chore(deps-dev): bump sinon from 19.0.4 to 20.0.0 (#10980 )

Bumps [sinon](https://github.com/sinonjs/sinon) from 19.0.4 to 20.0.0. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](https://github.com/sinonjs/sinon/compare/v19.0.4...v20.0.0) --- updated-dependencies: - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
chore(deps): bump simple-icons from 14.11.0 to 14.11.1 (#10976 )
2025-03-28 18:20:11 +00:00 · 2025-03-28 18:16:56 +00:00 · 2025-03-28 18:06:46 +00:00 · 2025-03-28 18:06:23 +00:00 · 2025-03-28 18:06:05 +00:00 · 2025-03-28 18:05:31 +00:00
287 changed files with 14709 additions and 7192 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,14 @@
+{
+  "name": "Node.js",
+  // "Officially" maintained node devcontainer image from Microsoft
+  // https://github.com/devcontainers/templates/tree/main/src/javascript-node
+  "image": "mcr.microsoft.com/devcontainers/javascript-node:1-20-bookworm",
+
+  // Features to add to the dev container. More info: https://containers.dev/features.
+  "features": {
+    "ghcr.io/devcontainers/features/github-cli:1": {}
+  },
+
+  // Use 'postCreateCommand' to run commands after the container is created.
+  "postCreateCommand": "npm ci"
+}
--- a/.dockerignore
+++ b/.dockerignore
@@ -2,8 +2,12 @@ node_modules/
 shields.env
 .git/
 .gitignore
+.github
 .vscode/
 fly.toml

+*.md
+doc/
+
 # Improve layer cacheability.
 Dockerfile
--- a/.eslintignore
+++ b/.eslintignore
@@ -1,7 +0,0 @@
-/api-docs/
-/build
-/coverage
-/__snapshots__
-public
-badge-maker/node_modules/
-!.github/
--- a/.eslintrc.yml
+++ b/.eslintrc.yml
@@ -1,189 +0,0 @@
-extends:
-  - standard
-  - standard-jsx
-  - standard-react
-  - prettier
-  - eslint:recommended
-
-globals:
-  JSX: 'readonly'
-
-parserOptions:
-  # Override eslint-config-standard, which incorrectly sets this to "module",
-  # though that setting is only for ES6 modules, not CommonJS modules.
-  sourceType: 'script'
-
-settings:
-  react:
-    version: '16.8'
-  jsdoc:
-    mode: typescript
-
-plugins:
-  - chai-friendly
-  - jsdoc
-  - mocha
-  - icedfrisby
-  - no-extension-in-require
-  - sort-class-members
-  - import
-  - react-hooks
-  - promise
-
-overrides:
-  # For simplicity's sake, when possible prefer to add rules to the top-level
-  # list of rules, even if they only apply to certain files. That way the
-  # rules listed here are only ones which conflict.
-
-  - files:
-      - 'badge-maker/**/*.js'
-      - '**/*.cjs'
-    env:
-      node: true
-      es6: true
-
-  - files:
-      - '**/*.js'
-      - '!frontend/**/*.js'
-      - '!badge-maker/**/*.js'
-    env:
-      node: true
-      es6: true
-    parserOptions:
-      sourceType: 'module'
-    parser: '@typescript-eslint/parser'
-    rules:
-      no-console: 'off'
-
-  - files:
-      - '**/*.ts'
-    parserOptions:
-      sourceType: 'module'
-    parser: '@typescript-eslint/parser'
-
-  - files:
-      - 'frontend/**/*.js'
-    parserOptions:
-      sourceType: 'module'
-    env:
-      browser: true
-    rules:
-      import/extensions:
-        ['error', 'never', { 'json': 'always', 'yml': 'always' }]
-
-  - files:
-      - 'core/base-service/**/*.js'
-      - 'services/**/*.js'
-    rules:
-      sort-class-members/sort-class-members:
-        [
-          'error',
-          {
-            order:
-              [
-                'name',
-                'category',
-                'isDeprecated',
-                'route',
-                'auth',
-                'examples',
-                '_cacheLength',
-                'defaultBadgeData',
-                'render',
-                'constructor',
-                'fetch',
-                'transform',
-                'handle',
-              ],
-          },
-        ]
-
-  - files:
-      - '**/*.spec.@(js|ts|tsx)'
-      - '**/*.integration.js'
-      - '**/test-helpers.js'
-      - 'core/service-test-runner/**/*.js'
-    env:
-      mocha: true
-    rules:
-      mocha/no-exclusive-tests: 'error'
-      mocha/no-skipped-tests: 'error'
-      mocha/no-mocha-arrows: 'error'
-      mocha/prefer-arrow-callback: 'error'
-
-  - files:
-      - 'services/**/*.tester.js'
-    rules:
-      icedfrisby/no-exclusive-tests: 'error'
-      icedfrisby/no-skipped-tests: 'error'
-
-rules:
-  # Disable some rules from eslint:recommended.
-  no-empty: ['error', { 'allowEmptyCatch': true }]
-
-  no-use-before-define: 'off'
-
-  # These should be disabled by eslint-config-prettier, but are not.
-  no-extra-semi: 'off'
-
-  # Shields additions.
-  no-var: 'error'
-  prefer-const: 'error'
-  arrow-body-style: ['error', 'as-needed']
-  no-extension-in-require/main: 'error'
-  object-shorthand: ['error', 'properties']
-  prefer-template: 'error'
-  promise/prefer-await-to-then: 'error'
-  func-style: ['error', 'declaration', { 'allowArrowFunctions': true }]
-  new-cap: ['error', { 'capIsNew': true }]
-  import/order: ['error', { 'newlines-between': 'never' }]
-  quotes:
-    ['error', 'single', { 'avoidEscape': true, 'allowTemplateLiterals': false }]
-
-  # Account for destructuring responses from upstream services,
-  # many of which do not follow camelcase
-  # Based on original rule configuration from eslint-config-standard
-  camelcase:
-    [
-      'error',
-      {
-        ignoreDestructuring: true,
-        properties: 'never',
-        ignoreGlobals: true,
-        allow: ['^UNSAFE_'],
-      },
-    ]
-
-  # Chai friendly.
-  no-unused-expressions: 'off'
-  chai-friendly/no-unused-expressions: 'error'
-
-  # jsdoc plugin:
-  # don't require every class/function to have a docblock
-  jsdoc/require-jsdoc: 'off'
-
-  # allow Joi as an undefined type
-  jsdoc/no-undefined-types: ['error', { definedTypes: ['Joi'] }]
-
-  # all the other recommended rules as errors (not warnings)
-  jsdoc/check-alignment: 'error'
-  jsdoc/check-param-names: 'error'
-  jsdoc/check-tag-names: 'error'
-  jsdoc/check-types: 'error'
-  jsdoc/implements-on-classes: 'error'
-  jsdoc/tag-lines: ['error', 'any', { 'startLines': 1 }]
-  jsdoc/require-param: 'error'
-  jsdoc/require-param-description: 'error'
-  jsdoc/require-param-name: 'error'
-  jsdoc/require-param-type: 'error'
-  jsdoc/require-returns: 'error'
-  jsdoc/require-returns-check: 'error'
-  jsdoc/require-returns-description: 'error'
-  jsdoc/require-returns-type: 'error'
-  jsdoc/valid-types: 'error'
-
-  react/prop-types: 'off'
-  react/jsx-sort-props: 'error'
-  react-hooks/rules-of-hooks: 'error'
-  react-hooks/exhaustive-deps: 'error'
-  jsx-quotes: ['error', 'prefer-double']
--- a/.github/ISSUE_TEMPLATE/1_Bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/1_Bug_report.yml
@@ -41,4 +41,4 @@ body:
    attributes:
      value: |
        ## :heart: Love Shields?
-        Please consider donating $10 to sustain our activities: [https://opencollective.com/shields](https://opencollective.com/shields)
+        Please consider donating to sustain our activities: [https://opencollective.com/shields](https://opencollective.com/shields)
--- a/.github/ISSUE_TEMPLATE/2_Failing_service_test.md
+++ b/.github/ISSUE_TEMPLATE/2_Failing_service_test.md
@@ -28,5 +28,5 @@ labels: 'keep-service-tests-green'

 <!--- Optional: only if you have suggestions on a fix/reason for the bug -->

-<!-- Love Shields? Please consider donating $10 to sustain our activities:
+<!-- Love Shields? Please consider donating to sustain our activities:
 👉  https://opencollective.com/shields -->
--- a/.github/ISSUE_TEMPLATE/3_Badge_request.yml
+++ b/.github/ISSUE_TEMPLATE/3_Badge_request.yml
@@ -59,4 +59,4 @@ body:
    attributes:
      value: |
        ## :heart: Love Shields?
-        Please consider donating $10 to sustain our activities: [https://opencollective.com/shields](https://opencollective.com/shields)
+        Please consider donating to sustain our activities: [https://opencollective.com/shields](https://opencollective.com/shields)
--- a/.github/ISSUE_TEMPLATE/4_Feature_request.md
+++ b/.github/ISSUE_TEMPLATE/4_Feature_request.md
@@ -7,5 +7,5 @@ about: Ideas for other new features or improvements

 <!-- A clear and concise description of the new feature. -->

-<!-- Love Shields? Please consider donating $10 to sustain our activities:
+<!-- Love Shields? Please consider donating to sustain our activities:
 👉  https://opencollective.com/shields -->
--- a/.github/actions/docusaurus-swizzled-warning/package-lock.json
+++ b/.github/actions/docusaurus-swizzled-warning/package-lock.json
@@ -9,17 +9,25 @@
            "version": "0.0.0",
            "license": "CC0",
            "dependencies": {
-                "@actions/core": "^1.10.1",
+                "@actions/core": "^1.11.1",
                "@actions/github": "^6.0.0"
            }
        },
        "node_modules/@actions/core": {
-            "version": "1.10.1",
-            "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.1.tgz",
-            "integrity": "sha512-3lBR9EDAY+iYIpTnTIXmWcNbX3T2kCkAEQGIQx4NVQ0575nk2k3GRZDTPQG+vVtS2izSLmINlxXf0uLtnrTP+g==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
+            "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
            "dependencies": {
-                "@actions/http-client": "^2.0.1",
-                "uuid": "^8.3.2"
+                "@actions/exec": "^1.1.1",
+                "@actions/http-client": "^2.0.1"
+            }
+        },
+        "node_modules/@actions/exec": {
+            "version": "1.1.1",
+            "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
+            "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
+            "dependencies": {
+                "@actions/io": "^1.0.1"
            }
        },
        "node_modules/@actions/github": {
@@ -42,6 +50,11 @@
                "undici": "^5.25.4"
            }
        },
+        "node_modules/@actions/io": {
+            "version": "1.1.3",
+            "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
+            "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
+        },
        "node_modules/@fastify/busboy": {
            "version": "2.0.0",
            "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.0.0.tgz",
@@ -76,18 +89,33 @@
            }
        },
        "node_modules/@octokit/endpoint": {
-            "version": "9.0.1",
-            "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-9.0.1.tgz",
-            "integrity": "sha512-hRlOKAovtINHQPYHZlfyFwaM8OyetxeoC81lAkBy34uLb8exrZB50SQdeW3EROqiY9G9yxQTpp5OHTV54QD+vA==",
+            "version": "9.0.6",
+            "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-9.0.6.tgz",
+            "integrity": "sha512-H1fNTMA57HbkFESSt3Y9+FBICv+0jFceJFPWDePYlR/iMGrwM5ph+Dd4XRQs+8X+PUFURLQgX9ChPfhJ/1uNQw==",
+            "license": "MIT",
            "dependencies": {
-                "@octokit/types": "^12.0.0",
-                "is-plain-object": "^5.0.0",
+                "@octokit/types": "^13.1.0",
                "universal-user-agent": "^6.0.0"
            },
            "engines": {
                "node": ">= 18"
            }
        },
+        "node_modules/@octokit/endpoint/node_modules/@octokit/openapi-types": {
+            "version": "23.0.1",
+            "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-23.0.1.tgz",
+            "integrity": "sha512-izFjMJ1sir0jn0ldEKhZ7xegCTj/ObmEDlEfpFrx4k/JyZSMRHbO3/rBwgE7f3m2DHt+RrNGIVw4wSmwnm3t/g==",
+            "license": "MIT"
+        },
+        "node_modules/@octokit/endpoint/node_modules/@octokit/types": {
+            "version": "13.8.0",
+            "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.8.0.tgz",
+            "integrity": "sha512-x7DjTIbEpEWXK99DMd01QfWy0hd5h4EN+Q7shkdKds3otGQP+oWE/y0A76i1OvH9fygo4ddvNf7ZvF0t78P98A==",
+            "license": "MIT",
+            "dependencies": {
+                "@octokit/openapi-types": "^23.0.1"
+            }
+        },
        "node_modules/@octokit/graphql": {
            "version": "7.0.2",
            "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-7.0.2.tgz",
@@ -102,22 +130,24 @@
            }
        },
        "node_modules/@octokit/openapi-types": {
-            "version": "19.0.0",
-            "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-19.0.0.tgz",
-            "integrity": "sha512-PclQ6JGMTE9iUStpzMkwLCISFn/wDeRjkZFIKALpvJQNBGwDoYYi2fFvuHwssoQ1rXI5mfh6jgTgWuddeUzfWw=="
+            "version": "20.0.0",
+            "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-20.0.0.tgz",
+            "integrity": "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA==",
+            "license": "MIT"
        },
        "node_modules/@octokit/plugin-paginate-rest": {
-            "version": "9.0.0",
-            "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-9.0.0.tgz",
-            "integrity": "sha512-oIJzCpttmBTlEhBmRvb+b9rlnGpmFgDtZ0bB6nq39qIod6A5DP+7RkVLMOixIgRCYSHDTeayWqmiJ2SZ6xgfdw==",
+            "version": "9.2.2",
+            "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-9.2.2.tgz",
+            "integrity": "sha512-u3KYkGF7GcZnSD/3UP0S7K5XUFT2FkOQdcfXZGZQPGv3lm4F2Xbf71lvjldr8c1H3nNbF+33cLEkWYbokGWqiQ==",
+            "license": "MIT",
            "dependencies": {
-                "@octokit/types": "^12.0.0"
+                "@octokit/types": "^12.6.0"
            },
            "engines": {
                "node": ">= 18"
            },
            "peerDependencies": {
-                "@octokit/core": ">=5"
+                "@octokit/core": "5"
            }
        },
        "node_modules/@octokit/plugin-rest-endpoint-methods": {
@@ -135,14 +165,14 @@
            }
        },
        "node_modules/@octokit/request": {
-            "version": "8.1.4",
-            "resolved": "https://registry.npmjs.org/@octokit/request/-/request-8.1.4.tgz",
-            "integrity": "sha512-M0aaFfpGPEKrg7XoA/gwgRvc9MSXHRO2Ioki1qrPDbl1e9YhjIwVoHE7HIKmv/m3idzldj//xBujcFNqGX6ENA==",
+            "version": "8.4.1",
+            "resolved": "https://registry.npmjs.org/@octokit/request/-/request-8.4.1.tgz",
+            "integrity": "sha512-qnB2+SY3hkCmBxZsR/MPCybNmbJe4KAlfWErXq+rBKkQJlbjdJeS85VI9r8UqeLYLvnAenU8Q1okM/0MBsAGXw==",
+            "license": "MIT",
            "dependencies": {
-                "@octokit/endpoint": "^9.0.0",
-                "@octokit/request-error": "^5.0.0",
-                "@octokit/types": "^12.0.0",
-                "is-plain-object": "^5.0.0",
+                "@octokit/endpoint": "^9.0.6",
+                "@octokit/request-error": "^5.1.1",
+                "@octokit/types": "^13.1.0",
                "universal-user-agent": "^6.0.0"
            },
            "engines": {
@@ -150,11 +180,12 @@
            }
        },
        "node_modules/@octokit/request-error": {
-            "version": "5.0.1",
-            "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.0.1.tgz",
-            "integrity": "sha512-X7pnyTMV7MgtGmiXBwmO6M5kIPrntOXdyKZLigNfQWSEQzVxR4a4vo49vJjTWX70mPndj8KhfT4Dx+2Ng3vnBQ==",
+            "version": "5.1.1",
+            "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.1.1.tgz",
+            "integrity": "sha512-v9iyEQJH6ZntoENr9/yXxjuezh4My67CBSu9r6Ve/05Iu5gNgnisNWOsoJHTP6k0Rr0+HQIpnH+kyammu90q/g==",
+            "license": "MIT",
            "dependencies": {
-                "@octokit/types": "^12.0.0",
+                "@octokit/types": "^13.1.0",
                "deprecation": "^2.0.0",
                "once": "^1.4.0"
            },
@@ -162,12 +193,43 @@
                "node": ">= 18"
            }
        },
-        "node_modules/@octokit/types": {
-            "version": "12.0.0",
-            "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.0.0.tgz",
-            "integrity": "sha512-EzD434aHTFifGudYAygnFlS1Tl6KhbTynEWELQXIbTY8Msvb5nEqTZIm7sbPEt4mQYLZwu3zPKVdeIrw0g7ovg==",
+        "node_modules/@octokit/request-error/node_modules/@octokit/openapi-types": {
+            "version": "23.0.1",
+            "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-23.0.1.tgz",
+            "integrity": "sha512-izFjMJ1sir0jn0ldEKhZ7xegCTj/ObmEDlEfpFrx4k/JyZSMRHbO3/rBwgE7f3m2DHt+RrNGIVw4wSmwnm3t/g==",
+            "license": "MIT"
+        },
+        "node_modules/@octokit/request-error/node_modules/@octokit/types": {
+            "version": "13.8.0",
+            "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.8.0.tgz",
+            "integrity": "sha512-x7DjTIbEpEWXK99DMd01QfWy0hd5h4EN+Q7shkdKds3otGQP+oWE/y0A76i1OvH9fygo4ddvNf7ZvF0t78P98A==",
+            "license": "MIT",
            "dependencies": {
-                "@octokit/openapi-types": "^19.0.0"
+                "@octokit/openapi-types": "^23.0.1"
+            }
+        },
+        "node_modules/@octokit/request/node_modules/@octokit/openapi-types": {
+            "version": "23.0.1",
+            "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-23.0.1.tgz",
+            "integrity": "sha512-izFjMJ1sir0jn0ldEKhZ7xegCTj/ObmEDlEfpFrx4k/JyZSMRHbO3/rBwgE7f3m2DHt+RrNGIVw4wSmwnm3t/g==",
+            "license": "MIT"
+        },
+        "node_modules/@octokit/request/node_modules/@octokit/types": {
+            "version": "13.8.0",
+            "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.8.0.tgz",
+            "integrity": "sha512-x7DjTIbEpEWXK99DMd01QfWy0hd5h4EN+Q7shkdKds3otGQP+oWE/y0A76i1OvH9fygo4ddvNf7ZvF0t78P98A==",
+            "license": "MIT",
+            "dependencies": {
+                "@octokit/openapi-types": "^23.0.1"
+            }
+        },
+        "node_modules/@octokit/types": {
+            "version": "12.6.0",
+            "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.6.0.tgz",
+            "integrity": "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw==",
+            "license": "MIT",
+            "dependencies": {
+                "@octokit/openapi-types": "^20.0.0"
            }
        },
        "node_modules/before-after-hook": {
@@ -180,14 +242,6 @@
            "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz",
            "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ=="
        },
-        "node_modules/is-plain-object": {
-            "version": "5.0.0",
-            "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz",
-            "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==",
-            "engines": {
-                "node": ">=0.10.0"
-            }
-        },
        "node_modules/once": {
            "version": "1.4.0",
            "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
@@ -205,9 +259,10 @@
            }
        },
        "node_modules/undici": {
-            "version": "5.28.4",
-            "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz",
-            "integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==",
+            "version": "5.28.5",
+            "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz",
+            "integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==",
+            "license": "MIT",
            "dependencies": {
                "@fastify/busboy": "^2.0.0"
            },
@@ -220,14 +275,6 @@
            "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",
            "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w=="
        },
-        "node_modules/uuid": {
-            "version": "8.3.2",
-            "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
-            "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
-            "bin": {
-                "uuid": "dist/bin/uuid"
-            }
-        },
        "node_modules/wrappy": {
            "version": "1.0.2",
            "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
--- a/.github/actions/docusaurus-swizzled-warning/package.json
+++ b/.github/actions/docusaurus-swizzled-warning/package.json
@@ -10,7 +10,7 @@
    "author": "jNullj",
    "license": "CC0",
    "dependencies": {
-        "@actions/core": "^1.10.1",
+        "@actions/core": "^1.11.1",
        "@actions/github": "^6.0.0"
    }
 }
--- a/.github/actions/service-tests/action.yml
+++ b/.github/actions/service-tests/action.yml
@@ -36,10 +36,6 @@ inputs:
    description: 'The SERVICETESTS_TWITCH_CLIENT_SECRET secret'
    required: false
    default: ''
-  wheelmap-token:
-    description: 'The SERVICETESTS_WHEELMAP_TOKEN secret'
-    required: false
-    default: ''
  youtube-api-key:
    description: 'The SERVICETESTS_YOUTUBE_API_KEY secret'
    required: false
@@ -71,11 +67,12 @@ runs:
        OBS_USER: '${{ inputs.obs-user }}'
        OBS_PASS: '${{ inputs.obs-pass }}'
        PEPY_KEY: '${{ inputs.pepy-key }}'
+        REDDIT_CLIENT_ID: '${{ inputs.reddit-client-id }}'
+        REDDIT_CLIENT_SECRET: '${{ inputs.reddit-client-secret }}'
        SL_INSIGHT_USER_UUID: '${{ inputs.sl-insight-user-uuid }}'
        SL_INSIGHT_API_TOKEN: '${{ inputs.sl-insight-api-token }}'
        TWITCH_CLIENT_ID: '${{ inputs.twitch-client-id }}'
        TWITCH_CLIENT_SECRET: '${{ inputs.twitch-client-secret }}'
-        WHEELMAP_TOKEN: '${{ inputs.wheelmap-token }}'
        YOUTUBE_API_KEY: '${{ inputs.youtube-api-key }}'

