Changelog for Release server-2024-11-02 (#10653 )

* Update Changelog * Update CHANGELOG.md --------- Co-authored-by: release[bot] <actions@users.noreply.github.com> Co-authored-by: chris48s <chris48s@users.noreply.github.com>
chore(deps): bump simple-icons from 13.14.1 to 13.15.0 (#10651 )
2024-11-02 10:32:32 +00:00 · 2024-11-02 10:00:46 +00:00 · 2024-11-02 09:54:31 +00:00 · 2024-11-02 09:51:55 +00:00 · 2024-11-02 09:51:34 +00:00 · 2024-11-02 09:51:09 +00:00
507 changed files with 19987 additions and 13299 deletions
--- a/.nycrc.json
+++ b/.nycrc.json
@@ -9,10 +9,8 @@
    "**/test-helpers.js",
    "**/*-test-helpers.js",
    "**/*-fixtures.js",
-    "**/mocha-*.js",
    "**/*.test-d.ts",
    "dangerfile.js",
-    "gatsby-*.js",
    "core/service-test-runner",
    "core/got-test-client.js",
    "services/**/*.tester.js",
@@ -23,6 +21,9 @@
    "coverage",
    "build",
    ".github",
-    "**/public/"
+    "**/public/",
+    "cypress",
+    "frontend",
+    "migrations"
  ]
 }
--- a/.github/ISSUE_TEMPLATE/2_Failing_service_test.md
+++ b/.github/ISSUE_TEMPLATE/2_Failing_service_test.md
@@ -18,10 +18,6 @@ labels: 'keep-service-tests-green'

