:
 sudo SENTRY_DSN=https://xxx:yyy@sentry.io/zzz node server
 ```

- or by `sentry_dsn` secret property defined in `private/secret.json`
+Or via config as you would do with [server secrets](server-secrets.md):

+```yml
+private:
+  sentry_dsn: ...
 ```
+
+```sh
 sudo node server
 ```

 ### Prometheus

 Shields uses [prom-client](https://github.com/siimon/prom-client) to provide [default metrics](https://prometheus.io/docs/instrumenting/writing_clientlibs/#standard-and-runtime-collectors). These metrics are disabled by default.
-You can enable them by `METRICS_PROMETHEUS_ENABLED` environment variable.
+You can enable them by `METRICS_PROMETHEUS_ENABLED` and `METRICS_PROMETHEUS_ENDPOINT_ENABLED` environment variables.

 ```bash
-METRICS_PROMETHEUS_ENABLED=true npm start
+METRICS_PROMETHEUS_ENABLED=true METRICS_PROMETHEUS_ENDPOINT_ENABLED=true npm start
 ```

 Metrics are available at `/metrics` resource.
+
+### Cloudflare
+
+Shields uses Cloudflare as a downstream CDN. If your installation does the same,
+you can configure your server to only accept requests coming from Cloudflare's IPs.
+Set `public.requireCloudflare: true`.
--- a/doc/service-tests.md
+++ b/doc/service-tests.md
@@ -66,7 +66,7 @@ t.create('Build status')
   - Note that when we call our badge, we are allowing it to communicate with an external service without mocking the response. We write tests which interact with external services, which is unusual practice in unit testing. We do this because one of the purposes of service tests is to notify us if a badge has broken due to an upstream API change. For this reason it is important for at least one test to call the live API without mocking the interaction.
   - All badges on shields can be requested in a number of formats. As well as calling https://img.shields.io/wercker/build/wercker/go-wercker-api.svg to generate ![](https://img.shields.io/wercker/build/wercker/go-wercker-api.svg) we can also call https://img.shields.io/wercker/build/wercker/go-wercker-api.json to request the same content as JSON. When writing service tests, we request the badge in JSON format so it is easier to make assertions about the content.
   - We don't need to explicitly call `/wercker/build/wercker/go-wercker-api.json` here, only `/build/wercker/go-wercker-api.json`. When we create a tester object with `createServiceTester()` the URL base defined in our service class (in this case `/wercker`) is used as the base URL for any requests made by the tester object.
-3. `expectBadge()` is a helper function which accepts either a string literal or a [Joi][] schema for the different fields.
+3. `expectBadge()` is a helper function which accepts either a string literal, a [RegExp][] or a [Joi][] schema for the different fields.
   Joi is a validation library that is build into IcedFrisby which you can use to
   match based on a set of allowed strings, regexes, or specific values. You can
   refer to their [API reference][joi api].
@@ -82,6 +82,7 @@ harness will call it for you.
 [icedfrisby api]: https://github.com/MarkHerhold/IcedFrisby/blob/master/API.md
 [joi]: https://github.com/hapijs/joi
 [joi api]: https://github.com/hapijs/joi/blob/master/API.md
+[regexp]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/RegExp

 ### (3) Running the Tests

@@ -259,21 +260,9 @@ npm run coverage:report:open

 ## Pull requests

-The affected service ids should be included in square brackets in the pull request
-title. That way, Circle CI will run those service tests. When a pull request
-affects multiple services, they should be separated with spaces. The test
-runner is case-insensitive, so they should be capitalized for readability.
+Pull requests must follow the [documented conventions][pr-conventions] in order to execute the correct set of service tests.

-For example:
-
- [Travis] Fix timeout issues
- [Travis Sonar] Support user token authentication
- Add tests for [CRAN] and [CPAN]
-
-In the rare case when it's necessary to see the output of a full service-test
-run in a PR, include `[*****]` in the title. Unless all the tests pass, the build
-will fail, so likely it will be necessary to remove it and re-run the tests
-before merging.
+[pr-conventions]: https://github.com/badges/shields/blob/master/CONTRIBUTING.md#running-service-tests-in-pull-requests

 ## Getting help

--- a/frontend/components/customizer/customizer.tsx
+++ b/frontend/components/customizer/customizer.tsx
@@ -11,13 +11,6 @@ import {
  CopiedContentIndicatorHandle,
 } from './copied-content-indicator'

-function getBaseUrlFromWindowLocation(): string {
-  // Default to the current hostname for when there is no `BASE_URL` set
-  // at build time (as in most PaaS deploys).