    - name: Write Markdown Summary
--- a/.github/workflows/coveralls-code-coverage.yml
+++ b/.github/workflows/coveralls-code-coverage.yml
@@ -60,11 +60,12 @@ jobs:
          OBS_USER: '${{ secrets.SERVICETESTS_OBS_USER }}'
          OBS_PASS: '${{ secrets.SERVICETESTS_OBS_PASS }}'
          PEPY_KEY: '${{ secrets.SERVICETESTS_PEPY_KEY }}'
+          REDDIT_CLIENT_ID: '${{ secrets.SERVICETESTS_REDDIT_CLIENT_ID }}'
+          REDDIT_CLIENT_SECRET: '${{ secrets.SERVICETESTS_REDDIT_CLIENT_SECRET }}'
          SL_INSIGHT_USER_UUID: '${{ secrets.SERVICETESTS_SL_INSIGHT_USER_UUID }}'
          SL_INSIGHT_API_TOKEN: '${{ secrets.SERVICETESTS_SL_INSIGHT_API_TOKEN }}'
          TWITCH_CLIENT_ID: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_ID }}'
          TWITCH_CLIENT_SECRET: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_SECRET }}'
-          WHEELMAP_TOKEN: '${{ secrets.SERVICETESTS_WHEELMAP_TOKEN }}'
          YOUTUBE_API_KEY: '${{ secrets.SERVICETESTS_YOUTUBE_API_KEY }}'
        shell: bash

--- a/.github/workflows/daily-tests.yml
+++ b/.github/workflows/daily-tests.yml
@@ -57,11 +57,12 @@ jobs:
          OBS_USER: '${{ secrets.SERVICETESTS_OBS_USER }}'
          OBS_PASS: '${{ secrets.SERVICETESTS_OBS_PASS }}'
          PEPY_KEY: '${{ secrets.SERVICETESTS_PEPY_KEY }}'
+          REDDIT_CLIENT_ID: '${{ secrets.SERVICETESTS_REDDIT_CLIENT_ID }}'
+          REDDIT_CLIENT_SECRET: '${{ secrets.SERVICETESTS_REDDIT_CLIENT_SECRET }}'
          SL_INSIGHT_USER_UUID: '${{ secrets.SERVICETESTS_SL_INSIGHT_USER_UUID }}'
          SL_INSIGHT_API_TOKEN: '${{ secrets.SERVICETESTS_SL_INSIGHT_API_TOKEN }}'
          TWITCH_CLIENT_ID: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_ID }}'
          TWITCH_CLIENT_SECRET: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_SECRET }}'
-          WHEELMAP_TOKEN: '${{ secrets.SERVICETESTS_WHEELMAP_TOKEN }}'
          YOUTUBE_API_KEY: '${{ secrets.SERVICETESTS_YOUTUBE_API_KEY }}'

      - name: Write Service Tests Markdown Summary
--- a/.github/workflows/deploy-review-app.yml
+++ b/.github/workflows/deploy-review-app.yml
@@ -36,9 +36,10 @@ jobs:
            OBS_USER=${{ secrets.SERVICETESTS_OBS_USER }}
            OBS_PASS=${{ secrets.SERVICETESTS_OBS_PASS }}
            PEPY_KEY=${{ secrets.SERVICETESTS_PEPY_KEY }}
+            REDDIT_CLIENT_ID=${{ secrets.SERVICETESTS_REDDIT_CLIENT_ID }}
+            REDDIT_CLIENT_SECRET=${{ secrets.SERVICETESTS_REDDIT_CLIENT_SECRET }}
            SL_INSIGHT_API_TOKEN=${{ secrets.SERVICETESTS_SL_INSIGHT_USER_UUID }}
            SL_INSIGHT_USER_UUID=${{ secrets.SERVICETESTS_SL_INSIGHT_API_TOKEN }}
            TWITCH_CLIENT_ID=${{ secrets.SERVICETESTS_TWITCH_CLIENT_ID }}
            TWITCH_CLIENT_SECRET=${{ secrets.SERVICETESTS_TWITCH_CLIENT_SECRET }}
-            WHEELMAP_TOKEN=${{ secrets.SERVICETESTS_WHEELMAP_TOKEN }}
            YOUTUBE_API_KEY=${{ secrets.SERVICETESTS_YOUTUBE_API_KEY }}
--- a/.github/workflows/test-package-lib.yml
+++ b/.github/workflows/test-package-lib.yml
@@ -23,7 +23,7 @@ jobs:
            npm: '^10'
            engine-strict: 'true'
          - node: '22'
-            npm: '^10'
+            npm: '^11'
            engine-strict: 'false'
    steps:
      - name: Checkout
--- a/.github/workflows/test-services-22.yml
+++ b/.github/workflows/test-services-22.yml
@@ -30,11 +30,12 @@ jobs:
          obs-user: '${{ secrets.SERVICETESTS_OBS_USER }}'
          obs-pass: '${{ secrets.SERVICETESTS_OBS_PASS }}'
          pepy-key: '${{ secrets.SERVICETESTS_PEPY_KEY }}'
+          reddit-client-id: '${{ secrets.SERVICETESTS_REDDIT_CLIENT_ID }}'
+          reddit-client-secret: '${{ secrets.SERVICETESTS_REDDIT_CLIENT_SECRET }}'
          sl-insight-user-uuid: '${{ secrets.SERVICETESTS_SL_INSIGHT_USER_UUID }}'
          sl-insight-api-token: '${{ secrets.SERVICETESTS_SL_INSIGHT_API_TOKEN }}'
          twitch-client-id: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_ID }}'
          twitch-client-secret: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_SECRET }}'
-          wheelmap-token: '${{ secrets.SERVICETESTS_WHEELMAP_TOKEN }}'
          youtube-api-key: '${{ secrets.SERVICETESTS_YOUTUBE_API_KEY }}'

      - name: Service tests (triggered from fork)
--- a/.github/workflows/test-services.yml
+++ b/.github/workflows/test-services.yml
@@ -28,11 +28,12 @@ jobs:
          obs-user: '${{ secrets.SERVICETESTS_OBS_USER }}'
          obs-pass: '${{ secrets.SERVICETESTS_OBS_PASS }}'
          pepy-key: '${{ secrets.SERVICETESTS_PEPY_KEY }}'
+          reddit-client-id: '${{ secrets.SERVICETESTS_REDDIT_CLIENT_ID }}'
+          reddit-client-secret: '${{ secrets.SERVICETESTS_REDDIT_CLIENT_SECRET }}'
          sl-insight-user-uuid: '${{ secrets.SERVICETESTS_SL_INSIGHT_USER_UUID }}'
          sl-insight-api-token: '${{ secrets.SERVICETESTS_SL_INSIGHT_API_TOKEN }}'
          twitch-client-id: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_ID }}'
          twitch-client-secret: '${{ secrets.SERVICETESTS_TWITCH_CLIENT_SECRET }}'
-          wheelmap-token: '${{ secrets.SERVICETESTS_WHEELMAP_TOKEN }}'
          youtube-api-key: '${{ secrets.SERVICETESTS_YOUTUBE_API_KEY }}'

      - name: Service tests (triggered from fork)
--- a/.github/workflows/update-github-api.yml
+++ b/.github/workflows/update-github-api.yml
@@ -25,7 +25,7 @@ jobs:
        run: node scripts/update-github-api.js

      - name: Create Pull Request if config has changed
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v7
        with:
          token: '${{ secrets.GITHUB_TOKEN }}'
          commit-message: Update GitHub API Version
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,88 @@ Note: this changelog is for the shields.io server. The changelog for the badge-m

 ---

+## server-2025-03-02
+
+- time out long running requests more aggressively [#10833](https://github.com/badges/shields/issues/10833)
+- Dependency updates
+
+## server-2025-02-02
+
+- Mark Stubs-only packages with [PypiTypes] badge [#10864](https://github.com/badges/shields/issues/10864)
+- fix badge style when logo only [#10794](https://github.com/badges/shields/issues/10794)
+- pass matching mime type to xmldom; test [dynamicxml] [#10830](https://github.com/badges/shields/issues/10830)
+- allow [chromewebstore] size to contain decimal point [#10812](https://github.com/badges/shields/issues/10812)
+- Add auth support to [Reddit] badges [#10790](https://github.com/badges/shields/issues/10790)
+- Fixed mixed up Code climate endpoints [#10813](https://github.com/badges/shields/issues/10813)
+- feat: add terraform registry providers and modules downloads [#10793](https://github.com/badges/shields/issues/10793)
+- Renew [Mastodon] docs and improve parameter handling [#10789](https://github.com/badges/shields/issues/10789)
+- Support [Matrix] summary endpoint [#10782](https://github.com/badges/shields/issues/10782)
+- use metric() in [coderabbit] badge [#10779](https://github.com/badges/shields/issues/10779)
+- cache matrix badges for 4 hours [#10778](https://github.com/badges/shields/issues/10778)
+- Dependency updates
+
+## server-2025-01-01
+
+- Add [PypiTypes] badge [#10774](https://github.com/badges/shields/issues/10774)
+- feat(endpoint-badge): add logoSize support [#10132](https://github.com/badges/shields/issues/10132)
+- fix auto-sized logo sizes [#10764](https://github.com/badges/shields/issues/10764)
+- Add [Coderabbit] PR Stats service and tests [#10749](https://github.com/badges/shields/issues/10749)
+- add [PUB] downloads badge [#10745](https://github.com/badges/shields/issues/10745)
+- Add [GitLab] Top Language Badge [#10750](https://github.com/badges/shields/issues/10750)
+- provide a non-repository scoped version of [githubcodesearch] [#10733](https://github.com/badges/shields/issues/10733)
+- [ReproducibleCentral] add Reproducible Central in Dependencies [#10705](https://github.com/badges/shields/issues/10705)
+- Add ability to format bytes as metric or IEC; affects [bundlejs bundlephobia ChromeWebStoreSize CratesSize DockerSize GithubRepoSize GithubCodeSize GithubSize NpmUnpackedSize SpigetDownloadSize steam VisualStudioAppCenterReleasesSize whatpulse] [#10547](https://github.com/badges/shields/issues/10547)
+- Dependency updates
+
+## server-2024-12-01
+
+- add [WingetVersion] Badge [#10245](https://github.com/badges/shields/issues/10245)
+- Fix broken URL for pingpong.one [#10655](https://github.com/badges/shields/issues/10655)
+- [npm] - Last update badge added [#10641](https://github.com/badges/shields/issues/10641)
+- reduce overhead of NPM Last Update badge; test [npm] [#10666](https://github.com/badges/shields/issues/10666)
+- Add YouTube-specific privacy notes [#10646](https://github.com/badges/shields/issues/10646)
+- Dependency updates
+
+## server-2024-11-02
+
+- cleanly handle null or undefined result from jsonpath-plus [#10645](https://github.com/badges/shields/issues/10645)
+- add content security policy header to SVG responses [#10642](https://github.com/badges/shields/issues/10642)
+- [Scoop] Added scoop-license badge. [#10627](https://github.com/badges/shields/issues/10627)
+- [Chromewebstore] Extension size & last updated [#10613](https://github.com/badges/shields/issues/10613)
+- Deprecate HackageDeps service [#10618](https://github.com/badges/shields/issues/10618)
+- Add [CratesUserDownloads] service and tester [#10619](https://github.com/badges/shields/issues/10619)
+- [Snapcraft] - Added snapcraft last update badge [#10610](https://github.com/badges/shields/issues/10610)
+- [GitHubHacktoberfest] 2024 support [#10612](https://github.com/badges/shields/issues/10612)
+- add [homebrew] cask download badge [#10595](https://github.com/badges/shields/issues/10595)
+- remove prefix v for commit hash version [#10597](https://github.com/badges/shields/issues/10597)
+- [Maven] Added badge for Maven-Cenral last-update (#10301) [#10585](https://github.com/badges/shields/issues/10585)
+- [DynamicXml] parse doc as html if served with text/html content type [#10607](https://github.com/badges/shields/issues/10607)
+- Revert "Use old.stats.jenkins.io for JSON data (#10522)" [#10537](https://github.com/badges/shields/issues/10537)
+- catch queries that cause TypeError [#10556](https://github.com/badges/shields/issues/10556)
+- Dependency updates
+
+## server-2024-09-25
+
+This release includes an important security fix. See
+
+- https://github.com/badges/shields/security/advisories/GHSA-rxvx-x284-4445
+- https://github.com/badges/shields/issues/10553
+
+for more details
+
+- [dynamicjson dynamicyaml dynamictoml] switch to jsonpath-plus [#10551](https://github.com/badges/shields/issues/10551)
+- [Snapcraft] license [#10520](https://github.com/badges/shields/issues/10520)
+- deprecate [wheelmap] service [#10538](https://github.com/badges/shields/issues/10538)
+- Use old.stats.jenkins.io for JSON data [#10522](https://github.com/badges/shields/issues/10522)
+- catch xml ParseError [#10516](https://github.com/badges/shields/issues/10516)
+- migrate [MozillaObservatory] to /scan endpoint [#10491](https://github.com/badges/shields/issues/10491)
+- fix incorrect codecov config link [#10511](https://github.com/badges/shields/issues/10511)
+- [OSSLifecycle OSSLifecycleRedirect] Add file_url param to pull from non-github sources [#10489](https://github.com/badges/shields/issues/10489)
+- perf: improve logoSize performance [#10488](https://github.com/badges/shields/issues/10488)
+- perf: faster `resetIconPosition` avoiding to parse path twice [#10497](https://github.com/badges/shields/issues/10497)
+- perf: limit logoSize precision to 3 [#10521](https://github.com/badges/shields/issues/10521)
+- Dependency updates
+
 ## server-2024-09-02

 - Publish linux/amd64 docker images for snapshot builds [#10476](https://github.com/badges/shields/issues/10476)
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -8,10 +8,7 @@ financial contributions, issues, and pull requests!
 ### Financial contributions

 We welcome financial contributions in full transparency on our
-[open collective](https://opencollective.com/shields). Anyone can file an
-expense. If the expense makes sense for the development of the community, it
-will be "merged" into the ledger of our open collective by the core
-contributors and the person who filed the expense will be reimbursed.
+[open collective](https://opencollective.com/shields).

 ### Contributing code

@@ -90,7 +87,7 @@ encourage you to contribute logos there. Please review their

 Feel free to star the repository. This will help increase the visibility of the project, therefore attracting more users and contributors to Shields!

-We're also asking for [one-time \$10 donations](https://opencollective.com/shields) from developers who use and love Shields, please spread the word!
+We're also asking for [donations](https://opencollective.com/shields) from developers who use and love Shields, please spread the word!

 ## Getting help

--- a/12
+++ b/12
@@ -1,5 +1,7 @@
 FROM node:20-alpine AS builder

+RUN npm install -g "npm@^10"
+
 RUN mkdir -p /usr/src/app
 RUN mkdir /usr/src/app/private
 WORKDIR /usr/src/app
@@ -8,14 +10,16 @@ COPY package.json package-lock.json /usr/src/app/
 # Without the badge-maker package.json and CLI script in place, `npm ci` will fail.
 COPY badge-maker /usr/src/app/badge-maker/

-RUN npm install -g "npm@^9.0.0"
 # We need dev deps to build the front end. We don't need Cypress, though.
 RUN NODE_ENV=development CYPRESS_INSTALL_BINARY=0 npm ci

 COPY . /usr/src/app
-RUN npm run build
-RUN npm prune --omit=dev
-RUN npm cache clean --force
+
+RUN npm run build \
+    && npm prune --omit=dev --force \
+    && rm -rf node_modules/.cache \
+    && rm -rf frontend package-lock.json
+

 # Use multi-stage build to reduce size
 FROM node:20-alpine
--- a/README.md
+++ b/README.md
@@ -60,7 +60,7 @@ This repo hosts:
 - amount of [Liberapay](https://liberapay.com/) donations per week: ![receives](https://img.shields.io/badge/receives-2.00%20USD%2Fweek-yellow)
 - Python package downloads: ![downloads](https://img.shields.io/badge/downloads-13k%2Fmonth-brightgreen)
 - Chrome Web Store extension rating: ![rating](https://img.shields.io/badge/rating-★★★★☆-brightgreen)
- [Uptime Robot](https://uptimerobot.com) percentage: ![uptime](https://img.shields.io/badge/uptime-100%25-brightgreen)
+- Uptime Robot uptime percentage: ![uptime](https://img.shields.io/badge/uptime-100%25-brightgreen)

 [Make your own badges!][custom badges]
 (Quick example: `https://img.shields.io/badge/left-right-f39f37`)
@@ -96,6 +96,8 @@ If you intend on reporting or contributing a fix related to security vulnerabili

 ## Development

+[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/badges/shields?quickstart=1)
+
 1. Install Node 20 or later. You can use the [package manager][] of your choice.
   Tests need to pass in Node 20 and 22.
 2. Clone this repository.
@@ -198,25 +200,19 @@ You can read more about [the project's inception][thread],

 Maintainers:

- [calebcartwright](https://github.com/calebcartwright) (core team)
- [chris48s](https://github.com/chris48s) (core team)
- [Daniel15](https://github.com/Daniel15) (core team)
- [paulmelnikow](https://github.com/paulmelnikow) (core team)
- [platan](https://github.com/platan) (core team)
- [PyvesB](https://github.com/PyvesB) (core team)
- [RedSparr0w](https://github.com/RedSparr0w) (core team)
-
-Operations:
-
 - [calebcartwright](https://github.com/calebcartwright)
 - [chris48s](https://github.com/chris48s)
+- [jNullj](https://github.com/jnullj)
 - [paulmelnikow](https://github.com/paulmelnikow)
 - [PyvesB](https://github.com/PyvesB)

 Alumni:

+- [Daniel15](https://github.com/Daniel15)
 - [espadrine](https://github.com/espadrine)
 - [olivierlacan](https://github.com/olivierlacan)
+- [platan](https://github.com/platan)
+- [RedSparr0w](https://github.com/RedSparr0w)

 ## License

--- a/SECURITY.md
+++ b/SECURITY.md
@@ -23,3 +23,7 @@ Report security bugs in third-party modules to the person or team maintaining th
 We aim to patch confirmed vulnerabilities within 90 days or less, disclosing the details of those vulnerabilities when a patch is published. We ask that you refrain from sharing your report with others while we work on our patch.