 <!-- Indicate whether or not the live badge is working. -->

-:link: **CircleCI link**
-
-<!-- Provide a link to the failing test in CircleCI. -->
-
 :lady_beetle: **Stack trace**

 ```
--- a/.github/actions/docusaurus-swizzled-warning/package-lock.json
+++ b/.github/actions/docusaurus-swizzled-warning/package-lock.json
@@ -9,17 +9,25 @@
            "version": "0.0.0",
            "license": "CC0",
            "dependencies": {
-                "@actions/core": "^1.10.1",
+                "@actions/core": "^1.11.1",
                "@actions/github": "^6.0.0"
            }
        },
        "node_modules/@actions/core": {
-            "version": "1.10.1",
-            "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.1.tgz",
-            "integrity": "sha512-3lBR9EDAY+iYIpTnTIXmWcNbX3T2kCkAEQGIQx4NVQ0575nk2k3GRZDTPQG+vVtS2izSLmINlxXf0uLtnrTP+g==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
+            "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
            "dependencies": {
-                "@actions/http-client": "^2.0.1",
-                "uuid": "^8.3.2"
+                "@actions/exec": "^1.1.1",
+                "@actions/http-client": "^2.0.1"
+            }
+        },
+        "node_modules/@actions/exec": {
+            "version": "1.1.1",
+            "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
+            "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
+            "dependencies": {
+                "@actions/io": "^1.0.1"
            }
        },
        "node_modules/@actions/github": {
@@ -42,6 +50,11 @@
                "undici": "^5.25.4"
            }
        },
+        "node_modules/@actions/io": {
+            "version": "1.1.3",
+            "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
+            "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
+        },
        "node_modules/@fastify/busboy": {
            "version": "2.0.0",
            "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.0.0.tgz",
@@ -205,9 +218,9 @@
            }
        },
        "node_modules/undici": {
-            "version": "5.26.3",
-            "resolved": "https://registry.npmjs.org/undici/-/undici-5.26.3.tgz",
-            "integrity": "sha512-H7n2zmKEWgOllKkIUkLvFmsJQj062lSm3uA4EYApG8gLuiOM0/go9bIoC3HVaSnfg4xunowDE2i9p8drkXuvDw==",
+            "version": "5.28.4",
+            "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz",
+            "integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==",
            "dependencies": {
                "@fastify/busboy": "^2.0.0"
            },
@@ -220,14 +233,6 @@
            "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",
            "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w=="
        },
-        "node_modules/uuid": {
-            "version": "8.3.2",
-            "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
-            "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
-            "bin": {
-                "uuid": "dist/bin/uuid"
-            }
-        },
        "node_modules/wrappy": {
            "version": "1.0.2",
            "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
--- a/.github/actions/docusaurus-swizzled-warning/package.json
+++ b/.github/actions/docusaurus-swizzled-warning/package.json
@@ -10,7 +10,7 @@
    "author": "jNullj",
    "license": "CC0",
    "dependencies": {
-        "@actions/core": "^1.10.1",
+        "@actions/core": "^1.11.1",
        "@actions/github": "^6.0.0"
    }
 }
--- a/.github/actions/service-tests/action.yml
+++ b/.github/actions/service-tests/action.yml
@@ -36,10 +36,6 @@ inputs:
    description: 'The SERVICETESTS_TWITCH_CLIENT_SECRET secret'
    required: false
    default: ''
-  wheelmap-token:
-    description: 'The SERVICETESTS_WHEELMAP_TOKEN secret'
-    required: false
-    default: ''
  youtube-api-key:
    description: 'The SERVICETESTS_YOUTUBE_API_KEY secret'
    required: false
@@ -75,7 +71,6 @@ runs:
        SL_INSIGHT_API_TOKEN: '${{ inputs.sl-insight-api-token }}'
        TWITCH_CLIENT_ID: '${{ inputs.twitch-client-id }}'
        TWITCH_CLIENT_SECRET: '${{ inputs.twitch-client-secret }}'
-        WHEELMAP_TOKEN: '${{ inputs.wheelmap-token }}'
        YOUTUBE_API_KEY: '${{ inputs.youtube-api-key }}'

    - name: Write Markdown Summary
--- a/.github/actions/setup/action.yml
+++ b/.github/actions/setup/action.yml
@@ -19,7 +19,7 @@ runs:
  using: 'composite'
  steps:
    - name: Install Node JS ${{ inputs.node-version }}
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
      with:
        node-version: ${{ inputs.node-version }}

--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -16,7 +16,20 @@ updates:
      # https://caniuse.com/js-regexp-lookbehind
      - dependency-name: 'decamelize'
      - dependency-name: 'humanize-string'
-
+    groups:
+      # All official @docusaurus/* packages should have the exact same version as @docusaurus/core.
+      # From https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups:
+      # "You cannot apply a single grouping set of rules to both version updates and security
+      # updates [...] you must define two, separately named, grouping sets of rules"
+      # See https://github.com/badges/shields/issues/10242 for more information.
+      docusaurus-version-updates:
+        applies-to: version-updates
+        patterns:
+          - '@docusaurus/*'
+      docusaurus-security-updates:
+        applies-to: security-updates
+        patterns:
+          - '@docusaurus/*'
  # badge-maker package dependencies
  - package-ecosystem: npm
    directory: '/badge-maker'
@@ -29,7 +42,15 @@ updates:

  # GH actions
  - package-ecosystem: 'github-actions'
-    directory: '/'
+    # all composite actions must be individually listed here
+    # https://github.com/dependabot/dependabot-core/issues/6704
+    directories:
+      - '/'
+      - '/.github/actions/core-tests'
+      - '/.github/actions/integration-tests'
+      - '/.github/actions/package-tests'
+      - '/.github/actions/service-tests'
+      - '/.github/actions/setup'
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
--- a/.github/scripts/check-docusaurus-versions.sh
+++ b/.github/scripts/check-docusaurus-versions.sh
@@ -1,16 +0,0 @@
-#!/bin/bash
-
-set -euo pipefail
-
-# Docusaurus outputs some important errors as log messages
-# but doesn't actually fail
-# https://github.com/facebook/docusaurus/blob/v2.4.3/packages/docusaurus/src/server/siteMetadata.ts#L75-L92
-# this script runs `docusaurus build`. If it outputs any [ERROR]s, we exit with 1
-
-if ( npm run build 2>&1 | grep '\[ERROR\]' )
-then
-    echo "You probably need to run: npm update @docusaurus/preset-classic"
-    exit 1
-else
-    exit 0
-fi
--- a/.github/scripts/deploy-review-app.sh
+++ b/.github/scripts/deploy-review-app.sh
@@ -23,7 +23,7 @@ if ! flyctl status --app "$app"; then
 fi

 # Deploy
-flyctl deploy --app "$app" --region "$region"
+flyctl deploy --app "$app" --regions "$region"
 flyctl scale count 1 --app "$app" --yes

 # Post a comment on the PR
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -14,14 +14,12 @@ jobs:

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
-        with:
-          version: v0.9.1

      - name: Set Git Short SHA
        run: echo "SHORT_SHA=${GITHUB_SHA::7}" >> $GITHUB_ENV

      - name: Build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: .
          push: false
--- a/.github/workflows/check-docusaurus-versions.yml
+++ b/.github/workflows/check-docusaurus-versions.yml
@@ -1,23 +0,0 @@
-name: Check Docusaurus Plugin Versions
-on:
-  pull_request:
-    types: [opened, reopened, synchronize]
-  push:
-    branches-ignore:
-      - 'gh-pages'
-      - 'dependabot/**'
-
-jobs:
-  check-docusaurus-versions:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup
-        uses: ./.github/actions/setup
-        with:
-          node-version: 20
-          cypress: true
-
-      - run: .github/scripts/check-docusaurus-versions.sh
--- a/.github/workflows/coveralls-code-coverage.yml
+++ b/.github/workflows/coveralls-code-coverage.yml
@@ -0,0 +1,71 @@
+name: Coveralls Code Coverage
+on:
+  schedule:
+    - cron: '10 7 * * *'
+    # At 07:10, daily
+  workflow_dispatch:
+
+jobs:
+  coveralls-code-coverage:
+    runs-on: ubuntu-latest
+
+    services:
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_DB: ci_test
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup
+        uses: ./.github/actions/setup
+        with:
+          # Even though we're currently deploying on Node 20, we run coverage test on Node 22
+          # to work around https://github.com/bcoe/v8-coverage/pull/2.
+          node-version: 22
+        env:
+          NPM_CONFIG_ENGINE_STRICT: 'false'
+
+      - name: Migrate DB
+        run: npm run migrate up
+        env:
+          POSTGRES_URL: postgresql://postgres:postgres@localhost:5432/ci_test
+        shell: bash
+
+      - name: Coverage for Main Tests
+        run: npm run coverage:test
+        env:
+          GH_TOKEN: '${{ secrets.GH_PAT }}'
+          POSTGRES_URL: postgresql://postgres:postgres@localhost:5432/ci_test
+        shell: bash
+
+      - name: Coverage for Service Tests
+        run: npm run coverage:test:services
+        continue-on-error: true
+        env:
+          RETRY_COUNT: 3
+          GH_TOKEN: '${{ secrets.GH_PAT }}'
+          LIBRARIESIO_TOKENS: '${{ secrets.SERVICETESTS_LIBRARIESIO_TOKENS }}'
+          OBS_USER: '${{ secrets.SERVICETESTS_OBS_USER }}'
+          OBS_PASS: '${{ secrets.SERVICETESTS_OBS_PASS }}'
+          PEPY_KEY: '${{ secrets.SERVICETESTS_PEPY_KEY }}'
+          SL_INSIGHT_USER_UUID: '${{ secrets.SERVICETESTS_SL_INSIGHT_USER_UUID }}'
+          SL_INSIGHT_API_TOKEN: '${{ secrets.SERVICETESTS_SL_INSIGHT_API_TOKEN }}'
+          TWITCH_CLIENT_ID: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_ID }}'
+          TWITCH_CLIENT_SECRET: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_SECRET }}'
+          YOUTUBE_API_KEY: '${{ secrets.SERVICETESTS_YOUTUBE_API_KEY }}'
+        shell: bash
+
+      - name: Coveralls GitHub Action
+        uses: coverallsapp/github-action@v2
--- a/.github/workflows/create-release.yml
+++ b/.github/workflows/create-release.yml
@@ -37,7 +37,7 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
-          version: v0.9.1
+          platforms: linux/amd64,linux/arm64

      - name: Login to DockerHub
        uses: docker/login-action@v3
@@ -46,10 +46,11 @@ jobs:
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Build and push snapshot release to DockerHub
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
+          platforms: linux/amd64,linux/arm64
          tags: shieldsio/shields:server-${{ steps.date.outputs.date }}
          build-args: |
            version=server-${{ steps.date.outputs.date }}
@@ -62,10 +63,11 @@ jobs:
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push snapshot release to GHCR
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
+          platforms: linux/amd64,linux/arm64
          tags: ghcr.io/badges/shields:server-${{ steps.date.outputs.date }}
          build-args: |
            version=server-${{ steps.date.outputs.date }}
--- a/.github/workflows/daily-tests.yml
+++ b/.github/workflows/daily-tests.yml
@@ -0,0 +1,70 @@
+name: Run Daily Tests
+on:
+  schedule:
+    - cron: '45 3 * * *'
+    # At 03:45, daily
+  workflow_dispatch:
+
+jobs:
+  daily-tests:
+    runs-on: ubuntu-latest
+
+    services:
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_DB: ci_test
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup
+        uses: ./.github/actions/setup
+        with:
+          node-version: 20
+
+      - name: Core tests
+        if: always()
+        uses: ./.github/actions/core-tests
+
+      - name: Package tests
+        if: always()
+        uses: ./.github/actions/package-tests
+
+      - name: Integration Tests (with PAT)
+        if: always()
+        uses: ./.github/actions/integration-tests
+        with:
+          github-token: '${{ secrets.GH_PAT }}'
+
+      - name: Run Service tests
+        run: npm run test:services -- --reporter json --reporter-option 'output=reports/service-tests.json'
+        if: always()
+        env:
+          RETRY_COUNT: 3
+          GH_TOKEN: '${{ secrets.GH_PAT }}'
+          LIBRARIESIO_TOKENS: '${{ secrets.SERVICETESTS_LIBRARIESIO_TOKENS }}'
+          OBS_USER: '${{ secrets.SERVICETESTS_OBS_USER }}'
+          OBS_PASS: '${{ secrets.SERVICETESTS_OBS_PASS }}'
+          PEPY_KEY: '${{ secrets.SERVICETESTS_PEPY_KEY }}'
+          SL_INSIGHT_USER_UUID: '${{ secrets.SERVICETESTS_SL_INSIGHT_USER_UUID }}'
+          SL_INSIGHT_API_TOKEN: '${{ secrets.SERVICETESTS_SL_INSIGHT_API_TOKEN }}'
+          TWITCH_CLIENT_ID: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_ID }}'
+          TWITCH_CLIENT_SECRET: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_SECRET }}'
+          YOUTUBE_API_KEY: '${{ secrets.SERVICETESTS_YOUTUBE_API_KEY }}'
+
+      - name: Write Service Tests Markdown Summary
+        if: always()
+        run: |
+          echo '# Services' >> $GITHUB_STEP_SUMMARY
+          node scripts/mocha2md.js Report reports/service-tests.json >> $GITHUB_STEP_SUMMARY
--- a/.github/workflows/deploy-review-app.yml
+++ b/.github/workflows/deploy-review-app.yml
@@ -40,5 +40,4 @@ jobs:
            SL_INSIGHT_USER_UUID=${{ secrets.SERVICETESTS_SL_INSIGHT_API_TOKEN }}
            TWITCH_CLIENT_ID=${{ secrets.SERVICETESTS_TWITCH_CLIENT_ID }}
            TWITCH_CLIENT_SECRET=${{ secrets.SERVICETESTS_TWITCH_CLIENT_SECRET }}
-            WHEELMAP_TOKEN=${{ secrets.SERVICETESTS_WHEELMAP_TOKEN }}
            YOUTUBE_API_KEY=${{ secrets.SERVICETESTS_YOUTUBE_API_KEY }}
--- a/.github/workflows/enforce-dependency-review.yml
+++ b/.github/workflows/enforce-dependency-review.yml
@@ -10,4 +10,4 @@ jobs:
      - name: 'Checkout Repository'
        uses: actions/checkout@v4
      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3
+        uses: actions/dependency-review-action@v4
--- a/.github/workflows/publish-docker-next.yml
+++ b/.github/workflows/publish-docker-next.yml
@@ -16,8 +16,6 @@ jobs:

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
-        with:
-          version: v0.9.1

      - name: Login to DockerHub
        uses: docker/login-action@v3
@@ -30,7 +28,7 @@ jobs:

      - name: Build and push to DockerHub
        id: docker_build_push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
@@ -49,7 +47,7 @@ jobs:
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push to GHCR
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
--- a/.github/workflows/test-e2e.yml
+++ b/.github/workflows/test-e2e.yml
@@ -16,7 +16,7 @@ jobs:

      - name: Cache Cypress binary
        id: cache-cypress
-        uses: actions/cache@v3
+        uses: actions/cache@v4
        env:
          cache-name: cache-cypress
        with:
--- a/.github/workflows/test-integration-22.yml
+++ b/.github/workflows/test-integration-22.yml
@@ -1,4 +1,4 @@
-name: Integration@node 21
+name: Integration@node 22
 on:
  pull_request:
    types: [opened, reopened, synchronize]
@@ -8,7 +8,7 @@ on:
      - 'dependabot/**'

 jobs:
-  test-integration-21:
+  test-integration-22:
    runs-on: ubuntu-latest
    env:
      PAT_EXISTS: ${{ secrets.GH_PAT != '' }}
@@ -35,7 +35,7 @@ jobs:
      - name: Setup
        uses: ./.github/actions/setup
        with:
-          node-version: 21
+          node-version: 22
        env:
          NPM_CONFIG_ENGINE_STRICT: 'false'

--- a/.github/workflows/test-main-22.yml
+++ b/.github/workflows/test-main-22.yml
@@ -1,4 +1,4 @@
-name: Main@node 21
+name: Main@node 22
 on:
  pull_request:
    types: [opened, reopened, synchronize]
@@ -8,7 +8,7 @@ on:
      - 'dependabot/**'

 jobs:
-  test-main-21:
+  test-main-22:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
@@ -17,7 +17,7 @@ jobs:
      - name: Setup
        uses: ./.github/actions/setup
        with:
-          node-version: 21
+          node-version: 22
        env:
          NPM_CONFIG_ENGINE_STRICT: 'false'

--- a/.github/workflows/test-package-cli.yml
+++ b/.github/workflows/test-package-cli.yml
@@ -19,6 +19,7 @@ jobs:
          - node: '16'
          - node: '18'
          - node: '20'
+          - node: '22'
    steps:
      - name: Checkout
        uses: actions/checkout@v4
--- a/.github/workflows/test-package-lib.yml
+++ b/.github/workflows/test-package-lib.yml
@@ -22,6 +22,9 @@ jobs:
          - node: '20'
            npm: '^10'
            engine-strict: 'true'
+          - node: '22'
+            npm: '^10'
+            engine-strict: 'false'
    steps:
      - name: Checkout
        uses: actions/checkout@v4
--- a/.github/workflows/test-services-22.yml
+++ b/.github/workflows/test-services-22.yml
@@ -1,4 +1,4 @@
-name: Services@node 21
+name: Services@node 22
 on:
  pull_request:
    types: [opened, edited, reopened, synchronize]
@@ -7,7 +7,7 @@ on:
      - 'gh-readonly-queue/**'

 jobs:
-  test-services-21:
+  test-services-22:
    runs-on: ubuntu-latest

    steps:
@@ -17,7 +17,7 @@ jobs:
      - name: Setup
        uses: ./.github/actions/setup
        with:
-          node-version: 21
+          node-version: 22
        env:
          NPM_CONFIG_ENGINE_STRICT: 'false'

@@ -34,7 +34,6 @@ jobs:
          sl-insight-api-token: '${{ secrets.SERVICETESTS_SL_INSIGHT_API_TOKEN }}'
          twitch-client-id: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_ID }}'
          twitch-client-secret: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_SECRET }}'
-          wheelmap-token: '${{ secrets.SERVICETESTS_WHEELMAP_TOKEN }}'
          youtube-api-key: '${{ secrets.SERVICETESTS_YOUTUBE_API_KEY }}'

      - name: Service tests (triggered from fork)
--- a/.github/workflows/test-services.yml
+++ b/.github/workflows/test-services.yml
@@ -32,7 +32,6 @@ jobs:
          sl-insight-api-token: '${{ secrets.SERVICETESTS_SL_INSIGHT_API_TOKEN }}'
          twitch-client-id: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_ID }}'
          twitch-client-secret: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_SECRET }}'
-          wheelmap-token: '${{ secrets.SERVICETESTS_WHEELMAP_TOKEN }}'
          youtube-api-key: '${{ secrets.SERVICETESTS_YOUTUBE_API_KEY }}'

      - name: Service tests (triggered from fork)
--- a/.github/workflows/update-github-api.yml
+++ b/.github/workflows/update-github-api.yml
@@ -25,7 +25,7 @@ jobs:
        run: node scripts/update-github-api.js

      - name: Create Pull Request if config has changed
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v7
        with:
          token: '${{ secrets.GITHUB_TOKEN }}'
          commit-message: Update GitHub API Version
--- a/.gitignore
+++ b/.gitignore
@@ -50,9 +50,6 @@ lib-cov
 # Coverage directory used by tools like istanbul
 coverage

-# nyc test coverage
-.nyc_output
-
 # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
 .grunt

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,154 @@ Note: this changelog is for the shields.io server. The changelog for the badge-m

 ---

+## server-2024-11-02
+
+- cleanly handle null or undefined result from jsonpath-plus [#10645](https://github.com/badges/shields/issues/10645)
+- add content security policy header to SVG responses [#10642](https://github.com/badges/shields/issues/10642)
+- [Scoop] Added scoop-license badge. [#10627](https://github.com/badges/shields/issues/10627)
+- [Chromewebstore] Extension size & last updated [#10613](https://github.com/badges/shields/issues/10613)
+- Deprecate HackageDeps service [#10618](https://github.com/badges/shields/issues/10618)
+- Add [CratesUserDownloads] service and tester [#10619](https://github.com/badges/shields/issues/10619)
+- [Snapcraft] - Added snapcraft last update badge [#10610](https://github.com/badges/shields/issues/10610)
+- [GitHubHacktoberfest] 2024 support [#10612](https://github.com/badges/shields/issues/10612)
+- add [homebrew] cask download badge [#10595](https://github.com/badges/shields/issues/10595)
+- remove prefix v for commit hash version [#10597](https://github.com/badges/shields/issues/10597)
+- [Maven] Added badge for Maven-Cenral last-update (#10301) [#10585](https://github.com/badges/shields/issues/10585)
+- [DynamicXml] parse doc as html if served with text/html content type [#10607](https://github.com/badges/shields/issues/10607)
+- Revert "Use old.stats.jenkins.io for JSON data (#10522)" [#10537](https://github.com/badges/shields/issues/10537)
+- catch queries that cause TypeError [#10556](https://github.com/badges/shields/issues/10556)
+- Dependency updates
+
+## server-2024-09-25
+
+This release includes an important security fix. See
+
+- https://github.com/badges/shields/security/advisories/GHSA-rxvx-x284-4445
+- https://github.com/badges/shields/issues/10553
+
+for more details
+
+- [dynamicjson dynamicyaml dynamictoml] switch to jsonpath-plus [#10551](https://github.com/badges/shields/issues/10551)
+- [Snapcraft] license [#10520](https://github.com/badges/shields/issues/10520)
+- deprecate [wheelmap] service [#10538](https://github.com/badges/shields/issues/10538)
+- Use old.stats.jenkins.io for JSON data [#10522](https://github.com/badges/shields/issues/10522)
+- catch xml ParseError [#10516](https://github.com/badges/shields/issues/10516)
+- migrate [MozillaObservatory] to /scan endpoint [#10491](https://github.com/badges/shields/issues/10491)
+- fix incorrect codecov config link [#10511](https://github.com/badges/shields/issues/10511)
+- [OSSLifecycle OSSLifecycleRedirect] Add file_url param to pull from non-github sources [#10489](https://github.com/badges/shields/issues/10489)
+- perf: improve logoSize performance [#10488](https://github.com/badges/shields/issues/10488)
+- perf: faster `resetIconPosition` avoiding to parse path twice [#10497](https://github.com/badges/shields/issues/10497)
+- perf: limit logoSize precision to 3 [#10521](https://github.com/badges/shields/issues/10521)
+- Dependency updates
+
+## server-2024-09-02
+
+- Publish linux/amd64 docker images for snapshot builds [#10476](https://github.com/badges/shields/issues/10476)
+- Fix Gitea not having credentials/authorizedOrigins in Docker environments [#10486](https://github.com/badges/shields/issues/10486)
+- fix typo in pepy downloads [#10475](https://github.com/badges/shields/issues/10475)
+- ignore a couple of docusaurus warnings [#10469](https://github.com/badges/shields/issues/10469)
+- Use Ecologi API to power Treeware badges [#10467](https://github.com/badges/shields/issues/10467)
+- move go version badge to platform support category [#10444](https://github.com/badges/shields/issues/10444)
+- [Crates] Implement Dependents Badge [#10438](https://github.com/badges/shields/issues/10438)
+- [Crates] Added crate size badge [#10421](https://github.com/badges/shields/issues/10421)
+- Dependency updates
+
+## server-2024-08-01
+
+- send Cross-Origin-Resource-Policy header on all responses [#10420](https://github.com/badges/shields/issues/10420)
+- migrate [MozillaObservatory] to new API [#10402](https://github.com/badges/shields/issues/10402)
+- use metric() for [discord] and [revolt] badges [#10406](https://github.com/badges/shields/issues/10406)
+- Cache text only static badges for longer [#10403](https://github.com/badges/shields/issues/10403)
+- Fix [FreeCodeCampPoints] not found handling [#10377](https://github.com/badges/shields/issues/10377)
+- Fix [Gitea] not found message [#10373](https://github.com/badges/shields/issues/10373)
+- Deprecate [Bountysource] service [#10371](https://github.com/badges/shields/issues/10371)
+- Sunset Shields custom logos [#10347](https://github.com/badges/shields/issues/10347)
+- Use ellipsis when many versions returned for [ModrinthGameVersions] [#10350](https://github.com/badges/shields/issues/10350)
+- deprecate [tokei] service [#9581](https://github.com/badges/shields/issues/9581)
+- Add CF-Ray header value to Sentry errors if available [#10339](https://github.com/badges/shields/issues/10339)
+- Use XML for Chocolatey, affects [Chocolatey Resharper PowershellGallery] [#10344](https://github.com/badges/shields/issues/10344)
+- include github contributors badge in docs site [#10337](https://github.com/badges/shields/issues/10337)
+- Dependency updates
+
+## server-2024-07-01
+
+- Add [AUR] Popularity Badge [#10304](https://github.com/badges/shields/issues/10304)
+- fix npm badges when `maintainers` not in response [#10286](https://github.com/badges/shields/issues/10286)
+- Expose `logoBase64` and `links` in badge-maker NPM package [#10283](https://github.com/badges/shields/issues/10283)
+- Remove `logoPosition` [#10284](https://github.com/badges/shields/issues/10284)
+- [MBIN] Add subscribers badge [#10270](https://github.com/badges/shields/issues/10270)
+- Add [Docker] support for loong64 arch [#10241](https://github.com/badges/shields/issues/10241)
+- Add puppetforge quality score badges [#10201](https://github.com/badges/shields/issues/10201)
+- Dependency updates
+
+## server-2024-06-01
+
+- Remove namedLogo from defaultBadgeData of non-social badges [#10195](https://github.com/badges/shields/issues/10195)
+- Update number of badges served each month [#10197](https://github.com/badges/shields/issues/10197)
+- Delete old deprecated services [#10196](https://github.com/badges/shields/issues/10196)
+- handle [BitbucketPipelines] responses with missing result key [#10163](https://github.com/badges/shields/issues/10163)
+- Update description of GitHub commit status badge [#10198](https://github.com/badges/shields/issues/10198)
+- chore: fix spelling of GitHub in badge descriptions [#10199](https://github.com/badges/shields/issues/10199)
+- Add [GithubCheckRuns] service [#7759](https://github.com/badges/shields/issues/7759)
+- feat: add Revolt badge [#10093](https://github.com/badges/shields/issues/10093)
+- ensure color is string before calling toLowerCase() [#10129](https://github.com/badges/shields/issues/10129)
+- instruct dependabot to monitor composite actions [#10139](https://github.com/badges/shields/issues/10139)
+- run tests on node 22 [#10127](https://github.com/badges/shields/issues/10127)
+- tweaks to libraries.io token pooling code [#10074](https://github.com/badges/shields/issues/10074)
+- fix [pypi] status badge when package has no 'Development Status' classifier [#10107](https://github.com/badges/shields/issues/10107)
+- clarify yml paths in server-secrets docs [#10106](https://github.com/badges/shields/issues/10106)
+- Update region flag name in flyctl deploy command [#10134](https://github.com/badges/shields/issues/10134)
+- Dependency updates
+
+## server-2024-05-01
+
+- [Hexpm] Fix badges for pre-release only versions [#10112](https://github.com/badges/shields/issues/10112)
+- feat(logos): support auto-sizing mode [#9191](https://github.com/badges/shields/issues/9191) [#10110](https://github.com/badges/shields/issues/10110) [#10125](https://github.com/badges/shields/issues/10125)
+- support setting pypiBaseUrl by environment variables and queryParameters; affects [pypi] [#10044](https://github.com/badges/shields/issues/10044)
+- Add 0BSD license to licenseTypes and [PypiLicense] [#10092](https://github.com/badges/shields/issues/10092)
+- Update Mastodon profile URL [#10082](https://github.com/badges/shields/issues/10082)
+- [GitHubGoMod] Ignore comment after version (fixes #10079) [#10080](https://github.com/badges/shields/issues/10080)
+- Perf: Librariesio repo dependencies [#10062](https://github.com/badges/shields/issues/10062)
+- [Chocolatey Nuget] Fix "not found" error for chocolatey badge [#10060](https://github.com/badges/shields/issues/10060)
+- Dependency updates
+
+## server-2024-04-01
+
+- improve performance of [GithubLastCommit] [GitlabLastCommit] [GiteaLastCommit] [#10046](https://github.com/badges/shields/issues/10046)
+- [BitbucketLastCommit] Add Bitbucket last commit [#10043](https://github.com/badges/shields/issues/10043)
+- [GithubLastCommit] [GitlabLastCommit] [GiteaLastCommit] Support file path for last commit [#10041](https://github.com/badges/shields/issues/10041)
+- upgrade to docusaurus 3 [#9820](https://github.com/badges/shields/issues/9820)
+- redirect [npm] /dt to /d18m [#10033](https://github.com/badges/shields/issues/10033)
+- Add [JSR] version service [#10030](https://github.com/badges/shields/issues/10030)
+- Add [snapcraft] version badge [#9976](https://github.com/badges/shields/issues/9976)
+- Dependency updates
+
+## server-2024-03-01
+
+- feat(gitea): add last commit badge [#9995](https://github.com/badges/shields/issues/9995)
+- [GithubCreatedAt] Add Created At Badge for Github [#9981](https://github.com/badges/shields/issues/9981)
+- Added custom bucket url support for [Scoop] [#9984](https://github.com/badges/shields/issues/9984)
+- [NpmUnpackedSize] Unpacked Size Badge [#9954](https://github.com/badges/shields/issues/9954)
+- [Website] Render `status: down` badge if website is unresponsive [#9966](https://github.com/badges/shields/issues/9966)
+- deprecate TAS [#9932](https://github.com/badges/shields/issues/9932)
+- [GITEA] add forks, stars, issues and pr badges [#9923](https://github.com/badges/shields/issues/9923)
+- tolerate missing short_version in [visualstudioappcenter] [#9951](https://github.com/badges/shields/issues/9951)
+- [Crates] Only use non-yanked crate versions (ready for merge) [#9949](https://github.com/badges/shields/issues/9949)
+- Dependency updates
+
+## server-2024-02-01
+
+- feat: added up_message and down_message to [uptimerobotstatus] [#9662](https://github.com/badges/shields/issues/9662)
+- Add [Hangar] Badges [#9800](https://github.com/badges/shields/issues/9800)
+- sort categories by title (except core) [#9888](https://github.com/badges/shields/issues/9888)
+- Add Support for [Nostr] Followers [#9870](https://github.com/badges/shields/issues/9870)
+- [thunderstore] replace experimental API usage with newly available v1 API [#9886](https://github.com/badges/shields/issues/9886)
+- Update [Gitea] defaults to gitea.com [#9872](https://github.com/badges/shields/issues/9872)
+- [crates] MSRV Badge [#9871](https://github.com/badges/shields/issues/9871)
+- Add [galaxytoolshed] Version [#8249](https://github.com/badges/shields/issues/8249)
+- fix default style docs for social badges [#9869](https://github.com/badges/shields/issues/9869)
+- Dependency updates
+
 ## server-2024-01-01

 The most important changes in this release for users hosting their own instance are:
@@ -133,7 +281,7 @@ Other changes in this release:

 ## server-2023-05-01

-** Removal:** For users who need to maintain a Github Token pool, storage has been provided via the `RedisTokenPersistence` and `REDIS_URL` settings. This feature was deprecated in `server-2023-03-01`. As of this release, the `RedisTokenPersistence` backend is now removed. If you are using this feature, you will need to migrate to using the `SQLTokenPersistence` backend for storage and provide a postgres connection string via the `POSTGRES_URL` setting. [#8922](https://github.com/badges/shields/issues/8922)
+**Removal:** For users who need to maintain a Github Token pool, storage has been provided via the `RedisTokenPersistence` and `REDIS_URL` settings. This feature was deprecated in `server-2023-03-01`. As of this release, the `RedisTokenPersistence` backend is now removed. If you are using this feature, you will need to migrate to using the `SQLTokenPersistence` backend for storage and provide a postgres connection string via the `POSTGRES_URL` setting. [#8922](https://github.com/badges/shields/issues/8922)

 - fail to start server if there are duplicate service names [#9099](https://github.com/badges/shields/issues/9099)
 - [SourceForge] Added badges for SourceForge [#9078](https://github.com/badges/shields/issues/9078) [#9102](https://github.com/badges/shields/issues/9102)
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -77,6 +77,15 @@ don't see it, feel free to [open a new issue][open an issue].

 [open an issue]: https://github.com/badges/shields/issues/new/choose

+### Requesting new logos
+
+We consume logos via [the SimpleIcons project][simple-icons github], and
+encourage you to contribute logos there. Please review their
+[guidance][simple-icons contributing] before doing so.
+
+[simple-icons github]: https://github.com/simple-icons/simple-icons
+[simple-icons contributing]: https://github.com/simple-icons/simple-icons/blob/develop/CONTRIBUTING.md
+
 ### Spreading the word

 Feel free to star the repository. This will help increase the visibility of the project, therefore attracting more users and contributors to Shields!
@@ -154,10 +163,6 @@ To run the integration tests:

 There is a [High-level code walkthrough](doc/code-walkthrough.md) describing the layout of the project.

-### Logos
-
-We have [documentation for logo usage](doc/logos.md) which includes [contribution guidance](doc/logos.md#contributing-logos)
-
 ## Pull Requests

 All code changes are incorporated via pull requests, and pull requests are always squashed into a single commit on merging. Therefore there's no requirement to squash commits within your PR, but feel free to squash or restructure the commits on your PR branch if you think it will be helpful. PRs with well structured commits are always easier to review!
--- a/9
+++ b/9
@@ -1,4 +1,4 @@
-FROM node:20-alpine AS Builder
+FROM node:20-alpine AS builder

 RUN mkdir -p /usr/src/app
 RUN mkdir /usr/src/app/private
@@ -8,7 +8,6 @@ COPY package.json package-lock.json /usr/src/app/
 # Without the badge-maker package.json and CLI script in place, `npm ci` will fail.
 COPY badge-maker /usr/src/app/badge-maker/

-RUN apk add python3 make g++
 RUN npm install -g "npm@^9.0.0"
 # We need dev deps to build the front end. We don't need Cypress, though.
 RUN NODE_ENV=development CYPRESS_INSTALL_BINARY=0 npm ci
@@ -27,11 +26,11 @@ LABEL version=$version
 LABEL fly.version=$version

 # Run the server using production configs.
-ENV NODE_ENV production
+ENV NODE_ENV=production

 WORKDIR /usr/src/app
-COPY --from=Builder --chown=0:0 /usr/src/app /usr/src/app
+COPY --from=builder --chown=0:0 /usr/src/app /usr/src/app

-CMD node server
+CMD ["node", "server"]

 EXPOSE 80 443
--- a/README.md
+++ b/README.md
@@ -3,25 +3,23 @@
        height="130">
 </p>
 <p align="center">
-    <a href="https://github.com/badges/shields/graphs/contributors" alt="Contributors">
-        <img src="https://img.shields.io/github/contributors/badges/shields" /></a>
-    <a href="#backers" alt="Backers on Open Collective">
+    <a href="https://shields.io/community#backers" alt="Backers on Open Collective">
        <img src="https://img.shields.io/opencollective/backers/shields" /></a>
-    <a href="#sponsors" alt="Sponsors on Open Collective">
+    <a href="https://shields.io/community#sponsors" alt="Sponsors on Open Collective">
        <img src="https://img.shields.io/opencollective/sponsors/shields" /></a>
    <a href="https://github.com/badges/shields/pulse" alt="Activity">
        <img src="https://img.shields.io/github/commit-activity/m/badges/shields" /></a>
-    <a href="https://circleci.com/gh/badges/shields/tree/master">
-        <img src="https://img.shields.io/circleci/project/github/badges/shields/master" alt="build status"></a>
-    <a href="https://circleci.com/gh/badges/daily-tests">
-        <img src="https://img.shields.io/circleci/project/github/badges/daily-tests?label=service%20tests"
-            alt="service-test status"></a>
+    <a href="https://github.com/badges/shields/discussions" alt="Discussions">
+        <img src="https://img.shields.io/github/discussions/badges/shields" /></a>
+    <a href="https://github.com/badges/shields/actions/workflows/daily-tests.yml">
+        <img src="https://img.shields.io/github/actions/workflow/status/badges/shields/daily-tests.yml?label=daily%20tests"
+            alt="Daily Tests Status"></a>
    <a href="https://coveralls.io/github/badges/shields">
        <img src="https://img.shields.io/coveralls/github/badges/shields"
-            alt="coverage"></a>
+            alt="Code Coverage"></a>
    <a href="https://discord.gg/HjJCwm5">
-        <img src="https://img.shields.io/discord/308323056592486420?logo=discord"
-            alt="chat on Discord"></a>
+        <img src="https://img.shields.io/discord/308323056592486420?logo=discord&logoColor=white"
+            alt="Chat on Discord"></a>
 </p>

 This is home to [Shields.io][shields.io], a service for concise, consistent,
@@ -29,7 +27,7 @@ and legible badges in SVG and raster format, which can easily be included in
 GitHub readmes or any other web page. The service supports dozens of
 continuous integration services, package registries, distributions, app
 stores, social networks, code coverage services, and code analysis services.
-Every month it serves over 870 million images and is used by some of the
+Every month it serves over 1.6 billion images and is used by some of the
 world's most popular open-source projects, [VS Code][vscode], [Vue.js][vue]
 and [Bootstrap][bootstrap] to name a few.

@@ -99,7 +97,7 @@ If you intend on reporting or contributing a fix related to security vulnerabili
 ## Development

 1. Install Node 20 or later. You can use the [package manager][] of your choice.
-   Tests need to pass in Node 20 and 21.
+   Tests need to pass in Node 20 and 22.
 2. Clone this repository.
 3. Run `npm ci` to install the dependencies.
 4. Run `npm start` to start the badge server and the frontend dev server.
@@ -109,7 +107,7 @@ When server source files change, the badge server should automatically restart
 itself (using [nodemon][]). When the frontend files change, the frontend dev
 server (`docusaurus start`) should also automatically reload. However the badge
 definitions are built only before the server first starts. To regenerate those,
-either run `npm run defs` or manually restart the server.
+either run `npm run prestart` or manually restart the server.

 To debug a badge from the command line, run `npm run badge -- /npm/v/nock`.
 It also works with full URLs like
@@ -133,7 +131,7 @@ snapshots, and `SNAPSHOT_UPDATE=1 npm run test:package` to update them.

 The server can be configured to use [Sentry][] ([configuration][sentry configuration]) and [Prometheus][] ([configuration][prometheus configuration]).

-Daily tests, including a full run of the service tests and overall code coverage, are run via [badges/daily-tests][daily-tests].
+Our [full test suite][full test suite] as well as [code coverage][code coverage] are run on a daily basis.

 [package manager]: https://nodejs.org/en/download/package-manager/
 [gitpod]: https://www.gitpod.io/
@@ -142,10 +140,11 @@ Daily tests, including a full run of the service tests and overall code coverage
 [prometheus configuration]: https://github.com/badges/shields/blob/master/doc/self-hosting.md#prometheus
 [sentry]: https://sentry.io/
 [sentry configuration]: https://github.com/badges/shields/blob/master/doc/self-hosting.md#sentry
-[daily-tests]: https://github.com/badges/daily-tests
 [nodemon]: https://nodemon.io/
 [nodemon debug]: https://github.com/Microsoft/vscode-recipes/tree/master/nodemon
 [vs code]: https://code.visualstudio.com/
+[full test suite]: https://github.com/badges/shields/actions/workflows/daily-tests.yml
+[code coverage]: https://coveralls.io/github/badges/shields

 ## Hosting your own server

@@ -224,9 +223,6 @@ Alumni:
 All assets and code are under the [CC0 LICENSE](LICENSE) and in the public
 domain unless specified otherwise.

-The assets in `logo/` are trademarks of their respective companies and are
-under their terms and license.
-
 ## Community

 Thanks to the people and companies who donate money, services or time to keep the project running. [https://shields.io/community](https://shields.io/community)
--- a/snapshots/make-badge.spec.js
+++ b/snapshots/make-badge.spec.js
@@ -2229,3 +2229,325 @@ exports['The badge generator badges with logos should always produce the same ba
 </svg>

 `
+
+exports['The badge generator "flat" template badge generation should match snapshots: message with custom suffix 1'] = `
+<svg
+  xmlns="http://www.w3.org/2000/svg"
+  xmlns:xlink="http://www.w3.org/1999/xlink"
+  width="107"
+  height="20"
+  role="img"
+  aria-label="cactus: grown"
+>
+  <title>cactus: grown</title>
+  <linearGradient id="s1" x2="0" y2="100%">
+    <stop offset="0" stop-color="#bbb" stop-opacity=".1" />
+    <stop offset="1" stop-opacity=".1" />
+  </linearGradient>
+  <clipPath id="r1">
+    <rect width="107" height="20" rx="3" fill="#fff" />
+  </clipPath>
+  <g clip-path="url(#r1)">
+    <rect width="62" height="20" fill="#0f0" />
+    <rect x="62" width="45" height="20" fill="#b3e" />
+    <rect width="107" height="20" fill="url(#s1)" />
+  </g>
+  <g
+    fill="#fff"
+    text-anchor="middle"
+    font-family="Verdana,Geneva,DejaVu Sans,sans-serif"
+    text-rendering="geometricPrecision"
+    font-size="110"
+  >
+    <image
+      x="5"
+      y="3"
+      width="14"
+      height="14"
+      xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxu"
+    />
+    <text
+      aria-hidden="true"
+      x="405"
+      y="150"
+      fill="#010101"
+      fill-opacity=".3"
+      transform="scale(.1)"
+      textLength="350"
+    >
+      cactus
+    </text>
+    <text x="405" y="140" transform="scale(.1)" fill="#fff" textLength="350">
+      cactus
+    </text>
+    <text
+      aria-hidden="true"
+      x="835"
+      y="150"
+      fill="#010101"
+      fill-opacity=".3"
+      transform="scale(.1)"
+      textLength="350"
+    >
+      grown
+    </text>
+    <text x="835" y="140" transform="scale(.1)" fill="#fff" textLength="350">
+      grown
+    </text>
+  </g>
+</svg>
+
+`
+
+exports['The badge generator "flat-square" template badge generation should match snapshots: message with custom suffix 1'] = `
+<svg
+  xmlns="http://www.w3.org/2000/svg"
+  xmlns:xlink="http://www.w3.org/1999/xlink"
+  width="107"
+  height="20"
+  role="img"
+  aria-label="cactus: grown"
+>
+  <title>cactus: grown</title>
+  <g shape-rendering="crispEdges">
+    <rect width="62" height="20" fill="#0f0" />
+    <rect x="62" width="45" height="20" fill="#b3e" />
+  </g>
+  <g
+    fill="#fff"
+    text-anchor="middle"
+    font-family="Verdana,Geneva,DejaVu Sans,sans-serif"
+    text-rendering="geometricPrecision"
+    font-size="110"
+  >
+    <image
+      x="5"
+      y="3"
+      width="14"
+      height="14"
+      xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxu"
+    />
+    <text x="405" y="140" transform="scale(.1)" fill="#fff" textLength="350">
+      cactus
+    </text>
+    <text x="835" y="140" transform="scale(.1)" fill="#fff" textLength="350">
+      grown
+    </text>
+  </g>
+</svg>
+
+`
+
+exports['The badge generator "plastic" template badge generation should match snapshots: message with custom suffix 1'] = `
+<svg
+  xmlns="http://www.w3.org/2000/svg"
+  xmlns:xlink="http://www.w3.org/1999/xlink"
+  width="107"
+  height="18"
+  role="img"
+  aria-label="cactus: grown"
+>
+  <title>cactus: grown</title>
+  <linearGradient id="s1" x2="0" y2="100%">
+    <stop offset="0" stop-color="#fff" stop-opacity=".7" />
+    <stop offset=".1" stop-color="#aaa" stop-opacity=".1" />
+    <stop offset=".9" stop-color="#000" stop-opacity=".3" />
+    <stop offset="1" stop-color="#000" stop-opacity=".5" />
+  </linearGradient>
+  <clipPath id="r1">
+    <rect width="107" height="18" rx="4" fill="#fff" />
+  </clipPath>
+  <g clip-path="url(#r1)">
+    <rect width="62" height="18" fill="#0f0" />
+    <rect x="62" width="45" height="18" fill="#b3e" />
+    <rect width="107" height="18" fill="url(#s1)" />
+  </g>
+  <g
+    fill="#fff"
+    text-anchor="middle"
+    font-family="Verdana,Geneva,DejaVu Sans,sans-serif"
+    text-rendering="geometricPrecision"
+    font-size="110"
+  >
+    <image
+      x="5"
+      y="2"
+      width="14"
+      height="14"
+      xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxu"
+    />
+    <text
+      aria-hidden="true"
+      x="405"
+      y="140"
+      fill="#010101"
+      fill-opacity=".3"
+      transform="scale(.1)"
+      textLength="350"
+    >
+      cactus
+    </text>
+    <text x="405" y="130" transform="scale(.1)" fill="#fff" textLength="350">
+      cactus
+    </text>
+    <text
+      aria-hidden="true"
+      x="835"
+      y="140"
+      fill="#010101"
+      fill-opacity=".3"
+      transform="scale(.1)"
+      textLength="350"
+    >
+      grown
+    </text>
+    <text x="835" y="130" transform="scale(.1)" fill="#fff" textLength="350">
+      grown
+    </text>
+  </g>
+</svg>
+
+`
+
+exports['The badge generator "for-the-badge" template badge generation should match snapshots: message with custom suffix 1'] = `
+<svg
+  xmlns="http://www.w3.org/2000/svg"
+  xmlns:xlink="http://www.w3.org/1999/xlink"
+  width="163.75"
+  height="28"
+  role="img"
+  aria-label="CACTUS: GROWN"
+>
+  <title>CACTUS: GROWN</title>
+  <g shape-rendering="crispEdges">
+    <rect width="89.5" height="28" fill="#0f0" />
+    <rect x="89.5" width="74.25" height="28" fill="#b3e" />
+  </g>
+  <g
+    fill="#fff"
+    text-anchor="middle"
+    font-family="Verdana,Geneva,DejaVu Sans,sans-serif"
+    text-rendering="geometricPrecision"
+    font-size="100"
+  >
+    <image
+      x="9"
+      y="7"
+      width="14"
+      height="14"
+      xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxu"
+    />
+    <text transform="scale(.1)" x="532.5" y="175" textLength="485" fill="#fff">
+      CACTUS
+    </text>
+    <text
+      transform="scale(.1)"
+      x="1266.25"
+      y="175"
+      textLength="502.5"
+      fill="#fff"
+      font-weight="bold"
+    >
+      GROWN
+    </text>
+  </g>
+</svg>
+
+`
+
+exports['The badge generator "social" template badge generation should match snapshots: message with custom suffix 1'] = `
+<svg
+  xmlns="http://www.w3.org/2000/svg"
+  xmlns:xlink="http://www.w3.org/1999/xlink"
+  width="112"
+  height="20"
+  role="img"
+  aria-label="Cactus: grown"
+>
+  <title>Cactus: grown</title>
+  <style>
+    a:hover #llink1 {
+      fill: url(#b1);
+      stroke: #ccc;
+    }
+    a:hover #rlink1 {
+      fill: #4183c4;
+    }
+  </style>
+  <linearGradient id="a1" x2="0" y2="100%">
+    <stop offset="0" stop-color="#fcfcfc" stop-opacity="0" />
+    <stop offset="1" stop-opacity=".1" />
+  </linearGradient>
+  <linearGradient id="b1" x2="0" y2="100%">
+    <stop offset="0" stop-color="#ccc" stop-opacity=".1" />
+    <stop offset="1" stop-opacity=".1" />
+  </linearGradient>
+  <g stroke="#d5d5d5">
+    <rect
+      stroke="none"
+      fill="#fcfcfc"
+      x="0.5"
+      y="0.5"
+      width="64"
+      height="19"
+      rx="2"
+    />
+    <rect x="70.5" y="0.5" width="41" height="19" rx="2" fill="#fafafa" />
+    <rect x="70" y="7.5" width="0.5" height="5" stroke="#fafafa" />
+    <path d="M70.5 6.5 l-3 3v1 l3 3" stroke="d5d5d5" fill="#fafafa" />
+  </g>
+  <image
+    x="5"
+    y="3"
+    width="14"
+    height="14"
+    xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxu"
+  />
+  <g
+    aria-hidden="true"
+    fill="#333"
+    text-anchor="middle"
+    font-family="Helvetica Neue,Helvetica,Arial,sans-serif"
+    text-rendering="geometricPrecision"
+    font-weight="700"
+    font-size="110px"
+    line-height="14px"
+  >
+    <rect
+      id="llink1"
+      stroke="#d5d5d5"
+      fill="url(#a1)"
+      x=".5"
+      y=".5"
+      width="64"
+      height="19"
+      rx="2"
+    />
+    <text
+      aria-hidden="true"
+      x="405"
+      y="150"
+      fill="#fff"
+      transform="scale(.1)"
+      textLength="370"
+    >
+      Cactus
+    </text>
+    <text x="405" y="140" transform="scale(.1)" textLength="370">Cactus</text>
+    <text
+      aria-hidden="true"
+      x="905"
+      y="150"
+      fill="#fff"
+      transform="scale(.1)"
+      textLength="330"
+    >
+      grown
+    </text>
+    <text id="rlink1" x="905" y="140" transform="scale(.1)" textLength="330">
+      grown
+    </text>
+  </g>
+</svg>
+
+`
--- a/app.json
+++ b/app.json
@@ -1,56 +0,0 @@
-{
-  "name": "Shields",
-  "description": "Concise, consistent, and legible badges in SVG and raster format.",
-  "keywords": ["badge", "github", "svg", "status"],
-  "website": "https://shields.io/",
-  "repository": "https://github.com/badges/shields",
-  "logo": "https://shields.io/favicon.png",
-  "env": {
-    "CYPRESS_INSTALL_BINARY": {
-      "description": "Disable the cypress binary installation",
-      "value": "0",
-      "required": false
-    },
-    "HUSKY_SKIP_INSTALL": {
-      "description": "Skip the husky git hook setup",
-      "value": "1",
-      "required": false
-    },
-    "WHEELMAP_TOKEN": {
-      "description": "Configure the token to be used for the Wheelmap service.",
-      "required": false
-    },
-    "GH_TOKEN": {
-      "description": "Configure the token to be used for the GitHub services.",
-      "required": false
-    },
-    "TWITCH_CLIENT_ID": {
-      "description": "Configure the client id to be used for the Twitch service.",
-      "required": false
-    },
-    "TWITCH_CLIENT_SECRET": {
-      "description": "Configure the client secret to be used for the Twitch service.",
-      "required": false
-    },
-    "WEBLATE_API_KEY": {
-      "description": "Configure the API key to be used for the Weblate service.",
-      "required": false
-    },
-    "METRICS_INFLUX_ENABLED": {
-      "description": "Disable influx metrics",
-      "value": "false",
-      "required": false
-    },
-    "REQUIRE_CLOUDFLARE": {
-      "description": "Allow direct traffic",
-      "value": "false",
-      "required": false
-    }
-  },
-  "formation": {
-    "web": {
-      "quantity": 1,
-      "size": "free"
-    }
-  }
-}
--- a/badge-maker/CHANGELOG.md
+++ b/badge-maker/CHANGELOG.md
@@ -1,9 +1,21 @@
 # Changelog

-## 4.0.0 [WIP]
+## 4.1.0
+
+### Features
+
+- Add `idSuffix` param. This can be used to ensure every element id within the SVG is unique
+
+## 4.0.0
+
+### Breaking Changes

 - Drop compatibility with Node < 16

+### Features
+
+- Add `links` and `logoBase64` params
+
 ## 3.3.1

 - Improve font measuring in for-the-badge and social styles
--- a/badge-maker/README.md
+++ b/badge-maker/README.md
@@ -16,7 +16,7 @@ npm install badge-maker