-  const { protocol, hostname } = window.location
-  return `${protocol}//${hostname}`
-}
-
 export default function Customizer({
  baseUrl,
  title,
@@ -39,9 +32,7 @@ export default function Customizer({
 }): JSX.Element {
  // https://github.com/DefinitelyTyped/DefinitelyTyped/issues/35572
  // https://github.com/DefinitelyTyped/DefinitelyTyped/issues/28884#issuecomment-471341041
-  const indicatorRef = useRef<
-    CopiedContentIndicatorHandle
-  >() as React.MutableRefObject<CopiedContentIndicatorHandle>
+  const indicatorRef = useRef<CopiedContentIndicatorHandle>() as React.MutableRefObject<CopiedContentIndicatorHandle>
  const [path, setPath] = useState('')
  const [queryString, setQueryString] = useState<string>()
  const [pathIsComplete, setPathIsComplete] = useState<boolean>()
@@ -50,7 +41,7 @@ export default function Customizer({

  function generateBuiltBadgeUrl(): string {
    const suffix = queryString ? `?${queryString}` : ''
-    return `${baseUrl || getBaseUrlFromWindowLocation()}${path}${suffix}`
+    return `${baseUrl}${path}${suffix}`
  }

  function renderLivePreview(): JSX.Element {
--- a/frontend/components/customizer/path-builder.tsx
+++ b/frontend/components/customizer/path-builder.tsx
@@ -91,15 +91,15 @@ export function constructPath({
      if (typeof token === 'string') {
        return token.trim()
      } else {
-        const { delimiter, name, optional } = token
+        const { prefix, name, modifier } = token
        const value = namedParams[name]
        if (value) {
-          return `${delimiter}${value.trim()}`
-        } else if (optional) {
+          return `${prefix}${value.trim()}`
+        } else if (modifier === '?' || modifier === '*') {
          return ''
        } else {
          isComplete = false
-          return `${delimiter}:${name}`
+          return `${prefix}:${name}`
        }
      }
    })
@@ -221,14 +221,15 @@ export default function PathBuilder({
    tokenIndex: number,
    namedParamIndex: number
  ): JSX.Element {
-    const { delimiter, optional } = token
+    const { prefix, modifier } = token
+    const optional = modifier === '?' || modifier === '*'
    const name = `${token.name}`

    const exampleValue = exampleParams[name] || '(not set)'

    return (
      <React.Fragment key={token.name}>
-        {renderLiteral(delimiter, tokenIndex, false)}
+        {renderLiteral(prefix, tokenIndex, false)}
        <PathBuilderColumn pathContainsOnlyLiterals={false} withHorizPadding>
          <NamedParamLabelContainer>
            <BuilderLabel htmlFor={name}>{humanizeString(name)}</BuilderLabel>
--- a/frontend/components/development/logo-page.tsx
+++ b/frontend/components/development/logo-page.tsx
@@ -1,7 +1,7 @@
 import React from 'react'
 import styled from 'styled-components'
 import { staticBadgeUrl } from '../../../core/badge-urls/make-badge-url'
-import { baseUrl } from '../../constants'
+import { getBaseUrl } from '../../constants'
 import { shieldsLogos, simpleIcons } from '../../lib/supported-features'
 import Meta from '../meta'
 import Header from '../header'
@@ -19,6 +19,7 @@ const StyledTable = styled.table`
 `

 function NamedLogoTable({ logoNames }: { logoNames: string[] }): JSX.Element {
+  const baseUrl = getBaseUrl()
  return (
    <StyledTable>
      <thead>
--- a/frontend/components/development/style-page.tsx
+++ b/frontend/components/development/style-page.tsx
@@ -2,7 +2,7 @@ import React, { Fragment } from 'react'
 import styled from 'styled-components'
 // @ts-ingnore
 import { staticBadgeUrl } from '../../../core/badge-urls/make-badge-url'
-import { baseUrl } from '../../constants'
+import { getBaseUrl } from '../../constants'
 import Meta from '../meta'
 // @ts-ignore
 import Header from '../header'
@@ -123,13 +123,14 @@ const examples = [
 ]

 function StyleTable({ style }: { style: string }): JSX.Element {
+  const baseUrl = getBaseUrl()
  return (
    <StyledTable>
      <thead>
        <tr>
          <td>Description</td>
          <td>Badges (new)</td>
-          <td>Badges (old)</td>
+          <td>Badges (img.shields.io)</td>
        </tr>
      </thead>
      <tbody>
--- a/frontend/components/main.tsx
+++ b/frontend/components/main.tsx
@@ -11,7 +11,7 @@ import {
  RenderableExample,
 } from '../lib/service-definitions'
 import ServiceDefinitionSetHelper from '../lib/service-definitions/service-definition-set-helper'
-import { baseUrl } from '../constants'
+import { getBaseUrl } from '../constants'
 import Meta from './meta'
 import Header from './header'
 import SuggestionAndSearch from './suggestion-and-search'
@@ -54,6 +54,7 @@ export default function Main({
    setSelectedExampleIsSuggestion,
  ] = useState(false)
  const searchTimeout = useRef(0)
+  const baseUrl = getBaseUrl()

  function performSearch(query: string): void {
    setSearchIsInProgress(false)
--- a/frontend/components/usage.tsx
+++ b/frontend/components/usage.tsx
@@ -378,8 +378,10 @@ export default function Usage({ baseUrl }: { baseUrl: string }): JSX.Element {
          <QueryParam
            documentation={
              <span>
-                Specify what clicking on the left/right of a badge should do
-                (esp. for social badge style)
+                Specify what clicking on the left/right of a badge should do.