 We may want to coordinate an advisory with you to be published simultaneously with the patch, but you are also welcome to self-disclose after 90 days if you prefer. We will never publish information about you or our communications with you without your permission.
+
+## Bounties
+
+Everyone who works on shields is an unpaid volunteer. That includes the core team, contributors and people who report security vulnerabilities. This means we are unable to offer bug or security bounties.
--- a/snapshots/make-badge.spec.mjs.js
+++ b/snapshots/make-badge.spec.mjs.js
--- a/app.json
+++ b/app.json
@@ -1,56 +0,0 @@
-{
-  "name": "Shields",
-  "description": "Concise, consistent, and legible badges in SVG and raster format.",
-  "keywords": ["badge", "github", "svg", "status"],
-  "website": "https://shields.io/",
-  "repository": "https://github.com/badges/shields",
-  "logo": "https://shields.io/favicon.png",
-  "env": {
-    "CYPRESS_INSTALL_BINARY": {
-      "description": "Disable the cypress binary installation",
-      "value": "0",
-      "required": false
-    },
-    "HUSKY_SKIP_INSTALL": {
-      "description": "Skip the husky git hook setup",
-      "value": "1",
-      "required": false
-    },
-    "WHEELMAP_TOKEN": {
-      "description": "Configure the token to be used for the Wheelmap service.",
-      "required": false
-    },
-    "GH_TOKEN": {
-      "description": "Configure the token to be used for the GitHub services.",
-      "required": false
-    },
-    "TWITCH_CLIENT_ID": {
-      "description": "Configure the client id to be used for the Twitch service.",
-      "required": false
-    },
-    "TWITCH_CLIENT_SECRET": {
-      "description": "Configure the client secret to be used for the Twitch service.",
-      "required": false
-    },
-    "WEBLATE_API_KEY": {
-      "description": "Configure the API key to be used for the Weblate service.",
-      "required": false
-    },
-    "METRICS_INFLUX_ENABLED": {
-      "description": "Disable influx metrics",
-      "value": "false",
-      "required": false
-    },
-    "REQUIRE_CLOUDFLARE": {
-      "description": "Allow direct traffic",
-      "value": "false",
-      "required": false
-    }
-  },
-  "formation": {
-    "web": {
-      "quantity": 1,
-      "size": "free"
-    }
-  }
-}
--- a/badge-maker/CHANGELOG.md
+++ b/badge-maker/CHANGELOG.md
@@ -1,5 +1,15 @@
 # Changelog

+## Unreleased
+
+- Switching to using `href`s instead of the old `xlink:href` syntax
+
+## 4.1.0
+
+### Features
+
+- Add `idSuffix` param. This can be used to ensure every element id within the SVG is unique
+
 ## 4.0.0

 ### Breaking Changes
--- a/badge-maker/README.md
+++ b/badge-maker/README.md
@@ -67,12 +67,17 @@ The format is the following:
  message: 'passed',  // (Required) Badge message
  labelColor: '#555',  // (Optional) Label color
  color: '#4c1',  // (Optional) Message color
-  logoBase64: 'data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI2NCIgaGVpZ2h0PSI2NCI+PHJlY3Qgd2lkdGg9IjY0IiBoZWlnaHQ9IjY0IiByeD0iOCIgZmlsbD0iI2IxY2U1NiIvPjxwYXRoIGQ9Ik04IDBoMjR2NjRIOGMtNC40MzIgMC04LTMuNTY4LTgtOFY4YzAtNC40MzIgMy41NjgtOCA4LTh6IiBmaWxsPSIjNWQ1ZDVkIi8+PC9zdmc+' // (Optional) Any custom logo can be passed in a URL parameter by base64 encoding
+  logoBase64: 'data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI2NCIgaGVpZ2h0PSI2NCI+PHJlY3Qgd2lkdGg9IjY0IiBoZWlnaHQ9IjY0IiByeD0iOCIgZmlsbD0iI2IxY2U1NiIvPjxwYXRoIGQ9Ik04IDBoMjR2NjRIOGMtNC40MzIgMC04LTMuNTY4LTgtOFY4YzAtNC40MzIgMy41NjgtOCA4LTh6IiBmaWxsPSIjNWQ1ZDVkIi8+PC9zdmc+', // (Optional) Any custom logo can be passed in a URL parameter by base64 encoding
  links: ['https://example.com', 'https://example.com'], // (Optional) Links array of maximum two links