 ```sh
 npm install -g badge-maker
-badge build passed :green > mybadge.svg
+badge build passed :brightgreen > mybadge.svg
 ```

 ### As a library
@@ -37,7 +37,7 @@ import { makeBadge, ValidationError } from 'badge-maker'
 const format = {
  label: 'build',
  message: 'passed',
-  color: 'green',
+  color: 'brightgreen',
 }

 const svg = makeBadge(format)
@@ -67,10 +67,17 @@ The format is the following:
  message: 'passed',  // (Required) Badge message
  labelColor: '#555',  // (Optional) Label color
  color: '#4c1',  // (Optional) Message color
+  logoBase64: 'data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI2NCIgaGVpZ2h0PSI2NCI+PHJlY3Qgd2lkdGg9IjY0IiBoZWlnaHQ9IjY0IiByeD0iOCIgZmlsbD0iI2IxY2U1NiIvPjxwYXRoIGQ9Ik04IDBoMjR2NjRIOGMtNC40MzIgMC04LTMuNTY4LTgtOFY4YzAtNC40MzIgMy41NjgtOCA4LTh6IiBmaWxsPSIjNWQ1ZDVkIi8+PC9zdmc+' // (Optional) Any custom logo can be passed in a URL parameter by base64 encoding
+  links: ['https://example.com', 'https://example.com'], // (Optional) Links array of maximum two links

  // (Optional) One of: 'plastic', 'flat', 'flat-square', 'for-the-badge' or 'social'
  // Each offers a different visual design.
  style: 'flat',
+
+  // (Optional) A string with only letters, numbers, -, and _. This can be used
+  // to ensure every element id within the SVG is unique and prevent CSS
+  // cross-contamination when the SVG badge is rendered inline in HTML pages.
+  idSuffix: 'dd'
 }
 ```

--- a/badge-maker/index.d.ts
+++ b/badge-maker/index.d.ts
@@ -4,6 +4,9 @@ interface Format {
  labelColor?: string
  color?: string
  style?: 'plastic' | 'flat' | 'flat-square' | 'for-the-badge' | 'social'
+  logoBase64?: string
+  links?: Array<string>
+  idSuffix?: string
 }

 export declare class ValidationError extends Error {}
--- a/badge-maker/lib/badge-renderers.js
+++ b/badge-maker/lib/badge-renderers.js
@@ -128,6 +128,7 @@ class Badge {
    logoPadding,
    color = '#4c1',
    labelColor,
+    idSuffix = '',
  }) {
    const horizPadding = 5
    const hasLogo = !!logo
@@ -178,6 +179,7 @@ class Badge {
    this.label = label
    this.message = message
    this.accessibleText = accessibleText
+    this.idSuffix = idSuffix

    this.logoElement = getLogoElement({
      logo,
@@ -286,7 +288,7 @@ class Badge {
          },
        }),
      ],
-      attrs: { id: 'r' },
+      attrs: { id: `r${this.idSuffix}` },
    })
  }

@@ -313,7 +315,7 @@ class Badge {
      attrs: {
        width: this.width,
        height: this.constructor.height,
-        fill: 'url(#s)',
+        fill: `url(#s${this.idSuffix})`,
      },
    })
    const content = withGradient
@@ -379,14 +381,14 @@ class Plastic extends Badge {
          attrs: { offset: 1, 'stop-color': '#000', 'stop-opacity': '.5' },
        }),
      ],
-      attrs: { id: 's', x2: 0, y2: '100%' },
+      attrs: { id: `s${this.idSuffix}`, x2: 0, y2: '100%' },
    })

    const clipPath = this.getClipPathElement(4)

    const backgroundGroup = this.getBackgroundGroupElement({
      withGradient: true,
-      attrs: { 'clip-path': 'url(#r)' },
+      attrs: { 'clip-path': `url(#r${this.idSuffix})` },
    })

    return renderBadge(
@@ -428,14 +430,14 @@ class Flat extends Badge {
          attrs: { offset: 1, 'stop-opacity': '.1' },
        }),
      ],
-      attrs: { id: 's', x2: 0, y2: '100%' },
+      attrs: { id: `s${this.idSuffix}`, x2: 0, y2: '100%' },
    })

    const clipPath = this.getClipPathElement(3)

    const backgroundGroup = this.getBackgroundGroupElement({
      withGradient: true,
-      attrs: { 'clip-path': 'url(#r)' },
+      attrs: { 'clip-path': `url(#r${this.idSuffix})` },
    })

    return renderBadge(
@@ -492,6 +494,7 @@ function social({
  logoPadding,
  color = '#4c1',
  labelColor = '#555',
+  idSuffix = '',
 }) {
  // Social label is styled with a leading capital. Convert to caps here so
  // width can be measured using the correct characters.
@@ -565,9 +568,9 @@ function social({
    const rect = new XmlElement({
      name: 'rect',
      attrs: {
-        id: 'llink',
+        id: `llink${idSuffix}`,
        stroke: '#d5d5d5',
-        fill: 'url(#a)',
+        fill: `url(#a${idSuffix})`,
        x: '.5',
        y: '.5',
        width: labelRectWidth,
@@ -640,7 +643,7 @@ function social({
      name: 'text',
      content: [message],
      attrs: {
-        id: 'rlink',
+        id: `rlink${idSuffix}`,
        x: messageTextX,
        y: 140,
        transform: FONT_SCALE_DOWN_VALUE,
@@ -660,7 +663,7 @@ function social({
  const style = new XmlElement({
    name: 'style',
    content: [
-      'a:hover #llink{fill:url(#b);stroke:#ccc}a:hover #rlink{fill:#4183c4}',
+      `a:hover #llink${idSuffix}{fill:url(#b${idSuffix});stroke:#ccc}a:hover #rlink${idSuffix}{fill:#4183c4}`,
    ],
  })
  const gradients = new ElementList({
@@ -681,7 +684,7 @@ function social({
            attrs: { offset: 1, 'stop-opacity': '.1' },
          }),
        ],
-        attrs: { id: 'a', x2: 0, y2: '100%' },
+        attrs: { id: `a${idSuffix}`, x2: 0, y2: '100%' },
      }),
      new XmlElement({
        name: 'linearGradient',
@@ -695,7 +698,7 @@ function social({
            attrs: { offset: 1, 'stop-opacity': '.1' },
          }),
        ],
-        attrs: { id: 'b', x2: 0, y2: '100%' },
+        attrs: { id: `b${idSuffix}`, x2: 0, y2: '100%' },
      }),
    ],
  })
--- a/badge-maker/lib/color.js
+++ b/badge-maker/lib/color.js
@@ -49,7 +49,7 @@ function normalizeColor(color) {
  } else if (color in aliases) {
    return aliases[color]
  } else if (isHexColor(color)) {
-    return `#${color.toLowerCase()}`
+    return `#${color.toString().toLowerCase()}`
  } else if (isCSSColor(color)) {
    return color.toLowerCase()
  } else {
--- a/badge-maker/lib/color.spec.js
+++ b/badge-maker/lib/color.spec.js
@@ -27,6 +27,8 @@ test(normalizeColor, () => {
  given('blue').expect('blue')
  given('4c1').expect('#4c1')
  given('f00f00').expect('#f00f00')
+  given('111111').expect('#111111')
+  given(111111).expect('#111111')
  given('ABC123').expect('#abc123')
  given('#ccc').expect('#ccc')
  given('#fffe').expect('#fffe')
--- a/badge-maker/lib/constants.js
+++ b/badge-maker/lib/constants.js
@@ -0,0 +1,5 @@
+const DEFAULT_LOGO_HEIGHT = 14
+
+module.exports = {
+  DEFAULT_LOGO_HEIGHT,
+}
--- a/badge-maker/lib/index.js
+++ b/badge-maker/lib/index.js
@@ -16,13 +16,30 @@ function _validate(format) {
    throw new ValidationError('Field `message` is required')
  }

-  const stringFields = ['labelColor', 'color', 'message', 'label']
+  const stringFields = ['labelColor', 'color', 'message', 'label', 'logoBase64']
  stringFields.forEach(function (field) {
    if (field in format && typeof format[field] !== 'string') {
      throw new ValidationError(`Field \`${field}\` must be of type string`)
    }
  })

+  if ('links' in format) {
+    if (!Array.isArray(format.links)) {
+      throw new ValidationError('Field `links` must be an array of strings')
+    } else {
+      if (format.links.length > 2) {
+        throw new ValidationError(
+          'Field `links` must not have more than 2 elements',
+        )
+      }
+      format.links.forEach(function (field) {
+        if (typeof field !== 'string') {
+          throw new ValidationError('Field `links` must be an array of strings')
+        }
+      })
+    }
+  }
+
  const styleValues = [
    'plastic',
    'flat',
@@ -35,14 +52,30 @@ function _validate(format) {
      `Field \`style\` must be one of (${styleValues.toString()})`,
    )
  }
+  if ('idSuffix' in format && !/^[a-zA-Z0-9\-_]*$/.test(format.idSuffix)) {
+    throw new ValidationError(
+      'Field `idSuffix` must contain only numbers, letters, -, and _',
+    )
+  }
 }

 function _clean(format) {
-  const expectedKeys = ['label', 'message', 'labelColor', 'color', 'style']
+  const expectedKeys = [
+    'label',
+    'message',
+    'labelColor',
+    'color',
+    'style',
+    'logoBase64',
+    'links',
+    'idSuffix',
+  ]

  const cleaned = {}
  Object.keys(format).forEach(key => {
-    if (format[key] != null && expectedKeys.includes(key)) {
+    if (format[key] != null && key === 'logoBase64') {
+      cleaned.logo = format[key]
+    } else if (format[key] != null && expectedKeys.includes(key)) {
      cleaned[key] = format[key]
    } else {
      throw new ValidationError(
@@ -65,7 +98,10 @@ function _clean(format) {
 * @param {string} format.message (Required) Badge message (e.g: 'passing')
 * @param {string} format.labelColor (Optional) Label color
 * @param {string} format.color (Optional) Message color
- * @param {string} format.style (Optional) Visual style e.g: 'flat'
+ * @param {string} format.style (Optional) Visual style (e.g: 'flat')
+ * @param {string} format.logoBase64 (Optional) Logo data URL
+ * @param {Array} format.links (Optional) Links array (e.g: ['https://example.com', 'https://example.com'])
+ * @param {string} format.idSuffix (Optional) Suffix for IDs, e.g. 1, 2, and 3 for three invocations that will be used on the same page.
 * @returns {string} Badge in SVG format
 * @see https://github.com/badges/shields/tree/master/badge-maker/README.md
 */
--- a/badge-maker/lib/index.spec.js
+++ b/badge-maker/lib/index.spec.js
@@ -25,6 +25,21 @@ describe('makeBadge function', function () {
        style: 'flat',
      }),
    ).to.satisfy(isSvg)
+    expect(
+      makeBadge({
+        label: 'build',
+        message: 'passed',
+        color: 'green',
+        style: 'flat',
+        labelColor: 'blue',
+        logoBase64: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        links: ['https://example.com', 'https://example.com'],
+      }),
+    )
+      .to.satisfy(isSvg)
+      // explicitly make an assertion about logoBase64
+      // this param is not a straight passthrough
+      .and.to.include('data:image/svg+xml;base64,PHN2ZyB4bWxu')
  })

  it('should throw a ValidationError with invalid inputs', function () {
@@ -46,6 +61,21 @@ describe('makeBadge function', function () {
    expect(() =>
      makeBadge({ label: 'build', message: 'passed', labelColor: 7 }),
    ).to.throw(ValidationError, 'Field `labelColor` must be of type string')
+    expect(() =>
+      makeBadge({ label: 'build', message: 'passed', logoBase64: 7 }),
+    ).to.throw(ValidationError, 'Field `logoBase64` must be of type string')
+    expect(() =>
+      makeBadge({ label: 'build', message: 'passed', links: 'test' }),
+    ).to.throw(ValidationError, 'Field `links` must be an array of strings')
+    expect(() =>
+      makeBadge({ label: 'build', message: 'passed', links: [1] }),
+    ).to.throw(ValidationError, 'Field `links` must be an array of strings')
+    expect(() =>
+      makeBadge({ label: 'build', message: 'passed', links: ['1', '2', '3'] }),
+    ).to.throw(
+      ValidationError,
+      'Field `links` must not have more than 2 elements',
+    )
    expect(() =>
      makeBadge({ label: 'build', message: 'passed', format: 'png' }),
    ).to.throw(ValidationError, "Unexpected field 'format'")
@@ -71,5 +101,11 @@ describe('makeBadge function', function () {
      ValidationError,
      'Field `style` must be one of (plastic,flat,flat-square,for-the-badge,social)',
    )
+    expect(() =>
+      makeBadge({ label: 'build', message: 'passed', idSuffix: '\\' }),
+    ).to.throw(
+      ValidationError,
+      'Field `idSuffix` must contain only numbers, letters, -, and _',
+    )
  })
 })
--- a/badge-maker/lib/make-badge.js
+++ b/badge-maker/lib/make-badge.js
@@ -3,6 +3,7 @@
 const { normalizeColor, toSvgColor } = require('./color')
 const badgeRenderers = require('./badge-renderers')
 const { stripXmlWhitespace } = require('./xml')
+const { DEFAULT_LOGO_HEIGHT } = require('./constants')

 /*
 note: makeBadge() is fairly thinly wrapped so if we are making changes here
@@ -16,9 +17,10 @@ module.exports = function makeBadge({
  color,
  labelColor,
  logo,
-  logoPosition,
+  logoSize,
  logoWidth,
  links = ['', ''],
+  idSuffix,
 }) {
  // String coercion and whitespace removal.
  label = `${label}`.trim()
@@ -37,6 +39,7 @@ module.exports = function makeBadge({
      link: links,
      name: label,
      value: message,
+      idSuffix,
    })
  }

@@ -45,7 +48,7 @@ module.exports = function makeBadge({
    throw new Error(`Unknown badge style: '${style}'`)
  }

-  logoWidth = +logoWidth || (logo ? 14 : 0)
+  logoWidth = +logoWidth || (logo ? DEFAULT_LOGO_HEIGHT : 0)

  return stripXmlWhitespace(
    render({
@@ -53,11 +56,12 @@ module.exports = function makeBadge({
      message,
      links,
      logo,
-      logoPosition,
      logoWidth,
+      logoSize,
      logoPadding: logo && label.length ? 3 : 0,
      color: toSvgColor(color),
      labelColor: toSvgColor(labelColor),
+      idSuffix,
    }),
  )
 }
--- a/badge-maker/lib/make-badge.spec.js
+++ b/badge-maker/lib/make-badge.spec.js
@@ -167,6 +167,18 @@ describe('The badge generator', function () {
      })
    })

+    it('should match snapshots: message with custom suffix', async function () {
+      await expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        idSuffix: '1',
+      })
+    })
+
    it('should match snapshots: message only, no logo', async function () {
      await expectBadgeToMatchSnapshot({
        label: '',
@@ -259,6 +271,19 @@ describe('The badge generator', function () {
      })
    })

+    it('should match snapshots: message with custom suffix', async function () {
+      await expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'flat-square',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        idSuffix: '1',
+      })
+    })
+
    it('should match snapshots: message only, no logo', async function () {
      await expectBadgeToMatchSnapshot({
        label: '',
@@ -351,6 +376,19 @@ describe('The badge generator', function () {
      })
    })

+    it('should match snapshots: message with custom suffix', async function () {
+      await expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'plastic',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        idSuffix: '1',
+      })
+    })
+
    it('should match snapshots: message only, no logo', async function () {
      await expectBadgeToMatchSnapshot({
        label: '',
@@ -470,6 +508,19 @@ describe('The badge generator', function () {
      })
    })

+    it('should match snapshots: message with custom suffix', async function () {
+      await expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'for-the-badge',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        idSuffix: '1',
+      })
+    })
+
    it('should match snapshots: message only, no logo', async function () {
      await expectBadgeToMatchSnapshot({
        label: '',
@@ -589,6 +640,19 @@ describe('The badge generator', function () {
      })
    })

+    it('should match snapshots: message with custom suffix', async function () {
+      await expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'social',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        idSuffix: '1',
+      })
+    })
+
    it('should match snapshots: message only, no logo', async function () {
      await expectBadgeToMatchSnapshot({
        label: '',
--- a/badge-maker/package.json
+++ b/badge-maker/package.json
@@ -1,6 +1,6 @@
 {
  "name": "badge-maker",
-  "version": "3.3.1",
+  "version": "4.1.0",
  "description": "Shields.io badge library",
  "keywords": [
    "GitHub",
--- a/config/custom-environment-variables.yml
+++ b/config/custom-environment-variables.yml
@@ -35,6 +35,8 @@ public:
      authorizedOrigins: 'BITBUCKET_SERVER_ORIGINS'
    drone:
      authorizedOrigins: 'DRONE_ORIGINS'
+    gitea:
+      authorizedOrigins: 'GITEA_ORIGINS'
    github:
      baseUri: 'GITHUB_URL'
      debug:
@@ -52,6 +54,8 @@ public:
      authorizedOrigins: 'NPM_ORIGINS'
    obs:
      authorizedOrigins: 'OBS_ORIGINS'
+    pypi:
+      baseUri: 'PYPI_URL'
    sonar:
      authorizedOrigins: 'SONAR_ORIGINS'
    teamcity:
@@ -82,6 +86,7 @@ private:
  dockerhub_username: 'DOCKERHUB_USER'
  dockerhub_pat: 'DOCKERHUB_PAT'
  drone_token: 'DRONE_TOKEN'
+  gitea_token: 'GITEA_TOKEN'
  gh_client_id: 'GH_CLIENT_ID'
  gh_client_secret: 'GH_CLIENT_SECRET'
  gh_token: 'GH_TOKEN'
@@ -109,7 +114,6 @@ private:
  teamcity_pass: 'TEAMCITY_PASS'
  twitch_client_id: 'TWITCH_CLIENT_ID'
  twitch_client_secret: 'TWITCH_CLIENT_SECRET'
-  wheelmap_token: 'WHEELMAP_TOKEN'
  influx_username: 'INFLUX_USERNAME'
  influx_password: 'INFLUX_PASSWORD'
  weblate_api_key: 'WEBLATE_API_KEY'
--- a/config/default.yml
+++ b/config/default.yml
@@ -22,6 +22,8 @@ public:
      restApiVersion: '2022-11-28'
    obs:
      authorizedOrigins: 'https://api.opensuse.org'
+    pypi:
+      baseUri: 'https://pypi.org'
    weblate:
      authorizedOrigins: 'https://hosted.weblate.org'
    trace: false
--- a/core/base-service/base-static.js
+++ b/core/base-service/base-static.js
@@ -47,7 +47,11 @@ export default class BaseStaticService extends BaseService {
      const format = (match.slice(-1)[0] || '.svg').replace(/^\./, '')
      badgeData.format = format

-      setCacheHeadersForStaticResource(ask.res)
+      let maxAge = 24 * 3600 // 1 day
+      if (!queryParams.logo && !badgeData.isError) {
+        maxAge = 5 * 24 * 3600 // 5 days
+      }
+      setCacheHeadersForStaticResource(ask.res, maxAge)

      const svg = makeBadge(badgeData)
      makeSend(format, ask.res, end)(svg)
--- a/core/base-service/base.js
+++ b/core/base-service/base.js
@@ -19,7 +19,6 @@ import {
  InvalidParameter,
  Deprecated,
 } from './errors.js'
-import { validateExample, transformExample } from './examples.js'
 import { fetch } from './got.js'
 import { getEnum } from './openapi.js'
 import {
@@ -67,7 +66,6 @@ const serviceDataSchema = Joi.object({
  logoSvg: Joi.string(),
  logoColor: optionalStringWhenNamedLogoPresent,
  logoWidth: optionalNumberWhenAnyLogoPresent,
-  logoPosition: optionalNumberWhenAnyLogoPresent,
  cacheSeconds: Joi.number().integer().min(0),
  style: Joi.string(),
 })
@@ -144,31 +142,14 @@ class BaseService {
  static auth = undefined

  /**
-   * Array of Example objects describing example URLs for this service.
-   * These should use the format specified in `route`,
-   * and can be used to demonstrate how to use badges for this service.
-   *
-   * The preferred way to specify an example is with `namedParams` which are
-   * substituted into the service's compiled route pattern. The rendered badge
-   * is specified with `staticPreview`.
-   *
-   * For services which use a route `format`, the `pattern` can be specified as
-   * part of the example.
-   *
-   * @see {@link module:core/base-service/base~Example}
-   * @abstract
-   * @type {module:core/base-service/base~Example[]}
-   */
-  static examples = []
-
-  /**
-   * Optional: an OpenAPI Paths Object describing this service's
+   * An OpenAPI Paths Object describing this service's
   * route or routes in OpenAPI format.
   *
-   * @see https://swagger.io/specification/#paths-object
   * @abstract
+   * @see https://swagger.io/specification/#paths-object
+   * @type {module:core/base-service/service-definitions~openApiSchema}
   */
-  static openApi = undefined
+  static openApi = {}

  static get _cacheLength() {
    const cacheLengths = {
@@ -207,23 +188,17 @@ class BaseService {
      `Default badge data for ${this.name}`,
    )

-    this.examples.forEach((example, index) =>
-      validateExample(example, index, this),
-    )
-
    // ensure openApi spec matches route
-    if (this.openApi) {
-      const preparedRoute = prepareRoute(this.route)
-      for (const [key, value] of Object.entries(this.openApi)) {
-        let example = key
-        for (const param of value.get.parameters) {
-          example = example.replace(`{${param.name}}`, param.example)
-        }
-        if (!example.match(preparedRoute.regex)) {
-          throw new Error(
-            `Inconsistent Open Api spec and Route found for service ${this.name}`,
-          )
-        }
+    const preparedRoute = prepareRoute(this.route)
+    for (const [key, value] of Object.entries(this.openApi)) {
+      let example = key
+      for (const param of value.get.parameters) {
+        example = example.replace(`{${param.name}}`, param.example)
+      }
+      if (!example.match(preparedRoute.regex)) {
+        throw new Error(
+          `Inconsistent Open Api spec and Route found for service ${this.name}`,
+        )
      }
    }
  }
@@ -233,10 +208,6 @@ class BaseService {
    const { base, format, pattern } = this.route
    const queryParams = getQueryParamNames(this.route)

-    const examples = this.examples.map((example, index) =>
-      transformExample(example, index, this),
-    )
-
    let route
    if (pattern) {
      route = { pattern: makeFullUrl(base, pattern), queryParams }
@@ -246,7 +217,7 @@ class BaseService {
      route = undefined
    }

-    const result = { category, name, isDeprecated, route, examples, openApi }
+    const result = { category, name, isDeprecated, route, openApi }

    assertValidServiceDefinition(result, `getDefinition() for ${this.name}`)

@@ -597,9 +568,11 @@ class BaseService {
 *    receives numeric can use `Joi.string()`. A boolean
 *    parameter should use `Joi.equal('')` and will receive an
 *    empty string on e.g. `?compact_message` and undefined
- *    when the parameter is absent. (Note that in,
- *    `examples.queryParams` boolean query params should be given
- *    `null` values.)
+ *    when the parameter is absent. In the OpenApi definitions,
+ *    this type of param should be documented as
+ *    queryParam({
+ *      name: 'compact_message', schema: { type: 'boolean' }, example: null
+ *    })
 */

 /**
@@ -614,30 +587,4 @@ class BaseService {
 *    configured credentials are present.
 */