+                Note that this only works when integrating your badge in an
+                <StyledCode>&lt;object&gt;</StyledCode> HTML tag, but not an
+                <StyledCode>&lt;img&gt;</StyledCode> tag or a markup language.
              </span>
            }
            key="link"
--- a/frontend/constants.ts
+++ b/frontend/constants.ts
@@ -1 +1,33 @@
-export const baseUrl = process.env.GATSBY_BASE_URL || ''
+const baseUrl = process.env.GATSBY_BASE_URL
+
+export function getBaseUrl(): string {
+  if (baseUrl) {
+    return baseUrl
+  }
+
+  /*
+  This is a special case for production.
+
+  We want to be able to build the front end with no value set for
+  `GATSBY_BASE_URL` so that we can deploy a build to staging
+  and then promote the exact same build to production.
+
+  When deployed to staging, we want the frontend on
+  https://staging.shields.io/ to generate badges with the base
+  https://staging.shields.io/
+
+  When we promote to production we want https://shields.io/ and
+  https://www.shields.io/ to both generate badges with the base
+  https://img.shields.io/
+  */
+  try {
+    const { protocol, hostname } = window.location
+    if (['shields.io', 'www.shields.io'].includes(hostname)) {
+      return 'https://img.shields.io'
+    }
+    return `${protocol}//${hostname}`
+  } catch (e) {
+    // server-side rendering
+    return ''
+  }
+}
--- a/frontend/enzyme-conf.spec.js
+++ b/frontend/enzyme-conf.spec.js
@@ -1,8 +0,0 @@
-import Enzyme from 'enzyme'
-import Adapter from 'enzyme-adapter-react-16'
-import chai from 'chai'
-import chaiEnzyme from 'chai-enzyme'
-
-Enzyme.configure({ adapter: new Adapter() })
-
-chai.use(chaiEnzyme())
--- a/frontend/lib/pattern-helpers.ts
+++ b/frontend/lib/pattern-helpers.ts
@@ -21,19 +21,11 @@ export function removeRegexpFromPattern(pattern: string): string {
      if (typeof token === 'string') {
        return token
      } else {
-        const { delimiter, optional, repeat, name, pattern } = token
+        const { prefix, modifier, name, pattern } = token
        if (typeof name === 'number') {
-          return `${delimiter}(${pattern})`
+          return `${prefix}(${pattern})`
        } else {
-          let modifier = ''
-          if (optional && !repeat) {
-            modifier = '?'
-          } else if (!optional && repeat) {
-            modifier = '+'
-          } else if (optional && repeat) {
-            modifier = '*'
-          }
-          return `${delimiter}:${name}${modifier}`
+          return `${prefix}:${name}${modifier}`
        }
      }
    })
--- a/frontend/pages/community.tsx
+++ b/frontend/pages/community.tsx
@@ -1,6 +1,6 @@
 import React from 'react'
 import styled from 'styled-components'
-import { baseUrl } from '../constants'
+import { getBaseUrl } from '../constants'
 import Meta from '../components/meta'
 import Header from '../components/header'
 import Footer from '../components/footer'
@@ -19,6 +19,7 @@ const SponsorContainer = styled.div`
 `

 export default function SponsorsPage(): JSX.Element {
+  const baseUrl = getBaseUrl()
  return (
    <MainContainer>
      <GlobalStyle />
@@ -114,9 +115,6 @@ export default function SponsorsPage(): JSX.Element {
          <li>
            <a href="https://lgtm.com/">LGTM</a>
          </li>
-          <li>
-            <a href="https://www.netlify.com/">Netlify</a>
-          </li>
          <li>
            <a href="https://uptimerobot.com/">Uptime Robot</a>
          </li>
--- a/Show More
+++ b/Show More