  // (Optional) One of: 'plastic', 'flat', 'flat-square', 'for-the-badge' or 'social'
  // Each offers a different visual design.
  style: 'flat',
+
+  // (Optional) A string with only letters, numbers, -, and _. This can be used
+  // to ensure every element id within the SVG is unique and prevent CSS
+  // cross-contamination when the SVG badge is rendered inline in HTML pages.
+  idSuffix: 'dd'
 }
 ```

--- a/badge-maker/index.d.ts
+++ b/badge-maker/index.d.ts
@@ -6,6 +6,7 @@ interface Format {
  style?: 'plastic' | 'flat' | 'flat-square' | 'for-the-badge' | 'social'
  logoBase64?: string
  links?: Array<string>
+  idSuffix?: string
 }

 export declare class ValidationError extends Error {}
--- a/badge-maker/lib/badge-cli.spec.mjs
+++ b/badge-maker/lib/badge-cli.spec.mjs
@@ -1,13 +1,16 @@
 'use strict'

-const path = require('path')
-const { spawn } = require('child-process-promise')
-const { expect, use } = require('chai')
-use(require('chai-string'))
-use(require('sinon-chai'))
+import path from 'path'
+import { fileURLToPath } from 'url'
+import { spawn } from 'child-process-promise'
+import { expect, use } from 'chai'
+import sinonChai from 'sinon-chai'
+use(sinonChai)
+
+const dirName = path.dirname(fileURLToPath(import.meta.url))

 function runCli(args) {
-  return spawn('node', [path.join(__dirname, 'badge-cli.js'), ...args], {
+  return spawn('node', [path.join(dirName, 'badge-cli.js'), ...args], {
    capture: ['stdout'],
  })
 }
@@ -15,7 +18,7 @@ function runCli(args) {
 describe('The CLI', function () {
  it('should provide a help message', async function () {
    const { stdout } = await runCli([])
-    expect(stdout).to.startWith('Usage')
+    expect(stdout.startsWith('Usage')).to.be.true
  })

  it('should produce default badges', async function () {
--- a/badge-maker/lib/badge-renderers.js
+++ b/badge-maker/lib/badge-renderers.js
@@ -62,7 +62,7 @@ function getLogoElement({ logo, horizPadding, badgeHeight, logoWidth }) {
      y: 0.5 * (badgeHeight - logoHeight),
      width: logoWidth,
      height: logoHeight,
-      'xlink:href': logo,
+      href: logo,
    },
  })
 }
@@ -83,13 +83,12 @@ function renderBadge(
    ? new XmlElement({
        name: 'a',
        content,
-        attrs: { target: '_blank', 'xlink:href': leftLink },
+        attrs: { target: '_blank', href: leftLink },
      })
    : new ElementList({ content })

  const svgAttrs = {
    xmlns: 'http://www.w3.org/2000/svg',
-    'xmlns:xlink': 'http://www.w3.org/1999/xlink',
    width,
    height,
  }
@@ -128,6 +127,7 @@ class Badge {
    logoPadding,
    color = '#4c1',
    labelColor,
+    idSuffix = '',
  }) {
    const horizPadding = 5
    const hasLogo = !!logo
@@ -159,7 +159,7 @@ class Badge {
    }
    let rightWidth = messageWidth + 2 * horizPadding
    if (hasLogo && !hasLabel) {
-      rightWidth += totalLogoWidth + horizPadding - 1
+      rightWidth += totalLogoWidth + (message.length ? horizPadding - 1 : 0)
    }

    const width = leftWidth + rightWidth
@@ -178,6 +178,7 @@ class Badge {
    this.label = label
    this.message = message
    this.accessibleText = accessibleText
+    this.idSuffix = idSuffix

    this.logoElement = getLogoElement({
      logo,
@@ -242,7 +243,7 @@ class Badge {
    return new XmlElement({
      name: 'a',
      content: [rect, shadow, text],
-      attrs: { target: '_blank', 'xlink:href': link },
+      attrs: { target: '_blank', href: link },
    })
  }

@@ -286,7 +287,7 @@ class Badge {
          },
        }),
      ],
-      attrs: { id: 'r' },
+      attrs: { id: `r${this.idSuffix}` },
    })
  }

@@ -313,7 +314,7 @@ class Badge {
      attrs: {
        width: this.width,
        height: this.constructor.height,
-        fill: 'url(#s)',
+        fill: `url(#s${this.idSuffix})`,
      },
    })
    const content = withGradient
@@ -379,14 +380,14 @@ class Plastic extends Badge {
          attrs: { offset: 1, 'stop-color': '#000', 'stop-opacity': '.5' },
        }),
      ],
-      attrs: { id: 's', x2: 0, y2: '100%' },
+      attrs: { id: `s${this.idSuffix}`, x2: 0, y2: '100%' },
    })

    const clipPath = this.getClipPathElement(4)

    const backgroundGroup = this.getBackgroundGroupElement({
      withGradient: true,
-      attrs: { 'clip-path': 'url(#r)' },
+      attrs: { 'clip-path': `url(#r${this.idSuffix})` },
    })

    return renderBadge(
@@ -428,14 +429,14 @@ class Flat extends Badge {
          attrs: { offset: 1, 'stop-opacity': '.1' },
        }),
      ],
-      attrs: { id: 's', x2: 0, y2: '100%' },
+      attrs: { id: `s${this.idSuffix}`, x2: 0, y2: '100%' },
    })

    const clipPath = this.getClipPathElement(3)

    const backgroundGroup = this.getBackgroundGroupElement({
      withGradient: true,
-      attrs: { 'clip-path': 'url(#r)' },
+      attrs: { 'clip-path': `url(#r${this.idSuffix})` },
    })

    return renderBadge(
@@ -492,6 +493,7 @@ function social({
  logoPadding,
  color = '#4c1',
  labelColor = '#555',
+  idSuffix = '',
 }) {
  // Social label is styled with a leading capital. Convert to caps here so
  // width can be measured using the correct characters.
@@ -565,9 +567,9 @@ function social({
    const rect = new XmlElement({
      name: 'rect',
      attrs: {
-        id: 'llink',
+        id: `llink${idSuffix}`,
        stroke: '#d5d5d5',
-        fill: 'url(#a)',
+        fill: `url(#a${idSuffix})`,
        x: '.5',
        y: '.5',
        width: labelRectWidth,
@@ -602,7 +604,7 @@ function social({
      ? new XmlElement({
          name: 'a',
          content: [shadow, text, rect],
-          attrs: { target: '_blank', 'xlink:href': leftLink },
+          attrs: { target: '_blank', href: leftLink },
        })
      : new ElementList({ content: [rect, shadow, text] })
  }
@@ -640,7 +642,7 @@ function social({
      name: 'text',
      content: [message],
      attrs: {
-        id: 'rlink',
+        id: `rlink${idSuffix}`,
        x: messageTextX,
        y: 140,
        transform: FONT_SCALE_DOWN_VALUE,
@@ -652,7 +654,7 @@ function social({
      ? new XmlElement({
          name: 'a',
          content: [rect, shadow, text],
-          attrs: { target: '_blank', 'xlink:href': rightLink },
+          attrs: { target: '_blank', href: rightLink },
        })
      : new ElementList({ content: [shadow, text] })
  }
@@ -660,7 +662,7 @@ function social({
  const style = new XmlElement({
    name: 'style',
    content: [
-      'a:hover #llink{fill:url(#b);stroke:#ccc}a:hover #rlink{fill:#4183c4}',
+      `a:hover #llink${idSuffix}{fill:url(#b${idSuffix});stroke:#ccc}a:hover #rlink${idSuffix}{fill:#4183c4}`,
    ],
  })
  const gradients = new ElementList({
@@ -681,7 +683,7 @@ function social({
            attrs: { offset: 1, 'stop-opacity': '.1' },
          }),
        ],
-        attrs: { id: 'a', x2: 0, y2: '100%' },
+        attrs: { id: `a${idSuffix}`, x2: 0, y2: '100%' },
      }),
      new XmlElement({
        name: 'linearGradient',
@@ -695,7 +697,7 @@ function social({
            attrs: { offset: 1, 'stop-opacity': '.1' },
          }),
        ],
-        attrs: { id: 'b', x2: 0, y2: '100%' },
+        attrs: { id: `b${idSuffix}`, x2: 0, y2: '100%' },
      }),
    ],
  })
@@ -801,11 +803,13 @@ function forTheBadge({
  // there is no label. When `needsLabelRect` is true, render a label rect and a
  // message rect; when false, only a message rect.
  const hasLabel = Boolean(label.length)
+  const noText = !hasLabel && !message
  const needsLabelRect = hasLabel || (logo && labelColor)
+  const gutter = noText ? LOGO_TEXT_GUTTER - LOGO_MARGIN : LOGO_TEXT_GUTTER
  let logoMinX, labelTextMinX
  if (logo) {
    logoMinX = LOGO_MARGIN
-    labelTextMinX = logoMinX + logoWidth + LOGO_TEXT_GUTTER
+    labelTextMinX = logoMinX + logoWidth + gutter
  } else {
    labelTextMinX = TEXT_MARGIN
  }
@@ -820,9 +824,8 @@ function forTheBadge({
    messageRectWidth = 2 * TEXT_MARGIN + messageTextWidth
  } else {
    if (logo) {
-      messageTextMinX = TEXT_MARGIN + logoWidth + LOGO_TEXT_GUTTER
-      messageRectWidth =
-        2 * TEXT_MARGIN + logoWidth + LOGO_TEXT_GUTTER + messageTextWidth
+      messageTextMinX = TEXT_MARGIN + logoWidth + gutter
+      messageRectWidth = 2 * TEXT_MARGIN + logoWidth + gutter + messageTextWidth
    } else {
      messageTextMinX = TEXT_MARGIN
      messageRectWidth = 2 * TEXT_MARGIN + messageTextWidth
@@ -865,7 +868,7 @@ function forTheBadge({
        content: [rect, text],
        attrs: {
          target: '_blank',
-          'xlink:href': leftLink,
+          href: leftLink,
        },
      })
    } else {
@@ -904,7 +907,7 @@ function forTheBadge({
        content: [rect, text],
        attrs: {
          target: '_blank',
-          'xlink:href': rightLink,
+          href: rightLink,
        },
      })
    } else {
--- a/badge-maker/lib/index.js
+++ b/badge-maker/lib/index.js
@@ -52,6 +52,11 @@ function _validate(format) {
      `Field \`style\` must be one of (${styleValues.toString()})`,
    )
  }
+  if ('idSuffix' in format && !/^[a-zA-Z0-9\-_]*$/.test(format.idSuffix)) {
+    throw new ValidationError(
+      'Field `idSuffix` must contain only numbers, letters, -, and _',
+    )
+  }
 }

 function _clean(format) {
@@ -63,6 +68,7 @@ function _clean(format) {
    'style',
    'logoBase64',
    'links',
+    'idSuffix',
  ]

  const cleaned = {}
@@ -95,6 +101,7 @@ function _clean(format) {
 * @param {string} format.style (Optional) Visual style (e.g: 'flat')
 * @param {string} format.logoBase64 (Optional) Logo data URL
 * @param {Array} format.links (Optional) Links array (e.g: ['https://example.com', 'https://example.com'])
+ * @param {string} format.idSuffix (Optional) Suffix for IDs, e.g. 1, 2, and 3 for three invocations that will be used on the same page.
 * @returns {string} Badge in SVG format
 * @see https://github.com/badges/shields/tree/master/badge-maker/README.md
 */
--- a/badge-maker/lib/index.spec.mjs
+++ b/badge-maker/lib/index.spec.mjs
@@ -1,7 +1,7 @@
 'use strict'

-const { expect } = require('chai')
-const { makeBadge, ValidationError } = require('.')
+import { expect } from 'chai'
+import { makeBadge, ValidationError } from './index.js'

 describe('makeBadge function', function () {
  it('should produce badge with valid input', async function () {
@@ -101,5 +101,11 @@ describe('makeBadge function', function () {
      ValidationError,
      'Field `style` must be one of (plastic,flat,flat-square,for-the-badge,social)',
    )
+    expect(() =>
+      makeBadge({ label: 'build', message: 'passed', idSuffix: '\\' }),
+    ).to.throw(
+      ValidationError,
+      'Field `idSuffix` must contain only numbers, letters, -, and _',
+    )
  })
 })
--- a/badge-maker/lib/make-badge.js
+++ b/badge-maker/lib/make-badge.js
@@ -20,6 +20,7 @@ module.exports = function makeBadge({
  logoSize,
  logoWidth,
  links = ['', ''],
+  idSuffix,
 }) {
  // String coercion and whitespace removal.
  label = `${label}`.trim()
@@ -38,6 +39,7 @@ module.exports = function makeBadge({
      link: links,
      name: label,
      value: message,
+      idSuffix,
    })
  }

@@ -59,6 +61,7 @@ module.exports = function makeBadge({
      logoPadding: logo && label.length ? 3 : 0,
      color: toSvgColor(color),
      labelColor: toSvgColor(labelColor),
+      idSuffix,
    }),
  )
 }
--- a/badge-maker/lib/make-badge.spec.mjs
+++ b/badge-maker/lib/make-badge.spec.mjs
@@ -1,10 +1,10 @@
 'use strict'

-const { test, given, forCases } = require('sazerac')
-const { expect } = require('chai')
-const snapshot = require('snap-shot-it')
-const prettier = require('prettier')
-const makeBadge = require('./make-badge')
+import { test, given, forCases } from 'sazerac'
+import { expect } from 'chai'
+import snapshot from 'snap-shot-it'
+import prettier from 'prettier'
+import makeBadge from './make-badge.js'

 async function expectBadgeToMatchSnapshot(format) {
  snapshot(await prettier.format(makeBadge(format), { parser: 'html' }))
@@ -167,6 +167,18 @@ describe('The badge generator', function () {
      })
    })

+    it('should match snapshots: message with custom suffix', async function () {
+      await expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        idSuffix: '1',
+      })
+    })
+
    it('should match snapshots: message only, no logo', async function () {
      await expectBadgeToMatchSnapshot({
        label: '',
@@ -259,6 +271,19 @@ describe('The badge generator', function () {
      })
    })

+    it('should match snapshots: message with custom suffix', async function () {
+      await expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'flat-square',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        idSuffix: '1',
+      })
+    })
+
    it('should match snapshots: message only, no logo', async function () {
      await expectBadgeToMatchSnapshot({
        label: '',
@@ -351,6 +376,19 @@ describe('The badge generator', function () {
      })
    })

+    it('should match snapshots: message with custom suffix', async function () {
+      await expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'plastic',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        idSuffix: '1',
+      })
+    })
+
    it('should match snapshots: message only, no logo', async function () {
      await expectBadgeToMatchSnapshot({
        label: '',
@@ -470,6 +508,19 @@ describe('The badge generator', function () {
      })
    })

+    it('should match snapshots: message with custom suffix', async function () {
+      await expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'for-the-badge',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        idSuffix: '1',
+      })
+    })
+
    it('should match snapshots: message only, no logo', async function () {
      await expectBadgeToMatchSnapshot({
        label: '',
@@ -589,6 +640,19 @@ describe('The badge generator', function () {
      })
    })

+    it('should match snapshots: message with custom suffix', async function () {
+      await expectBadgeToMatchSnapshot({
+        label: 'cactus',
+        message: 'grown',
+        format: 'svg',
+        style: 'social',
+        color: '#b3e',
+        labelColor: '#0f0',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        idSuffix: '1',
+      })
+    })
+
    it('should match snapshots: message only, no logo', async function () {
      await expectBadgeToMatchSnapshot({
        label: '',
@@ -636,7 +700,7 @@ describe('The badge generator', function () {
  })

  describe('badges with logos should always produce the same badge', function () {
-    it('badge with logo', async function () {
+    it('default badge with logo', async function () {
      await expectBadgeToMatchSnapshot({
        label: 'label',
        message: 'message',
@@ -645,4 +709,56 @@ describe('The badge generator', function () {
      })
    })
  })
+
+  describe('badges with logo-only should always produce the same badge', function () {
+    it('flat badge, logo-only', async function () {
+      await expectBadgeToMatchSnapshot({
+        label: '',
+        message: '',
+        format: 'svg',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        style: 'flat',
+      })
+    })
+
+    it('flat-square badge, logo-only', async function () {
+      await expectBadgeToMatchSnapshot({
+        label: '',
+        message: '',
+        format: 'svg',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        style: 'flat-square',
+      })
+    })
+
+    it('for-the-badge badge, logo-only', async function () {
+      await expectBadgeToMatchSnapshot({
+        label: '',
+        message: '',
+        format: 'svg',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        style: 'for-the-badge',
+      })
+    })
+
+    it('social badge, logo-only', async function () {
+      await expectBadgeToMatchSnapshot({
+        label: '',
+        message: '',
+        format: 'svg',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        style: 'social',
+      })
+    })
+
+    it('plastic badge, logo-only', async function () {
+      await expectBadgeToMatchSnapshot({
+        label: '',
+        message: '',
+        format: 'svg',
+        logo: 'data:image/svg+xml;base64,PHN2ZyB4bWxu',
+        style: 'plastic',
+      })
+    })
+  })
 })
--- a/badge-maker/package.json
+++ b/badge-maker/package.json
@@ -1,6 +1,6 @@
 {
  "name": "badge-maker",
-  "version": "4.0.0",
+  "version": "4.1.0",
  "description": "Shields.io badge library",
  "keywords": [
    "GitHub",
--- a/config/custom-environment-variables.yml
+++ b/config/custom-environment-variables.yml
@@ -105,6 +105,8 @@ private:
  opencollective_token: 'OPENCOLLECTIVE_TOKEN'
  pepy_key: 'PEPY_KEY'
  postgres_url: 'POSTGRES_URL'
+  reddit_client_id: 'REDDIT_CLIENT_ID'
+  reddit_client_secret: 'REDDIT_CLIENT_SECRET'
  sentry_dsn: 'SENTRY_DSN'
  sl_insight_userUuid: 'SL_INSIGHT_USER_UUID'
  sl_insight_apiToken: 'SL_INSIGHT_API_TOKEN'
@@ -114,7 +116,6 @@ private:
  teamcity_pass: 'TEAMCITY_PASS'
  twitch_client_id: 'TWITCH_CLIENT_ID'
  twitch_client_secret: 'TWITCH_CLIENT_SECRET'
-  wheelmap_token: 'WHEELMAP_TOKEN'
  influx_username: 'INFLUX_USERNAME'
  influx_password: 'INFLUX_PASSWORD'
  weblate_api_key: 'WEBLATE_API_KEY'
--- a/config/local-shields-io-production.template.yml
+++ b/config/local-shields-io-production.template.yml
@@ -5,6 +5,8 @@ private:
  gh_client_id: ...
  gh_client_secret: ...
  gitlab_token: ...
+  reddit_client_id: ...
+  reddit_client_secret: ...
  sentry_dsn: ...
  shields_secret: ...
  sl_insight_userUuid: ...
--- a/config/local.template.yml
+++ b/config/local.template.yml
@@ -9,6 +9,8 @@ private:
  gitlab_token: '...'
  obs_user: '...'
  obs_pass: '...'
+  reddit_client_id: '...'
+  reddit_client_secret: '...'
  twitch_client_id: '...'
  twitch_client_secret: '...'
  weblate_api_key: '...'
--- a/config/shields-io-production.yml
+++ b/config/shields-io-production.yml
@@ -22,4 +22,4 @@ public:
  rasterUrl: 'https://raster.shields.io'
  userAgentBase: 'Shields.io'
  requireCloudflare: true
-  requestTimeoutSeconds: 20
+  requestTimeoutSeconds: 8
--- a/core/base-service/base.js
+++ b/core/base-service/base.js
@@ -47,10 +47,6 @@ const optionalStringWhenNamedLogoPresent = Joi.alternatives().conditional(
  },
 )

-const optionalNumberWhenAnyLogoPresent = Joi.alternatives()
-  .conditional('namedLogo', { is: Joi.string().required(), then: Joi.number() })
-  .conditional('logoSvg', { is: Joi.string().required(), then: Joi.number() })
-
 const serviceDataSchema = Joi.object({
  isError: Joi.boolean(),
  label: Joi.string().allow(''),
@@ -65,7 +61,7 @@ const serviceDataSchema = Joi.object({
  namedLogo: Joi.string(),
  logoSvg: Joi.string(),
  logoColor: optionalStringWhenNamedLogoPresent,
-  logoWidth: optionalNumberWhenAnyLogoPresent,
+  logoSize: optionalStringWhenNamedLogoPresent,
  cacheSeconds: Joi.number().integer().min(0),
  style: Joi.string(),
 })
@@ -154,12 +150,18 @@ class BaseService {
  static get _cacheLength() {
    const cacheLengths = {
      build: 30,
-      license: 3600,
-      version: 300,
      debug: 60,
-      downloads: 900,
-      rating: 900,
-      social: 900,
+
+      'platform-support': 300,
+      size: 300,
+      version: 300,
+
+      chat: 1800,
+      downloads: 1800,
+      rating: 1800,
+      social: 1800,
+
+      license: 14400,
    }
    return cacheLengths[this.category]
  }
--- a/core/base-service/base.spec.js
+++ b/core/base-service/base.spec.js
@@ -1,5 +1,5 @@
 import Joi from 'joi'
-import chai from 'chai'
+import { expect, use } from 'chai'
 import sinon from 'sinon'
 import prometheus from 'prom-client'
 import chaiAsPromised from 'chai-as-promised'
@@ -16,8 +16,7 @@ import {
 import BaseService from './base.js'
 import { MetricHelper, MetricNames } from './metric-helper.js'
 import '../register-chai-plugins.spec.js'
-const { expect } = chai
-chai.use(chaiAsPromised)
+use(chaiAsPromised)

 const queryParamSchema = Joi.object({
  queryParamA: Joi.string(),
--- a/core/base-service/cache-headers.spec.js
+++ b/core/base-service/cache-headers.spec.js
@@ -1,5 +1,5 @@
 import { test, given } from 'sazerac'
-import chai, { expect } from 'chai'
+import { expect, use } from 'chai'
 import sinon from 'sinon'
 import httpMocks from 'node-mocks-http'
 import chaiDatetime from 'chai-datetime'
@@ -10,7 +10,7 @@ import {
  setCacheHeadersForStaticResource,
  serverHasBeenUpSinceResourceCached,
 } from './cache-headers.js'
-chai.use(chaiDatetime)
+use(chaiDatetime)

 describe('Cache header functions', function () {
  let res
--- a/core/base-service/coalesce-badge.js
+++ b/core/base-service/coalesce-badge.js
@@ -20,7 +20,7 @@ import toArray from './to-array.js'
 // 1. When `?logo=` contains a simple-icons logo or contains a base64-encoded
 //    SVG, that logo is used. When a `&logoColor=` is specified, that color is
 //    used (except for the base64-encoded logos). Otherwise the default color
-//    is used. The appearance of the logo can be customized using `logoWidth`,
+//    is used.
 //    When `?logo=` is specified, any logo-related parameters specified
 //    dynamically by the service, or by default in the service, are ignored.
 // 2. The second precedence is the dynamic logo returned by a service. This is
@@ -47,16 +47,12 @@ export default function coalesceBadge(
    label: overrideLabel,
    logo: overrideLogo,
    logoColor: overrideLogoColor,
+    logoSize: overrideLogoSize,
    link: overrideLink,
    colorB: legacyOverrideColor,
    colorA: legacyOverrideLabelColor,
  } = overrides
-  let {
-    logoWidth: overrideLogoWidth,
-    logoSize: overrideLogoSize,
-    color: overrideColor,
-    labelColor: overrideLabelColor,
-  } = overrides
+  let { color: overrideColor, labelColor: overrideLabelColor } = overrides

  // Only use the legacy properties if the new ones are not provided
  if (typeof overrideColor === 'undefined') {
@@ -73,7 +69,6 @@ export default function coalesceBadge(
  if (typeof overrideLabelColor === 'number') {
    overrideLabelColor = `${overrideLabelColor}`
  }
-  overrideLogoWidth = +overrideLogoWidth || undefined

  const {
    isError,
@@ -85,7 +80,6 @@ export default function coalesceBadge(
    namedLogo: serviceNamedLogo,
    logoColor: serviceLogoColor,
    logoSize: serviceLogoSize,
-    logoWidth: serviceLogoWidth,
    link: serviceLink,
    cacheSeconds: serviceCacheSeconds,
    style: serviceStyle,
@@ -131,7 +125,6 @@ export default function coalesceBadge(
    // If the logo has been overridden it does not make sense to inherit the
    // original width or position.
    logoSize = overrideLogoSize
-    logoWidth = overrideLogoWidth
  } else {
    if (serviceLogoSvg) {
      logoSvgBase64 = svg2base64(serviceLogoSvg)
@@ -143,12 +136,11 @@ export default function coalesceBadge(
      namedLogoColor = coalesce(overrideLogoColor, serviceLogoColor)
    }
    logoSize = coalesce(overrideLogoSize, serviceLogoSize)
-    logoWidth = coalesce(overrideLogoWidth, serviceLogoWidth)
  }
  if (namedLogo) {
    const iconSize = getIconSize(String(namedLogo).toLowerCase())

-    if (!logoWidth && iconSize && logoSize === 'auto') {
+    if (iconSize && logoSize === 'auto') {
      logoWidth = (iconSize.width / iconSize.height) * DEFAULT_LOGO_HEIGHT
    }

--- a/core/base-service/coalesce-badge.spec.js
+++ b/core/base-service/coalesce-badge.spec.js
@@ -185,7 +185,6 @@ describe('coalesceBadge', function () {
          {
            namedLogo: 'appveyor',
            logoColor: 'red',
-            logoWidth: 100,
          },
          {},
        ).logo,
@@ -246,20 +245,6 @@ describe('coalesceBadge', function () {