-/**
- * @typedef {object} Example
- * @property {string} title
- *    Descriptive text that will be shown next to the badge. The default
- *    is to use the service class name, which probably is not what you want.
- * @property {object} namedParams
- *    An object containing the values of named parameters to
- *    substitute into the compiled route pattern.
- * @property {object} queryParams
- *    An object containing query parameters to include in the
- *    example URLs. For alphanumeric query parameters, specify a string value.
- *    For boolean query parameters, specify `null`.
- * @property {string} pattern
- *    The route pattern to compile. Defaults to `this.route.pattern`.
- * @property {object} staticPreview
- *    A rendered badge of the sort returned by `handle()` or
- *    `render()`: an object containing `message` and optional `label` and
- *    `color`. This is usually generated by invoking `this.render()` with some
- *    explicit props.
- * @property {string[]} keywords
- *    Additional keywords, other than words in the title. This helps
- *    users locate relevant badges.
- * @property {string} documentation
- *    An HTML string that is included in the badge popup.
- */
-
 export default BaseService
--- a/core/base-service/base.spec.js
+++ b/core/base-service/base.spec.js
@@ -4,6 +4,7 @@ import sinon from 'sinon'
 import prometheus from 'prom-client'
 import chaiAsPromised from 'chai-as-promised'
 import PrometheusMetrics from '../server/prometheus-metrics.js'
+import { pathParam, queryParam } from './openapi.js'
 import trace from './trace.js'
 import {
  NotFound,
@@ -31,14 +32,17 @@ class DummyService extends BaseService {
  static category = 'other'
  static route = { base: 'foo', pattern: ':namedParamA', queryParamSchema }

-  static examples = [
-    {
-      pattern: ':world',
-      namedParams: { world: 'World' },
-      staticPreview: this.render({ namedParamA: 'foo', queryParamA: 'bar' }),
-      keywords: ['hello'],
+  static openApi = {
+    '/foo/{namedParamA}': {
+      get: {
+        summary: 'Dummy Service',
+        parameters: [
+          pathParam({ name: 'namedParamA', example: 'foo' }),
+          queryParam({ name: 'queryParamA', example: 'bar' }),
+        ],
+      },
    },
-  ]
+  }

  static defaultBadgeData = { label: 'cat', namedLogo: 'appveyor' }

@@ -373,7 +377,7 @@ describe('BaseService', function () {
        namedLogo: undefined,
        logo: undefined,
        logoWidth: undefined,
-        logoPosition: undefined,
+        logoSize: undefined,
        links: [],
        labelColor: undefined,
        cacheLengthSeconds: undefined,
@@ -383,7 +387,7 @@ describe('BaseService', function () {

  describe('getDefinition', function () {
    it('returns the expected result', function () {
-      const { category, name, isDeprecated, route, examples } =
+      const { category, name, isDeprecated, route, openApi } =
        DummyService.getDefinition()
      expect({
        category,
@@ -400,7 +404,7 @@ describe('BaseService', function () {
        },
      })
      // The in-depth tests for examples reside in examples.spec.js
-      expect(examples).to.have.lengthOf(1)
+      expect(Object.keys(openApi)).to.have.lengthOf(1)
    })
  })

--- a/core/base-service/cache-headers.js
+++ b/core/base-service/cache-headers.js
@@ -90,8 +90,11 @@ function setCacheHeaders({
  setHeadersForCacheLength(res, cacheLengthSeconds)
 }

-const staticCacheControlHeader = `max-age=${24 * 3600}, s-maxage=${24 * 3600}` // 1 day.
-function setCacheHeadersForStaticResource(res) {
+function setCacheHeadersForStaticResource(
+  res,
+  maxAge = 24 * 3600, // 1 day
+) {
+  const staticCacheControlHeader = `max-age=${maxAge}, s-maxage=${maxAge}`
  res.setHeader('Cache-Control', staticCacheControlHeader)
  res.setHeader('Last-Modified', serverStartTimeGMTString)
 }
--- a/core/base-service/check-error-response.js
+++ b/core/base-service/check-error-response.js
@@ -6,6 +6,8 @@ const defaultErrorMessages = {
  429: 'rate limited by upstream service',
 }

+const headersToInclude = ['cf-ray']
+
 export default function checkErrorResponse(httpErrors = {}, logErrors = [429]) {
  return async function ({ buffer, res }) {
    let error
@@ -28,7 +30,17 @@ export default function checkErrorResponse(httpErrors = {}, logErrors = [429]) {
    }

    if (logErrors.includes(res.statusCode)) {
-      log.error(new Error(`${res.statusCode} calling ${res.requestUrl.origin}`))
+      const tags = {}
+      for (const headerKey of headersToInclude) {
+        const headerValue = res.headers[headerKey]
+        if (headerValue) {
+          tags[`header-${headerKey}`] = headerValue
+        }
+      }
+      log.error(
+        new Error(`${res.statusCode} calling ${res.requestUrl.origin}`),
+        tags,
+      )
    }

    if (error) {
--- a/core/base-service/check-error-response.spec.js
+++ b/core/base-service/check-error-response.spec.js
@@ -47,7 +47,11 @@ describe('async error handler', function () {

  context('when status is 429', function () {
    const buffer = Buffer.from('some stuff')
-    const res = { statusCode: 429, requestUrl: new URL('https://example.com/') }
+    const res = {
+      statusCode: 429,
+      headers: { 'some-key': 'some-value' },
+      requestUrl: new URL('https://example.com/'),
+    }

    it('throws InvalidResponse', async function () {
      try {
--- a/core/base-service/coalesce-badge.js
+++ b/core/base-service/coalesce-badge.js
@@ -2,7 +2,8 @@ import {
  decodeDataUrlFromQueryParam,
  prepareNamedLogo,
 } from '../../lib/logos.js'
-import { svg2base64 } from '../../lib/svg-helpers.js'
+import { svg2base64, getIconSize } from '../../lib/svg-helpers.js'
+import { DEFAULT_LOGO_HEIGHT } from '../../badge-maker/lib/constants.js'
 import coalesce from './coalesce.js'
 import toArray from './to-array.js'

@@ -16,15 +17,12 @@ import toArray from './to-array.js'
 //
 // Logos are resolved in this manner:
 //
-// 1. When `?logo=` contains a named logo or the name of one of the Shields
-//    logos or contains base64-encoded SVG, that logo is used. When a
-//    `&logoColor=` is specified, that color is used (except for the
-//    base64-encoded logos). Otherwise the default color is used. If the color
-//    is specified for a multicolor Shield logo, the named logo will be used and
-//    colored. The appearance of the logo can be customized using `logoWidth`,
-//    and in the case of the popout badge, `logoPosition`. When `?logo=` is
-//    specified, any logo-related parameters specified dynamically by the
-//    service, or by default in the service, are ignored.
+// 1. When `?logo=` contains a simple-icons logo or contains a base64-encoded
+//    SVG, that logo is used. When a `&logoColor=` is specified, that color is
+//    used (except for the base64-encoded logos). Otherwise the default color
+//    is used. The appearance of the logo can be customized using `logoWidth`,
+//    When `?logo=` is specified, any logo-related parameters specified
+//    dynamically by the service, or by default in the service, are ignored.
 // 2. The second precedence is the dynamic logo returned by a service. This is
 //    used only by the Endpoint badge. The `logoColor` can be overridden by the
 //    query string.
@@ -55,7 +53,7 @@ export default function coalesceBadge(
  } = overrides
  let {
    logoWidth: overrideLogoWidth,
-    logoPosition: overrideLogoPosition,
+    logoSize: overrideLogoSize,
    color: overrideColor,
    labelColor: overrideLabelColor,
  } = overrides
@@ -76,7 +74,6 @@ export default function coalesceBadge(
    overrideLabelColor = `${overrideLabelColor}`
  }
  overrideLogoWidth = +overrideLogoWidth || undefined
-  overrideLogoPosition = +overrideLogoPosition || undefined

  const {
    isError,
@@ -87,8 +84,8 @@ export default function coalesceBadge(
    logoSvg: serviceLogoSvg,
    namedLogo: serviceNamedLogo,
    logoColor: serviceLogoColor,
+    logoSize: serviceLogoSize,
    logoWidth: serviceLogoWidth,
-    logoPosition: serviceLogoPosition,
    link: serviceLink,
    cacheSeconds: serviceCacheSeconds,
    style: serviceStyle,
@@ -119,7 +116,7 @@ export default function coalesceBadge(
    style = 'flat'
  }

-  let namedLogo, namedLogoColor, logoWidth, logoPosition, logoSvgBase64
+  let namedLogo, namedLogoColor, logoSize, logoWidth, logoSvgBase64
  if (overrideLogo) {
    // `?logo=` could be a named logo or encoded svg.
    const overrideLogoSvgBase64 = decodeDataUrlFromQueryParam(overrideLogo)
@@ -133,8 +130,8 @@ export default function coalesceBadge(
    }
    // If the logo has been overridden it does not make sense to inherit the
    // original width or position.
+    logoSize = overrideLogoSize
    logoWidth = overrideLogoWidth
-    logoPosition = overrideLogoPosition
  } else {
    if (serviceLogoSvg) {
      logoSvgBase64 = svg2base64(serviceLogoSvg)
@@ -145,13 +142,20 @@ export default function coalesceBadge(
      )
      namedLogoColor = coalesce(overrideLogoColor, serviceLogoColor)
    }
+    logoSize = coalesce(overrideLogoSize, serviceLogoSize)
    logoWidth = coalesce(overrideLogoWidth, serviceLogoWidth)
-    logoPosition = coalesce(overrideLogoPosition, serviceLogoPosition)
  }
  if (namedLogo) {
+    const iconSize = getIconSize(String(namedLogo).toLowerCase())
+
+    if (!logoWidth && iconSize && logoSize === 'auto') {
+      logoWidth = (iconSize.width / iconSize.height) * DEFAULT_LOGO_HEIGHT
+    }
+
    logoSvgBase64 = prepareNamedLogo({
      name: namedLogo,
      color: namedLogoColor,
+      size: logoSize,
      style,
    })
  }
@@ -178,7 +182,7 @@ export default function coalesceBadge(
    namedLogo,
    logo: logoSvgBase64,
    logoWidth,
-    logoPosition,
+    logoSize,
    links: toArray(overrideLink || serviceLink),
    cacheLengthSeconds: coalesce(serviceCacheSeconds, defaultCacheSeconds),
  }
--- a/core/base-service/coalesce-badge.spec.js
+++ b/core/base-service/coalesce-badge.spec.js
@@ -1,5 +1,5 @@
 import { expect } from 'chai'
-import { getShieldsIcon, getSimpleIcon } from '../../lib/logos.js'
+import { getSimpleIcon } from '../../lib/logos.js'
 import coalesceBadge from './coalesce-badge.js'

 describe('coalesceBadge', function () {
@@ -138,7 +138,7 @@ describe('coalesceBadge', function () {
    })

    it('when a social badge, uses the default named logo', function () {
-      // .not.be.empty for confidence that nothing has changed with `getShieldsIcon()`.
+      // .not.be.empty for confidence that nothing has changed with `getSimpleIcon()`.
      expect(
        coalesceBadge({ style: 'social' }, {}, { namedLogo: 'appveyor' }).logo,
      ).to.equal(getSimpleIcon({ name: 'appveyor' })).and.not.be.empty
@@ -149,93 +149,65 @@ describe('coalesceBadge', function () {
        namedLogo: 'npm',
      })
      expect(coalesceBadge({}, { namedLogo: 'npm' }, {}).logo).to.equal(
-        getShieldsIcon({ name: 'npm' }),
+        getSimpleIcon({ name: 'npm' }),
      ).and.not.to.be.empty
    })

-    it('applies the named monochrome logo with color', function () {
+    it('applies the named logo with color', function () {
      expect(
        coalesceBadge({}, { namedLogo: 'dependabot', logoColor: 'blue' }, {})
          .logo,
-      ).to.equal(getShieldsIcon({ name: 'dependabot', color: 'blue' })).and.not
+      ).to.equal(getSimpleIcon({ name: 'dependabot', color: 'blue' })).and.not
        .to.be.empty
    })

-    it('applies the named multicolored logo with color', function () {
-      expect(
-        coalesceBadge({}, { namedLogo: 'npm', logoColor: 'blue' }, {}).logo,
-      ).to.equal(getSimpleIcon({ name: 'npm', color: 'blue' })).and.not.to.be
-        .empty
-    })
-
    it('overrides the logo', function () {
      expect(
        coalesceBadge({ logo: 'npm' }, { namedLogo: 'appveyor' }, {}).logo,
-      ).to.equal(getShieldsIcon({ name: 'npm' })).and.not.be.empty
+      ).to.equal(getSimpleIcon({ name: 'npm' })).and.not.be.empty
    })

-    it('overrides the monochrome logo with a color', function () {
+    it('overrides the logo with a color', function () {
      expect(
        coalesceBadge(
          { logo: 'dependabot', logoColor: 'blue' },
          { namedLogo: 'appveyor' },
          {},
        ).logo,
-      ).to.equal(getShieldsIcon({ name: 'dependabot', color: 'blue' })).and.not
+      ).to.equal(getSimpleIcon({ name: 'dependabot', color: 'blue' })).and.not
        .be.empty
    })

-    it('overrides multicolored logo with a color', function () {
-      expect(
-        coalesceBadge(
-          { logo: 'npm', logoColor: 'blue' },
-          { namedLogo: 'appveyor' },
-          {},
-        ).logo,
-      ).to.equal(getSimpleIcon({ name: 'npm', color: 'blue' })).and.not.be.empty
-    })
-
-    it("when the logo is overridden, it ignores the service's logo color, position, and width", function () {
+    it("when the logo is overridden, it ignores the service's logo color and width", function () {
      expect(
        coalesceBadge(
          { logo: 'npm' },
          {
            namedLogo: 'appveyor',
            logoColor: 'red',
-            logoPosition: -3,
            logoWidth: 100,
          },
          {},
        ).logo,
-      ).to.equal(getShieldsIcon({ name: 'npm' })).and.not.be.empty
+      ).to.equal(getSimpleIcon({ name: 'npm' })).and.not.be.empty
    })

-    it("overrides the service monochome logo's color", function () {
+    it("overrides the service logo's color", function () {
      expect(
        coalesceBadge(
          { logoColor: 'blue' },
          { namedLogo: 'dependabot', logoColor: 'red' },
          {},
        ).logo,
-      ).to.equal(getShieldsIcon({ name: 'dependabot', color: 'blue' })).and.not
+      ).to.equal(getSimpleIcon({ name: 'dependabot', color: 'blue' })).and.not
        .be.empty
    })

-    it("overrides the service multicolored logo's color", function () {
-      expect(
-        coalesceBadge(
-          { logoColor: 'blue' },
-          { namedLogo: 'npm', logoColor: 'red' },
-          {},
-        ).logo,
-      ).to.equal(getSimpleIcon({ name: 'npm', color: 'blue' })).and.not.be.empty
-    })
-
    // https://github.com/badges/shields/issues/2998
    it('overrides logoSvg', function () {
      const logoSvg = 'data:image/svg+xml;base64,PHN2ZyB4bWxu'
      expect(coalesceBadge({ logo: 'npm' }, { logoSvg }, {}).logo).to.equal(
-        getShieldsIcon({ name: 'npm' }),
+        getSimpleIcon({ name: 'npm' }),
      ).and.not.be.empty
    })
  })
@@ -260,6 +232,20 @@ describe('coalesceBadge', function () {
    })
  })

+  describe('Logo size', function () {
+    it('overrides the logoSize', function () {
+      expect(coalesceBadge({ logoSize: 'auto' }, {}, {})).to.include({
+        logoSize: 'auto',
+      })
+    })
+
+    it('applies the logo size', function () {
+      expect(
+        coalesceBadge({}, { namedLogo: 'npm', logoSize: 'auto' }, {}),
+      ).to.include({ logoSize: 'auto' })
+    })
+  })
+
  describe('Logo width', function () {
    it('overrides the logoWidth', function () {
      expect(coalesceBadge({ logoWidth: 20 }, {}, {})).to.include({
@@ -274,20 +260,6 @@ describe('coalesceBadge', function () {
    })
  })

-  describe('Logo position', function () {
-    it('overrides the logoPosition', function () {
-      expect(coalesceBadge({ logoPosition: -10 }, {}, {})).to.include({
-        logoPosition: -10,
-      })
-    })
-
-    it('applies the logo position', function () {
-      expect(
-        coalesceBadge({}, { namedLogo: 'npm', logoPosition: -10 }, {}),
-      ).to.include({ logoPosition: -10 })
-    })
-  })
-
  describe('Links', function () {
    it('overrides the links', function () {
      expect(
--- a/core/base-service/coalesce.spec.js
+++ b/core/base-service/coalesce.spec.js
@@ -6,7 +6,7 @@ import coalesce from './coalesce.js'
 // https://github.com/royriojas/coalescy for these tests!

 describe('coalesce', function () {
-  test(coalesce, function () {
+  test(coalesce, () => {
    given().expect(undefined)
    given(null, []).expect([])
    given(null, [], {}).expect([])
--- a/core/base-service/deprecated-service.js
+++ b/core/base-service/deprecated-service.js
@@ -10,14 +10,12 @@ const attrSchema = Joi.object({
  name: Joi.string(),
  label: Joi.string(),
  category: isValidCategory,
-  // The content of examples is validated later, via `transformExamples()`.
-  examples: Joi.array().default([]),
  message: Joi.string(),
  dateAdded: Joi.date().required(),
 }).required()

 function deprecatedService(attrs) {
-  const { route, name, label, category, examples, message } = Joi.attempt(
+  const { route, name, label, category, message } = Joi.attempt(
    attrs,
    attrSchema,
    `Deprecated service for ${attrs.route.base}`,
@@ -33,7 +31,6 @@ function deprecatedService(attrs) {
    static category = category
    static isDeprecated = true
    static route = route
-    static examples = examples
    static defaultBadgeData = { label }

    async handle() {
--- a/core/base-service/deprecated-service.spec.js
+++ b/core/base-service/deprecated-service.spec.js
@@ -36,16 +36,6 @@ describe('DeprecatedService', function () {
    expect(service.category).to.equal(category)
  })

-  it('sets specified examples', function () {
-    const examples = [
-      {
-        title: 'Not sure we would have examples',
-      },
-    ]
-    const service = deprecatedService({ ...commonAttrs, examples })
-    expect(service.examples).to.deep.equal(examples)
-  })
-
  it('uses default deprecation message when no message specified', async function () {
    const service = deprecatedService({ ...commonAttrs })
    expect(await service.invoke()).to.deep.equal({
--- a/core/base-service/examples.js
+++ b/core/base-service/examples.js
@@ -1,155 +0,0 @@
-import Joi from 'joi'
-import { pathToRegexp, compile } from 'path-to-regexp'
-import categories from '../../services/categories.js'
-import coalesceBadge from './coalesce-badge.js'
-import { makeFullUrl } from './route.js'
-
-const optionalObjectOfKeyValues = Joi.object().pattern(
-  /./,
-  Joi.string().allow(null),
-)
-
-const schema = Joi.object({
-  // This should be:
-  // title: Joi.string().required(),
-  title: Joi.string(),
-  namedParams: optionalObjectOfKeyValues.required(),
-  queryParams: optionalObjectOfKeyValues.default({}),
-  pattern: Joi.string(),
-  staticPreview: Joi.object({
-    label: Joi.string(),
-    message: Joi.alternatives()
-      .try(Joi.string().allow('').required(), Joi.number())
-      .required(),
-    color: Joi.string(),
-    style: Joi.string(),
-  }).required(),
-  keywords: Joi.array().items(Joi.string()).default([]),
-  documentation: Joi.string(), // Valid HTML.
-}).required()
-
-function validateExample(example, index, ServiceClass) {
-  const result = Joi.attempt(
-    example,
-    schema,
-    `Example for ${ServiceClass.name} at index ${index}`,
-  )
-
-  const { pattern, namedParams } = result
-
-  if (!pattern && !ServiceClass.route.pattern) {
-    throw new Error(
-      `Example for ${ServiceClass.name} at index ${index} does not declare a pattern`,
-    )
-  }
-  if (pattern === ServiceClass.route.pattern) {
-    throw new Error(
-      `Example for ${ServiceClass.name} at index ${index} declares a redundant pattern which should be removed`,
-    )
-  }
-
-  // Make sure we can build the full URL using these patterns.
-  try {
-    compile(pattern || ServiceClass.route.pattern, {
-      encode: encodeURIComponent,
-    })(namedParams)
-  } catch (e) {
-    throw Error(
-      `In example for ${
-        ServiceClass.name
-      } at index ${index}, ${e.message.toLowerCase()}`,
-    )
-  }
-  // Make sure there are no extra keys.
-  let keys = []
-  pathToRegexp(pattern || ServiceClass.route.pattern, keys, {
-    strict: true,
-    sensitive: true,
-  })
-  keys = keys.map(({ name }) => name)
-  const extraKeys = Object.keys(namedParams).filter(k => !keys.includes(k))
-  if (extraKeys.length) {
-    throw Error(
-      `In example for ${
-        ServiceClass.name
-      } at index ${index}, namedParams contains unknown keys: ${extraKeys.join(
-        ', ',
-      )}`,
-    )
-  }
-
-  if (example.keywords) {
-    // Make sure the keywords are at least two characters long.
-    const tinyKeywords = example.keywords.filter(k => k.length < 2)
-    if (tinyKeywords.length) {
-      throw Error(
-        `In example for ${
-          ServiceClass.name
-        } at index ${index}, keywords contains words that are less than two characters long: ${tinyKeywords.join(
-          ', ',
-        )}`,
-      )
-    }
-    // Make sure none of the keywords are already included in the title.
-    const title = (example.title || ServiceClass.name).toLowerCase()
-    const redundantKeywords = example.keywords.filter(k =>
-      title.includes(k.toLowerCase()),
-    )
-    if (redundantKeywords.length) {
-      throw Error(
-        `In example for ${
-          ServiceClass.name
-        } at index ${index}, keywords contains words that are already in the title: ${redundantKeywords.join(
-          ', ',
-        )}`,
-      )
-    }
-  }
-
-  return result
-}
-
-function transformExample(inExample, index, ServiceClass) {
-  const {
-    // We should get rid of this transform, since the class name is never what
-    // we want to see.
-    title = ServiceClass.name,
-    namedParams,
-    queryParams,
-    pattern,
-    staticPreview,
-    keywords,
-    documentation,
-  } = validateExample(inExample, index, ServiceClass)
-
-  const { label, message, color, style, namedLogo } = coalesceBadge(
-    {},
-    staticPreview,
-    ServiceClass.defaultBadgeData,
-    ServiceClass,
-  )
-
-  const category = categories.find(c => c.id === ServiceClass.category)
-  return {
-    title,
-    example: {
-      pattern: makeFullUrl(
-        ServiceClass.route.base,
-        pattern || ServiceClass.route.pattern,
-      ),
-      namedParams,
-      queryParams,
-    },
-    preview: {
-      label,
-      message: `${message}`,
-      color,
-      style: style === 'flat' ? undefined : style,
-      namedLogo,
-    },
-    keywords: category ? keywords.concat(category.keywords) : keywords,
-    documentation: documentation ? { __html: documentation } : undefined,
-  }
-}
-
-export { validateExample, transformExample }
--- a/core/base-service/examples.spec.js
+++ b/core/base-service/examples.spec.js
@@ -1,167 +0,0 @@
-import { expect } from 'chai'
-import { test, given } from 'sazerac'
-import { validateExample, transformExample } from './examples.js'
-
-describe('validateExample function', function () {
-  it('passes valid examples', function () {
-    const validExamples = [
-      {
-        title: 'Package manager versioning badge',
-        staticPreview: { message: '123' },
-        pattern: 'dt/:package',
-        namedParams: { package: 'mypackage' },
-        keywords: ['semver', 'management'],
-      },
-    ]
-
-    validExamples.forEach(example => {
-      expect(() =>
-        validateExample(example, 0, { route: {}, name: 'mockService' }),
-      ).not.to.throw(Error)
-    })
-  })
-
-  it('rejects invalid examples', function () {
-    const invalidExamples = [
-      {},
-      { staticPreview: { message: '123' } },
-      {
-        staticPreview: { message: '123' },
-        pattern: 'dt/:package',
-        namedParams: { package: 'mypackage' },
-        exampleUrl: 'dt/mypackage',
-      },
-      { staticPreview: { message: '123' }, pattern: 'dt/:package' },
-      {
-        staticPreview: { message: '123' },
-        pattern: 'dt/:package',
-        previewUrl: 'dt/mypackage',
-      },
-      {
-        staticPreview: { message: '123' },
-        pattern: 'dt/:package',
-        exampleUrl: 'dt/mypackage',
-      },
-      { previewUrl: 'dt/mypackage' },
-      {
-        staticPreview: { message: '123' },
-        pattern: 'dt/:package',
-        namedParams: { package: 'mypackage' },
-        keywords: ['a'], // Keyword too short.
-      },
-      {
-        staticPreview: { message: '123' },
-        pattern: 'dt/:package',
-        namedParams: { package: 'mypackage' },
-        keywords: ['mockService'], // No title and keyword matching the class name.
-      },
-      {
-        title: 'Package manager versioning badge',
-        staticPreview: { message: '123' },
-        pattern: 'dt/:package',
-        namedParams: { package: 'mypackage' },
-        keywords: ['version'], // Keyword included in title.
-      },
-    ]
-
-    invalidExamples.forEach(example => {
-      expect(() =>
-        validateExample(example, 0, { route: {}, name: 'mockService' }),
-      ).to.throw(Error)
-    })
-  })
-})
-
-test(transformExample, function () {
-  const ExampleService = {
-    name: 'ExampleService',
-    route: {
-      base: 'some-service',
-      pattern: ':interval/:packageName',
-    },
-    defaultBadgeData: {
-      label: 'downloads',
-    },
-    category: 'platform-support',
-  }
-
-  given(
-    {
-      pattern: 'dt/:packageName',
-      namedParams: { packageName: 'express' },
-      staticPreview: { message: '50k' },
-      keywords: ['hello'],
-    },
-    0,
-    ExampleService,
-  ).expect({
-    title: 'ExampleService',
-    example: {
-      pattern: '/some-service/dt/:packageName',
-      namedParams: { packageName: 'express' },
-      queryParams: {},
-    },
-    preview: {
-      label: 'downloads',
-      message: '50k',
-      color: 'lightgrey',
-      namedLogo: undefined,
-      style: undefined,
-    },
-    keywords: ['hello', 'platform'],
-    documentation: undefined,
-  })
-
-  given(
-    {
-      namedParams: { interval: 'dt', packageName: 'express' },
-      staticPreview: { message: '50k' },
-      keywords: ['hello'],
-    },
-    0,
-    ExampleService,
-  ).expect({
-    title: 'ExampleService',
-    example: {
-      pattern: '/some-service/:interval/:packageName',
-      namedParams: { interval: 'dt', packageName: 'express' },
-      queryParams: {},
-    },
-    preview: {
-      label: 'downloads',
-      message: '50k',
-      color: 'lightgrey',
-      namedLogo: undefined,
-      style: undefined,
-    },
-    keywords: ['hello', 'platform'],
-    documentation: undefined,
-  })
-
-  given(
-    {
-      namedParams: { interval: 'dt', packageName: 'express' },
-      queryParams: { registry_url: 'http://example.com/' },
-      staticPreview: { message: '50k' },
-      keywords: ['hello'],
-    },
-    0,
-    ExampleService,
-  ).expect({
-    title: 'ExampleService',
-    example: {
-      pattern: '/some-service/:interval/:packageName',
-      namedParams: { interval: 'dt', packageName: 'express' },
-      queryParams: { registry_url: 'http://example.com/' },
-    },
-    preview: {
-      label: 'downloads',
-      message: '50k',
-      color: 'lightgrey',
-      namedLogo: undefined,
-      style: undefined,
-    },
-    keywords: ['hello', 'platform'],
-    documentation: undefined,
-  })
-})
--- a/core/base-service/legacy-request-handler.js
+++ b/core/base-service/legacy-request-handler.js
@@ -11,7 +11,7 @@ const globalQueryParams = new Set([
  'link',
  'logo',
  'logoColor',
-  'logoPosition',
+  'logoSize',
  'logoWidth',
  'link',
  'colorA',
--- a/core/base-service/legacy-result-sender.js
+++ b/core/base-service/legacy-result-sender.js
@@ -11,13 +11,13 @@ function streamFromString(str) {

 function sendSVG(res, askres, end) {
  askres.setHeader('Content-Type', 'image/svg+xml;charset=utf-8')
+  askres.setHeader('Content-Security-Policy', "script-src 'none';")
  askres.setHeader('Content-Length', Buffer.byteLength(res, 'utf8'))
  end(null, { template: streamFromString(res) })
 }

 function sendJSON(res, askres, end) {
  askres.setHeader('Content-Type', 'application/json')
-  askres.setHeader('Access-Control-Allow-Origin', '*')
  askres.setHeader('Content-Length', Buffer.byteLength(res, 'utf8'))
  end(null, { template: streamFromString(res) })
 }
--- a/core/base-service/openapi.js
+++ b/core/base-service/openapi.js
@@ -9,6 +9,7 @@ const globalParamRefs = [
  { $ref: '#/components/parameters/style' },
  { $ref: '#/components/parameters/logo' },
  { $ref: '#/components/parameters/logoColor' },
+  { $ref: '#/components/parameters/logoSize' },
  { $ref: '#/components/parameters/label' },
  { $ref: '#/components/parameters/labelColor' },
  { $ref: '#/components/parameters/color' },
@@ -46,13 +47,6 @@ function getCodeSamples(altText) {
  ]
 }