    })
  })

-  describe('Logo width', function () {
-    it('overrides the logoWidth', function () {
-      expect(coalesceBadge({ logoWidth: 20 }, {}, {})).to.include({
-        logoWidth: 20,
-      })
-    })
-
-    it('applies the logo width', function () {
-      expect(
-        coalesceBadge({}, { namedLogo: 'npm', logoWidth: 275 }, {}),
-      ).to.include({ logoWidth: 275 })
-    })
-  })
-
  describe('Links', function () {
    it('overrides the links', function () {
      expect(
--- a/core/base-service/graphql.spec.js
+++ b/core/base-service/graphql.spec.js
@@ -17,8 +17,14 @@ describe('mergeQueries function', function () {
          }
        `),
      ),
-    ).to.equalIgnoreSpaces(
-      'query ($param: String!) { foo(param: $param) { bar } }',
+    ).to.equal(
+      print(gql`
+        query ($param: String!) {
+          foo(param: $param) {
+            bar
+          }
+        }
+      `),
    )

    expect(
@@ -38,8 +44,15 @@ describe('mergeQueries function', function () {
          `,
        ),
      ),
-    ).to.equalIgnoreSpaces(
-      'query ($param: String!) { foo(param: $param) { bar } baz }',
+    ).to.equal(
+      print(gql`
+        query ($param: String!) {
+          foo(param: $param) {
+            bar
+          }
+          baz
+        }
+      `),
    )

    expect(
@@ -62,7 +75,15 @@ describe('mergeQueries function', function () {
          `,
        ),
      ),
-    ).to.equalIgnoreSpaces('{ foo bar baz }')
+    ).to.equal(
+      print(gql`
+        {
+          foo
+          bar
+          baz
+        }
+      `),
+    )

    expect(
      print(
@@ -79,7 +100,14 @@ describe('mergeQueries function', function () {
          `,
        ),
      ),
-    ).to.equalIgnoreSpaces('{ foo bar }')
+    ).to.equal(
+      print(gql`
+        {
+          foo
+          bar
+        }
+      `),
+    )
  })

  it('throws an error when passed invalid params', function () {
--- a/core/base-service/legacy-request-handler.js
+++ b/core/base-service/legacy-request-handler.js
@@ -12,7 +12,6 @@ const globalQueryParams = new Set([
  'logo',
  'logoColor',
  'logoSize',
-  'logoWidth',
  'link',
  'colorA',
  'colorB',
@@ -115,7 +114,6 @@ function handleRequest(cacheHeaderConfig, handlerOptions) {
    const result = handlerOptions.handler(
      filteredQueryParams,
      match,
-      // eslint-disable-next-line mocha/prefer-arrow-callback
      function sendBadge(format, badgeData) {
        if (serverUnresponsive) {
          return
@@ -128,7 +126,6 @@ function handleRequest(cacheHeaderConfig, handlerOptions) {
        makeSend(format, ask.res, end)(svg)
      },
    )
-    // eslint-disable-next-line promise/prefer-await-to-then
    if (result && result.catch) {
      // eslint-disable-next-line promise/prefer-await-to-then
      result.catch(err => {
--- a/core/base-service/legacy-result-sender.js
+++ b/core/base-service/legacy-result-sender.js
@@ -11,6 +11,7 @@ function streamFromString(str) {

 function sendSVG(res, askres, end) {
  askres.setHeader('Content-Type', 'image/svg+xml;charset=utf-8')
+  askres.setHeader('Content-Security-Policy', "script-src 'none';")
  askres.setHeader('Content-Length', Buffer.byteLength(res, 'utf8'))
  end(null, { template: streamFromString(res) })
 }
--- a/core/base-service/loader.spec.js
+++ b/core/base-service/loader.spec.js
@@ -1,15 +1,14 @@
 import path from 'path'
 import { fileURLToPath } from 'url'
-import chai from 'chai'
+import { expect, use } from 'chai'
 import chaiAsPromised from 'chai-as-promised'
 import {
  loadServiceClasses,
  getServicePaths,
  InvalidService,
 } from './loader.js'
-chai.use(chaiAsPromised)
+use(chaiAsPromised)

-const { expect } = chai
 const fixturesDir = path.join(
  path.dirname(fileURLToPath(import.meta.url)),
  'loader-test-fixtures',
--- a/core/base-service/openapi.spec.js
+++ b/core/base-service/openapi.spec.js
@@ -1,4 +1,4 @@
-import chai from 'chai'
+import { expect } from 'chai'
 import {
  category2openapi,
  pathParam,
@@ -7,7 +7,6 @@ import {
  queryParams,
 } from './openapi.js'
 import BaseJsonService from './base-json.js'
-const { expect } = chai

 class OpenApiService extends BaseJsonService {
  static category = 'build'
--- a/core/register-chai-plugins.spec.js
+++ b/core/register-chai-plugins.spec.js
@@ -1,5 +1,3 @@
 import { use } from 'chai'
-import chaiString from 'chai-string'
 import sinonChai from 'sinon-chai'
-use(chaiString)
 use(sinonChai)
--- a/core/server/server.js
+++ b/core/server/server.js
@@ -16,7 +16,12 @@ import { makeSend } from '../base-service/legacy-result-sender.js'
 import { handleRequest } from '../base-service/legacy-request-handler.js'
 import { clearResourceCache } from '../base-service/resource-cache.js'
 import { rasterRedirectUrl } from '../badge-urls/make-badge-url.js'
-import { fileSize, nonNegativeInteger } from '../../services/validators.js'
+import {
+  fileSize,
+  nonNegativeInteger,
+  optionalUrl,
+  url as requiredUrl,
+} from '../../services/validators.js'
 import log from './log.js'
 import PrometheusMetrics from './prometheus-metrics.js'
 import InfluxMetrics from './influx-metrics.js'
@@ -54,8 +59,6 @@ const Joi = originalJoi
    },
  }))

-const optionalUrl = Joi.string().uri({ scheme: ['http', 'https'] })
-const requiredUrl = optionalUrl.required()
 const origins = Joi.arrayFromString().items(Joi.string().origin())
 const defaultService = Joi.object({ authorizedOrigins: origins }).default({
  authorizedOrigins: [],
@@ -194,6 +197,8 @@ const privateConfigSchema = Joi.object({
  opencollective_token: Joi.string(),
  pepy_key: Joi.string(),
  postgres_url: Joi.string().uri({ scheme: 'postgresql' }),
+  reddit_client_id: Joi.string(),
+  reddit_client_secret: Joi.string(),
  sentry_dsn: Joi.string(),
  sl_insight_userUuid: Joi.string(),
  sl_insight_apiToken: Joi.string(),
@@ -203,7 +208,6 @@ const privateConfigSchema = Joi.object({
  teamcity_pass: Joi.string(),
  twitch_client_id: Joi.string(),
  twitch_client_secret: Joi.string(),
-  wheelmap_token: Joi.string(),
  influx_username: Joi.string(),
  influx_password: Joi.string(),
  weblate_api_key: Joi.string(),
--- a/core/server/server.spec.js
+++ b/core/server/server.spec.js
@@ -119,7 +119,7 @@ describe('The server', function () {
      )
      expect(statusCode).to.equal(200)
      expect(headers['content-type']).to.equal('image/svg+xml;charset=utf-8')
-      expect(headers['content-length']).to.equal('1130')
+      expect(headers['content-length']).to.equal('1087')
    })

    it('correctly calculates the content-length header for multi-byte unicode characters', async function () {
@@ -139,6 +139,27 @@ describe('The server', function () {
      expect(() => JSON.parse(body)).not.to.throw()
    })

+    describe('Content Security Policy', function () {
+      it('should disable javascript when serving SVG content (no extension)', async function () {
+        const { headers } = await got(`${baseUrl}:fruit-apple-green`)
+        expect(headers['content-security-policy']).to.equal(
+          "script-src 'none';",
+        )
+      })
+
+      it('should disable javascript when serving SVG content (with extension)', async function () {
+        const { headers } = await got(`${baseUrl}:fruit-apple-green.svg`)
+        expect(headers['content-security-policy']).to.equal(
+          "script-src 'none';",
+        )
+      })
+
+      it('should not send content security headers when serving JSON content', async function () {
+        const { headers } = await got(`${baseUrl}:fruit-apple-green.json`)
+        expect(headers).not.to.have.property('content-security-policy')
+      })
+    })
+
    it('should preserve label case', async function () {
      const { statusCode, body } = await got(`${baseUrl}:fRuiT-apple-green.svg`)
      expect(statusCode).to.equal(200)
@@ -494,7 +515,7 @@ describe('The server', function () {
          influx_password: 'influx-password',
        },
      })
-      clock = sinon.useFakeTimers()
+      clock = sinon.useFakeTimers({ toFake: ['setInterval'] })
      baseUrl = server.baseUrl
      await server.start()
    })
--- a/core/service-test-runner/service-tester.js
+++ b/core/service-test-runner/service-tester.js
@@ -83,7 +83,7 @@ class ServiceTester {
      .before(() => {
        this.beforeEach()
      })
-      // eslint-disable-next-line mocha/prefer-arrow-callback, promise/prefer-await-to-then
+      // eslint-disable-next-line promise/prefer-await-to-then
      .finally(function () {
        // `this` is the IcedFrisby instance.
        let responseBody
--- a/cypress.config.js
+++ b/cypress.config.js
@@ -10,4 +10,6 @@ export default defineConfig({
    baseUrl: 'http://localhost:3000',
    supportFile: false,
  },
+  video: true,
+  videoCompression: true,
 })
--- a/doc/production-hosting.md
+++ b/doc/production-hosting.md
@@ -24,16 +24,15 @@ Production hosting is managed by the Shields ops team:
 | Cloudflare (CDN)              | Access management           | @espadrine                                                      |
 | Cloudflare (CDN)              | Admin access                | @calebcartwright, @chris48s, @espadrine, @paulmelnikow, @PyvesB |
 | Twitch                        | OAuth app                   | @PyvesB                                                         |
+| Reddit                        | OAuth app                   | @chris48s, @PyvesB                                              |
 | Discord                       | OAuth app                   | @PyvesB                                                         |
 | YouTube                       | Account owner               | @PyvesB                                                         |
 | GitLab                        | Account owner               | @calebcartwright                                                |
 | GitLab                        | Account access              | @calebcartwright, @chris48s, @paulmelnikow, @PyvesB             |
-| OpenStreetMap (for Wheelmap)  | Account owner               | @paulmelnikow                                                   |
 | DNS                           | Account owner               | @olivierlacan                                                   |
 | DNS                           | Read-only account access    | @espadrine, @paulmelnikow, @chris48s                            |
 | Sentry                        | Error reports               | @espadrine, @paulmelnikow                                       |
 | Metrics server                | Owner                       | @platan                                                         |
-| UptimeRobot                   | Account owner               | @paulmelnikow                                                   |
 | More metrics                  | Owner                       | @RedSparr0w                                                     |

 ## Attached state
@@ -120,19 +119,15 @@ The canonical and only recommended domain for badge URLs is `img.shields.io`. Cu
 ## Monitoring

 Overall server performance and requests by service are monitored using
-[Prometheus and Grafana][metrics].
+[Prometheus and Grafana][server metrics].

 Request performance is monitored in two places:

- [Status][] (using [UptimeRobot][])
+- [Status][] (using NodePing)
 - [Server metrics][] using Prometheus and Grafana
- [@RedSparr0w's monitor][monitor] which posts [notifications][] to a private
  [#monitor chat room][monitor discord]

 [metrics]: https://metrics.shields.io/
-[status]: https://stats.uptimerobot.com/PjXogHB5p
+[status]: https://nodeping.com/reports/status/YBISBQB254
 [server metrics]: https://metrics.shields.io/
-[uptimerobot]: https://uptimerobot.com/
-[monitor]: https://shields.redsparr0w.com/1568/
-[notifications]: http://shields.redsparr0w.com/discord_notification
 [monitor discord]: https://discordapp.com/channels/308323056592486420/470700909182320646
--- a/doc/server-secrets.md
+++ b/doc/server-secrets.md
@@ -290,6 +290,17 @@ Create an account, sign in and obtain generate a key on your
 `PYPI_URL` can be used to optionally send all the PyPI requests to a Self-hosted Pypi registry,
 users can also override this by query parameter `pypiBaseUrl`.

+### Reddit
+
+Using a token for Reddit is optional but will allow higher API rates.
+
+- `REDDIT_CLIENT_ID` (yml: `private.reddit_client_id`)
+- `REDDIT_CLIENT_SECRET` (yml: `private.reddit_client_secret`)
+
+Register to use the API using [this form](https://support.reddithelp.com/hc/en-us/requests/new?ticket_form_id=14868593862164)
+and create an app in the [Reddit preferences page](https://www.reddit.com/prefs/apps)
+in order to obtain a client id and a client secret for making Reddit API calls.
+
 ### SymfonyInsight (formerly Sensiolabs)

 - `SL_INSIGHT_USER_UUID` (yml: `private.sl_insight_userUuid`)
@@ -351,16 +362,6 @@ You can find your Weblate API key in your profile under
 [weblate authentication]: https://docs.weblate.org/en/latest/api.html#authentication-and-generic-parameters
 [weblate api key location]: https://hosted.weblate.org/accounts/profile/#api

-### Wheelmap
-
- `WHEELMAP_TOKEN` (yml: `private.wheelmap_token`)
-
-The wheelmap API requires authentication. To obtain a token,
-Create an account, [sign in][wheelmap token] and use the _Authentication Token_
-displayed on your profile page.
-
-[wheelmap token]: http://classic.wheelmap.org/en/users/sign_in
-
 ### YouTube

 - `YOUTUBE_API_KEY` (yml: `private.youtube_api_key`)
--- a/eslint.config.js
+++ b/eslint.config.js
@@ -0,0 +1,250 @@
+import chaiFriendlyPlugin from 'eslint-plugin-chai-friendly'
+import cypressPlugin from 'eslint-plugin-cypress/flat'
+import jsdocPlugin from 'eslint-plugin-jsdoc'
+import mochaPlugin from 'eslint-plugin-mocha'
+import icedfrisbyPlugin from 'eslint-plugin-icedfrisby'
+import sortClassMembersPlugin from 'eslint-plugin-sort-class-members'
+import importPlugin from 'eslint-plugin-import'
+import reactHooksPlugin from 'eslint-plugin-react-hooks'
+import prettierConfig from 'eslint-plugin-prettier/recommended'
+import promisePlugin from 'eslint-plugin-promise'
+import globals from 'globals'
+import neostandard from 'neostandard'
+import tsParser from '@typescript-eslint/parser'
+import js from '@eslint/js'
+
+// Config that is used across the whole codebase
+// and customisations to built-in ESLint rules
+const globalConfig = {
+  plugins: {
+    import: importPlugin,
+    promise: promisePlugin,
+  },
+
+  rules: {
+    'import/order': ['error', { 'newlines-between': 'never' }],
+    'promise/prefer-await-to-then': 'error',
+
+    // ESLint built-in rules config
+    'no-empty': ['error', { allowEmptyCatch: true }],
+    'no-var': 'error',
+    'prefer-const': 'error',
+    'arrow-body-style': ['error', 'as-needed'],
+    'object-shorthand': ['error', 'properties'],
+    'prefer-template': 'error',
+    'func-style': ['error', 'declaration', { allowArrowFunctions: true }],
+    'new-cap': ['error', { capIsNew: true }],
+    quotes: [
+      'error',
+      'single',
+      { avoidEscape: true, allowTemplateLiterals: false },
+    ],
+    camelcase: [
+      'error',
+      {
+        ignoreDestructuring: true,
+        properties: 'never',
+        ignoreGlobals: true,
+        allow: ['^UNSAFE_'],
+      },
+    ],
+  },
+}
+
+// config specific to linting Node (CommonJS) files
+const commonJsConfig = {
+  files: ['badge-maker/**/*.js', '**/*.cjs'],
+
+  languageOptions: {
+    globals: {
+      ...globals.node,
+    },
+  },
+}
+
+// config specific to linting Node (ESModules) files
+const nodeEsmConfig = {
+  files: ['**/*.@(js|mjs)', '!frontend/**/*.js', '!badge-maker/**/*.js'],
+
+  languageOptions: {
+    globals: {
+      ...globals.node,
+    },
+    parser: tsParser,
+    sourceType: 'module',
+  },
+
+  rules: {
+    'no-console': 'off',
+  },
+}
+
+// config specific to linting Frontend (ESModules) files
+const frontendConfig = {
+  files: ['frontend/**/*.js'],
+
+  plugins: {
+    'react-hooks': reactHooksPlugin,
+  },
+
+  languageOptions: {
+    globals: {
+      ...globals.browser,
+    },
+    sourceType: 'module',
+  },
+
+  rules: {
+    'react-hooks/rules-of-hooks': 'error',
+    'react-hooks/exhaustive-deps': 'error',
+  },
+}
+
+// config specific to linting Services
+const servicesConfig = {
+  files: ['core/base-service/**/*.js', 'services/**/*.js'],
+
+  plugins: {
+    'sort-class-members': sortClassMembersPlugin,
+  },
+
+  rules: {
+    'sort-class-members/sort-class-members': [
+      'error',
+      {
+        order: [
+          'name',
+          'category',
+          'isDeprecated',
+          'route',
+          'auth',
+          'openApi',
+          '_cacheLength',
+          'defaultBadgeData',
+          'render',
+          'constructor',
+          'fetch',
+          'transform',
+          'handle',
+        ],
+      },
+    ],
+  },
+}
+
+// config specific to linting Mocha tests
+const mochaConfig = {
+  files: [
+    '**/*.spec.@(js|mjs|ts)',
+    '**/*.integration.js',
+    '**/test-helpers.js',
+    'core/service-test-runner/**/*.js',
+  ],
+
+  plugins: {
+    mocha: mochaPlugin,
+  },
+
+  languageOptions: {
+    globals: {
+      ...globals.mocha,
+    },
+  },
+
+  rules: {
+    'mocha/no-exclusive-tests': 'error',
+    'mocha/no-skipped-tests': 'error',
+    'mocha/no-mocha-arrows': 'error',
+    'mocha/prefer-arrow-callback': 'error',
+    'no-unused-expressions': 'off',
+  },
+}
+
+// config specific to linting Cypress tests
+const cypressConfig = {
+  files: ['**/*.cy.@(js|ts)'],
+  ...cypressPlugin.configs.recommended,
+}
+// append these to cypress.configs.recommended, without overwriting
+cypressConfig.plugins.mocha = mochaPlugin
+cypressConfig.rules['mocha/no-exclusive-tests'] = 'error'
+cypressConfig.rules['mocha/no-skipped-tests'] = 'error'
+cypressConfig.rules['mocha/no-mocha-arrows'] = 'off'
+
+// config specific to linting Service tests (IcedFrisby)
+const serviceTestsConfig = {
+  files: ['services/**/*.tester.js'],
+
+  plugins: {
+    icedfrisby: icedfrisbyPlugin,
+  },
+
+  rules: {
+    'icedfrisby/no-exclusive-tests': 'error',
+    'icedfrisby/no-skipped-tests': 'error',
+    'no-unused-expressions': 'off',
+  },
+}
+
+// config specific to linting JSDoc comments
+const jsDocConfig = {
+  plugins: {
+    jsdoc: jsdocPlugin,
+  },
+
+  rules: {
+    'jsdoc/require-jsdoc': 'off',
+    'jsdoc/no-undefined-types': ['error', { definedTypes: ['Joi'] }],
+    'jsdoc/check-alignment': 'error',
+    'jsdoc/check-param-names': 'error',
+    'jsdoc/check-tag-names': 'error',
+    'jsdoc/check-types': 'error',
+    'jsdoc/implements-on-classes': 'error',
+    'jsdoc/tag-lines': ['error', 'any', { startLines: 1 }],
+    'jsdoc/require-param': 'error',
+    'jsdoc/require-param-description': 'error',
+    'jsdoc/require-param-name': 'error',
+    'jsdoc/require-param-type': 'error',
+    'jsdoc/require-returns': 'error',
+    'jsdoc/require-returns-check': 'error',
+    'jsdoc/require-returns-description': 'error',
+    'jsdoc/require-returns-type': 'error',
+    'jsdoc/valid-types': 'error',
+  },
+}
+
+const config = [
+  {
+    ignores: [
+      'api-docs/',
+      'build',
+      'coverage',
+      '__snapshots__',
+      'public',
+      'badge-maker/node_modules/',
+      '!.github/',
+      'frontend/.docusaurus/**',
+      '**/package.json',
+    ],
+  },
+
+  js.configs.recommended,
+  chaiFriendlyPlugin.configs.recommendedFlat,
+  ...neostandard({ noStyle: true }),
+
+  globalConfig,
+  commonJsConfig,
+  nodeEsmConfig,
+  frontendConfig,
+  servicesConfig,
+  mochaConfig,
+  cypressConfig,
+  serviceTestsConfig,
+  jsDocConfig,
+
+  // register prettierConfig last, as per
+  // https://github.com/prettier/eslint-plugin-prettier?tab=readme-ov-file#configuration-new-eslintconfigjs
+  prettierConfig,
+]
+
+export default config
--- a/fly.toml
+++ b/fly.toml
@@ -25,6 +25,8 @@ processes = []
  processes = ["app"]
  protocol = "tcp"
  script_checks = []
+  auto_stop_machines = "suspend"
+  auto_start_machines = true

  [services.concurrency]
    hard_limit = 25
@@ -45,3 +47,7 @@ processes = []
    interval = "15s"
    restart_limit = 0
    timeout = "2s"
+
+[[vm]]
+  size = "shared-cpu-1x"
+  memory = "256mb"
--- a/frontend/blog/2024-09-25-rce.md
+++ b/frontend/blog/2024-09-25-rce.md
@@ -0,0 +1,661 @@
+---
+slug: GHSA-rxvx-x284-4445
+title: Our response to RCE Security Advisory
+authors:
+  name: chris48s
+  title: Shields.io Core Team
+  url: https://github.com/chris48s
+  image_url: https://avatars.githubusercontent.com/u/6025893
+tags: []
+---
+
+We've just published a critical security advisory relating to a Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges: https://github.com/badges/shields/security/advisories/GHSA-rxvx-x284-4445 Thanks to [@nickcopi](https://github.com/nickcopi) for his help with this.
+
+If you self-host your own instance of Shields you should upgrade to [server-2024-09-25](https://hub.docker.com/layers/shieldsio/shields/server-2024-09-25/images/sha256-28aaea75049e325c9f1d63c8a8b477fc387d3d3fe35b933d6581487843cd610f?context=explore) or later as soon as possible to protect your instance.
+
+This is primarily a concern for self-hosting users. However this does also have a couple of knock-on implications for some users of shields.io itself.
+
+## 1. Users who have authorized the Shields.io GitHub OAuth app
+
+While we have taken steps to close this vulnerability quickly after becoming aware of it, this attack vector has existed in our application for some time. We aren't aware of it having been actively exploited on shields.io. We also can't prove that it has not been exploited.
+
+We don't log or track our users, so a breach offers a very limited attack surface against end users of shields.io. This is by design. One of the (few) information assets shields.io does hold is our GitHub token pool. This allows users to share a token with us by authorizing our OAuth app. Doing this gives us access to a token with read-only access to public data which we can use to increase our rate limit when making calls to the GitHub API.
+
+The tokens we hold are not of high value to an attacker because they have read-only access to public data, but we can't say for sure they haven't been exfiltrated. If you've donated a token in the past and want to revoke it, you can revoke the Shields.io OAuth app at https://github.com/settings/applications which will de-activate the token you have shared with us.
+
+## 2. Users of Dynamic JSON/TOML/YAML badges
+
+Up until now, we have been using https://github.com/dchester/jsonpath as our library querying documents using JSONPath expressions. [@nickcopi](https://github.com/nickcopi) responsibly reported to us how a prototype pollution vulnerability in this library could be exploited to construct a JSONPath expression allowing an attacker to perform remote code execution. This vulnerability was reported on the package's issue tracker but not flagged by security scanning tools. It seems extremely unlikely that this will be fixed in the upstream package despite being widely used. It also seems unlikely this package will receive any further maintenance in future, even in response to critical security issues. In order to resolve this issue, we needed to switch to a different JSONPath library. We've decided to switch https://github.com/JSONPath-Plus/JSONPath using the `eval: false` option to disable script expressions.
+
+This is an important security improvement and we have to make a change to protect the security of shields.io and users hosting their own instance of the application. However, this does come with some tradeoffs from a backwards-compatibility perspective.
+
+### Using `eval: false`
+
+Using JSONPath-Plus with `eval: false` does disable some query syntax which relies on evaluating javascript expressions.
+
+For example, it would previously have been possible to use a JSONPath query like `$..keywords[(@.length-1)]` against the document https://github.com/badges/shields/raw/master/package.json to select the last element from the keywords array https://github.com/badges/shields/blob/e237e40ab88b8ad4808caad4f3dae653822aa79a/package.json#L6-L12
+
+This is now not a supported query.
+
+In this particular case, you could rewrite that query to `$..keywords[-1:]` and obtain the same result, but that may not be possible in all cases. We do realise that this removes some functionality that previously worked but closing this remote code execution vulnerability is the top priority, especially since there will be workarounds in many cases.
+
+### Implementation Quirks
+
+Historically, every JSONPath implementation has had its own idiosyncrasies. While most simple and common queries will behave the same way across different implementations, switching to another library will mean that some subset of queries may not work or produce different results.
+
+One interesting thing that has happened in the world of JSONPath lately is RFC 9535 https://www.rfc-editor.org/rfc/rfc9535 which is an attempt to standardise JSONPath. As part of this mitigation, we did look at whether it would be possible to migrate to something that is RFC9535-compliant. However it is our assessment that the JavaScript community does not yet have a sufficiently mature/supported RFC9535-compliant JSONPath implementation. This means we are switching from one quirky implementation to another implementation with different quirks.
+
+Again, this represents an unfortunate break in backwards-compatibility. However, it was necessary to prioritise closing off this remote code execution vulnerability over backwards-compatibility.
+
+Although we can not provide a precise migration guide, here is a table of query types where https://github.com/dchester/jsonpath and https://github.com/JSONPath-Plus/JSONPath are known to diverge from the consensus implementation. This is sourced from the excellent https://cburgmer.github.io/json-path-comparison/
+While this is a long list, many of these inputs represent edge cases or pathological inputs rather than common usage.
+
+ <details>
+  <summary>Table</summary>
+<table>
+<thead>
+<tr>
+<th>Query Type</th>
+<th>Example Query</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Array slice with large number for end and negative step</td>
+<td><code>$[2:-113667776004:-1]</code></td>
+</tr>
+<tr>
+<td>Array slice with large number for start end negative step</td>
+<td><code>$[113667776004:2:-1]</code></td>
+</tr>
+<tr>
+<td>Array slice with negative step</td>
+<td><code>$[3:0:-2]</code></td>
+</tr>
+<tr>
+<td>Array slice with negative step on partially overlapping array</td>
+<td><code>$[7:3:-1]</code></td>
+</tr>
+<tr>
+<td>Array slice with negative step only</td>
+<td><code>$[::-2]</code></td>
+</tr>
+<tr>
+<td>Array slice with open end and negative step</td>
+<td><code>$[3::-1]</code></td>
+</tr>
+<tr>
+<td>Array slice with open start and negative step</td>
+<td><code>$[:2:-1]</code></td>
+</tr>
+<tr>
+<td>Array slice with range of 0</td>
+<td><code>$[0:0]</code></td>
+</tr>
+<tr>
+<td>Array slice with step 0</td>
+<td><code>$[0:3:0]</code></td>
+</tr>
+<tr>
+<td>Array slice with step and leading zeros</td>
+<td><code>$[010:024:010]</code></td>
+</tr>
+<tr>
+<td>Bracket notation with empty path</td>
+<td><code>$[]</code></td>
+</tr>
+<tr>
+<td>Bracket notation with number on object</td>
+<td><code>$[0]</code></td>
+</tr>
+<tr>
+<td>Bracket notation with number on string</td>
+<td><code>$[0]</code></td>
+</tr>
+<tr>
+<td>Bracket notation with number -1</td>
+<td><code>$[-1]</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted array slice literal</td>
+<td><code>$[':']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted closing bracket literal</td>
+<td><code>$[']']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted current object literal</td>
+<td><code>$['@']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted escaped backslash</td>
+<td><code>$['\\']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted escaped single quote</td>
+<td><code>$['\'']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted root literal</td>
+<td><code>$['$']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted special characters combined</td>
+<td><code>$[':@."$,*\'\\']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted string and unescaped single quote</td>
+<td><code>$['single'quote']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted union literal</td>
+<td><code>$[',']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted wildcard literal ?</td>
+<td><code>$['*']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with quoted wildcard literal on object without key</td>
+<td><code>$['*']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with spaces</td>
+<td><code>$[ 'a' ]</code></td>
+</tr>
+<tr>
+<td>Bracket notation with two literals separated by dot</td>
+<td><code>$['two'.'some']</code></td>
+</tr>
+<tr>
+<td>Bracket notation with two literals separated by dot without quotes</td>
+<td><code>$[two.some]</code></td>
+</tr>
+<tr>
+<td>Bracket notation without quotes</td>
+<td><code>$[key]</code></td>
+</tr>
+<tr>
+<td>Current with dot notation</td>
+<td><code>@.a</code></td>
+</tr>
+<tr>
+<td>Dot bracket notation</td>
+<td><code>$.['key']</code></td>
+</tr>
+<tr>
+<td>Dot bracket notation with double quotes</td>
+<td><code>$.["key"]</code></td>
+</tr>
+<tr>
+<td>Dot bracket notation without quotes</td>
+<td><code>$.[key]</code></td>
+</tr>
+<tr>
+<td>Dot notation after recursive descent with extra dot ?</td>
+<td><code>$...key</code></td>
+</tr>
+<tr>
+<td>Dot notation after union with keys</td>
+<td><code>$['one','three'].key</code></td>
+</tr>
+<tr>
+<td>Dot notation with dash</td>
+<td><code>$.key-dash</code></td>
+</tr>
+<tr>
+<td>Dot notation with double quotes</td>
+<td><code>$."key"</code></td>
+</tr>
+<tr>
+<td>Dot notation with double quotes after recursive descent ?</td>
+<td><code>$.."key"</code></td>
+</tr>
+<tr>
+<td>Dot notation with empty path</td>
+<td><code>$.</code></td>
+</tr>
+<tr>
+<td>Dot notation with key named length on array</td>
+<td><code>$.length</code></td>
+</tr>
+<tr>
+<td>Dot notation with key root literal</td>
+<td><code>$.$</code></td>
+</tr>
+<tr>
+<td>Dot notation with non ASCII key</td>
+<td><code>$.??</code></td>
+</tr>
+<tr>
+<td>Dot notation with number</td>
+<td><code>$.2</code></td>
+</tr>
+<tr>
+<td>Dot notation with number -1</td>
+<td><code>$.-1</code></td>
+</tr>
+<tr>
+<td>Dot notation with single quotes</td>
+<td><code>$.'key'</code></td>
+</tr>
+<tr>
+<td>Dot notation with single quotes after recursive descent ?</td>
+<td><code>$..'key'</code></td>
+</tr>
+<tr>
+<td>Dot notation with single quotes and dot</td>
+<td><code>$.'some.key'</code></td>
+</tr>
+<tr>
+<td>Dot notation with space padded key</td>
+<td><code>$. a</code></td>
+</tr>
+<tr>
+<td>Dot notation with wildcard after recursive descent on scalar ?</td>
+<td><code>$..*</code></td>
+</tr>
+<tr>
+<td>Dot notation without dot</td>
+<td><code>$a</code></td>
+</tr>
+<tr>
+<td>Dot notation without root</td>
+<td><code>.key</code></td>
+</tr>
+<tr>
+<td>Dot notation without root and dot</td>
+<td><code>key</code></td>
+</tr>
+<tr>
+<td>Empty</td>
+<td><code>n/a</code></td>
+</tr>
+<tr>
+<td>Filter expression on object</td>
+<td><code>$[?(@.key)]</code></td>
+</tr>
+<tr>
+<td>Filter expression after dot notation with wildcard after recursive descent ?</td>
+<td><code>$..*[?(@.id&gt;2)]</code></td>
+</tr>
+<tr>
+<td>Filter expression after recursive descent ?</td>
+<td><code>$..[?(@.id==2)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with addition</td>
+<td><code>$[?(@.key+50==100)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with boolean and operator and value false</td>
+<td><code>$[?(@.key&gt;0 &amp;&amp; false)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with boolean and operator and value true</td>
+<td><code>$[?(@.key&gt;0 &amp;&amp; true)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with boolean or operator and value false</td>
+<td><code>$[?(@.key&gt;0 &amp;#124;&amp;#124; false)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with boolean or operator and value true</td>
+<td><code>$[?(@.key&gt;0 &amp;#124;&amp;#124; true)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with bracket notation with -1</td>
+<td><code>$[?(@[-1]==2)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with bracket notation with number on object</td>
+<td><code>$[?(@[1]=='b')]</code></td>
+</tr>
+<tr>
+<td>Filter expression with current object</td>
+<td><code>$[?(@)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with different ungrouped operators</td>
+<td><code>$[?(@.a &amp;&amp; @.b &amp;#124;&amp;#124; @.c)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with division</td>
+<td><code>$[?(@.key/10==5)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with dot notation with dash</td>
+<td><code>$[?(@.key-dash == 'value')]</code></td>
+</tr>
+<tr>
+<td>Filter expression with dot notation with number</td>
+<td><code>$[?(@.2 == 'second')]</code></td>
+</tr>
+<tr>
+<td>Filter expression with dot notation with number on array</td>
+<td><code>$[?(@.2 == 'third')]</code></td>
+</tr>
+<tr>
+<td>Filter expression with empty expression</td>
+<td><code>$[?()]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals</td>
+<td><code>$[?(@.key==42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals on array of numbers</td>
+<td><code>$[?(@==42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals on object</td>
+<td><code>$[?(@.key==42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals array</td>
+<td><code>$[?(@.d==["v1","v2"])]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals array for array slice with range 1</td>
+<td><code>$[?(@[0:1]==[1])]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals array for dot notation with star</td>
+<td><code>$[?(@.*==[1,2])]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals array or equals true</td>
+<td><code>$[?(@.d==["v1","v2"] &amp;#124;&amp;#124; (@.d == true))]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals array with single quotes</td>
+<td><code>$[?(@.d==['v1','v2'])]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals boolean expression value</td>
+<td><code>$[?((@.key&lt;44)==false)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals false</td>
+<td><code>$[?(@.key==false)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals null</td>
+<td><code>$[?(@.key==null)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals number for array slice with range 1</td>
+<td><code>$[?(@[0:1]==1)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals number for bracket notation with star</td>
+<td><code>$[?(@[*]==2)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals number for dot notation with star</td>
+<td><code>$[?(@.*==2)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals number with fraction</td>
+<td><code>$[?(@.key==-0.123e2)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals number with leading zeros</td>
+<td><code>$[?(@.key==010)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals object</td>
+<td><code>$[?(@.d==&lbrace;"k":"v"&rbrace;)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals string</td>
+<td><code>$[?(@.key=="value")]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals string with unicode character escape</td>
+<td><code>$[?(@.key=="Mot\u00f6rhead")]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals true</td>
+<td><code>$[?(@.key==true)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals with path and path</td>
+<td><code>$[?(@.key1==@.key2)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with equals with root reference</td>
+<td><code>$.items[?(@.key==$.value)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with greater than</td>
+<td><code>$[?(@.key&gt;42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with greater than or equal</td>
+<td><code>$[?(@.key&gt;=42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with in array of values</td>
+<td><code>$[?(@.d in [2, 3])]</code></td>
+</tr>
+<tr>
+<td>Filter expression with in current object</td>
+<td><code>$[?(2 in @.d)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with length free function</td>
+<td><code>$[?(length(@) == 4)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with length function</td>
+<td><code>$[?(@.length() == 4)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with length property</td>
+<td><code>$[?(@.length == 4)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with less than</td>
+<td><code>$[?(@.key&lt;42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with less than or equal</td>
+<td><code>$[?(@.key&lt;=42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with local dot key and null in data</td>
+<td><code>$[?(@.key='value')]</code></td>
+</tr>
+<tr>
+<td>Filter expression with multiplication</td>
+<td><code>$[?(@.key*2==100)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with negation and equals</td>
+<td><code>$[?(!(@.key==42))]</code></td>
+</tr>
+<tr>
+<td>Filter expression with negation and equals array or equals true</td>
+<td><code>$[?(!(@.d==["v1","v2"]) &amp;#124;&amp;#124; (@.d == true))]</code></td>
+</tr>
+<tr>
+<td>Filter expression with negation and less than</td>
+<td><code>$[?(!(@.key&lt;42))]</code></td>
+</tr>
+<tr>
+<td>Filter expression with negation and without value</td>
+<td><code>$[?(!@.key)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with non singular existence test</td>
+<td><code>$[?(@.a.*)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with not equals</td>
+<td><code>$[?(@.key!=42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with not equals array or equals true</td>
+<td><code>$[?((@.d!=["v1","v2"]) &amp;#124;&amp;#124; (@.d == true))]</code></td>
+</tr>
+<tr>
+<td>Filter expression with parent axis operator</td>
+<td><code>$[*].bookmarks[?(@.page == 45)]^^^</code></td>
+</tr>
+<tr>
+<td>Filter expression with regular expression</td>
+<td><code>$[?(@.name=~/hello.*/)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with regular expression from member</td>
+<td><code>$[?(@.name=~/@.pattern/)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with set wise comparison to scalar</td>
+<td><code>$[?(@[*]&gt;=4)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with set wise comparison to set</td>
+<td><code>$.x[?(@[*]&gt;=$.y[*])]</code></td>
+</tr>
+<tr>
+<td>Filter expression with single equal</td>
+<td><code>$[?(@.key=42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with subfilter</td>
+<td><code>$[?(@.a[?(@.price&gt;10)])]</code></td>
+</tr>
+<tr>
+<td>Filter expression with subpaths deeply nested</td>
+<td><code>$[?(@.a.b.c==3)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with subtraction</td>
+<td><code>$[?(@.key-50==-100)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with triple equal</td>
+<td><code>$[?(@.key===42)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with value</td>
+<td><code>$[?(@.key)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with value after recursive descent ?</td>
+<td><code>$..[?(@.id)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with value false</td>
+<td><code>$[?(false)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with value from recursive descent</td>
+<td><code>$[?(@..child)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with value null</td>
+<td><code>$[?(null)]</code></td>
+</tr>
+<tr>
+<td>Filter expression with value true</td>
+<td><code>$[?(true)]</code></td>
+</tr>
+<tr>
+<td>Filter expression without parens</td>
+<td><code>$[?@.key==42]</code></td>
+</tr>
+<tr>
+<td>Filter expression without value</td>
+<td><code>$[?(@.key)]</code></td>
+</tr>
+<tr>
+<td>Function sum</td>
+<td><code>$.data.sum()</code></td>
+</tr>
+<tr>
+<td>Parens notation</td>
+<td><code>$(key,more)</code></td>
+</tr>
+<tr>
+<td>Recursive descent ?</td>
+<td><code>$..</code></td>
+</tr>
+<tr>
+<td>Recursive descent after dot notation ?</td>
+<td><code>$.key..</code></td>
+</tr>
+<tr>
+<td>Root on scalar</td>
+<td><code>$</code></td>
+</tr>
+<tr>
+<td>Root on scalar false</td>
+<td><code>$</code></td>
+</tr>
+<tr>
+<td>Root on scalar true</td>
+<td><code>$</code></td>
+</tr>
+<tr>
+<td>Script expression</td>
+<td><code>$[(@.length-1)]</code></td>
+</tr>
+<tr>
+<td>Union with duplication from array</td>
+<td><code>$[0,0]</code></td>
+</tr>
+<tr>
+<td>Union with duplication from object</td>
+<td><code>$['a','a']</code></td>
+</tr>
+<tr>
+<td>Union with filter</td>
+<td><code>$[?(@.key&lt;3),?(@.key&gt;6)]</code></td>
+</tr>
+<tr>
+<td>Union with keys</td>
+<td><code>$['key','another']</code></td>
+</tr>
+<tr>
+<td>Union with keys on object without key</td>
+<td><code>$['missing','key']</code></td>
+</tr>
+<tr>
+<td>Union with keys after array slice</td>
+<td><code>$[:]['c','d']</code></td>
+</tr>
+<tr>
+<td>Union with keys after bracket notation</td>
+<td><code>$[0]['c','d']</code></td>
+</tr>
+<tr>
+<td>Union with keys after dot notation with wildcard</td>
+<td><code>$.*['c','d']</code></td>
+</tr>
+<tr>
+<td>Union with keys after recursive descent ?</td>
+<td><code>$..['c','d']</code></td>
+</tr>
+<tr>
+<td>Union with repeated matches after dot notation with wildcard</td>
+<td><code>$.*[0,:5]</code></td>
+</tr>
+<tr>
+<td>Union with slice and number</td>
+<td><code>$[1:3,4]</code></td>
+</tr>
+<tr>
+<td>Union with spaces</td>
+<td><code>$[ 0 , 1 ]</code></td>
+</tr>
+<tr>
+<td>Union with wildcard and number</td>
+<td><code>$[*,1]</code></td>
+</tr>
+</tbody>
+</table>
+</details>
--- a/frontend/blog/2024-11-14-token-pool.md
+++ b/frontend/blog/2024-11-14-token-pool.md
@@ -0,0 +1,28 @@
+---
+slug: token-pool
+title: How shields.io uses the GitHub API
+authors:
+  name: chris48s
+  title: Shields.io Core Team
+  url: https://github.com/chris48s
+  image_url: https://avatars.githubusercontent.com/u/6025893
+tags: []
+---
+
+We serve a lot of badges which display information fetched from the GitHub API. When I say a lot, this varies a bit but in a typical hour we make hundreds of thousands of calls to the GitHub API.
+
+But hang on. GitHub's API has rate limits.
+
+Specifically, users can make up to [5,000 requests per hour](https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28#primary-rate-limit-for-authenticated-users) to GitHub's v3/REST API. The v4/GraphQL also applies rate limits, but it is based on a slightly more complicated [points-based system](https://docs.github.com/en/graphql/overview/rate-limits-and-node-limits-for-the-graphql-api#primary-rate-limit).
+
+In any case, we are clearly making many times more requests to GitHub's API than would be allowed with a single token.
+
+So how are we doing that? Well, we have lots of tokens. To elaborate on that slightly, as a user of shields.io you can choose to share a token with us to help increase our rate limit. Here's how it works:
+
+- Authorize our [OAuth Application](https://img.shields.io/github-auth).
+- This shares with us a GitHub token which has read-only access to public data. We only ask for the minimum permissions necessary. Authorizing the OAuth app doesn't allow us access to your private data or allow us to perform any actions on your behalf.
+- Your token is added to a pool of tokens shared by other users like you.
+- When we need to make a request to the GitHub API, we pick one of the tokens from our pool. We only make a handful of requests with each token before picking another from the pool.
+- If you ever decide you would not like to continue sharing a token with us, you can revoke the Shields.io OAuth app at https://github.com/settings/applications. You can do this at any time. This will de-activate the token you have shared with us and we'll remove it from the pool.
+
+This method allows us (with your help) to make hundreds of thousands of request per hour to the GitHub API. Because we have thousands of tokens in the pool and we only make a few requests with each one before picking another token from the pool, most users don't notice any meaningful impact on their available rate limit as a result of authorizing our app.
--- a/frontend/blog/2024-12-27-simpleicons14.md
+++ b/frontend/blog/2024-12-27-simpleicons14.md
@@ -0,0 +1,81 @@
+---
+slug: simple-icons-14
+title: Simple Icons 14
+authors:
+  name: jNullj
+  title: Shields.io Core Team
+  url: https://github.com/jNullj
+  image_url: https://avatars.githubusercontent.com/u/15849761
+tags: []
+---
+
+Logos on Shields.io are provided by SimpleIcons. We've recently upgraded to SimpleIcons 14. This release removes 53 icons and renames 6:
+
+Renames:
+
+- D3.js to D3
+- Tencent QQ to QQ
+- T-Mobile to Deutsche Telekom
+- Nuxt.js to Nuxt
+- smash.gg start.gg
+- Tutanota to Tuta
+
+Removals:
+
+- Adobe
+- Adobe Acrobat Reader
+- Adobe After Effects
+- Adobe Audition
+- Adobe Creative Cloud
+- Adobe Dreamweaver
+- Adobe Fonts
+- Adobe Illustrator
+- Adobe InDesign
+- Adobe Lightroom
+- Adobe Lightroom Classic
+- Adobe Photoshop
+- Adobe Premiere Pro
+- Adobe XD
+- ASKfm
+- Caffeine
+- CKEditor 4
+- Cliqz
+- Coil
+- del.icio.us
+- El Jueves
+- Ello
+- FeatHub
+- Fluxus
+- Foursquare City Guide
+- Funimation
+- Game & Watch
+- Géant
+- Katacoda
+- LinkedIn
+- Magento
+- Marketo
+- Microgenetics
+- Nintendo
+- Nintendo 3DS
+- Nintendo DS
+- Nintendo GameCube
+- Nintendo Switch
+- Oracle
+- Pokémon
+- RadioPublic
+- Realm
+- Revue
+- Skyrock
+- Spinrilla
+- StackPath
+- Stitcher
+- Studyverse
+- Tableau
+- Uptobox
+- Wii
+- Wii U
+- Zerply
+
+More detail can be found in the [release notes](https://github.com/simple-icons/simple-icons/releases/tag/14.0.0)
+
+Please remember that we are just consumers of SimpleIcons. Decisions about changes and removals are made by the [SimpleIcons](https://github.com/simple-icons/simple-icons) project.
--- a/frontend/docusaurus.config.cjs
+++ b/frontend/docusaurus.config.cjs
@@ -77,6 +77,7 @@ const config = {
            label: 'Documentation',
            position: 'left',
          },
+          { to: '/donate', label: 'Donate', position: 'left' },
          { to: '/community', label: 'Community', position: 'left' },
          { to: '/blog', label: 'Blog', position: 'left' },
          {
@@ -114,8 +115,12 @@ const config = {
            title: 'Stats',
            items: [
              {
-                label: 'Service Status',
-                href: 'https://stats.uptimerobot.com/PjXogHB5p',
+                label: 'Service Status (Upptime)',
+                href: 'https://badges.github.io/uptime-monitoring/',
+              },
+              {
+                label: 'Service Status (NodePing)',
+                href: 'https://nodeping.com/reports/status/YBISBQB254',
              },
              {
                label: 'Metrics dashboard',
@@ -123,6 +128,15 @@ const config = {
              },
            ],
          },
+          {
+            title: 'Policy',
+            items: [
+              {
+                label: 'Privacy Policy',
+                href: '/privacy',
+              },
+            ],