-function pattern2openapi(pattern) {
-  return pattern
-    .replace(/:([A-Za-z0-9_\-.]+)(?=[/]?)/g, (matches, grp1) => `{${grp1}}`)
-    .replace(/\([^)]*\)/g, '')
-    .replace(/\+$/, '')
-}
-
 function getEnum(pattern, paramName) {
  const re = new RegExp(`${paramName}\\(([A-Za-z0-9_\\-|]+)\\)`)
  const match = pattern.match(re)
@@ -65,126 +59,6 @@ function getEnum(pattern, paramName) {
  return match[1].split('|')
 }

-function param2openapi(pattern, paramName, exampleValue, paramType) {
-  const outParam = {}
-  outParam.name = paramName
-  // We don't have description if we are building the OpenAPI spec from examples[]
-  outParam.in = paramType
-  if (paramType === 'path') {
-    outParam.required = true
-  } else {
-    /* Occasionally we do have required query params, but we can't
-    detect this if we are building the OpenAPI spec from examples[]
-    so just assume all query params are optional */
-    outParam.required = false
-  }
-
-  if (exampleValue === null && paramType === 'query') {
-    outParam.schema = { type: 'boolean' }
-    outParam.allowEmptyValue = true
-  } else {
-    outParam.schema = { type: 'string' }
-  }
-
-  if (paramType === 'path') {
-    outParam.schema.enum = getEnum(pattern, paramName)
-  }
-
-  outParam.example = exampleValue
-  return outParam
-}
-
-function getVariants(pattern) {
-  /*
-  given a URL pattern (which may include '/one/or/:more?/:optional/:parameters*')
-  return an array of all possible permutations:
-  [
-    '/one/or/:more/:optional/:parameters',
-    '/one/or/:optional/:parameters',
-    '/one/or/:more/:optional',
-    '/one/or/:optional',
-  ]
-  */
-  const patterns = [pattern.split('/')]
-  while (patterns.flat().find(p => p.endsWith('?') || p.endsWith('*'))) {
-    for (let i = 0; i < patterns.length; i++) {
-      const pattern = patterns[i]
-      for (let j = 0; j < pattern.length; j++) {
-        const path = pattern[j]
-        if (path.endsWith('?') || path.endsWith('*')) {
-          pattern[j] = path.slice(0, -1)
-          patterns.push(patterns[i].filter(p => p !== pattern[j]))
-        }
-      }
-    }
-  }
-  for (let i = 0; i < patterns.length; i++) {
-    patterns[i] = patterns[i].join('/')
-  }
-  return patterns
-}
-
-function examples2openapi(examples) {
-  const paths = {}
-  for (const example of examples) {
-    const patterns = getVariants(example.example.pattern)
-
-    for (const pattern of patterns) {
-      const openApiPattern = pattern2openapi(pattern)
-      if (
-        openApiPattern.includes('*') ||
-        openApiPattern.includes('?') ||
-        openApiPattern.includes('+') ||
-        openApiPattern.includes('(')
-      ) {
-        throw new Error(`unexpected characters in pattern '${openApiPattern}'`)
-      }
-
-      /*
-      There's several things going on in this block:
-      1. Filter out any examples for params that don't appear
-         in this variant of the route
-      2. Make sure we add params to the array
-         in the same order they appear in the route
-      3. If there are any params we don't have an example value for,
-         make sure they still appear in the pathParams array with
-         exampleValue == undefined anyway
-      */
-      const pathParams = []
-      for (const param of openApiPattern
-        .split('/')
-        .filter(p => p.startsWith('{') && p.endsWith('}'))) {
-        const paramName = param.slice(1, -1)
-        const exampleValue = example.example.namedParams[paramName]
-        pathParams.push(param2openapi(pattern, paramName, exampleValue, 'path'))
-      }
-
-      const queryParams = example.example.queryParams || {}
-
-      const parameters = [
-        ...pathParams,
-        ...Object.entries(queryParams).map(([paramName, exampleValue]) =>
-          param2openapi(pattern, paramName, exampleValue, 'query'),
-        ),
-        ...globalParamRefs,
-      ]
-      paths[openApiPattern] = {
-        get: {
-          summary: example.title,
-          description: example?.documentation?.__html
-            .replace(/<br>/g, '<br />') // react does not like <br>
-            .replace(/{/g, '&#123;')
-            .replace(/}/g, '&#125;')
-            .replace(/<style>(.|\n)*?<\/style>/, ''), // workaround for w3c-validation TODO: remove later
-          parameters,
-          'x-code-samples': getCodeSamples(example.title),
-        },
-      }
-    }
-  }
-  return paths
-}
-
 function addGlobalProperties(endpoints) {
  const paths = {}
  for (const key of Object.keys(endpoints)) {
@@ -198,33 +72,28 @@ function addGlobalProperties(endpoints) {
  return paths
 }

-function services2openapi(services) {
-  const paths = {}
-  for (const service of services) {
-    if (service.openApi) {
-      // if the service declares its own OpenAPI definition, use that...
-      for (const [key, value] of Object.entries(
-        addGlobalProperties(service.openApi),
-      )) {
-        if (key in paths) {
-          throw new Error(`Conflicting route: ${key}`)
-        }
-        paths[key] = value
-      }
-    } else {
-      // ...otherwise do our best to build one from examples[]
-      for (const [key, value] of Object.entries(
-        examples2openapi(service.examples),
-      )) {
-        // allow conflicting routes for legacy examples
-        paths[key] = value
-      }
-    }
-  }
-  return paths
+function sortPaths(obj) {
+  const entries = Object.entries(obj)
+  entries.sort((a, b) => a[1].get.summary.localeCompare(b[1].get.summary))
+  return Object.fromEntries(entries)
 }

-function category2openapi(category, services) {
+function services2openapi(services, sort) {
+  const paths = {}
+  for (const service of services) {
+    for (const [key, value] of Object.entries(
+      addGlobalProperties(service.openApi),
+    )) {
+      if (key in paths) {
+        throw new Error(`Conflicting route: ${key}`)
+      }
+      paths[key] = value
+    }
+  }
+  return sort ? sortPaths(paths) : paths
+}
+
+function category2openapi({ category, services, sort = false }) {
  const spec = {
    openapi: '3.0.0',
    info: {
@@ -241,7 +110,9 @@ function category2openapi(category, services) {
          name: 'style',
          in: 'query',
          required: false,
-          description: 'If not specified, the defautl style is "flat".',
+          description: `If not specified, the default style for this badge is "${
+            category.name.toLowerCase() === 'social' ? 'social' : 'flat'
+          }".`,
          schema: {
            type: 'string',
            enum: ['flat', 'flat-square', 'plastic', 'for-the-badge', 'social'],
@@ -253,7 +124,7 @@ function category2openapi(category, services) {
          in: 'query',
          required: false,
          description:
-            'One of the named logos (bitcoin, dependabot, gitlab, npm, paypal, serverfault, stackexchange, superuser, telegram, travis) or simple-icons. All simple-icons are referenced using icon slugs. You can click the icon title on <a href="https://simpleicons.org/" rel="noopener noreferrer" target="_blank">simple-icons</a> to copy the slug or they can be found in the <a href="https://github.com/simple-icons/simple-icons/blob/master/slugs.md">slugs.md file</a> in the simple-icons repository. <a href="/docs/logos">Further info</a>.',
+            'Icon slug from simple-icons. You can click the icon title on <a href="https://simpleicons.org/" rel="noopener noreferrer" target="_blank">simple-icons</a> to copy the slug or they can be found in the <a href="https://github.com/simple-icons/simple-icons/blob/master/slugs.md">slugs.md file</a> in the simple-icons repository. <a href="/docs/logos">Further info</a>.',
          schema: {
            type: 'string',
          },
@@ -264,12 +135,23 @@ function category2openapi(category, services) {
          in: 'query',
          required: false,
          description:
-            'The color of the logo (hex, rgb, rgba, hsl, hsla and css named colors supported). Supported for named logos and Shields logos but not for custom logos. For multicolor Shields logos, the corresponding named logo will be used and colored.',
+            'The color of the logo (hex, rgb, rgba, hsl, hsla and css named colors supported). Supported for simple-icons logos but not for custom logos.',
          schema: {
            type: 'string',
          },
          example: 'violet',
        },
+        logoSize: {
+          name: 'logoSize',
+          in: 'query',
+          required: false,
+          description:
+            'Make icons adaptively resize by setting `auto`. Useful for some wider logos like `amd` and `amg`. Supported for simple-icons logos but not for custom logos.',
+          schema: {
+            type: 'string',
+          },
+          example: 'auto',
+        },
        label: {
          name: 'label',
          in: 'query',
@@ -332,7 +214,7 @@ function category2openapi(category, services) {
        },
      },
    },
-    paths: services2openapi(services),
+    paths: services2openapi(services, sort),
  }

  return spec
--- a/core/base-service/openapi.spec.js
+++ b/core/base-service/openapi.spec.js
@@ -58,27 +58,6 @@ class OpenApiService extends BaseJsonService {
  }
 }

-class LegacyService extends BaseJsonService {
-  static category = 'build'
-  static route = { base: 'legacy/service', pattern: ':packageName/:distTag*' }
-
-  // this service defines an Examples Array
-  static examples = [
-    {
-      title: 'LegacyService Title',
-      namedParams: { packageName: 'badge-maker' },
-      staticPreview: { label: 'build', message: 'passing' },
-      documentation: 'LegacyService Description',
-    },
-    {
-      title: 'LegacyService Title (with Tag)',
-      namedParams: { packageName: 'badge-maker', distTag: 'latest' },
-      staticPreview: { label: 'build', message: 'passing' },
-      documentation: 'LegacyService Description (with Tag)',
-    },
-  ]
-}
-
 const expected = {
  openapi: '3.0.0',
  info: { version: '1.0.0', title: 'build', license: { name: 'CC0' } },
@@ -88,7 +67,8 @@ const expected = {
        name: 'style',
        in: 'query',
        required: false,
-        description: 'If not specified, the defautl style is "flat".',
+        description:
+          'If not specified, the default style for this badge is "flat".',
        schema: {
          enum: ['flat', 'flat-square', 'plastic', 'for-the-badge', 'social'],
          type: 'string',
@@ -100,7 +80,7 @@ const expected = {
        in: 'query',
        required: false,
        description:
-          'One of the named logos (bitcoin, dependabot, gitlab, npm, paypal, serverfault, stackexchange, superuser, telegram, travis) or simple-icons. All simple-icons are referenced using icon slugs. You can click the icon title on <a href="https://simpleicons.org/" rel="noopener noreferrer" target="_blank">simple-icons</a> to copy the slug or they can be found in the <a href="https://github.com/simple-icons/simple-icons/blob/master/slugs.md">slugs.md file</a> in the simple-icons repository. <a href="/docs/logos">Further info</a>.',
+          'Icon slug from simple-icons. You can click the icon title on <a href="https://simpleicons.org/" rel="noopener noreferrer" target="_blank">simple-icons</a> to copy the slug or they can be found in the <a href="https://github.com/simple-icons/simple-icons/blob/master/slugs.md">slugs.md file</a> in the simple-icons repository. <a href="/docs/logos">Further info</a>.',
        schema: { type: 'string' },
        example: 'appveyor',
      },
@@ -109,10 +89,21 @@ const expected = {
        in: 'query',
        required: false,
        description:
-          'The color of the logo (hex, rgb, rgba, hsl, hsla and css named colors supported). Supported for named logos and Shields logos but not for custom logos. For multicolor Shields logos, the corresponding named logo will be used and colored.',
+          'The color of the logo (hex, rgb, rgba, hsl, hsla and css named colors supported). Supported for simple-icons logos but not for custom logos.',
        schema: { type: 'string' },
        example: 'violet',
      },
+      logoSize: {
+        name: 'logoSize',
+        in: 'query',
+        required: false,
+        description:
+          'Make icons adaptively resize by setting `auto`. Useful for some wider logos like `amd` and `amg`. Supported for simple-icons logos but not for custom logos.',
+        schema: {
+          type: 'string',
+        },
+        example: 'auto',
+      },
      label: {
        name: 'label',
        in: 'query',
@@ -178,6 +169,7 @@ const expected = {
          { $ref: '#/components/parameters/style' },
          { $ref: '#/components/parameters/logo' },
          { $ref: '#/components/parameters/logoColor' },
+          { $ref: '#/components/parameters/logoSize' },
          { $ref: '#/components/parameters/label' },
          { $ref: '#/components/parameters/labelColor' },
          { $ref: '#/components/parameters/color' },
@@ -233,6 +225,7 @@ const expected = {
          { $ref: '#/components/parameters/style' },
          { $ref: '#/components/parameters/logo' },
          { $ref: '#/components/parameters/logoColor' },
+          { $ref: '#/components/parameters/logoSize' },
          { $ref: '#/components/parameters/label' },
          { $ref: '#/components/parameters/labelColor' },
          { $ref: '#/components/parameters/color' },
@@ -265,105 +258,6 @@ const expected = {
        ],
      },
    },
-    '/legacy/service/{packageName}/{distTag}': {
-      get: {
-        summary: 'LegacyService Title (with Tag)',
-        description: 'LegacyService Description (with Tag)',
-        parameters: [
-          {
-            name: 'packageName',
-            in: 'path',
-            required: true,
-            schema: { type: 'string' },
-            example: 'badge-maker',
-          },
-          {
-            name: 'distTag',
-            in: 'path',
-            required: true,
-            schema: { type: 'string' },
-            example: 'latest',
-          },
-          { $ref: '#/components/parameters/style' },
-          { $ref: '#/components/parameters/logo' },
-          { $ref: '#/components/parameters/logoColor' },
-          { $ref: '#/components/parameters/label' },
-          { $ref: '#/components/parameters/labelColor' },
-          { $ref: '#/components/parameters/color' },
-          { $ref: '#/components/parameters/cacheSeconds' },
-          { $ref: '#/components/parameters/link' },
-        ],
-        'x-code-samples': [
-          { lang: 'URL', label: 'URL', source: '$url' },
-          {
-            lang: 'Markdown',
-            label: 'Markdown',
-            source: '![LegacyService Title (with Tag)]($url)',
-          },
-          {
-            lang: 'reStructuredText',
-            label: 'rSt',
-            source: '.. image:: $url\n   :alt: LegacyService Title (with Tag)',
-          },
-          {
-            lang: 'AsciiDoc',
-            label: 'AsciiDoc',
-            source: 'image:$url[LegacyService Title (with Tag)]',
-          },
-          {
-            lang: 'HTML',
-            label: 'HTML',
-            source: '<img alt="LegacyService Title (with Tag)" src="$url">',
-          },
-        ],
-      },
-    },
-    '/legacy/service/{packageName}': {
-      get: {
-        summary: 'LegacyService Title (with Tag)',
-        description: 'LegacyService Description (with Tag)',
-        parameters: [
-          {
-            name: 'packageName',
-            in: 'path',
-            required: true,
-            schema: { type: 'string' },
-            example: 'badge-maker',
-          },
-          { $ref: '#/components/parameters/style' },
-          { $ref: '#/components/parameters/logo' },
-          { $ref: '#/components/parameters/logoColor' },
-          { $ref: '#/components/parameters/label' },
-          { $ref: '#/components/parameters/labelColor' },
-          { $ref: '#/components/parameters/color' },
-          { $ref: '#/components/parameters/cacheSeconds' },
-          { $ref: '#/components/parameters/link' },
-        ],
-        'x-code-samples': [
-          { lang: 'URL', label: 'URL', source: '$url' },
-          {
-            lang: 'Markdown',
-            label: 'Markdown',
-            source: '![LegacyService Title (with Tag)]($url)',
-          },
-          {
-            lang: 'reStructuredText',
-            label: 'rSt',
-            source: '.. image:: $url\n   :alt: LegacyService Title (with Tag)',
-          },
-          {
-            lang: 'AsciiDoc',
-            label: 'AsciiDoc',
-            source: 'image:$url[LegacyService Title (with Tag)]',
-          },
-          {
-            lang: 'HTML',
-            label: 'HTML',
-            source: '<img alt="LegacyService Title (with Tag)" src="$url">',
-          },
-        ],
-      },
-    },
  },
 }

@@ -376,10 +270,10 @@ describe('category2openapi', function () {
  it('generates an Open API spec', function () {
    expect(
      clean(
-        category2openapi({ name: 'build' }, [
-          OpenApiService.getDefinition(),
-          LegacyService.getDefinition(),
-        ]),
+        category2openapi({
+          category: { name: 'build' },
+          services: [OpenApiService.getDefinition()],
+        }),
      ),
    ).to.deep.equal(expected)
  })
--- a/core/base-service/redirector.js
+++ b/core/base-service/redirector.js
@@ -10,6 +10,7 @@ import {
 import { isValidCategory } from './categories.js'
 import { MetricHelper } from './metric-helper.js'
 import { isValidRoute, prepareRoute, namedParamsForMatch } from './route.js'
+import { openApiSchema } from './service-definitions.js'
 import trace from './trace.js'

 const attrSchema = Joi.object({
@@ -17,7 +18,7 @@ const attrSchema = Joi.object({
  category: isValidCategory,
  isDeprecated: Joi.boolean().default(true),
  route: isValidRoute,
-  examples: Joi.array().has(Joi.object()).default([]),
+  openApi: openApiSchema,
  transformPath: Joi.func()
    .maxArity(1)
    .required()
@@ -36,7 +37,7 @@ export default function redirector(attrs) {
    category,
    isDeprecated,
    route,
-    examples,
+    openApi,
    transformPath,
    transformQueryParams,
    overrideTransformedQueryParams,
@@ -52,7 +53,7 @@ export default function redirector(attrs) {
    static category = category
    static isDeprecated = isDeprecated
    static route = route
-    static examples = examples
+    static openApi = openApi

    static register({ camp, metricInstance }, { rasterUrl }) {
      const { regex, captureNames } = prepareRoute({
@@ -110,8 +111,12 @@ export default function redirector(attrs) {
        ask.res.statusCode = 301
        ask.res.setHeader('Location', redirectUrl)

-        // To avoid caching mistakes for a long time, and to make this simpler
-        // to reason about, use the same cache semantics as the static badge.
+        /* To avoid caching mistakes forever
+           (in the absence of cache control directives that specify otherwise,
+           301 redirects are cached without any expiry date)
+           and to make this simpler to reason about,
+           use the same cache semantics as the static badge.
+        */
        setCacheHeadersForStaticResource(ask.res)

        ask.res.end()
--- a/core/base-service/redirector.spec.js
+++ b/core/base-service/redirector.spec.js
@@ -45,24 +45,6 @@ describe('Redirector', function () {
    ).to.throw('"dateAdded" is required')
  })

-  it('sets specified example', function () {
-    const examples = [
-      {
-        title: 'very old service',
-        pattern: ':namedParamA',
-        namedParams: {
-          namedParamA: 'namedParamAValue',
-        },
-        staticPreview: {
-          label: 'service',
-          message: 'v0.14.0',
-          color: 'blue',
-        },
-      },
-    ]
-    expect(redirector({ ...attrs, examples }).examples).to.equal(examples)
-  })
-
  describe('ScoutCamp integration', function () {
    let port, baseUrl
    beforeEach(async function () {
--- a/core/base-service/service-definitions.js
+++ b/core/base-service/service-definitions.js
@@ -1,49 +1,17 @@
+/**
+ * @module
+ */
 import Joi from 'joi'

 const arrayOfStrings = Joi.array().items(Joi.string()).min(0).required()

-const objectOfKeyValues = Joi.object()
-  .pattern(/./, Joi.string().allow(null))
-  .required()
-
-const serviceDefinition = Joi.object({
-  category: Joi.string().required(),
-  name: Joi.string().required(),
-  isDeprecated: Joi.boolean().required(),
-  route: Joi.alternatives().try(
-    Joi.object({
-      pattern: Joi.string().required(),
-      queryParams: arrayOfStrings,
-    }),
-    Joi.object({
-      format: Joi.string().required(),
-      queryParams: arrayOfStrings,
-    }),
-  ),
-  examples: Joi.array()
-    .items(
-      Joi.object({
-        title: Joi.string().required(),
-        example: Joi.object({
-          pattern: Joi.string(),
-          namedParams: objectOfKeyValues,
-          queryParams: objectOfKeyValues,
-        }).required(),
-        preview: Joi.object({
-          label: Joi.string(),
-          message: Joi.string().allow('').required(),
-          color: Joi.string().required(),
-          style: Joi.string(),
-          namedLogo: Joi.string(),
-        }).required(),
-        keywords: arrayOfStrings,
-        documentation: Joi.object({
-          __html: Joi.string().required(), // Valid HTML.
-        }),
-      }),
-    )
-    .default([]),
-  openApi: Joi.object().pattern(
+/**
+ * Joi schema describing the subset of OpenAPI paths we use in this application
+ *
+ * @see https://swagger.io/specification/#paths-object
+ */
+const openApiSchema = Joi.object()
+  .pattern(
    /./,
    Joi.object({
      get: Joi.object({
@@ -68,7 +36,24 @@ const serviceDefinition = Joi.object({
          .required(),
      }).required(),
    }).required(),
+  )
+  .default({})
+
+const serviceDefinition = Joi.object({
+  category: Joi.string().required(),
+  name: Joi.string().required(),
+  isDeprecated: Joi.boolean().required(),
+  route: Joi.alternatives().try(
+    Joi.object({
+      pattern: Joi.string().required(),
+      queryParams: arrayOfStrings,
+    }),
+    Joi.object({
+      format: Joi.string().required(),
+      queryParams: arrayOfStrings,
+    }),
  ),
+  openApi: openApiSchema,
 }).required()

 function assertValidServiceDefinition(service, message = undefined) {
@@ -82,15 +67,18 @@ const serviceDefinitionExport = Joi.object({
      Joi.object({
        id: Joi.string().required(),
        name: Joi.string().required(),
-        keywords: arrayOfStrings,
      }),
    )
    .required(),
  services: Joi.array().items(serviceDefinition).required(),
 }).required()

-function assertValidServiceDefinitionExport(examples, message = undefined) {
-  Joi.assert(examples, serviceDefinitionExport, message)
+function assertValidServiceDefinitionExport(openApiSpec, message = undefined) {
+  Joi.assert(openApiSpec, serviceDefinitionExport, message)
 }

-export { assertValidServiceDefinition, assertValidServiceDefinitionExport }
+export {
+  assertValidServiceDefinition,
+  assertValidServiceDefinitionExport,
+  openApiSchema,
+}
--- a/core/server/log.js
+++ b/core/server/log.js
@@ -1,4 +1,4 @@
-import Sentry from '@sentry/node'
+import * as Sentry from '@sentry/node'

 const listeners = []