+          },
        ],
        copyright: `Copyright © ${new Date().getFullYear()} Shields.io. Built with Docusaurus.`,
      },
--- a/frontend/src/components/homepage-features.js
+++ b/frontend/src/components/homepage-features.js
@@ -59,8 +59,6 @@ const FeatureList = [
        >
          docker image
        </a>
-        <br />
-        <code>docker pull shieldsio/shields</code>
      </>
    ),
  },
@@ -68,15 +66,7 @@ const FeatureList = [
    title: 'Love Shields?',
    description: (
      <>
-        Please consider{' '}
-        <a
-          href="https://opencollective.com/shields"
-          rel="noreferrer"
-          target="_blank"
-        >
-          donating
-        </a>{' '}
-        to sustain our activities
+        Please consider <a href="/donate">donating</a> to sustain our activities
      </>
    ),
  },
--- a/frontend/src/css/custom.css
+++ b/frontend/src/css/custom.css
@@ -31,22 +31,12 @@ html[data-theme="dark"] .docusaurus-highlight-code-line {
  color-scheme: initial;
 }

-/*
-TODO: remove these three styles when
-we can upgrade to docusaurus-theme-openapi@0.6.5
-*/
-
-input[type="text"], :not(#fakeID#fakeId#fakeID) select {
-  border-color: var(--ifm-color-primary-lightest);
-  border-style: solid;
-  border-width: 1px;
+.flex-column-container {
+  display: flex;
+  flex-direction: column;
+  height: 100%;
 }

-div.api-code-tab-group {
-  justify-content: center;
-  flex-wrap: wrap;
-}
-
-div.api-code-tab-group button.api-code-tab  {
-  width: unset;
+.align-bottom {
+  margin-top: auto;
 }
--- a/frontend/src/pages/community.md
+++ b/frontend/src/pages/community.md
@@ -61,7 +61,4 @@ Shields.io is possible thanks to the people and companies who donate money, serv
    <li>
        <a href="https://github.com/">GitHub</a>
    </li>
-    <li>
-        <a href="https://uptimerobot.com/">Uptime Robot</a>
-    </li>
 </ul>
--- a/frontend/src/pages/donate.md
+++ b/frontend/src/pages/donate.md
@@ -0,0 +1,68 @@
+# Donate
+
+You can donate to Shields.io via [OpenCollective](https://opencollective.com/shields).
+
+## How the money is spent
+
+Shields.io is a non-profit project run by unpaid volunteers. We use your donations to pay for our hosting costs.
+
+Shields badges are everywhere. Shields badges appear on GitHub, NPM, PyPI, Ruby Gems, Rust Crates... If people build software there, shields badges are on it. Our userbase scales with the size of the software development community as a whole. This means we serve a lot of traffic. While the majority of image impressions are served from downstream proxies, we serve over 1.6 billion requests per month from our own infrastructure and transfer over 3Tb of outbound bandwidth each month.
+
+Those are big numbers, and servers cost money. So does bandwidth. We cover our hosting costs with donations from the community.
+
+## Donation tiers
+
+While we accept donations of any size, we do have some suggested tiers.
+
+<section>
+  <div className="container">
+    <div className="row">
+      <div className="col col--6">
+        <div className="padding-horiz--md padding-vert--lg flex-column-container">
+          <h3>Sponsor</h3>
+          <p>Recommended for **companies**: With a monthly donation of $35, you can help to sustain our activities. Your company logo and a link to your website will feature at the top of our [community page](https://shields.io/community).</p>
+          <p class="align-bottom"><a href="https://opencollective.com/shields/contribute/sponsor-2412/checkout" class="button button--primary button--medium">Become a Sponsor</a></p>
+        </div>
+      </div>
+
+      <div className="col col--6">
+        <div className="padding-horiz--md padding-vert--lg flex-column-container">
+          <h3>Monthly Backer</h3>
+          <p>Recommended for **individuals**: With a monthly donation of $3, you can help to sustain our activities on an ongoing basis.</p>
+          <p class="align-bottom"><a href="https://opencollective.com/shields/contribute/monthly-backer-2988/checkout" class="button button--primary button--medium">Become a Monthly Backer</a></p>
+        </div>
+      </div>
+
+      <div className="col col--6">
+        <div className="padding-horiz--md padding-vert--lg flex-column-container">
+          <h3>Backer</h3>
+          <p>If you would prefer not to commit to a monthly donation, but you think shields.io has provided some value [over the last 10+ years](https://github.com/badges/shields/discussions/8867), consider making a one-time donation of $10.</p>
+          <p class="align-bottom"><a href="https://opencollective.com/shields/contribute/backer-2411/checkout" class="button button--secondary button--medium">Become a Backer</a></p>
+        </div>
+      </div>
+
+      <div className="col col--6">
+        <div className="padding-horiz--md padding-vert--lg flex-column-container">
+          <h3>Something Else</h3>
+          <p>Make a custom one-time or recurring donation of any amount.</p>
+          <p class="align-bottom"><a href="https://opencollective.com/shields/donate" class="button button--secondary button--medium">Make a custom Donation</a></p>
+        </div>
+      </div>
+    </div>
+
+  </div>
+</section>
+
+## FAQ
+
+### Can I donate using another platform?
+
+Currently we only accept donations via [OpenCollective](https://opencollective.com/shields). OpenCollective should be convenient for most users as it allows you to donate using credit card, bank transfer, or PayPal and is available in most countries.
+
+### I donated as a sponsor. How do I change my company logo or URL?
+
+We pull the logo and URL from your Open Collective profile. You can update these at any time from within Open Collective and those changes will be reflected on the community page within 24 hours.
+
+### Can I see exactly how the money is being used?
+
+Using OpenCollective means our finances are completely transparent. All transactions are publicly visible on https://opencollective.com/shields
--- a/frontend/src/pages/privacy.md
+++ b/frontend/src/pages/privacy.md
@@ -0,0 +1,50 @@
+# Privacy Policy
+
+Shields.io is non-tracking and privacy-respecting. This Privacy Policy explains how we handle your data in compliance with the General Data Protection Regulation (GDPR).
+
+## 1. Hosting and Service Providers
+
+We use [fly.io](https://fly.io) for hosting and [CloudFlare](https://www.cloudflare.com) for DNS and CDN services. These third-party providers process requests to deliver and secure our website. Please refer to their privacy policies for more information:
+
+- https://fly.io/legal/privacy-policy/
+- https://www.cloudflare.com/en-gb/privacypolicy/
+
+## 2. Cookies
+
+We do not use any cookies on our website.
+
+## 3. Logs and Data Collection
+
+We do not store any logs of your visits, requests, or other activities on our site.
+
+## 4. Error Reporting
+
+If a request fails, we send an error report to [Sentry](https://sentry.io/), our error-tracking service.
+These reports contain technical data about the error but do not include any personally identifiable information (PII), such as your IP address. For details on Sentry's data processing, refer to their privacy policy:
+
+- https://sentry.io/privacy/
+
+## 5. GitHub OAuth App
+
+Users may optionally authorize our [GitHub OAuth app](https://img.shields.io/github-auth).
+
+Authorizing our app shares with us a GitHub token which has read-only access to public data. We only ask for the minimum permissions necessary. Authorizing the OAuth app doesn't allow us access to your private data or allow us to perform any actions on your behalf.
+
+The only information we store is the **GitHub token** and the **timestamp** when you authorized the app.
+
+- The GitHub token is used solely to increase the rate limit for accessing the GitHub API.
+- The signup timestamp is stored for internal record-keeping purposes.
+
+We don't collect or store any other information like your username or email address.
+
+If you decide you would not like to continue sharing a token with us, you can revoke the Shields.io OAuth app at https://github.com/settings/applications. You can do this at any time. This will de-activate the token you have shared with us and we'll remove it from our token pool.
+
+## 6. Your Rights
+
+Under the GDPR, users have rights concerning their personal data, including access, correction, deletion, and objection to processing.
+
+Since we process minimal data, these rights are not relevant to most users of the service.
+
+## 7. Contact Us
+
+If you have questions about this Privacy Policy or our data practices, you can contact us at team at shields.io
--- a/frontend/src/theme/ApiDemoPanel/Curl/index.js
+++ b/frontend/src/theme/ApiDemoPanel/Curl/index.js
@@ -261,7 +261,6 @@ function Curl({ postman, codeSamples }) {
                {tokens.map((line, i) => (
                  // this <span> does have a key but eslint fails
                  // to detect it because it is an arg to getLineProps()
-                  // eslint-disable-next-line react/jsx-key
                  <span
                    {...getLineProps({
                      line,
@@ -276,7 +275,6 @@ function Curl({ postman, codeSamples }) {
                      return (
                        // this <span> does have a key but eslint fails
                        // to detect it because it is an arg to getLineProps()
-                        // eslint-disable-next-line react/jsx-key
                        <span
                          {...getTokenProps({
                            token,
--- a/lib/logos.js
+++ b/lib/logos.js
@@ -93,10 +93,13 @@ function getSimpleIcon({ name, color, style, size }) {
  if (size === 'auto') {
    const { width: iconWidth, height: iconHeight } = getIconSize(key)

-    if (iconWidth > iconHeight) {
+    if (iconWidth !== iconHeight) {
      const path = resetIconPosition(simpleIcons[key].path)
      iconSvg = iconSvg
-        .replace('viewBox="0 0 24 24"', `viewBox="0 0 24 ${iconHeight}"`)
+        .replace(
+          'viewBox="0 0 24 24"',
+          `viewBox="0 0 ${iconWidth} ${iconHeight}"`,
+        )
        .replace(/<path d=".*"\/>/, `<path d="${path}"/>`)
    }
  }
--- a/lib/logos.spec.js
+++ b/lib/logos.spec.js
@@ -41,11 +41,11 @@ describe('Logo helpers', function () {
    )
    // use simple icon with auto logo size
    given({ name: 'amd', size: 'auto' }).expect(
-      'data:image/svg+xml;base64,PHN2ZyBmaWxsPSJ3aGl0ZXNtb2tlIiByb2xlPSJpbWciIHZpZXdCb3g9IjAgMCAyNCA1LjcyNTk5OTk5OTk5OTk5OSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj48dGl0bGU+QU1EPC90aXRsZT48cGF0aCBkPSJNMTguMzI0IDBMMTkuODgzIDEuNTZIMjIuNDM5VjQuMTE3TDI0IDUuNjc3VjBaTTIgMC4zODNMMCA1LjM0M0gxLjMwOUwxLjY3OSA0LjM2MUgzLjlMNC4zMDggNS4zNDNINS42NDZMMy40MzIgMC4zODNaTTYuMjA5IDAuMzgzVjUuMzM4SDcuNDQ3VjIuMjQ2TDguNzg1IDMuODA4SDguOTczTDEwLjMxMSAyLjI1MlY1LjM0M0gxMS41NDlWMC4zODNIMTAuNDdMOC44NzggMi4yMjhMNy4yODcgMC4zODNaTTEyLjQ5MiAwLjM4M1Y1LjM0M0gxNC41NDlDMTYuNTI4IDUuMzQzIDE3LjQyOSA0LjI5NyAxNy40MjkgMi44NzFDMTcuNDI5IDEuNTExIDE2LjQ5MiAwLjM4MyAxNC42ODIgMC4zODNaTTEzLjcyOSAxLjI5M0gxNC41MjFDMTUuNjkxIDEuMjkzIDE2LjE1MSAyLjAwNCAxNi4xNTEgMi44NjNDMTYuMTUxIDMuNTkxIDE1Ljc3OSA0LjQzNSAxNC41MzUgNC40MzVIMTMuNzI5Wk0yLjc0NCAxLjU2NkwzLjUzNSAzLjQ5OEgyLjAwOFpNMTkuODgxIDEuODczTDE4LjI3NyAzLjQ3NlY1LjcyNkgyMC41MjNMMjIuMTI3IDQuMTE5SDE5Ljg4MVoiLz48L3N2Zz4=',
+      'data:image/svg+xml;base64,PHN2ZyBmaWxsPSJ3aGl0ZXNtb2tlIiByb2xlPSJpbWciIHZpZXdCb3g9IjAgMCAyNCA1LjcyNTk5OTk5OTk5OTk5OSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj48dGl0bGU+QU1EPC90aXRsZT48cGF0aCBkPSJNMTguMzI0IDBsMS41NTkgMS41NmgyLjU1NnYyLjU1N0wyNCA1LjY3N1Ywek0yIDAuMzgzbC0yIDQuOTZoMS4zMDlsMC4zNy0wLjk4MkgzLjlsMC40MDggMC45ODJoMS4zMzhMMy40MzIgMC4zODN6IG00LjIwOSAwdjQuOTU1aDEuMjM4di0zLjA5MmwxLjMzOCAxLjU2MmgwLjE4OGwxLjMzOC0xLjU1NnYzLjA5MWgxLjIzOFYwLjM4M0gxMC40N2wtMS41OTIgMS44NDVMNy4yODcgMC4zODN6IG02LjI4MyAwdjQuOTZoMi4wNTdjMS45NzkgMCAyLjg4LTEuMDQ2IDIuODgtMi40NzIgMC0xLjM2LTAuOTM3LTIuNDg4LTIuNzQ3LTIuNDg4eiBtMS4yMzcgMC45MWgwLjc5MmMxLjE3IDAgMS42MyAwLjcxMSAxLjYzIDEuNTcgMCAwLjcyOC0wLjM3MiAxLjU3Mi0xLjYxNiAxLjU3MmgtMC44MDZ6IG0tMTAuOTg1IDAuMjczbDAuNzkxIDEuOTMySDIuMDA4eiBtMTcuMTM3IDAuMzA3bC0xLjYwNCAxLjYwM3YyLjI1aDIuMjQ2bDEuNjA0LTEuNjA3aC0yLjI0NnoiLz48L3N2Zz4=',
    )
    // use simple icon with color & auto logo size
    given({ name: 'amd', color: 'white', size: 'auto' }).expect(
-      'data:image/svg+xml;base64,PHN2ZyBmaWxsPSJ3aGl0ZSIgcm9sZT0iaW1nIiB2aWV3Qm94PSIwIDAgMjQgNS43MjU5OTk5OTk5OTk5OTkiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PHRpdGxlPkFNRDwvdGl0bGU+PHBhdGggZD0iTTE4LjMyNCAwTDE5Ljg4MyAxLjU2SDIyLjQzOVY0LjExN0wyNCA1LjY3N1YwWk0yIDAuMzgzTDAgNS4zNDNIMS4zMDlMMS42NzkgNC4zNjFIMy45TDQuMzA4IDUuMzQzSDUuNjQ2TDMuNDMyIDAuMzgzWk02LjIwOSAwLjM4M1Y1LjMzOEg3LjQ0N1YyLjI0Nkw4Ljc4NSAzLjgwOEg4Ljk3M0wxMC4zMTEgMi4yNTJWNS4zNDNIMTEuNTQ5VjAuMzgzSDEwLjQ3TDguODc4IDIuMjI4TDcuMjg3IDAuMzgzWk0xMi40OTIgMC4zODNWNS4zNDNIMTQuNTQ5QzE2LjUyOCA1LjM0MyAxNy40MjkgNC4yOTcgMTcuNDI5IDIuODcxQzE3LjQyOSAxLjUxMSAxNi40OTIgMC4zODMgMTQuNjgyIDAuMzgzWk0xMy43MjkgMS4yOTNIMTQuNTIxQzE1LjY5MSAxLjI5MyAxNi4xNTEgMi4wMDQgMTYuMTUxIDIuODYzQzE2LjE1MSAzLjU5MSAxNS43NzkgNC40MzUgMTQuNTM1IDQuNDM1SDEzLjcyOVpNMi43NDQgMS41NjZMMy41MzUgMy40OThIMi4wMDhaTTE5Ljg4MSAxLjg3M0wxOC4yNzcgMy40NzZWNS43MjZIMjAuNTIzTDIyLjEyNyA0LjExOUgxOS44ODFaIi8+PC9zdmc+',
+      'data:image/svg+xml;base64,PHN2ZyBmaWxsPSJ3aGl0ZSIgcm9sZT0iaW1nIiB2aWV3Qm94PSIwIDAgMjQgNS43MjU5OTk5OTk5OTk5OTkiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PHRpdGxlPkFNRDwvdGl0bGU+PHBhdGggZD0iTTE4LjMyNCAwbDEuNTU5IDEuNTZoMi41NTZ2Mi41NTdMMjQgNS42NzdWMHpNMiAwLjM4M2wtMiA0Ljk2aDEuMzA5bDAuMzctMC45ODJIMy45bDAuNDA4IDAuOTgyaDEuMzM4TDMuNDMyIDAuMzgzeiBtNC4yMDkgMHY0Ljk1NWgxLjIzOHYtMy4wOTJsMS4zMzggMS41NjJoMC4xODhsMS4zMzgtMS41NTZ2My4wOTFoMS4yMzhWMC4zODNIMTAuNDdsLTEuNTkyIDEuODQ1TDcuMjg3IDAuMzgzeiBtNi4yODMgMHY0Ljk2aDIuMDU3YzEuOTc5IDAgMi44OC0xLjA0NiAyLjg4LTIuNDcyIDAtMS4zNi0wLjkzNy0yLjQ4OC0yLjc0Ny0yLjQ4OHogbTEuMjM3IDAuOTFoMC43OTJjMS4xNyAwIDEuNjMgMC43MTEgMS42MyAxLjU3IDAgMC43MjgtMC4zNzIgMS41NzItMS42MTYgMS41NzJoLTAuODA2eiBtLTEwLjk4NSAwLjI3M2wwLjc5MSAxLjkzMkgyLjAwOHogbTE3LjEzNyAwLjMwN2wtMS42MDQgMS42MDN2Mi4yNWgyLjI0NmwxLjYwNC0xLjYwN2gtMi4yNDZ6Ii8+PC9zdmc+',
    )

    it('preserves color if light logo on dark background', function () {
@@ -83,20 +83,20 @@ describe('Logo helpers', function () {
    })

    it('preserves color if medium logo on dark background', function () {
-      const logo = prepareNamedLogo({ name: 'android' })
+      const logo = prepareNamedLogo({ name: 'mastodon' })
      const decodedLogo = Buffer.from(
        logo.replace('data:image/svg+xml;base64,', ''),
        'base64',
      ).toString('ascii')
-      expect(decodedLogo).to.contain('fill="#34A853"')
+      expect(decodedLogo).to.contain('fill="#6364FF"')
    })
    it('preserves color if medium logo on light background', function () {
-      const logo = prepareNamedLogo({ name: 'android', style: 'social' })
+      const logo = prepareNamedLogo({ name: 'mastodon', style: 'social' })
      const decodedLogo = Buffer.from(
        logo.replace('data:image/svg+xml;base64,', ''),
        'base64',
      ).toString('ascii')
-      expect(decodedLogo).to.contain('fill="#34A853"')
+      expect(decodedLogo).to.contain('fill="#6364FF"')
    })
  })

--- a/lib/svg-helpers.js
+++ b/lib/svg-helpers.js
@@ -1,4 +1,5 @@
-import SVGPathCommander from 'svg-path-commander'
+import { svgPathBbox } from 'svg-path-bbox'
+import svgpath from 'svgpath'
 import loadSimpleIcons from './load-simple-icons.js'

 const simpleIcons = loadSimpleIcons()
@@ -14,24 +15,14 @@ function getIconSize(iconKey) {
    return undefined
  }

-  const {
-    width,
-    height,
-    x: x0,
-    y: y0,
-    x2: x1,
-    y2: y1,
-  } = SVGPathCommander.getPathBBox(simpleIcons[iconKey].path)
-
-  return { width, height, x0, y0, x1, y1 }
+  const [x0, y0, x1, y1] = svgPathBbox(simpleIcons[iconKey].path)
+  return { width: x1 - x0, height: y1 - y0 }
 }

-function resetIconPosition(path) {
-  const { x: offsetX, y: offsetY } = SVGPathCommander.getPathBBox(path)
-  const pathReset = new SVGPathCommander(path)
-    .transform({ translate: [-offsetX, -offsetY] })
-    .toString()
-
+function resetIconPosition(d) {
+  const path = svgpath(d)
+  const [offsetX, offsetY] = svgPathBbox(path)
+  const pathReset = path.translate(-offsetX, -offsetY).round(3).toString()
  return pathReset
 }

--- a/migrations/1676731511125_initialize.cjs
+++ b/migrations/1676731511125_initialize.cjs
@@ -1,5 +1,3 @@
-/* eslint-disable camelcase */
-
 exports.shorthands = undefined

 exports.up = pgm => {
--- a/migrations/1727809177709_add-created.cjs
+++ b/migrations/1727809177709_add-created.cjs
@@ -0,0 +1,15 @@
+exports.shorthands = undefined
+
+exports.up = pgm => {
+  pgm.addColumn('github_user_tokens', {
+    created: {
+      type: 'TIMESTAMP',
+      notNull: true,
+      default: pgm.func('CURRENT_TIMESTAMP'),
+    },
+  })
+}
+
+exports.down = pgm => {
+  pgm.dropColumn('github_user_tokens', 'created')
+}
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -21,52 +21,53 @@
    "url": "https://github.com/badges/shields"
  },
  "dependencies": {
-    "@renovatebot/pep440": "^3.0.20",
-    "@renovatebot/ruby-semver": "^3.0.23",
-    "@sentry/node": "^8.27.0",
+    "@renovatebot/pep440": "^4.1.0",
+    "@renovatebot/ruby-semver": "^4.0.0",
+    "@sentry/node": "^9.10.0",
    "@shields_io/camp": "^18.1.2",
-    "@xmldom/xmldom": "0.8.10",
+    "@xmldom/xmldom": "0.9.8",
    "badge-maker": "file:badge-maker",
+    "byte-size": "^9.0.1",
    "bytes": "^3.1.2",
    "camelcase": "^8.0.0",
-    "chalk": "^5.3.0",
+    "chalk": "^5.4.1",
    "check-node-version": "^4.2.1",
    "cloudflare-middleware": "^1.0.4",
    "config": "^3.3.12",
    "cross-env": "^7.0.3",
    "dayjs": "^1.11.13",
    "decamelize": "^3.2.0",
-    "emojic": "^1.1.17",
+    "emojic": "^1.1.18",
    "escape-string-regexp": "^4.0.0",
-    "fast-xml-parser": "^4.4.1",
-    "glob": "^11.0.0",
+    "fast-xml-parser": "^5.0.9",
+    "glob": "^11.0.1",
    "global-agent": "^3.0.0",
-    "got": "^14.4.2",
-    "graphql": "16.9.0",
+    "got": "^14.4.6",
+    "graphql": "16.10.0",
    "graphql-tag": "^2.12.6",
    "joi": "17.13.3",
    "joi-extension-semver": "5.0.0",
    "js-yaml": "^4.1.0",
-    "jsonpath": "~1.1.1",
+    "jsonpath-plus": "^10.3.0",
    "lodash.countby": "^4.6.0",
    "lodash.groupby": "^4.6.0",
    "lodash.times": "^4.3.2",
    "matcher": "^5.0.0",
    "node-env-flag": "^0.1.0",
-    "node-pg-migrate": "^7.6.1",
+    "node-pg-migrate": "^7.9.1",
    "parse-link-header": "^2.0.0",
-    "path-to-regexp": "^6.2.2",
-    "pg": "^8.12.0",
-    "pretty-bytes": "^6.1.1",
+    "path-to-regexp": "^6.3.0",
+    "pg": "^8.14.1",
    "priorityqueuejs": "^2.0.0",
    "prom-client": "^15.1.3",
-    "qs": "^6.13.0",
-    "query-string": "^9.1.0",
-    "semver": "~7.6.3",
-    "simple-icons": "13.7.0",
-    "smol-toml": "1.3.0",
-    "svg-path-commander": "^2.0.10",
-    "webextension-store-meta": "^1.2.3",
+    "qs": "^6.14.0",
+    "query-string": "^9.1.1",
+    "semver": "~7.7.1",
+    "simple-icons": "14.11.1",
+    "smol-toml": "1.3.1",
+    "svg-path-bbox": "^2.1.0",
+    "svgpath": "^2.6.0",
+    "webextension-store-meta": "^1.2.4",
    "xpath": "~0.0.34"
  },
  "scripts": {
@@ -81,13 +82,13 @@
    "coverage:report:generate": "c8 report",
    "coverage:report:open": "open-cli coverage/lcov-report/index.html",
    "coverage:report": "run-s --silent coverage:report:generate coverage:report:open",
-    "lint": "eslint \"**/*.@(cjs|js|ts|tsx)\"",
-    "prettier": "prettier --write \"**/*.@(cjs|js|ts|tsx|md|json|yml)\"",
-    "prettier:check": "prettier --check \"**/*.@(cjs|js|ts|tsx|md|json|yml)\"",
+    "lint": "eslint \"**/*.@(cjs|mjs|js|ts)\"",
+    "prettier": "prettier --write \"**/*.@(cjs|mjs|js|ts|md|json|yml)\"",
+    "prettier:check": "prettier --check \"**/*.@(cjs|mjs|js|ts|md|json|yml)\"",
    "danger": "danger",
    "test:e2e": "cypress run",
-    "test:core": "cross-env NODE_CONFIG_ENV=test mocha \"core/**/*.spec.js\" \"lib/**/*.spec.js\" \"services/**/*.spec.js\"",
-    "test:package": "mocha \"badge-maker/**/*.spec.js\"",
+    "test:core": "cross-env TZ='UTC' NODE_CONFIG_ENV=test mocha \"core/**/*.spec.js\" \"lib/**/*.spec.js\" \"services/**/*.spec.js\"",
+    "test:package": "mocha \"badge-maker/**/*.spec.@(mjs|js)\"",
    "test:entrypoint": "cross-env NODE_CONFIG_ENV=test mocha entrypoint.spec.js",
    "test:integration": "cross-env NODE_CONFIG_ENV=test mocha \"core/**/*.integration.js\" \"services/**/*.integration.js\"",
    "test:services": "cross-env NODE_CONFIG_ENV=test mocha core/service-test-runner/cli.js",
@@ -123,7 +124,7 @@
    "docusaurus:clear": "docusaurus clear frontend"
  },
  "lint-staged": {
-    "**/*.@(js|ts|tsx)": [
+    "**/*.@(cjs|mjs|js|ts)": [
      "eslint --fix",
      "prettier --write"
    ],
@@ -133,7 +134,7 @@
  },
  "nodemonConfig": {
    "verbose": true,
-    "ext": "js",
+    "ext": "js,yml",
    "ignore": [
      "package.json",
      "**/*.spec.js",
@@ -141,82 +142,79 @@
      "**/*.integration.js",
      "frontend/",
      "build/",
-      "cypress/"
+      "cypress/",
+      ".github/"
    ]
  },
  "devDependencies": {
-    "@docusaurus/core": "^3.5.2",
-    "@docusaurus/preset-classic": "^3.5.2",
-    "@easyops-cn/docusaurus-search-local": "^0.44.5",
-    "@mdx-js/react": "^3.0.1",
-    "@typescript-eslint/parser": "^8.3.0",
-    "c8": "^10.1.2",
+    "@docusaurus/core": "^3.7.0",
+    "@docusaurus/preset-classic": "^3.7.0",
+    "@easyops-cn/docusaurus-search-local": "^0.49.1",
+    "@mdx-js/react": "^3.1.0",
+    "@typescript-eslint/parser": "^8.28.0",
+    "c8": "^10.1.3",
    "caller": "^1.1.0",
-    "chai": "^4.5.0",
-    "chai-as-promised": "^8.0.0",
-    "chai-datetime": "^1.8.0",
-    "chai-string": "^1.4.0",
+    "chai": "5.2.0",
+    "chai-as-promised": "^8.0.1",
+    "chai-datetime": "^1.8.1",
    "child-process-promise": "^2.2.1",
    "clsx": "^2.1.1",
-    "concurrently": "^8.2.2",
-    "cypress": "^13.14.1",
+    "concurrently": "^9.1.2",
+    "cypress": "^14.2.1",
    "cypress-wait-for-stable-dom": "^0.1.0",
-    "danger": "^12.3.3",
+    "danger": "^12.3.4",
    "deepmerge": "^4.3.1",
-    "docusaurus-preset-openapi": "0.7.5",
-    "eslint": "8.57.0",
-    "eslint-config-prettier": "^9.1.0",
-    "eslint-config-standard": "17.1.0",
-    "eslint-config-standard-jsx": "11.0.0",
-    "eslint-config-standard-react": "13.0.0",
-    "eslint-plugin-chai-friendly": "^1.0.1",
-    "eslint-plugin-cypress": "^3.5.0",
-    "eslint-plugin-icedfrisby": "^0.1.0",
-    "eslint-plugin-import": "^2.29.1",
-    "eslint-plugin-jsdoc": "^50.2.2",
-    "eslint-plugin-mocha": "^10.5.0",
-    "eslint-plugin-no-extension-in-require": "^0.2.0",
-    "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-promise": "6.6.0",
-    "eslint-plugin-react": "^7.35.0",
-    "eslint-plugin-react-hooks": "^4.6.2",
-    "eslint-plugin-sort-class-members": "^1.20.0",
-    "form-data": "^4.0.0",
+    "docusaurus-preset-openapi": "0.7.6",
+    "eslint": "9.23.0",
+    "eslint-config-prettier": "^10.1.1",
+    "eslint-plugin-chai-friendly": "1.0.1",
+    "eslint-plugin-cypress": "4.2.0",
+    "eslint-plugin-icedfrisby": "0.2.0",
+    "eslint-plugin-import": "2.31.0",
+    "eslint-plugin-jsdoc": "50.6.9",
+    "eslint-plugin-mocha": "10.5.0",
+    "eslint-plugin-prettier": "5.2.5",
+    "eslint-plugin-promise": "7.2.1",
+    "eslint-plugin-react-hooks": "5.2.0",
+    "eslint-plugin-sort-class-members": "1.21.0",
+    "form-data": "^4.0.2",
+    "globals": "16.0.0",
    "icedfrisby": "4.0.0",
    "icedfrisby-nock": "^2.1.0",
    "is-svg": "^5.1.0",