@@ -28,10 +28,12 @@ const log = (...msg) => {
  console.log(d, ...msg)
 }

-const error = err => {
+const error = (err, tags) => {
  const d = date()
  listeners.forEach(f => f(d, err))
-  Sentry.captureException(err)
+  Sentry.captureException(err, {
+    tags,
+  })
  console.error(d, err)
 }

--- a/core/server/server.js
+++ b/core/server/server.js
@@ -139,6 +139,9 @@ const publicConfigSchema = Joi.object({
    nexus: defaultService,
    npm: defaultService,
    obs: defaultService,
+    pypi: {
+      baseUri: requiredUrl,
+    },
    sonar: defaultService,
    teamcity: defaultService,
    weblate: defaultService,
@@ -200,7 +203,6 @@ const privateConfigSchema = Joi.object({
  teamcity_pass: Joi.string(),
  twitch_client_id: Joi.string(),
  twitch_client_secret: Joi.string(),
-  wheelmap_token: Joi.string(),
  influx_username: Joi.string(),
  influx_password: Joi.string(),
  weblate_api_key: Joi.string(),
@@ -538,9 +540,12 @@ class Server {
      }
    }

-    // https://github.com/badges/shields/issues/3273
    camp.handle((req, res, next) => {
+      // https://github.com/badges/shields/issues/3273
      res.setHeader('Access-Control-Allow-Origin', '*')
+      // https://github.com/badges/shields/issues/10419
+      res.setHeader('Cross-Origin-Resource-Policy', 'cross-origin')
+
      next()
    })

--- a/core/server/server.spec.js
+++ b/core/server/server.spec.js
@@ -59,8 +59,17 @@ describe('The server', function () {
      expect(headers['cache-control']).to.equal('max-age=300, s-maxage=300')
    })

-    it('should serve badges with custom maxAge', async function () {
+    it('should serve static badges without logo with maxAge=432000', async function () {
      const { headers } = await got(`${baseUrl}badge/foo-bar-blue`)
+      expect(headers['cache-control']).to.equal(
+        'max-age=432000, s-maxage=432000',
+      )
+    })
+
+    it('should serve badges with with logo with maxAge=86400', async function () {
+      const { headers } = await got(
+        `${baseUrl}badge/foo-bar-blue?logo=javascript`,
+      )
      expect(headers['cache-control']).to.equal('max-age=86400, s-maxage=86400')
    })

@@ -70,6 +79,7 @@ describe('The server', function () {
      )
      expect(statusCode).to.equal(200)
      expect(headers['access-control-allow-origin']).to.equal('*')
+      expect(headers['cross-origin-resource-policy']).to.equal('cross-origin')
    })

    it('should redirect colorscheme PNG badges as configured', async function () {
@@ -124,10 +134,32 @@ describe('The server', function () {
      expect(statusCode).to.equal(200)
      expect(headers['content-type']).to.equal('application/json')
      expect(headers['access-control-allow-origin']).to.equal('*')
+      expect(headers['cross-origin-resource-policy']).to.equal('cross-origin')
      expect(headers['content-length']).to.equal('92')
      expect(() => JSON.parse(body)).not.to.throw()
    })

+    describe('Content Security Policy', function () {
+      it('should disable javascript when serving SVG content (no extension)', async function () {
+        const { headers } = await got(`${baseUrl}:fruit-apple-green`)
+        expect(headers['content-security-policy']).to.equal(
+          "script-src 'none';",
+        )
+      })
+
+      it('should disable javascript when serving SVG content (with extension)', async function () {
+        const { headers } = await got(`${baseUrl}:fruit-apple-green.svg`)
+        expect(headers['content-security-policy']).to.equal(
+          "script-src 'none';",
+        )
+      })
+
+      it('should not send content security headers when serving JSON content', async function () {
+        const { headers } = await got(`${baseUrl}:fruit-apple-green.json`)
+        expect(headers).not.to.have.property('content-security-policy')
+      })
+    })
+
    it('should preserve label case', async function () {
      const { statusCode, body } = await got(`${baseUrl}:fRuiT-apple-green.svg`)
      expect(statusCode).to.equal(200)
@@ -483,7 +515,7 @@ describe('The server', function () {
          influx_password: 'influx-password',
        },
      })
-      clock = sinon.useFakeTimers()
+      clock = sinon.useFakeTimers({ toFake: ['setInterval'] })
      baseUrl = server.baseUrl
      await server.start()
    })
--- a/core/token-pooling/sql-token-persistence.js
+++ b/core/token-pooling/sql-token-persistence.js
@@ -15,7 +15,9 @@ export default class SqlTokenPersistence {
    } else {
      this.pool = new pg.Pool({ connectionString: this.url })
    }
-    const result = await this.pool.query(`SELECT token FROM ${this.table};`)
+    const result = await this.pool.query(
+      `SELECT token FROM ${this.table} ORDER BY RANDOM();`,
+    )
    return result.rows.map(row => row.token)
  }

--- a/cypress/e2e/main-page.cy.js
+++ b/cypress/e2e/main-page.cy.js
@@ -25,7 +25,7 @@ describe('Frontend', function () {
    cy.contains('Build')
    cy.contains('Chat').click()

-    cy.contains('Discourse status')
+    cy.contains('Discourse Status')
    cy.contains('Stack Exchange questions')
  })

@@ -40,14 +40,14 @@ describe('Frontend', function () {
  })

  it('Build a badge', function () {
-    visitAndWait('/badges/git-hub-issues')
+    visitAndWait('/badges/git-hub-license')

-    cy.contains('/github/issues/:user/:repo')
+    cy.contains('/github/license/:user/:repo')

    cy.get('input[placeholder="user"]').type('badges')
    cy.get('input[placeholder="repo"]').type('shields')

-    cy.intercept('GET', `${backendUrl}/github/issues/badges/shields`).as('get')
+    cy.intercept('GET', `${backendUrl}/github/license/badges/shields`).as('get')
    cy.contains('Execute').click()
    cy.wait('@get').its('response.statusCode').should('eq', 200)
    cy.get('img[id="badge-preview"]')
--- a/dangerfile.js
+++ b/dangerfile.js
@@ -22,7 +22,6 @@ const server = fileMatch('core/server/**.js', '!*.spec.js')
 const serverTests = fileMatch('core/server/**.spec.js')
 const legacyHelpers = fileMatch('lib/**/*.js', '!*.spec.js')
 const legacyHelperTests = fileMatch('lib/**/*.spec.js')
-const logos = fileMatch('logo/*.svg')
 const packageJson = fileMatch('package.json')
 const packageLock = fileMatch('package-lock.json')
 const secretsDocs = fileMatch('doc/server-secrets.md')
@@ -78,17 +77,6 @@ if (legacyHelpers.created) {
  )
 }

-if (logos.created) {
-  message(
-    [
-      ':art: Thanks for submitting a logo. <br>',
-      'Please ensure your contribution follows our ',
-      '[guidance](https://github.com/badges/shields/blob/master/doc/logos.md#contributing-logos) ',
-      'for logo submissions.',
-    ].join(''),
-  )
-}
-
 if (capitals.created || underscores.created) {
  fail(
    [
--- a/doc/TUTORIAL.md
+++ b/doc/TUTORIAL.md
@@ -71,7 +71,7 @@ Each service has a directory for its files:
    `/services/example/example.service.js`.
    If you add a badge for a new API, create a new directory.

-    Example: [wercker](https://github.com/badges/shields/tree/master/services/wercker)
+    Example: [Docs.rs](https://github.com/badges/shields/tree/master/services/docsrs)

  - For service families with multiple badges we usually store the code for each
    badge in its own file like this:
@@ -350,8 +350,6 @@ Save, run `npm start`, and you can see it [locally](http://127.0.0.1:3000/).

 If you update `openApi`, you don't have to restart the server. Run `npm run prestart` in another terminal window and the frontend will update.

-Note: Some services define this information in an array property called `examples`. This is deprecated and we're in the process of converting them. New services should declare an `openApi` object.
-
 ### (4.5) Write Tests<!-- Change the link below when you change the heading -->

 [write tests]: #45-write-tests
--- a/doc/deprecating-badges.md
+++ b/doc/deprecating-badges.md
@@ -90,6 +90,7 @@ Past that point, all related code will be deleted, and a not found error will be

 Here is a listing of all deleted badges that were once part of the Shields.io service:

+- APM
 - Beerpay
 - Bintray
 - bitHound
@@ -99,6 +100,7 @@ Here is a listing of all deleted badges that were once part of the Shields.io se
 - Codetally
 - continuousphp
 - Coverity
+- Criterion
 - David
 - dependabot
 - Dockbit
@@ -109,16 +111,20 @@ Here is a listing of all deleted badges that were once part of the Shields.io se
 - Issue Stats
 - JitPack Downloads
 - Leanpub
+- LGTM
 - Libscore
 - Magnum CI
 - MicroBadger
 - NSP
+- pkgreview
 - PHP Eye
 - requires.io
 - Shippable
 - Snap CI
+- Travis.org
 - VersionEye
 - Waffle
+- Wercker

 ## Additional Information

--- a/doc/logos.md
+++ b/doc/logos.md
@@ -1,42 +0,0 @@
-# Logos
-
-For documentation on using logos, see https://shields.io/docs/logos
-
-## Contributing Logos
-
-Our preferred way to consume icons is via the SimpleIcons logo. As a first port of call, we encourage you to contribute logos to [the SimpleIcons project][simple-icons github]. Please review their [guidance](https://github.com/simple-icons/simple-icons/blob/develop/CONTRIBUTING.md) before contributing.
-
-In some cases we may also accept logo submissions directly. In general, we do this only when:
-
- We have a corresponding badge on the homepage, (e.g. the Eclipse logo because we support service badges for the Eclipse Marketplace). We may also approve logos for other tools widely used by developers.
- The logo provided in SimpleIcons is unclear when displayed at small size on a badge.
- There is substantial benefit in using a multi-colored icon over a monochrome icon.
- The logo doesn't meet the requirements to be included in the SimpleIcons set.
-
-If you are submitting a pull request for a custom logo, please:
-
- Minimize SVG files through [SVGO][]. This can be done in one of two ways
-  - The [SVGO Command Line Tool][svgo]
-    - Install SVGO
-      - With npm: `npm install -g svgo`
-      - With Homebrew: `brew install svgo`
-    - Run the following command `svgo --precision=3 icon.svg -o icon.min.svg`
-    - Check if there is a loss of quality in the output, if so increase the precision.
-  - The [SVGOMG Online Tool][svgomg]
-    - Click "Open SVG" and select an SVG file.
-    - Set the precision to about 3, depending on if there is a loss of quality.
-    - Leave the remaining settings untouched (or reset them with the button at the bottom of the settings).
-    - Click the download button.
- Set a viewbox and ensure the logo is scaled to fit the viewbox, while preserving the logo's original proportions. This means the icon should be touching at least two sides of the viewbox.
- Ensure the logo is vertically and horizontally centered.
- Ensure the logo is minified to a single line with no formatting.
- Ensure the SVG does not contain extraneous attributes.
- Ensure your submission conforms to any relevant brand or logo guidelines.
-
-### Problems
-
-We try to ensure our logos are compliant with brand guidelines. If one of our custom logos does not conform to the necessary brand guidelines, please open an issue on the [shields.io tracker](https://github.com/badges/shields/issues) and we'll work with you to resolve it. If a logo from the simple-icons set does not conform to the relevant brand guidelines, please open an issue on the [simple-icons tracker](https://github.com/simple-icons/simple-icons/issues) first.
-
-[simple-icons github]: https://github.com/simple-icons/simple-icons
-[svgo]: https://github.com/svg/svgo
-[svgomg]: https://jakearchibald.github.io/svgomg/
--- a/doc/production-hosting.md
+++ b/doc/production-hosting.md
@@ -28,7 +28,6 @@ Production hosting is managed by the Shields ops team:
 | YouTube                       | Account owner               | @PyvesB                                                         |
 | GitLab                        | Account owner               | @calebcartwright                                                |
 | GitLab                        | Account access              | @calebcartwright, @chris48s, @paulmelnikow, @PyvesB             |
-| OpenStreetMap (for Wheelmap)  | Account owner               | @paulmelnikow                                                   |
 | DNS                           | Account owner               | @olivierlacan                                                   |
 | DNS                           | Read-only account access    | @espadrine, @paulmelnikow, @chris48s                            |
 | Sentry                        | Error reports               | @espadrine, @paulmelnikow                                       |
--- a/doc/self-hosting.md
+++ b/doc/self-hosting.md
@@ -78,10 +78,7 @@ We publish images to:
 - DockerHub at https://registry.hub.docker.com/r/shieldsio/shields and
 - GitHub Container Registry at https://github.com/badges/shields/pkgs/container/shields

-The `next` tag is the latest build from `master`, or tagged snapshot releases are available:
-
- https://registry.hub.docker.com/r/shieldsio/shields/tags
- https://github.com/badges/shields/pkgs/container/shields/versions?filters%5Bversion_type%5D=tagged
+The `next` tag is the latest build from `master`. These are only available for linux/amd64

 ```sh
 # DockerHub
@@ -95,6 +92,13 @@ $ docker pull ghcr.io/badges/shields:next
 $ docker pull ghcr.io/badges/shields:next
 ```

+Tagged snapshot releases are also available:
+
+- https://registry.hub.docker.com/r/shieldsio/shields/tags
+- https://github.com/badges/shields/pkgs/container/shields/versions?filters%5Bversion_type%5D=tagged
+
+We push both linux/amd64 and linux/arm64 snapshot images. We use the linux/amd64 image ourselves to host shields.io. We push a linux/arm64 image, but we don't consume it ourselves and it receives no testing beyond ensuring the docker image builds without error.
+
 ### Building Docker Image Locally

 Alternatively, you can build and run the server locally using Docker. First build an image:
--- a/doc/server-secrets.md
+++ b/doc/server-secrets.md
@@ -114,7 +114,7 @@ generated API key.

 Using a token for Discord is optional but will allow higher API rates.

- `DISCORD_BOT_TOKEN` (yml: `discord_bot_token`)
+- `DISCORD_BOT_TOKEN` (yml: `private.discord_bot_token`)

 Register an application in the [Discord developer console](https://discord.com/developers).
 To obtain a token, simply create a bot for your application.
@@ -269,7 +269,7 @@ of a package.

 ### OpenCollective

- `OPENCOLLECTIVE_TOKEN` (yml: `opencollective_token`)
+- `OPENCOLLECTIVE_TOKEN` (yml: `private.opencollective_token`)

 OpenCollective's GraphQL API only allows 10 reqs/minute for anonymous users.
 An [API token](https://graphql-docs-v2.opencollective.com/access)
@@ -277,12 +277,19 @@ can be provided to access a higher rate limit of 100 reqs/minute.

 ### Pepy

- `PEPY_KEY` (yml: `pepy_key`)
+- `PEPY_KEY` (yml: `private.pepy_key`)

 The Pepy API requires authentication. To obtain a key,
 Create an account, sign in and obtain generate a key on your
 [account page](https://www.pepy.tech/user).

+### PyPI
+
+- `PYPI_URL` (yml: `public.pypi.baseUri`)
+
+`PYPI_URL` can be used to optionally send all the PyPI requests to a Self-hosted Pypi registry,
+users can also override this by query parameter `pypiBaseUrl`.
+
 ### SymfonyInsight (formerly Sensiolabs)

 - `SL_INSIGHT_USER_UUID` (yml: `private.sl_insight_userUuid`)
@@ -323,8 +330,8 @@ access to your private nexus repositories.

 ### Twitch

- `TWITCH_CLIENT_ID` (yml: `twitch_client_id`)
- `TWITCH_CLIENT_SECRET` (yml: `twitch_client_secret`)
+- `TWITCH_CLIENT_ID` (yml: `private.twitch_client_id`)
+- `TWITCH_CLIENT_SECRET` (yml: `private.twitch_client_secret`)

 Register an application in the [Twitch developer console](https://dev.twitch.tv/console)
 in order to obtain a client id and a client secret for making Twitch API calls.
@@ -344,16 +351,6 @@ You can find your Weblate API key in your profile under
 [weblate authentication]: https://docs.weblate.org/en/latest/api.html#authentication-and-generic-parameters
 [weblate api key location]: https://hosted.weblate.org/accounts/profile/#api

-### Wheelmap
-
- `WHEELMAP_TOKEN` (yml: `private.wheelmap_token`)
-
-The wheelmap API requires authentication. To obtain a token,
-Create an account, [sign in][wheelmap token] and use the _Authentication Token_
-displayed on your profile page.
-
-[wheelmap token]: http://classic.wheelmap.org/en/users/sign_in
-
 ### YouTube

 - `YOUTUBE_API_KEY` (yml: `private.youtube_api_key`)
--- a/doc/service-tests.md
+++ b/doc/service-tests.md
@@ -12,7 +12,7 @@ automated tests should be included. They serve three purposes:
 3. They speed up future contributors when they are debugging or improving a
   badge.

-Test should cover:
+Tests should cover:

 1. Valid behavior
 2. Optional parameters like tags or branches
@@ -24,11 +24,11 @@ Test should cover:
 Before getting started, set up a development environment by following the
 [setup instructions](https://github.com/badges/shields/blob/master/doc/TUTORIAL.md#2-setup)

-We will write some tests for the [Wercker Build service](https://github.com/badges/shields/blob/master/services/wercker/wercker.service.js)
+We will write some tests for [Docs.rs](https://github.com/badges/shields/blob/master/services/docsrs/docsrs.service.js), a service that builds documentation of crates, which are packages in the Rust programming language.

 ### (1) Boilerplate

-The code for our badge is in `services/wercker/wercker.service.js`. Tests for this badge should be stored in `services/wercker/wercker.tester.js`.
+The code for our badge is in `services/docsrs/docsrs.service.js`. Tests for this badge should be stored in `services/docsrs/docsrs.tester.js`.

 We'll start by adding some boilerplate to our file:

@@ -41,8 +41,8 @@ export const t = await createServiceTester()
 If our `.service.js` module exports a single class, we can
 `createServiceTester`, which uses convention to create a
 `ServiceTester` object. Calling this inside
-`services/wercker/wercker.tester.js` will create a `ServiceTester` object
-configured for the service exported in `services/wercker/wercker.service.js`.
+`services/docsrs/docsrs.tester.js` will create a `ServiceTester` object
+configured for the service exported in `services/docsrs/docsrs.service.js`.
 We will add our tests to this `ServiceTester` object `t`, which is exported
 from the module.

@@ -51,27 +51,30 @@ from the module.
 First we'll add a test for the typical case:

 ```js
-import { isBuildStatus } from '../test-validators.js'
+import Joi from 'joi'

-t.create('Build status')
-  .get('/build/wercker/go-wercker-api.json')
-  .expectBadge({ label: 'build', message: isBuildStatus })
+t.create('Docs with no version specified')
+  .get('/tokio.json')
+  .expectBadge({
+    label: 'docs',
+    message: Joi.allow('passing', 'failing'),
+  })
 ```

 1. The `create()` method adds a new test to the tester object.
   The chained-on calls come from the API testing framework [IcedFrisby][].
   Here's a [longer example][] and the complete [API guide][icedfrisby api].
 2. We use the `get()` method to request a badge. There are several points to consider here:
-   - We need a real project to test against. In this case we have used [wercker/go-wercker-api](https://app.wercker.com/wercker/go-wercker-api/runs) but we could have chosen any stable project.
+   - We need a real crate to test against. In this case we have used [Tokio](https://docs.rs/tokio) but we could have chosen any one.
   - Note that when we call our badge, we are allowing it to communicate with an external service without mocking the response. We write tests which interact with external services, which is unusual practice in unit testing. We do this because one of the purposes of service tests is to notify us if a badge has broken due to an upstream API change. For this reason it is important for at least one test to call the live API without mocking the interaction.
-   - All badges on shields can be requested in a number of formats. As well as calling https://img.shields.io/wercker/build/wercker/go-wercker-api.svg to generate ![](https://img.shields.io/wercker/build/wercker/go-wercker-api.svg) we can also call https://img.shields.io/wercker/build/wercker/go-wercker-api.json to request the same content as JSON. When writing service tests, we request the badge in JSON format so it is easier to make assertions about the content.
-   - We don't need to explicitly call `/wercker/build/wercker/go-wercker-api.json` here, only `/build/wercker/go-wercker-api.json`. When we create a tester object with `createServiceTester()` the URL base defined in our service class (in this case `/wercker`) is used as the base URL for any requests made by the tester object.
+   - All badges on shields can be requested in a number of formats. As well as calling https://img.shields.io/docsrs/tokio.svg to generate ![](https://img.shields.io/docsrs/tokio.svg) we can also call https://img.shields.io/docsrs/tokio.json to request the same content as JSON. When writing service tests, we request the badge in JSON format so it is easier to make assertions about the content.
+   - We don't need to explicitly call `/docsrs/tokio.json` here, only `/tokio.json`. When we create a tester object with `createServiceTester()` the URL base defined in our service class (in this case `/docsrs`) is used as the base URL for any requests made by the tester object.
 3. `expectBadge()` is a helper function which accepts either a string literal, a [RegExp][] or a [Joi][] schema for the different fields.
   Joi is a validation library that is built into IcedFrisby which you can use to
   match based on a set of allowed strings, regexes, or specific values. You can
   refer to their [API reference][joi api].
-4. We expect `label` to be a string literal `"build"`.
-5. Because this test depends on a live service, we don't want our test to depend on our API call returning a particular build status. Instead we should perform a "picture check" to assert that the badge data conforms to an expected pattern. Our test should not depend on the status of the example project's build, but should fail if trying to generate the badge throws an error, or if there is a breaking change to the upstream API. In this case we will use a pre-defined regular expression to check that the badge value looks like a build status. [services/test-validators.js](https://github.com/badges/shields/blob/master/services/test-validators.js) defines a number of useful validators we can use. Many of the common badge types (version, downloads, rank, etc.) already have validators defined here.
+4. We expect `label` to be a string literal `"docs"`.
+5. Because this test depends on a live service, we don't want our test to depend on our API call returning a particular build status. Instead we should perform a "picture check" to assert that the badge data conforms to an expected pattern. Our test should not depend on the status of the example crates's documentation build, but should fail if trying to generate the badge throws an error, or if there is a breaking change to the upstream API. In this case, we specify a list with all possible response values, `Joi.allow('passing', 'failing')`. For more complex cases, [services/test-validators.js](https://github.com/badges/shields/blob/master/services/test-validators.js) defines a number of useful validators we can use with regular expressions. Many of the common badge types (version, downloads, rank, etc.) already have validators defined there.

 When defining an IcedFrisby test, typically you would invoke the `toss()`
 method, to register the test. This is not necessary, because the Shields test
@@ -89,7 +92,7 @@ harness will call it for you.
 Lets run the test we have written:

 ```
-npm run test:services -- --only=wercker
+npm run test:services -- --only=docsrs
 ```

 The `--only=` option indicates which service or services you want to test. You
@@ -101,11 +104,12 @@ runner.
 Here's the output:

 ```
-Server is starting up: http://lib/service-test-runner/cli.js:80/
-  Wercker
-    Build status
-      ✓
-        [ GET /build/wercker/go-wercker-api.json ] (572ms)
+Server is starting up: http://localhost:1111/
+  DocsRs
+    [live] Docs with no version specified
+      √
+        [ GET /tokio.json ] (441ms)
+

  1 passing (1s)
 ```
@@ -115,80 +119,98 @@ That's looking good!
 Sometimes if we have a failing test, it is useful to be able to see some logging output to help work out why the test is failing. We can do that by calling `npm run test:services:trace`. Try running

 ```
-npm run test:services:trace -- --only=wercker
+npm run test:services:trace -- --only=docsrs
 ```

 to run the test with some additional debug output.

 ### (4) Writing More Tests

-We should write tests cases for valid paths through our code. The Wercker badge supports an optional branch parameter so we'll add a second test for a branch build.
+We should write tests cases for valid paths through our code. The Docs.rs badge supports an optional version parameter so we'll add a second test for a branch build. In this case, we know for sure that the documentation for this older version was successfully built, we specify a string literal instead of a Joi schema for `message`. This narrows down the expectation and gives us a more helpful error message if the test fails.

 ```js
-t.create('Build status (with branch)')
-  .get('/build/wercker/go-wercker-api/master.json')
-  .expectBadge({ label: 'build', message: isBuildStatus })
+t.create('Passing docs for version').get('/tokio/1.37.0.json').expectBadge({
+  label: 'docs@1.37.0',
+  message: 'passing',
+  color: 'brightgreen',
+})
 ```

 ```
-Server is starting up: http://lib/service-test-runner/cli.js:80/
-  Wercker
-    Build status
-      ✓
-        [ GET /build/wercker/go-wercker-api.json ] (572ms)
-    Build status (with branch)
-      ✓
-        [ GET /build/wercker/go-wercker-api/master.json ] (368ms)
+Server is starting up: http://localhost:1111/
+  DocsRs
+    [live] Docs with no version specified
+      √
+        [ GET /tokio.json ] (408ms)
+    [live] Passing docs for version
+      √
+        [ GET /tokio/1.37.0.json ] (171ms)

-  2 passing (1s)
+
+  2 passing (2s)
 ```

 Once we have multiple tests, sometimes it is useful to run only one test. We can do this using the `--fgrep` argument. For example:

 ```
-npm run test:services -- --only="wercker" --fgrep="Build status (with branch)"
+npm run test:services -- --only="docsrs" --fgrep="Passing docs for version"
 ```

-Having covered the typical and custom cases, we'll move on to errors. We should include a test for the 'not found' response and also tests for any other custom error handling. The Wercker integration defines a custom error condition for 401 as well as a custom 404 message:
+Documentation for tokio version 1.32.1 failed to build, we can also add a corresponding test:

 ```js
-httpErrors: {
-  401: 'private application not supported',
-  404: 'application not found',
-}
+t.create('Failing docs for version').get('/tokio/1.32.1.json').expectBadge({
+  label: 'docs@1.32.1',
+  message: 'failing',
+  color: 'red',
+})
 ```

-First we'll add a test for a project which will return a 404 error:
+Note that in these tests, we have specified a `color` parameter in `expectBadge`. This is helpful in a case like this when we want to test custom color logic, but it is only necessary to explicitly test color values if our badge implements custom logic for setting the badge colors.
+
+Having covered the typical and custom cases, we'll move on to errors. We should include a test for the 'not found' response and also tests for any other custom error handling. When a version is specified, the Docs.rs integration defines a custom error condition for 400 status codes:

 ```js
-t.create('Build status (application not found)')
-  .get('/build/some-project/that-doesnt-exist.json')
-  .expectBadge({ label: 'build', message: 'application not found' })
+httpErrors: version ? { 400: 'malformed version' } : {},
 ```

-In this case we are expecting a string literal instead of a pattern for `message`. This narrows down the expectation and gives us a more helpful error message if the test fails.
-
-We also want to include a test for the 'private application not supported' case. One way to do this would be to find another example of a private project which is unlikely to change. For example:
+First we'll add a test for a crate and a test for a version which will return 404 errors:

 ```js
-t.create('Build status (private application)')
-  .get('/build/wercker/blueprint.json')
-  .expectBadge({ label: 'build', message: 'private application not supported' })
+t.create('Crate not found')
+  .get('/not-a-crate/latest.json')
+  .expectBadge({ label: 'docs', message: 'not found' })
+
+t.create('Version not found')
+  .get('/tokio/0.8.json')
+  .expectBadge({ label: 'docs', message: 'not found' })
+```
+
+We also want to include a test for a case where a malformed version was specified. For example:
+
+```js
+t.create('Malformed version')
+  .get('/tokio/not-a-version.json')
+  .expectBadge({ label: 'docs', message: 'malformed version' })
 ```

 ## (5) Mocking Responses

-If we didn't have a stable example of a private project, another approach would be to mock the response. An alternative test for the 'private application' case might look like:
+If we didn't have a stable example of crate version with a failing documentation build, another approach would be to mock the response. An alternative test for the 'Failing docs for version' case might look like:

 ```js
-t.create('Build status (private application)')
-  .get('/build/wercker/go-wercker-api.json')
+t.create('Failing docs for version')
+  .get('/tokio/1.32.1.json')
  .intercept(nock =>
-    nock('https://app.wercker.com/api/v3/applications/')
-      .get('/wercker/go-wercker-api/builds?limit=1')
-      .reply(401),
+    nock('https://docs.rs/crate')
+      .get('/tokio/1.32.1/status.json')
+      .reply(200, { doc_status: false }),
  )
-  .expectBadge({ label: 'build', message: 'private application not supported' })
+  .expectBadge({
+    label: 'docs@1.32.1',
+    message: 'failing',
+    color: 'red',
+  })
 ```

 This will intercept the request and provide our own mock response.
@@ -204,49 +226,6 @@ and path.
 [icedfrisby-nock]: https://github.com/paulmelnikow/icedfrisby-nock#usage
 [nock]: https://github.com/node-nock/nock

-Our test suite should also include service tests which receive a known value from the API. For example, in the `render()` method of our service, there is some logic which sets the badge color based on the build status:
-
-```js
-static render({ status, result }) {
-  if (status === 'finished') {
-    if (result === 'passed') {
-      return { message: 'passing', color: 'brightgreen' }
-    } else {
-      return { message: result, color: 'red' }
-    }
-  }
-  return { message: status }
-}
-```
-
-We can also use nock to intercept API calls to return a known response body.
-
-```js
-t.create('Build passed')
-  .get('/build/wercker/go-wercker-api.json')
-  .intercept(nock =>
-    nock('https://app.wercker.com/api/v3/applications/')
-      .get('/wercker/go-wercker-api/builds?limit=1')
-      .reply(200, [{ status: 'finished', result: 'passed' }]),
-  )
-  .expectBadge({
-    label: 'build',
-    message: 'passing',
-    color: 'brightgreen',
-  })
-
-t.create('Build failed')
-  .get('/build/wercker/go-wercker-api.json')
-  .intercept(nock =>
-    nock('https://app.wercker.com/api/v3/applications/')
-      .get('/wercker/go-wercker-api/builds?limit=1')
-      .reply(200, [{ status: 'finished', result: 'failed' }]),
-  )
-  .expectBadge({ label: 'build', message: 'failed', color: 'red' })
-```
-
-Note that in these tests, we have specified a `color` parameter in `expectBadge`. This is helpful in a case like this when we want to test custom color logic, but it is only necessary to explicitly test color values if our badge implements custom logic for setting the badge colors.
-
 ## Code coverage

 By checking code coverage, we can make sure we've covered all our bases.
@@ -254,7 +233,7 @@ By checking code coverage, we can make sure we've covered all our bases.
 We can generate a coverage report and open it:

 ```
-npm run coverage:test:services -- -- --only=wercker
+npm run coverage:test:services -- -- --only=docsrs
 npm run coverage:report:open
 ```

--- a/fly.toml
+++ b/fly.toml
@@ -45,3 +45,7 @@ processes = []
    interval = "15s"
    restart_limit = 0
    timeout = "2s"
+
+[[vm]]
+  size = "shared-cpu-1x"
+  memory = "256mb"
--- a/frontend/blog/2024-01-13-simpleicons11.md
+++ b/frontend/blog/2024-01-13-simpleicons11.md
@@ -0,0 +1,21 @@
+---
+slug: simple-icons-11
+title: Simple Icons 11
+authors:
+  name: chris48s
+  title: Shields.io Core Team
+  url: https://github.com/chris48s
+  image_url: https://avatars.githubusercontent.com/u/6025893
+tags: []
+---
+
+Logos on Shields.io are provided by SimpleIcons. We've recently upgraded to SimpleIcons 11. This release removes the following 4 icons:
+
+- Babylon.js
+- Hulu
+- Pepsi
+- Uno
+
+More details can be found in the [release notes](https://github.com/simple-icons/simple-icons/releases/tag/11.0.0).
+
+Please remember that we are just consumers of SimpleIcons. Decisions about changes and removals are made by the [SimpleIcons](https://github.com/simple-icons/simple-icons) project.
--- a/frontend/blog/2024-06-01-simpleicons12.md
+++ b/frontend/blog/2024-06-01-simpleicons12.md
@@ -0,0 +1,33 @@
+---
+slug: simple-icons-12
+title: Simple Icons 12
+authors:
+  name: chris48s
+  title: Shields.io Core Team
+  url: https://github.com/chris48s
+  image_url: https://avatars.githubusercontent.com/u/6025893
+tags: []
+---
+
+Logos on Shields.io are provided by SimpleIcons. We've recently upgraded to SimpleIcons 12. This release removes the following 10 icons:
+
+- FITE
+- Flattr
+- Google Bard
+- Integromat
+- Niantic
+- Nintendo Network
+- Rome
+- Shotcut
+- Skynet
+- Twitter
+
+And renames the following 3:
+
+- Airbrake.io to Airbrake
+- Amazon AWS to Amazon Web Services
+- RStudio to RStudio IDE
+
+More details can be found in the [release notes](https://github.com/simple-icons/simple-icons/releases/tag/12.0.0).
+
+Please remember that we are just consumers of SimpleIcons. Decisions about changes and removals are made by the [SimpleIcons](https://github.com/simple-icons/simple-icons) project.
--- a/frontend/blog/2024-07-05-simpleicons13.md
+++ b/frontend/blog/2024-07-05-simpleicons13.md
@@ -0,0 +1,14 @@
+---
+slug: simple-icons-13
+title: Simple Icons 13
+authors:
+  name: chris48s
+  title: Shields.io Core Team
+  url: https://github.com/chris48s
+  image_url: https://avatars.githubusercontent.com/u/6025893
+tags: []
+---
+
+Logos on Shields.io are provided by SimpleIcons. We've recently upgraded to SimpleIcons 13. This release removes 65 icons and renames one. A full list of the changes can be found in the [release notes](https://github.com/simple-icons/simple-icons/releases/tag/13.0.0).
+
+Please remember that we are just consumers of SimpleIcons. Decisions about changes and removals are made by the [SimpleIcons](https://github.com/simple-icons/simple-icons) project.
--- a/frontend/blog/2024-07-10-sunsetting-shields-custom-logos.md
+++ b/frontend/blog/2024-07-10-sunsetting-shields-custom-logos.md
--- a/frontend/blog/2024-09-25-rce.md
+++ b/frontend/blog/2024-09-25-rce.md
@@ -0,0 +1,661 @@
+---
+slug: GHSA-rxvx-x284-4445
+title: Our response to RCE Security Advisory
+authors:
+  name: chris48s
+  title: Shields.io Core Team
+  url: https://github.com/chris48s
+  image_url: https://avatars.githubusercontent.com/u/6025893
+tags: []
+---
+
+We've just published a critical security advisory relating to a Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges: https://github.com/badges/shields/security/advisories/GHSA-rxvx-x284-4445 Thanks to [@nickcopi](https://github.com/nickcopi) for his help with this.
+
+If you self-host your own instance of Shields you should upgrade to [server-2024-09-25](https://hub.docker.com/layers/shieldsio/shields/server-2024-09-25/images/sha256-28aaea75049e325c9f1d63c8a8b477fc387d3d3fe35b933d6581487843cd610f?context=explore) or later as soon as possible to protect your instance.
+
+This is primarily a concern for self-hosting users. However this does also have a couple of knock-on implications for some users of shields.io itself.
+
+## 1. Users who have authorized the Shields.io GitHub OAuth app
+
+While we have taken steps to close this vulnerability quickly after becoming aware of it, this attack vector has existed in our application for some time. We aren't aware of it having been actively exploited on shields.io. We also can't prove that it has not been exploited.
+
+We don't log or track our users, so a breach offers a very limited attack surface against end users of shields.io. This is by design. One of the (few) information assets shields.io does hold is our GitHub token pool. This allows users to share a token with us by authorizing our OAuth app. Doing this gives us access to a token with read-only access to public data which we can use to increase our rate limit when making calls to the GitHub API.
+
+The tokens we hold are not of high value to an attacker because they have read-only access to public data, but we can't say for sure they haven't been exfiltrated. If you've donated a token in the past and want to revoke it, you can revoke the Shields.io OAuth app at https://github.com/settings/applications which will de-activate the token you have shared with us.
+
+## 2. Users of Dynamic JSON/TOML/YAML badges
+
+Up until now, we have been using https://github.com/dchester/jsonpath as our library querying documents using JSONPath expressions. [@nickcopi](https://github.com/nickcopi) responsibly reported to us how a prototype pollution vulnerability in this library could be exploited to construct a JSONPath expression allowing an attacker to perform remote code execution. This vulnerability was reported on the package's issue tracker but not flagged by security scanning tools. It seems extremely unlikely that this will be fixed in the upstream package despite being widely used. It also seems unlikely this package will receive any further maintenance in future, even in response to critical security issues. In order to resolve this issue, we needed to switch to a different JSONPath library. We've decided to switch https://github.com/JSONPath-Plus/JSONPath using the `eval: false` option to disable script expressions.
+
+This is an important security improvement and we have to make a change to protect the security of shields.io and users hosting their own instance of the application. However, this does come with some tradeoffs from a backwards-compatibility perspective.
+
+### Using `eval: false`
+
+Using JSONPath-Plus with `eval: false` does disable some query syntax which relies on evaluating javascript expressions.
+
+For example, it would previously have been possible to use a JSONPath query like `$..keywords[(@.length-1)]` against the document https://github.com/badges/shields/raw/master/package.json to select the last element from the keywords array https://github.com/badges/shields/blob/e237e40ab88b8ad4808caad4f3dae653822aa79a/package.json#L6-L12
+
+This is now not a supported query.
+
+In this particular case, you could rewrite that query to `$..keywords[-1:]` and obtain the same result, but that may not be possible in all cases. We do realise that this removes some functionality that previously worked but closing this remote code execution vulnerability is the top priority, especially since there will be workarounds in many cases.
+
+### Implementation Quirks
+
+Historically, every JSONPath implementation has had its own idiosyncrasies. While most simple and common queries will behave the same way across different implementations, switching to another library will mean that some subset of queries may not work or produce different results.
+
+One interesting thing that has happened in the world of JSONPath lately is RFC 9535 https://www.rfc-editor.org/rfc/rfc9535 which is an attempt to standardise JSONPath. As part of this mitigation, we did look at whether it would be possible to migrate to something that is RFC9535-compliant. However it is our assessment that the JavaScript community does not yet have a sufficiently mature/supported RFC9535-compliant JSONPath implementation. This means we are switching from one quirky implementation to another implementation with different quirks.
+
+Again, this represents an unfortunate break in backwards-compatibility. However, it was necessary to prioritise closing off this remote code execution vulnerability over backwards-compatibility.
+
+Although we can not provide a precise migration guide, here is a table of query types where https://github.com/dchester/jsonpath and https://github.com/JSONPath-Plus/JSONPath are known to diverge from the consensus implementation. This is sourced from the excellent https://cburgmer.github.io/json-path-comparison/
+While this is a long list, many of these inputs represent edge cases or pathological inputs rather than common usage.
+
+ <details>
+  <summary>Table</summary>
+<table>
+<thead>
+<tr>
+<th>Query Type</th>
+<th>Example Query</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Array slice with large number for end and negative step</td>
+<td><code>$[2:-113667776004:-1]</code></td>
+</tr>
+<tr>
+<td>Array slice with large number for start end negative step</td>
+<td><code>$[113667776004:2:-1]</code></td>
+</tr>
+<tr>
+<td>Array slice with negative step</td>
+<td><code>$[3:0:-2]</code></td>
+</tr>
+<tr>
+<td>Array slice with negative step on partially overlapping array</td>
+<td><code>$[7:3:-1]</code></td>
+</tr>
+<tr>
+<td>Array slice with negative step only</td>
+<td><code>$[::-2]</code></td>
+</tr>
+<tr>
+<td>Array slice with open end and negative step</td>
+<td><code>$[3::-1]</code></td>
+</tr>
+<tr>
+<td>Array slice with open start and negative step</td>
+<td><code>$[:2:-1]</code></td>
+</tr>
+<tr>
+<td>Array slice with range of 0</td>
+<td><code>$[0:0]</code></td>
+</tr>
+<tr>
+<td>Array slice with step 0</td>
+<td><code>$[0:3:0]</code></td>
+</tr>
+<tr>
+<td>Array slice with step and leading zeros</td>
+<td><code>$[010:024:010]</code></td>
+</tr>
+<tr>
+<td>Bracket notation with empty path</td>
+<td><code>$[]</code></td>
+</tr>
+<tr>
+<td>Bracket notation with number on object</td>
+<td><code>$[0]</code></td>
+</tr>
+<tr>
+<td>Bracket notation with number on string</td>
+<td><code>$[0]</code></td>
+</tr>
+<tr>
+<td>Bracket notation with number -1</td>
+<td><code>$[-1]</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted array slice literal</td>
+<td><code>$[':']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted closing bracket literal</td>
+<td><code>$[']']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted current object literal</td>
+<td><code>$['@']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted escaped backslash</td>
+<td><code>$['\\']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted escaped single quote</td>
+<td><code>$['\'']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted root literal</td>
+<td><code>$['$']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted special characters combined</td>
+<td><code>$[':@."$,*\'\\']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted string and unescaped single quote</td>
+<td><code>$['single'quote']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted union literal</td>
+<td><code>$[',']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted wildcard literal ?</td>
+<td><code>$['*']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted wildcard literal on object without key</td>
+<td><code>$['*']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with spaces</td>
+<td><code>$[ 'a' ]</code></td>
+</tr>
+<tr>
+<td>Bracket notation with two literals separated by dot</td>
+<td><code>$['two'.'some']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with two literals separated by dot without quotes</td>
+<td><code>$[two.some]</code></td>
+</tr>
+<tr>
+<td>Bracket notation without quotes</td>
+<td><code>$[key]</code></td>
+</tr>
+<tr>
+<td>Current with dot notation</td>
+<td><code>@.a</code></td>
+</tr>
+<tr>
+<td>Dot bracket notation</td>
+<td><code>$.['key']</code></td>
+</tr>
+<tr>
+<td>Dot bracket notation with double quotes</td>
+<td><code>$.["key"]</code></td>
+</tr>
+<tr>
+<td>Dot bracket notation without quotes</td>
+<td><code>$.[key]</code></td>
+</tr>
+<tr>
+<td>Dot notation after recursive descent with extra dot ?</td>
+<td><code>$...key</code></td>
+</tr>
+<tr>
+<td>Dot notation after union with keys</td>
+<td><code>$['one','three'].key</code></td>
+</tr>
+<tr>
+<td>Dot notation with dash</td>
+<td><code>$.key-dash</code></td>
+</tr>
+<tr>
+<td>Dot notation with double quotes</td>
+<td><code>$."key"</code></td>
+</tr>
+<tr>
+<td>Dot notation with double quotes after recursive descent ?</td>
+<td><code>$.."key"</code></td>
+</tr>
+<tr>
+<td>Dot notation with empty path</td>
+<td><code>$.</code></td>
+</tr>
+<tr>
+<td>Dot notation with key named length on array</td>
+<td><code>$.length</code></td>
+</tr>
+<tr>
+<td>Dot notation with key root literal</td>
+<td><code>$.$</code></td>
+</tr>
+<tr>
+<td>Dot notation with non ASCII key</td>
+<td><code>$.??</code></td>
+</tr>
+<tr>
+<td>Dot notation with number</td>
+<td><code>$.2</code></td>
+</tr>
+<tr>
+<td>Dot notation with number -1</td>
+<td><code>$.-1</code></td>
+</tr>
+<tr>
+<td>Dot notation with single quotes</td>
+<td><code>$.'key'</code></td>
+</tr>
+<tr>
+<td>Dot notation with single quotes after recursive descent ?</td>
+<td><code>$..'key'</code></td>
+</tr>
+<tr>
+<td>Dot notation with single quotes and dot</td>
+<td><code>$.'some.key'</code></td>
+</tr>
+<tr>
+<td>Dot notation with space padded key</td>
+<td><code>$. a</code></td>
+</tr>
+<tr>
+<td>Dot notation with wildcard after recursive descent on scalar ?</td>
+<td><code>$..*</code></td>
+</tr>
+<tr>
+<td>Dot notation without dot</td>
+<td><code>$a</code></td>
+</tr>
+<tr>
+<td>Dot notation without root</td>
+<td><code>.key</code></td>
+</tr>
+<tr>
+<td>Dot notation without root and dot</td>
+<td><code>key</code></td>
+</tr>
+<tr>
+<td>Empty</td>
+<td><code>n/a</code></td>
+</tr>
+<tr>
+<td>Filter expression on object</td>
+<td><code>$[?(@.key)]</code></td>
+</tr>
+<tr>
+<td>Filter expression after dot notation with wildcard after recursive descent ?</td>
+<td><code>$..*[?(@.id&gt;2)]</code></td>
+</tr>
+<tr>
+<td>Filter expression after recursive descent ?</td>
+<td><code>$..[?(@.id==2)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with addition</td>
+<td><code>$[?(@.key+50==100)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with boolean and operator and value false</td>
+<td><code>$[?(@.key&gt;0 &amp;&amp; false)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with boolean and operator and value true</td>
+<td><code>$[?(@.key&gt;0 &amp;&amp; true)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with boolean or operator and value false</td>
+<td><code>$[?(@.key&gt;0 &amp;#124;&amp;#124; false)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with boolean or operator and value true</td>
+<td><code>$[?(@.key&gt;0 &amp;#124;&amp;#124; true)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with bracket notation with -1</td>
+<td><code>$[?(@[-1]==2)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with bracket notation with number on object</td>
+<td><code>$[?(@[1]=='b')]</code></td>
+</tr>
+<tr>
+<td>Filter expression with current object</td>
+<td><code>$[?(@)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with different ungrouped operators</td>
+<td><code>$[?(@.a &amp;&amp; @.b &amp;#124;&amp;#124; @.c)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with division</td>
+<td><code>$[?(@.key/10==5)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with dot notation with dash</td>
+<td><code>$[?(@.key-dash == 'value')]</code></td>
+</tr>
+<tr>
+<td>Filter expression with dot notation with number</td>
+<td><code>$[?(@.2 == 'second')]</code></td>
+</tr>
+<tr>
+<td>Filter expression with dot notation with number on array</td>
+<td><code>$[?(@.2 == 'third')]</code></td>
+</tr>
+<tr>
+<td>Filter expression with empty expression</td>
+<td><code>$[?()]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals</td>
+<td><code>$[?(@.key==42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals on array of numbers</td>
+<td><code>$[?(@==42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals on object</td>
+<td><code>$[?(@.key==42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals array</td>
+<td><code>$[?(@.d==["v1","v2"])]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals array for array slice with range 1</td>
+<td><code>$[?(@[0:1]==[1])]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals array for dot notation with star</td>
+<td><code>$[?(@.*==[1,2])]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals array or equals true</td>
+<td><code>$[?(@.d==["v1","v2"] &amp;#124;&amp;#124; (@.d == true))]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals array with single quotes</td>
+<td><code>$[?(@.d==['v1','v2'])]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals boolean expression value</td>
+<td><code>$[?((@.key&lt;44)==false)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals false</td>
+<td><code>$[?(@.key==false)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals null</td>
+<td><code>$[?(@.key==null)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals number for array slice with range 1</td>
+<td><code>$[?(@[0:1]==1)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals number for bracket notation with star</td>
+<td><code>$[?(@[*]==2)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals number for dot notation with star</td>
+<td><code>$[?(@.*==2)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals number with fraction</td>
+<td><code>$[?(@.key==-0.123e2)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals number with leading zeros</td>
+<td><code>$[?(@.key==010)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals object</td>
+<td><code>$[?(@.d==&lbrace;"k":"v"&rbrace;)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals string</td>
+<td><code>$[?(@.key=="value")]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals string with unicode character escape</td>
+<td><code>$[?(@.key=="Mot\u00f6rhead")]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals true</td>
+<td><code>$[?(@.key==true)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals with path and path</td>
+<td><code>$[?(@.key1==@.key2)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals with root reference</td>
+<td><code>$.items[?(@.key==$.value)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with greater than</td>
+<td><code>$[?(@.key&gt;42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with greater than or equal</td>
+<td><code>$[?(@.key&gt;=42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with in array of values</td>
+<td><code>$[?(@.d in [2, 3])]</code></td>
+</tr>
+<tr>
+<td>Filter expression with in current object</td>
+<td><code>$[?(2 in @.d)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with length free function</td>
+<td><code>$[?(length(@) == 4)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with length function</td>
+<td><code>$[?(@.length() == 4)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with length property</td>
+<td><code>$[?(@.length == 4)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with less than</td>
+<td><code>$[?(@.key&lt;42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with less than or equal</td>
+<td><code>$[?(@.key&lt;=42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with local dot key and null in data</td>
+<td><code>$[?(@.key='value')]</code></td>
+</tr>
+<tr>
+<td>Filter expression with multiplication</td>
+<td><code>$[?(@.key*2==100)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with negation and equals</td>
+<td><code>$[?(!(@.key==42))]</code></td>
+</tr>
+<tr>
+<td>Filter expression with negation and equals array or equals true</td>
+<td><code>$[?(!(@.d==["v1","v2"]) &amp;#124;&amp;#124; (@.d == true))]</code></td>
+</tr>
+<tr>
+<td>Filter expression with negation and less than</td>
+<td><code>$[?(!(@.key&lt;42))]</code></td>
+</tr>
+<tr>
+<td>Filter expression with negation and without value</td>
+<td><code>$[?(!@.key)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with non singular existence test</td>
+<td><code>$[?(@.a.*)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with not equals</td>
+<td><code>$[?(@.key!=42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with not equals array or equals true</td>
+<td><code>$[?((@.d!=["v1","v2"]) &amp;#124;&amp;#124; (@.d == true))]</code></td>
+</tr>
+<tr>
+<td>Filter expression with parent axis operator</td>
+<td><code>$[*].bookmarks[?(@.page == 45)]^^^</code></td>
+</tr>
+<tr>
+<td>Filter expression with regular expression</td>
+<td><code>$[?(@.name=~/hello.*/)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with regular expression from member</td>
+<td><code>$[?(@.name=~/@.pattern/)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with set wise comparison to scalar</td>
+<td><code>$[?(@[*]&gt;=4)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with set wise comparison to set</td>
+<td><code>$.x[?(@[*]&gt;=$.y[*])]</code></td>
+</tr>
+<tr>
+<td>Filter expression with single equal</td>
+<td><code>$[?(@.key=42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with subfilter</td>
+<td><code>$[?(@.a[?(@.price&gt;10)])]</code></td>
+</tr>
+<tr>
+<td>Filter expression with subpaths deeply nested</td>
+<td><code>$[?(@.a.b.c==3)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with subtraction</td>
+<td><code>$[?(@.key-50==-100)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with triple equal</td>
+<td><code>$[?(@.key===42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with value</td>
+<td><code>$[?(@.key)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with value after recursive descent ?</td>
+<td><code>$..[?(@.id)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with value false</td>
+<td><code>$[?(false)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with value from recursive descent</td>
+<td><code>$[?(@..child)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with value null</td>
+<td><code>$[?(null)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with value true</td>
+<td><code>$[?(true)]</code></td>
+</tr>
+<tr>
+<td>Filter expression without parens</td>
+<td><code>$[?@.key==42]</code></td>
+</tr>
+<tr>
+<td>Filter expression without value</td>
+<td><code>$[?(@.key)]</code></td>
+</tr>
+<tr>
+<td>Function sum</td>
+<td><code>$.data.sum()</code></td>
+</tr>
+<tr>
+<td>Parens notation</td>
+<td><code>$(key,more)</code></td>
+</tr>
+<tr>
+<td>Recursive descent ?</td>
+<td><code>$..</code></td>
+</tr>
+<tr>
+<td>Recursive descent after dot notation ?</td>
+<td><code>$.key..</code></td>
+</tr>
+<tr>
+<td>Root on scalar</td>
+<td><code>$</code></td>
+</tr>
+<tr>
+<td>Root on scalar false</td>
+<td><code>$</code></td>
+</tr>
+<tr>
+<td>Root on scalar true</td>
+<td><code>$</code></td>
+</tr>
+<tr>
+<td>Script expression</td>
+<td><code>$[(@.length-1)]</code></td>
+</tr>
+<tr>
+<td>Union with duplication from array</td>
+<td><code>$[0,0]</code></td>
+</tr>
+<tr>
+<td>Union with duplication from object</td>
+<td><code>$['a','a']</code></td>
+</tr>
+<tr>
+<td>Union with filter</td>
+<td><code>$[?(@.key&lt;3),?(@.key&gt;6)]</code></td>
+</tr>
+<tr>
+<td>Union with keys</td>
+<td><code>$['key','another']</code></td>
+</tr>
+<tr>
+<td>Union with keys on object without key</td>
+<td><code>$['missing','key']</code></td>
+</tr>
+<tr>
+<td>Union with keys after array slice</td>
+<td><code>$[:]['c','d']</code></td>
+</tr>
+<tr>
+<td>Union with keys after bracket notation</td>
+<td><code>$[0]['c','d']</code></td>
+</tr>
+<tr>
+<td>Union with keys after dot notation with wildcard</td>
+<td><code>$.*['c','d']</code></td>
+</tr>
+<tr>
+<td>Union with keys after recursive descent ?</td>
+<td><code>$..['c','d']</code></td>
+</tr>
+<tr>
+<td>Union with repeated matches after dot notation with wildcard</td>
+<td><code>$.*[0,:5]</code></td>
+</tr>
+<tr>
+<td>Union with slice and number</td>
+<td><code>$[1:3,4]</code></td>
+</tr>
+<tr>
+<td>Union with spaces</td>
+<td><code>$[ 0 , 1 ]</code></td>
+</tr>
+<tr>
+<td>Union with wildcard and number</td>
+<td><code>$[*,1]</code></td>
+</tr>
+</tbody>
+</table>
+</details>
--- a/frontend/docs/logos.md
+++ b/frontend/docs/logos.md
@@ -12,12 +12,6 @@ We support a wide range of logos via [SimpleIcons](https://simpleicons.org/). Al

 You can click the icon title on <a href="https://simpleicons.org/" rel="noopener noreferrer" target="_blank">simple-icons</a> to copy the slug or they can be found in the <a href="https://github.com/simple-icons/simple-icons/blob/master/slugs.md">slugs.md file</a> in the simple-icons repository. NB - the Simple Icons site and slugs.md page may at times contain new icons that haven't yet been pulled into Shields.io yet. More information on how and when we incorporate icon updates can be found [here](https://github.com/badges/shields/discussions/5369).

-## Shields logos
-
-We also maintain a small number of custom logos for a handful of services: https://github.com/badges/shields/tree/master/logo They can also be referenced by name and take preference to SimpleIcons e.g:
-
-![](https://img.shields.io/npm/v/npm.svg?logo=npm) - https://img.shields.io/npm/v/npm.svg?logo=npm
-
 ## Custom Logos

 Any custom logo can be passed in a URL parameter by base64 encoding it. e.g:
@@ -26,12 +20,7 @@ Any custom logo can be passed in a URL parameter by base64 encoding it. e.g:

 ## logoColor parameter

-The `logoColor` param can be used to set the color of the logo. Hex, rgb, rgba, hsl, hsla and css named colors can all be used. For SimpleIcons named logos (which are monochrome), the color will be applied to the SimpleIcons logo.
+The `logoColor` param can be used to set the color of the SimpleIcons named logo. Hex, rgb, rgba, hsl, hsla and css named colors can all be used.

 - ![](https://img.shields.io/badge/logo-javascript-blue?logo=javascript) - https://img.shields.io/badge/logo-javascript-blue?logo=javascript
 - ![](https://img.shields.io/badge/logo-javascript-blue?logo=javascript&logoColor=f5f5f5) - https://img.shields.io/badge/logo-javascript-blue?logo=javascript&logoColor=f5f5f5
-
-In the case where Shields hosts a custom multi-colored logo, if the `logoColor` param is passed, the corresponding SimpleIcons logo will be substituted and colored.
-
- ![](https://img.shields.io/badge/logo-gitlab-blue?logo=gitlab) - https://img.shields.io/badge/logo-gitlab-blue?logo=gitlab
- ![](https://img.shields.io/badge/logo-gitlab-blue?logo=gitlab&logoColor=white) - https://img.shields.io/badge/logo-gitlab-blue?logo=gitlab&logoColor=white
--- a/frontend/docusaurus.config.cjs
+++ b/frontend/docusaurus.config.cjs
@@ -1,5 +1,6 @@
 const lightCodeTheme = require('prism-react-renderer').themes.github
 const darkCodeTheme = require('prism-react-renderer').themes.dracula
+const stripCodeBlockLinks = require('./src/plugins/strip-code-block-links')

 /** @type {import('@docusaurus/types').Config} */
 const config = {
@@ -24,6 +25,14 @@ const config = {
    ],
  ],

+  markdown: {
+    mdx1Compat: {
+      comments: true,
+      admonitions: true,
+      headingIds: true,
+    },
+  },
+
  presets: [
    [
      'docusaurus-preset-openapi',
@@ -36,6 +45,8 @@ const config = {
        blog: {
          showReadingTime: true,
          editUrl: 'https://github.com/badges/shields/tree/master/frontend',
+          onInlineAuthors: 'ignore',
+          onUntruncatedBlogPosts: 'ignore',
        },
        theme: {
          customCss: require.resolve('./src/css/custom.css'),
@@ -43,6 +54,7 @@ const config = {
        api: {
          path: 'categories',
          routeBasePath: 'badges',
+          rehypePlugins: [stripCodeBlockLinks],
        },
      }),
    ],
--- a/frontend/src/css/custom.css
+++ b/frontend/src/css/custom.css
@@ -30,23 +30,3 @@ html[data-theme="dark"] .docusaurus-highlight-code-line {
 .opencollective-image {
  color-scheme: initial;
 }
-
-/*
-TODO: remove these three styles when
-we can upgrade to docusaurus-theme-openapi@0.6.5
-*/
-
-input[type="text"], :not(#fakeID#fakeId#fakeID) select {
-  border-color: var(--ifm-color-primary-lightest);
-  border-style: solid;
-  border-width: 1px;
-}
-
-div.api-code-tab-group {
-  justify-content: center;
-  flex-wrap: wrap;
-}
-
-div.api-code-tab-group button.api-code-tab  {
-  width: unset;
-}
--- a/frontend/src/pages/community.md
+++ b/frontend/src/pages/community.md
@@ -8,14 +8,10 @@ Shields.io is possible thanks to the people and companies who donate money, serv

 <ul>
    <li>
-        <a href="https://nodeping.com/">
-        NodePing
-        </a>
+        <a href="https://nodeping.com/">NodePing</a>
    </li>
    <li>
-        <a href="https://sentry.io/">
-        Sentry
-        </a>
+        <a href="https://sentry.io/">Sentry</a>
    </li>
 </ul>

@@ -24,7 +20,7 @@ Shields.io is possible thanks to the people and companies who donate money, serv
 <p>
    <object
        data="https://opencollective.com/shields/tiers/sponsor.svg?avatarHeight=80&width=600"
-        class="opencollective-image"
+        className="opencollective-image"
    ></object>
 </p>

@@ -35,7 +31,7 @@ Shields.io is possible thanks to the people and companies who donate money, serv
 <p>
    <object
        data="https://opencollective.com/shields/tiers/backer.svg?width=600"
-        class="opencollective-image">
+        className="opencollective-image">
    </object>
 </p>

@@ -46,7 +42,7 @@ Shields.io is possible thanks to the people and companies who donate money, serv
 <p>
    <object
        data="https://opencollective.com/shields/contributors.svg?width=600"
-        class="opencollective-image"
+        className="opencollective-image"
    ></object>
 </p>

--- a/frontend/src/plugins/strip-code-block-links.js
+++ b/frontend/src/plugins/strip-code-block-links.js
@@ -0,0 +1,30 @@
+const { visit } = require('unist-util-visit')
+
+function stripCodeBlockLinks() {
+  /*
+  Docusaurus 3 uses [remark-gfm](https://github.com/remarkjs/remark-gfm)
+  One of the "features" of remark-gfm is that it automatically looks for URLs
+  and email addresses, and automatically wraps them in <a> tags.
+
+  This happens even if the URL is inside a <code> block.
+  This behaviour is
+  a) mostly unhelpful and
+  b) non-configurable
+
+  This plugin removes <a> tags which appear inside a <code> block.
+  */
+  return tree => {
+    visit(tree, ['mdxJsxTextElement', 'mdxJsxFlowElement', 'element'], node => {
+      if (node.name === 'code' || node.tagName === 'code') {
+        const links = node.children.filter(child => child.tagName === 'a')
+        links.forEach(link => {
+          const linkText = link.children.map(child => child.value).join('')
+          const linkIndex = node.children.indexOf(link)
+          node.children.splice(linkIndex, 1, { type: 'text', value: linkText })
+        })
+      }
+    })
+  }
+}
+
+module.exports = stripCodeBlockLinks
--- a/frontend/src/theme/ApiDemoPanel/Curl/index.js
+++ b/frontend/src/theme/ApiDemoPanel/Curl/index.js
@@ -234,6 +234,7 @@ function Curl({ postman, codeSamples }) {
            )}
            key={lang.tabName || lang.label}
            onClick={() => setLanguage(lang)}
+            type="button"
          >
            {lang.tabName || lang.label}
          </button>
--- a/lib/load-logos.js
+++ b/lib/load-logos.js
@@ -1,36 +0,0 @@
-import fs from 'fs'
-import path from 'path'
-import { fileURLToPath } from 'url'
-import { svg2base64 } from './svg-helpers.js'
-
-function loadLogos() {
-  // Cache svg logos from disk in base64 string
-  const logos = {}
-  const logoDir = path.join(
-    path.dirname(fileURLToPath(import.meta.url)),
-    '..',
-    'logo',
-  )
-  const logoFiles = fs.readdirSync(logoDir)
-  logoFiles.forEach(filename => {
-    if (filename[0] === '.') {
-      return
-    }
-    // filename is eg, github.svg
-    const svg = fs.readFileSync(`${logoDir}/${filename}`).toString()
-    const base64 = svg2base64(svg)
-    // logo is monochrome if it only has one fill= statement
-    const isMonochrome = (svg.match(/fill="(.+?)"/g) || []).length === 1
-
-    // eg, github
-    const name = filename.slice(0, -'.svg'.length).toLowerCase()
-    logos[name] = {
-      isMonochrome,
-      svg,
-      base64,
-    }
-  })
-  return logos
-}
-
-export default loadLogos
--- a/lib/load-simple-icons.js
+++ b/lib/load-simple-icons.js
@@ -1,5 +1,4 @@
 import * as originalSimpleIcons from 'simple-icons/icons'
-import { svg2base64 } from './svg-helpers.js'

 function loadSimpleIcons() {
  const simpleIcons = {}
@@ -16,10 +15,10 @@ function loadSimpleIcons() {
    const icon = originalSimpleIcons[key]
    const { title, slug, hex } = icon

-    icon.base64 = {
-      default: svg2base64(icon.svg.replace('<svg', `<svg fill="#${hex}"`)),
-      light: svg2base64(icon.svg.replace('<svg', '<svg fill="whitesmoke"')),
-      dark: svg2base64(icon.svg.replace('<svg', '<svg fill="#333"')),
+    icon.styles = {
+      default: icon.svg.replace('<svg', `<svg fill="#${hex}"`),
+      light: icon.svg.replace('<svg', '<svg fill="whitesmoke"'),
+      dark: icon.svg.replace('<svg', '<svg fill="#333"'),
    }

    // There are a few instances where multiple icons have the same title
--- a/lib/load-simple-icons.spec.js
+++ b/lib/load-simple-icons.spec.js
@@ -8,7 +8,7 @@ describe('loadSimpleIcons', function () {
  })

  it('prepares three color themes', function () {
-    expect(simpleIcons.sentry.base64).to.have.all.keys(
+    expect(simpleIcons.sentry.styles).to.have.all.keys(
      'default',
      'light',
      'dark',
--- a/lib/logos.js
+++ b/lib/logos.js
@@ -5,10 +5,8 @@ import {
  normalizeColor,
 } from '../badge-maker/lib/color.js'
 import coalesce from '../core/base-service/coalesce.js'
-import { svg2base64 } from './svg-helpers.js'
-import loadLogos from './load-logos.js'
+import { svg2base64, getIconSize, resetIconPosition } from './svg-helpers.js'
 import loadSimpleIcons from './load-simple-icons.js'
-const logos = loadLogos()
 const simpleIcons = loadSimpleIcons()

 // for backwards-compatibility with deleted logos
@@ -19,6 +17,7 @@ const logoAliases = {
  scrutinizer: 'scrutinizer-ci',
  stackoverflow: 'stack-overflow',
  tfs: 'azure-devops',
+  travis: 'travisci',
 }
 const lightThreshold = 0.4
 const darkThreshold = 0.6
@@ -59,24 +58,6 @@ function decodeDataUrlFromQueryParam(value) {
  return isDataUrl(maybeDataUrl) ? maybeDataUrl : undefined
 }

-function getShieldsIcon({ name, color }) {
-  if (!(name in logos)) {
-    return undefined
-  }
-
-  const { svg, base64, isMonochrome } = logos[name]
-  const svgColor = toSvgColor(color)
-  if (svgColor) {
-    if (isMonochrome) {
-      return svg2base64(svg.replace(/fill="(.+?)"/g, `fill="${svgColor}"`))
-    } else {
-      return undefined
-    }
-  } else {
-    return base64
-  }
-}
-
 function getSimpleIconStyle({ icon, style }) {
  const { hex } = icon
  if (style !== 'social' && brightness(normalizeColor(hex)) <= lightThreshold) {
@@ -88,25 +69,42 @@ function getSimpleIconStyle({ icon, style }) {
  return 'default'
 }

-function getSimpleIcon({ name, color, style }) {
-  const key = name === 'travis' ? 'travis-ci' : name.replace(/ /g, '-')
+// The `size` parameter is used to determine whether the icon should be resized
+// to fit the badge. If `size` is 'auto', the icon will be resized to fit the
+// badge. If `size` is not 'auto', the icon will be displayed at its original.
+// https://github.com/badges/shields/pull/9191
+function getSimpleIcon({ name, color, style, size }) {
+  const key = name.replace(/ /g, '-')

  if (!(key in simpleIcons)) {
    return undefined
  }

+  let iconSvg
+
  const svgColor = toSvgColor(color)
  if (svgColor) {
-    return svg2base64(
-      simpleIcons[key].svg.replace('<svg', `<svg fill="${svgColor}"`),
-    )
+    iconSvg = simpleIcons[key].svg.replace('<svg', `<svg fill="${svgColor}"`)
  } else {
    const iconStyle = getSimpleIconStyle({ icon: simpleIcons[key], style })
-    return simpleIcons[key].base64[iconStyle]
+    iconSvg = simpleIcons[key].styles[iconStyle]
  }
+
+  if (size === 'auto') {
+    const { width: iconWidth, height: iconHeight } = getIconSize(key)
+
+    if (iconWidth > iconHeight) {
+      const path = resetIconPosition(simpleIcons[key].path)
+      iconSvg = iconSvg
+        .replace('viewBox="0 0 24 24"', `viewBox="0 0 24 ${iconHeight}"`)
+        .replace(/<path d=".*"\/>/, `<path d="${path}"/>`)
+    }
+  }
+
+  return svg2base64(iconSvg)
 }

-function prepareNamedLogo({ name, color, style }) {
+function prepareNamedLogo({ name, color, style, size }) {
  if (typeof name !== 'string') {
    return undefined
  }
@@ -117,9 +115,7 @@ function prepareNamedLogo({ name, color, style }) {
    name = logoAliases[name]
  }

-  return (
-    getShieldsIcon({ name, color }) || getSimpleIcon({ name, color, style })
-  )
+  return getSimpleIcon({ name, color, style, size })
 }

 function makeLogo(defaultNamedLogo, overrides) {
@@ -131,6 +127,7 @@ function makeLogo(defaultNamedLogo, overrides) {
      name: coalesce(overrides.logo, defaultNamedLogo),
      color: overrides.logoColor,
      style: overrides.style,
+      size: overrides.logoSize,
    })
  }
 }
@@ -140,7 +137,6 @@ export {
  isDataUrl,
  decodeDataUrlFromQueryParam,
  prepareNamedLogo,
-  getShieldsIcon,
  getSimpleIcon,
  makeLogo,
 }
--- a/lib/logos.spec.js
+++ b/lib/logos.spec.js
--- a/lib/svg-helpers.js
+++ b/lib/svg-helpers.js
@@ -1,7 +1,29 @@
+import { svgPathBbox } from 'svg-path-bbox'
+import svgpath from 'svgpath'
+import loadSimpleIcons from './load-simple-icons.js'
+
+const simpleIcons = loadSimpleIcons()
+
 function svg2base64(svg) {
  return `data:image/svg+xml;base64,${Buffer.from(svg.trim()).toString(
    'base64',
  )}`
 }

-export { svg2base64 }
+function getIconSize(iconKey) {
+  if (!(iconKey in simpleIcons)) {
+    return undefined
+  }
+
+  const [x0, y0, x1, y1] = svgPathBbox(simpleIcons[iconKey].path)
+  return { width: x1 - x0, height: y1 - y0 }
+}
+
+function resetIconPosition(d) {
+  const path = svgpath(d)
+  const [offsetX, offsetY] = svgPathBbox(path)
+  const pathReset = path.translate(-offsetX, -offsetY).round(3).toString()
+  return pathReset
+}
+
+export { svg2base64, getIconSize, resetIconPosition }
--- a/logo/bitcoin.svg
+++ b/logo/bitcoin.svg
@@ -1 +0,0 @@
-<svg viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><path d="M23.636 14.902c-1.602 6.43-8.114 10.342-14.543 8.74C2.666 22.037-1.246 15.525.357 9.098 1.96 2.669 8.47-1.244 14.897.359c6.43 1.602 10.341 8.115 8.739 14.544" fill="#f7931a"/><path d="M14.686 10.267c-.371 1.487-2.663.731-3.406.546l.655-2.629c.743.186 3.138.531 2.75 2.083m-.406 4.242c-.407 1.635-3.16.75-4.053.53l.724-2.9c.893.224 3.754.664 3.33 2.37m3.008-4.219c.238-1.596-.977-2.455-2.64-3.027l.54-2.163-1.318-.33-.525 2.107a54.292 54.292 0 0 0-1.054-.249l.53-2.12-1.317-.328-.54 2.162c-.286-.065-.567-.13-.84-.198l.001-.007-1.816-.453-.35 1.406s.977.224.956.238c.533.133.63.486.613.766l-.615 2.463c.038.01.085.024.137.045l-.138-.035-.862 3.452c-.065.161-.23.405-.604.312.014.02-.957-.239-.957-.239L5.836 15.6l1.714.427c.318.08.63.164.938.242l-.545 2.19 1.315.328.54-2.164c.36.097.708.187 1.05.271l-.538 2.156 1.316.328.546-2.183c2.245.424 3.933.253 4.643-1.777.574-1.635-.027-2.578-1.208-3.194.86-.198 1.508-.765 1.681-1.934" fill="#fff"/></svg>
--- a/logo/dependabot.svg
+++ b/logo/dependabot.svg
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 54 54" fill="#fff"><path d="M25 3a1 1 0 0 0-1 1v7a1 1 0 0 0 1 1h5v3H6a3 3 0 0 0-3 3v12H1a1 1 0 0 0-1 1v10a1 1 0 0 0 1 1h2v6a3 3 0 0 0 3 3h42a3 3 0 0 0 3-3v-6h2a1 1 0 0 0 1-1V31a1 1 0 0 0-1-1h-2V18a3 3 0 0 0-3-3H33V4a1 1 0 0 0-1-1h-7zm-3.982 26a1.21 1.21 0 0 1 .837.355l1.29 1.29a1.21 1.21 0 0 1 0 1.709 1.21 1.21 0 0 1 0 .001l-6.291 6.29a1.21 1.21 0 0 1-1.71 0l-3.79-3.791a1.21 1.21 0 0 1 0-1.71l1.29-1.29a1.21 1.21 0 0 1 1.71 0L16 33.5l4.145-4.145a1.21 1.21 0 0 1 .873-.355zm19.962 0a1.21 1.21 0 0 1 .874.354l1.29 1.29a1.21 1.21 0 0 1 0 1.71l-6.29 6.289v.002a1.21 1.21 0 0 1-1.711 0l-3.79-3.79a1.21 1.21 0 0 1 0-1.71l1.29-1.29a1.21 1.21 0 0 1 1.71 0l1.645 1.645 4.147-4.146A1.21 1.21 0 0 1 40.98 29z"/></svg>
--- a/logo/gitlab.svg
+++ b/logo/gitlab.svg
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="93 93 194 194"><defs><style>.b{fill:#fc6d26}</style></defs><path style="fill:#e24329" d="m282.83 170.73-.27-.69-26.14-68.22a6.81 6.81 0 0 0-2.69-3.24 7 7 0 0 0-8 .43 7 7 0 0 0-2.32 3.52l-17.65 54h-71.47l-17.65-54a6.86 6.86 0 0 0-2.32-3.53 7 7 0 0 0-8-.43 6.87 6.87 0 0 0-2.69 3.24L97.44 170l-.26.69a48.54 48.54 0 0 0 16.1 56.1l.09.07.24.17 39.82 29.82 19.7 14.91 12 9.06a8.07 8.07 0 0 0 9.76 0l12-9.06 19.7-14.91 40.06-30 .1-.08a48.56 48.56 0 0 0 16.08-56.04Z"/><path class="b" d="m282.83 170.73-.27-.69a88.3 88.3 0 0 0-35.15 15.8L190 229.25c19.55 14.79 36.57 27.64 36.57 27.64l40.06-30 .1-.08a48.56 48.56 0 0 0 16.1-56.08Z"/><path style="fill:#fca326" d="m153.43 256.89 19.7 14.91 12 9.06a8.07 8.07 0 0 0 9.76 0l12-9.06 19.7-14.91S209.55 244 190 229.25c-19.55 14.75-36.57 27.64-36.57 27.64Z"/><path class="b" d="M132.58 185.84A88.19 88.19 0 0 0 97.44 170l-.26.69a48.54 48.54 0 0 0 16.1 56.1l.09.07.24.17 39.82 29.82L190 229.21Z"/></svg>
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				<svg viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><path d="M23.636 14.902c-1.602 6.43-8.114 10.342-14.543 8.74C2.666 22.037-1.246 15.525.357 9.098 1.96 2.669 8.47-1.244 14.897.359c6.43 1.602 10.341 8.115 8.739 14.544" fill="#f7931a"/><path d="M14.686 10.267c-.371 1.487-2.663.731-3.406.546l.655-2.629c.743.186 3.138.531 2.75 2.083m-.406 4.242c-.407 1.635-3.16.75-4.053.53l.724-2.9c.893.224 3.754.664 3.33 2.37m3.008-4.219c.238-1.596-.977-2.455-2.64-3.027l.54-2.163-1.318-.33-.525 2.107a54.292 54.292 0 0 0-1.054-.249l.53-2.12-1.317-.328-.54 2.162c-.286-.065-.567-.13-.84-.198l.001-.007-1.816-.453-.35 1.406s.977.224.956.238c.533.133.63.486.613.766l-.615 2.463c.038.01.085.024.137.045l-.138-.035-.862 3.452c-.065.161-.23.405-.604.312.014.02-.957-.239-.957-.239L5.836 15.6l1.714.427c.318.08.63.164.938.242l-.545 2.19 1.315.328.54-2.164c.36.097.708.187 1.05.271l-.538 2.156 1.316.328.546-2.183c2.245.424 3.933.253 4.643-1.777.574-1.635-.027-2.578-1.208-3.194.86-.198 1.508-.765 1.681-1.934" fill="#fff"/></svg>
				`@@ -1 +0,0 @@`
				<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 54 54" fill="#fff"><path d="M25 3a1 1 0 0 0-1 1v7a1 1 0 0 0 1 1h5v3H6a3 3 0 0 0-3 3v12H1a1 1 0 0 0-1 1v10a1 1 0 0 0 1 1h2v6a3 3 0 0 0 3 3h42a3 3 0 0 0 3-3v-6h2a1 1 0 0 0 1-1V31a1 1 0 0 0-1-1h-2V18a3 3 0 0 0-3-3H33V4a1 1 0 0 0-1-1h-7zm-3.982 26a1.21 1.21 0 0 1 .837.355l1.29 1.29a1.21 1.21 0 0 1 0 1.709 1.21 1.21 0 0 1 0 .001l-6.291 6.29a1.21 1.21 0 0 1-1.71 0l-3.79-3.791a1.21 1.21 0 0 1 0-1.71l1.29-1.29a1.21 1.21 0 0 1 1.71 0L16 33.5l4.145-4.145a1.21 1.21 0 0 1 .873-.355zm19.962 0a1.21 1.21 0 0 1 .874.354l1.29 1.29a1.21 1.21 0 0 1 0 1.71l-6.29 6.289v.002a1.21 1.21 0 0 1-1.711 0l-3.79-3.79a1.21 1.21 0 0 1 0-1.71l1.29-1.29a1.21 1.21 0 0 1 1.71 0l1.645 1.645 4.147-4.146A1.21 1.21 0 0 1 40.98 29z"/></svg>