-    "jsdoc": "^4.0.3",
-    "lint-staged": "^15.2.9",
+    "jsdoc": "^4.0.4",
+    "lint-staged": "^15.5.0",
    "lodash.difference": "^4.5.0",
    "minimist": "^1.2.8",
-    "mocha": "^10.7.3",
+    "mocha": "^11.1.0",
    "mocha-env-reporter": "^4.0.0",
    "mocha-junit-reporter": "^2.2.1",
    "mocha-yaml-loader": "^1.0.3",
-    "nock": "13.5.5",
-    "node-mocks-http": "^1.15.1",
-    "nodemon": "^3.1.4",
+    "neostandard": "0.12.1",
+    "nock": "13.5.6",
+    "node-mocks-http": "^1.16.2",
+    "nodemon": "^3.1.9",
    "npm-run-all": "^4.1.5",
    "open-cli": "^8.0.0",
-    "portfinder": "^1.0.32",
-    "prettier": "3.3.3",
-    "prism-react-renderer": "^2.4.0",
+    "portfinder": "^1.0.35",
+    "prettier": "3.5.3",
+    "prism-react-renderer": "^2.4.1",
    "react": "^18.3.0",
    "react-dom": "^18.3.1",
    "read-all-stdin-sync": "^1.0.5",
    "rimraf": "^6.0.1",
    "sazerac": "^2.0.0",
-    "simple-git-hooks": "^2.11.1",
-    "sinon": "^18.0.0",
-    "sinon-chai": "^3.7.0",
+    "simple-git-hooks": "^2.12.1",
+    "sinon": "^20.0.0",
+    "sinon-chai": "4.0.0",
    "snap-shot-it": "^7.9.10",
-    "start-server-and-test": "2.0.5",
-    "tsd": "^0.31.1",
+    "start-server-and-test": "2.0.11",
+    "tsd": "^0.31.2",
    "url": "^0.11.4"
  },
  "engines": {
-    "node": "^20.10.0",
-    "npm": "^9.0.0 || ^10.0.0"
+    "node": "^20 || ^22",
+    "npm": "^9 || ^10 || ^11"
  },
  "type": "module",
  "collective": {
--- a/server.js
+++ b/server.js
@@ -62,4 +62,9 @@ if (fs.existsSync(legacySecretsPath)) {
 }
 export const server = new Server(config)

+process.on('SIGTERM', async () => {
+  console.log('SIGTERM received, shutting down...')
+  await server.stop()
+})
+
 await server.start()
--- a/services/ansible/ansible-collection-downloads.service.js
+++ b/services/ansible/ansible-collection-downloads.service.js
@@ -0,0 +1,46 @@
+import Joi from 'joi'
+import { renderDownloadsBadge } from '../downloads.js'
+import { BaseJsonService, pathParams } from '../index.js'
+
+const ansibleCollectionSchema = Joi.object({
+  // Ansible docs don't mention this but it appears in the API responses
+  download_count: Joi.number().required(),
+}).required()
+
+export default class AnsibleGalaxyCollectionDownloads extends BaseJsonService {
+  static category = 'downloads'
+  static route = { base: 'ansible/collection/d', pattern: ':namespace/:name' }
+
+  static openApi = {
+    '/ansible/collection/d/{namespace}/{name}': {
+      get: {
+        summary: 'Ansible Collection Downloads',
+        parameters: pathParams(
+          { name: 'namespace', example: 'community' },
+          { name: 'name', example: 'general' },
+        ),
+      },
+    },
+  }
+
+  static defaultBadgeData = { label: 'collection downloads' }
+
+  static render({ downloads }) {
+    return renderDownloadsBadge({ downloads })
+  }
+
+  async fetch({ namespace, name }) {
+    return this._requestJson({
+      schema: ansibleCollectionSchema,
+      url: `https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/index/${namespace}/${name}/`,
+    })
+  }
+
+  async handle({ namespace, name }) {
+    const { download_count: downloads } = await this.fetch({
+      namespace,
+      name,
+    })
+    return this.constructor.render({ downloads })
+  }
+}
--- a/services/ansible/ansible-collection-downloads.tester.js
+++ b/services/ansible/ansible-collection-downloads.tester.js
@@ -0,0 +1,16 @@
+import { ServiceTester } from '../tester.js'
+import { isMetric } from '../test-validators.js'
+
+export const t = new ServiceTester({
+  id: 'AnsibleGalaxyCollectionDownloads',
+  title: 'AnsibleGalaxyCollectionDownloads',
+  pathPrefix: '/ansible/collection/d',
+})
+
+t.create('collection downloads (valid)')
+  .get('/community/general.json')
+  .expectBadge({ label: 'collection downloads', message: isMetric })
+
+t.create('collection downloads (not found)')
+  .get('/not/real.json')
+  .expectBadge({ label: 'collection downloads', message: 'not found' })
--- a/services/ansible/ansible-collection-version.service.js
+++ b/services/ansible/ansible-collection-version.service.js
@@ -0,0 +1,47 @@
+import Joi from 'joi'
+import { renderVersionBadge } from '../version.js'
+import { BaseJsonService, pathParams } from '../index.js'
+
+const ansibleCollectionSchema = Joi.object({
+  highest_version: Joi.object({
+    version: Joi.string().required(),
+  }).required(),
+}).required()
+
+export default class AnsibleGalaxyCollectionVersion extends BaseJsonService {
+  static category = 'version'
+  static route = { base: 'ansible/collection/v', pattern: ':namespace/:name' }
+
+  static openApi = {
+    '/ansible/collection/v/{namespace}/{name}': {
+      get: {
+        summary: 'Ansible Collection Version',
+        parameters: pathParams(
+          { name: 'namespace', example: 'community' },
+          { name: 'name', example: 'general' },
+        ),
+      },
+    },
+  }
+
+  static defaultBadgeData = { label: 'galaxy' }
+
+  static render({ version }) {
+    return renderVersionBadge({ version })
+  }
+
+  async fetch({ namespace, name }) {
+    return this._requestJson({
+      schema: ansibleCollectionSchema,
+      url: `https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/index/${namespace}/${name}/`,
+    })
+  }
+
+  async handle({ namespace, name }) {
+    const { highest_version: highestVersion } = await this.fetch({
+      namespace,
+      name,
+    })
+    return this.constructor.render({ version: highestVersion.version })
+  }
+}
--- a/services/ansible/ansible-collection-version.tester.js
+++ b/services/ansible/ansible-collection-version.tester.js
@@ -0,0 +1,16 @@
+import { ServiceTester } from '../tester.js'
+import { isSemver } from '../test-validators.js'
+
+export const t = new ServiceTester({
+  id: 'AnsibleGalaxyCollectionVersion',
+  title: 'AnsibleGalaxyCollectionVersion',
+  pathPrefix: '/ansible/collection/v',
+})
+
+t.create('collection version (valid)')
+  .get('/community/general.json')
+  .expectBadge({ label: 'galaxy', message: isSemver })
+
+t.create('collection version (not found)')
+  .get('/not/real.json')
+  .expectBadge({ label: 'galaxy', message: 'not found' })
--- a/services/ansible/ansible-collection.tester.js
+++ b/services/ansible/ansible-collection.tester.js
@@ -1,4 +1,5 @@
 import { ServiceTester } from '../tester.js'
+
 export const t = new ServiceTester({
  id: 'AnsibleGalaxyCollectionName',
  title: 'AnsibleGalaxyCollectionName',
--- a/services/archlinux/archlinux.tester.js
+++ b/services/archlinux/archlinux.tester.js
@@ -3,7 +3,7 @@ import { createServiceTester } from '../tester.js'
 export const t = await createServiceTester()

 t.create('Arch Linux package (valid)')
-  .get('/core/x86_64/pacman.json')
+  .get('/core/x86_64/iptables.json')
  .expectBadge({
    label: 'arch linux',
    message: isVPlusDottedVersionNClausesWithOptionalSuffixAndEpoch,
--- a/services/aur/aur.service.js
+++ b/services/aur/aur.service.js
@@ -1,10 +1,8 @@
 import Joi from 'joi'
-import {
-  floorCount as floorCountColor,
-  age as ageColor,
-} from '../color-formatters.js'
+import { renderDateBadge } from '../date.js'
+import { floorCount as floorCountColor } from '../color-formatters.js'
 import { renderLicenseBadge } from '../licenses.js'
-import { addv, metric, formatDate } from '../text-formatters.js'
+import { metric } from '../text-formatters.js'
 import { nonNegativeInteger } from '../validators.js'
 import {
  BaseJsonService,
@@ -12,6 +10,7 @@ import {
  InvalidResponse,
  pathParams,
 } from '../index.js'
+import { renderVersionBadge } from '../version.js'

 const aurSchema = Joi.object({
  resultcount: nonNegativeInteger,
@@ -170,7 +169,7 @@ class AurVersion extends BaseAurService {

  static render({ version, outOfDate }) {
    const color = outOfDate === null ? 'blue' : 'orange'
-    return { message: addv(version), color }
+    return renderVersionBadge({ version, versionFormatter: () => color })
  }

  async handle({ packageName }) {
@@ -242,16 +241,10 @@ class AurLastModified extends BaseAurService {

  static defaultBadgeData = { label: 'last modified' }

-  static render({ date }) {
-    const color = ageColor(date)
-    const message = formatDate(date)
-    return { color, message }
-  }
-
  async handle({ packageName }) {
    const json = await this.fetch({ packageName })
    const date = 1000 * parseInt(json.results[0].LastModified)
-    return this.constructor.render({ date })
+    return renderDateBadge(date)
  }
 }

--- a/services/aur/aur.spec.js
+++ b/services/aur/aur.spec.js
@@ -6,11 +6,13 @@ describe('AurVersion', function () {
    given({ version: '1:1.1.42.622-1', outOfDate: 1 }).expect({
      color: 'orange',
      message: 'v1:1.1.42.622-1',
+      label: undefined,
    })

    given({ version: '7', outOfDate: null }).expect({
      color: 'blue',
      message: 'v7',
+      label: undefined,
    })
  })
 })
--- a/services/bitbucket/bitbucket-last-commit.service.js
+++ b/services/bitbucket/bitbucket-last-commit.service.js
@@ -1,7 +1,6 @@
 import Joi from 'joi'
-import { age as ageColor } from '../color-formatters.js'
+import { renderDateBadge } from '../date.js'
 import { BaseJsonService, NotFound, pathParam, queryParam } from '../index.js'
-import { formatDate } from '../text-formatters.js'
 import { relativeUri } from '../validators.js'

 const schema = Joi.object({
@@ -43,13 +42,6 @@ export default class BitbucketLastCommit extends BaseJsonService {

  static defaultBadgeData = { label: 'last commit' }

-  static render({ commitDate }) {
-    return {
-      message: formatDate(commitDate),
-      color: ageColor(Date.parse(commitDate)),
-    }
-  }
-
  async fetch({ user, repo, branch, path }) {
    // https://developer.atlassian.com/cloud/bitbucket/rest/api-group-commits/#api-repositories-workspace-repo-slug-commits-get
    return this._requestJson({
@@ -76,6 +68,6 @@ export default class BitbucketLastCommit extends BaseJsonService {

    if (!commit) throw new NotFound({ prettyMessage: 'no commits found' })

-    return this.constructor.render({ commitDate: commit.date })
+    return renderDateBadge(commit.date)
  }
 }
--- a/services/bundlejs/bundlejs-package.service.js
+++ b/services/bundlejs/bundlejs-package.service.js
@@ -1,9 +1,11 @@
 import Joi from 'joi'
 import { BaseJsonService, pathParam, queryParam } from '../index.js'
+import { renderSizeBadge } from '../size.js'
+import { nonNegativeInteger } from '../validators.js'

 const schema = Joi.object({
  size: Joi.object({
-    compressedSize: Joi.string().required(),
+    rawCompressedSize: nonNegativeInteger,
  }).required(),
 }).required()

@@ -76,13 +78,6 @@ export default class BundlejsPackage extends BaseJsonService {

  static defaultBadgeData = { label: 'bundlejs', color: 'informational' }

-  static render({ size }) {
-    return {
-      label: 'minified size (gzip)',
-      message: size,
-    }
-  }
-
  async fetch({ scope, packageName, exports }) {
    const searchParams = {
      q: `${scope ? `${scope}/` : ''}${packageName}`,
@@ -110,7 +105,7 @@ export default class BundlejsPackage extends BaseJsonService {

  async handle({ scope, packageName }, { exports }) {
    const json = await this.fetch({ scope, packageName, exports })
-    const size = json.size.compressedSize
-    return this.constructor.render({ size })
+    const size = json.size.rawCompressedSize
+    return renderSizeBadge(size, 'metric', 'minified size (gzip)')
  }
 }
--- a/services/bundlejs/bundlejs-package.tester.js
+++ b/services/bundlejs/bundlejs-package.tester.js
@@ -1,26 +1,26 @@
-import { isFileSize } from '../test-validators.js'
+import { isMetricFileSize } from '../test-validators.js'
 import { createServiceTester } from '../tester.js'
 export const t = await createServiceTester()

 t.create('bundlejs/package (packageName)')
  .get('/jquery.json')
-  .expectBadge({ label: 'minified size (gzip)', message: isFileSize })
+  .expectBadge({ label: 'minified size (gzip)', message: isMetricFileSize })

 t.create('bundlejs/package (version)')
  .get('/react@18.2.0.json')
-  .expectBadge({ label: 'minified size (gzip)', message: isFileSize })
+  .expectBadge({ label: 'minified size (gzip)', message: isMetricFileSize })

 t.create('bundlejs/package (scoped)')
  .get('/@cycle/rx-run.json')
-  .expectBadge({ label: 'minified size (gzip)', message: isFileSize })
+  .expectBadge({ label: 'minified size (gzip)', message: isMetricFileSize })

 t.create('bundlejs/package (select exports)')
  .get('/value-enhancer.json?exports=isVal,val')
-  .expectBadge({ label: 'minified size (gzip)', message: isFileSize })
+  .expectBadge({ label: 'minified size (gzip)', message: isMetricFileSize })

 t.create('bundlejs/package (scoped version select exports)')
  .get('/@ngneat/falso@6.4.0.json?exports=randEmail,randFullName')
-  .expectBadge({ label: 'minified size (gzip)', message: isFileSize })
+  .expectBadge({ label: 'minified size (gzip)', message: isMetricFileSize })

 t.create('bundlejs/package (not found)')
  .get('/react@18.2.0.json')
--- a/services/bundlephobia/bundlephobia.service.js
+++ b/services/bundlephobia/bundlephobia.service.js
@@ -1,5 +1,5 @@
 import Joi from 'joi'
-import prettyBytes from 'pretty-bytes'
+import { renderSizeBadge } from '../size.js'
 import { nonNegativeInteger } from '../validators.js'
 import { BaseJsonService, pathParams } from '../index.js'

@@ -112,10 +112,7 @@ export default class Bundlephobia extends BaseJsonService {

  static render({ format, size }) {
    const label = format === 'min' ? 'minified size' : 'minzipped size'
-    return {
-      label,
-      message: prettyBytes(size),
-    }
+    return renderSizeBadge(size, 'iec', label)
  }

  async fetch({ scope, packageName, version }) {
--- a/services/bundlephobia/bundlephobia.tester.js
+++ b/services/bundlephobia/bundlephobia.tester.js
@@ -1,4 +1,4 @@
-import { isFileSize } from '../test-validators.js'
+import { isIecFileSize } from '../test-validators.js'
 import { createServiceTester } from '../tester.js'
 export const t = await createServiceTester()

@@ -13,42 +13,42 @@ const data = [
  {
    format: formats.A,
    get: '/min/preact.json',
-    expect: { label: 'minified size', message: isFileSize },
+    expect: { label: 'minified size', message: isIecFileSize },
  },
  {
    format: formats.B,
    get: '/min/preact/8.0.0.json',
-    expect: { label: 'minified size', message: isFileSize },
+    expect: { label: 'minified size', message: isIecFileSize },
  },
  {
    format: formats.C,
    get: '/min/@cycle/core.json',
-    expect: { label: 'minified size', message: isFileSize },
+    expect: { label: 'minified size', message: isIecFileSize },
  },
  {
    format: formats.D,
    get: '/min/@cycle/core/7.0.0.json',
-    expect: { label: 'minified size', message: isFileSize },
+    expect: { label: 'minified size', message: isIecFileSize },
  },
  {
    format: formats.A,
    get: '/minzip/preact.json',
-    expect: { label: 'minzipped size', message: isFileSize },
+    expect: { label: 'minzipped size', message: isIecFileSize },
  },
  {
    format: formats.B,
    get: '/minzip/preact/8.0.0.json',
-    expect: { label: 'minzipped size', message: isFileSize },
+    expect: { label: 'minzipped size', message: isIecFileSize },
  },
  {
    format: formats.C,
    get: '/minzip/@cycle/core.json',
-    expect: { label: 'minzipped size', message: isFileSize },
+    expect: { label: 'minzipped size', message: isIecFileSize },
  },
  {
    format: formats.D,
    get: '/minzip/@cycle/core/7.0.0.json',
-    expect: { label: 'minzipped size', message: isFileSize },
+    expect: { label: 'minzipped size', message: isIecFileSize },
  },
  {
    format: formats.A,
--- a/services/chrome-web-store/chrome-web-store-last-updated.service.js
+++ b/services/chrome-web-store/chrome-web-store-last-updated.service.js
@@ -0,0 +1,35 @@
+import { renderDateBadge } from '../date.js'
+import { NotFound, pathParams } from '../index.js'
+import BaseChromeWebStoreService from './chrome-web-store-base.js'
+
+export default class ChromeWebStoreLastUpdated extends BaseChromeWebStoreService {
+  static category = 'activity'
+  static route = { base: 'chrome-web-store/last-updated', pattern: ':storeId' }
+
+  static openApi = {
+    '/chrome-web-store/last-updated/{storeId}': {
+      get: {
+        summary: 'Chrome Web Store Last Updated',
+        parameters: pathParams({
+          name: 'storeId',
+          example: 'nccfelhkfpbnefflolffkclhenplhiab',
+        }),
+      },
+    },
+  }
+
+  static defaultBadgeData = {
+    label: 'last updated',
+  }
+
+  async handle({ storeId }) {
+    const chromeWebStore = await this.fetch({ storeId })
+    const lastUpdated = chromeWebStore.lastUpdated()
+
+    if (lastUpdated == null) {
+      throw new NotFound({ prettyMessage: 'not found' })
+    }
+
+    return renderDateBadge(lastUpdated)
+  }
+}
--- a/services/chrome-web-store/chrome-web-store-last-updated.tester.js
+++ b/services/chrome-web-store/chrome-web-store-last-updated.tester.js
@@ -0,0 +1,18 @@
+import { isFormattedDate } from '../test-validators.js'
+import { createServiceTester } from '../tester.js'
+
+export const t = await createServiceTester()
+
+t.create('Last updated')
+  .get('/nccfelhkfpbnefflolffkclhenplhiab.json')
+  .expectBadge({
+    label: 'last updated',
+    message: isFormattedDate,
+  })
+
+t.create('Last updated (not found)')
+  .get('/invalid-name-of-addon.json')
+  .expectBadge({
+    label: 'last updated',
+    message: 'not found',
+  })
--- a/services/chrome-web-store/chrome-web-store-size.service.js
+++ b/services/chrome-web-store/chrome-web-store-size.service.js
@@ -0,0 +1,46 @@
+import { InvalidResponse, NotFound, pathParams } from '../index.js'
+import BaseChromeWebStoreService from './chrome-web-store-base.js'
+
+export default class ChromeWebStoreSize extends BaseChromeWebStoreService {
+  static category = 'size'
+  static route = { base: 'chrome-web-store/size', pattern: ':storeId' }
+
+  static openApi = {
+    '/chrome-web-store/size/{storeId}': {
+      get: {
+        summary: 'Chrome Web Store Size',
+        parameters: pathParams({
+          name: 'storeId',
+          example: 'nccfelhkfpbnefflolffkclhenplhiab',
+        }),
+      },
+    },
+  }
+
+  static defaultBadgeData = {
+    label: 'extension size',
+    color: 'blue',
+  }
+
+  static transform(sizeStr) {
+    const match = sizeStr.match(/^(\d+(?:\.\d+)?)([a-zA-Z]+)$/)
+    if (!match) {
+      throw new InvalidResponse({
+        prettyMessage: 'size does not match expected format',
+      })
+    }
+    const [, size, units] = match
+    return `${size} ${units}`
+  }
+
+  async handle({ storeId }) {
+    const chromeWebStore = await this.fetch({ storeId })
+    const size = chromeWebStore.size()
+
+    if (size == null) {
+      throw new NotFound({ prettyMessage: 'not found' })
+    }
+
+    return { message: this.constructor.transform(size) }
+  }
+}
--- a/services/chrome-web-store/chrome-web-store-size.spec.js
+++ b/services/chrome-web-store/chrome-web-store-size.spec.js
@@ -0,0 +1,28 @@
+import { expect } from 'chai'
+import { test, given } from 'sazerac'
+import { InvalidResponse } from '../index.js'
+import ChromeWebStoreSize from './chrome-web-store-size.service.js'
+
+describe('transform function', function () {
+  it('formats size correctly', function () {
+    test(ChromeWebStoreSize.transform, () => {
+      given('0.55KiB').expect('0.55 KiB')
+      given('19.86KiB').expect('19.86 KiB')
+      given('432KiB').expect('432 KiB')
+    })
+  })
+
+  it('throws when the format is unexpected', function () {
+    expect(() => ChromeWebStoreSize.transform('432 KiB')).to.throw(
+      InvalidResponse,
+    )
+    expect(() => ChromeWebStoreSize.transform('432')).to.throw(InvalidResponse)
+    expect(() => ChromeWebStoreSize.transform('KiB')).to.throw(InvalidResponse)
+    expect(() => ChromeWebStoreSize.transform('foobar')).to.throw(
+      InvalidResponse,
+    )
+    expect(() => ChromeWebStoreSize.transform('4.4.4 KiB')).to.throw(
+      InvalidResponse,
+    )
+  })
+})
--- a/services/chrome-web-store/chrome-web-store-size.tester.js
+++ b/services/chrome-web-store/chrome-web-store-size.tester.js
@@ -0,0 +1,13 @@
+import { createServiceTester } from '../tester.js'
+import { isIecFileSize } from '../test-validators.js'
+
+export const t = await createServiceTester()
+
+t.create('Size').get('/nccfelhkfpbnefflolffkclhenplhiab.json').expectBadge({
+  label: 'extension size',
+  message: isIecFileSize,
+})
+
+t.create('Size (not found)')
+  .get('/invalid-name-of-addon.json')
+  .expectBadge({ label: 'extension size', message: 'not found' })
--- a/services/clojars/clojars-version.service.js
+++ b/services/clojars/clojars-version.service.js
@@ -34,6 +34,10 @@ class ClojarsVersionService extends BaseClojarsService {
  static defaultBadgeData = { label: 'clojars' }

  static render({ clojar, version }) {
+    // clojars format is non standard to fit community style
+    // dont use renderVersionBadge
+    // see also https://github.com/badges/shields/pull/431
+    // commit d0414c9
    return {
      message: `[${clojar} "${version}"]`,
      color: versionColor(version),
--- a/services/codeclimate/codeclimate-analysis.service.js
+++ b/services/codeclimate/codeclimate-analysis.service.js
@@ -113,7 +113,7 @@ export default class CodeclimateAnalysis extends BaseJsonService {
    },
    '/codeclimate/tech-debt/{user}/{repo}': {
      get: {
-        summary: 'Code Climate issues',
+        summary: 'Code Climate technical debt',
        parameters: pathParams(
          { name: 'user', example: 'tensorflow' },
          { name: 'repo', example: 'models' },
@@ -122,7 +122,7 @@ export default class CodeclimateAnalysis extends BaseJsonService {
    },
    '/codeclimate/issues/{user}/{repo}': {
      get: {
-        summary: 'Code Climate technical debt',
+        summary: 'Code Climate issues',
        parameters: pathParams(
          { name: 'user', example: 'tensorflow' },
          { name: 'repo', example: 'models' },
--- a/services/codecov/codecov.service.js
+++ b/services/codecov/codecov.service.js
@@ -38,7 +38,7 @@ const badgeTokenPattern = /^\w{10}$/
 const description = `
 You may specify a Codecov badge token to get coverage for a private repository.

-You can find the token under the badge section of your project settings page, in this url: <code>https://codecov.io/[vcsName]/[user]/[repo]/settings/badge</code>.
+You can find the token under the badge section of your project settings page, in this url: <code>https://codecov.io/[vcsName]/[user]/[repo]/config/badge</code>.
 `

 export default class Codecov extends BaseSvgScrapingService {
@@ -145,7 +145,7 @@ export default class Codecov extends BaseSvgScrapingService {

  async fetch({ vcsName, user, repo, branch, token, flag }) {
    const url = `https://codecov.io/${vcsName}/${user}/${repo}${
-      branch ? `/branches/${branch}` : ''
+      branch ? `/branch/${branch}` : ''
    }/graph/badge.svg`
    return this._requestSvg({
      schema,
--- a/services/coderabbit/coderabbit-pull-request.service.js
+++ b/services/coderabbit/coderabbit-pull-request.service.js
@@ -0,0 +1,71 @@
+import Joi from 'joi'
+import { BaseJsonService, pathParams } from '../index.js'
+import { metric } from '../text-formatters.js'
+
+const schema = Joi.object({
+  reviews: Joi.number().required(),
+}).required()
+
+class CodeRabbitPullRequest extends BaseJsonService {
+  static category = 'analysis'
+  static route = {
+    base: 'coderabbit',
+    pattern: 'prs/:provider(github|bitbucket|gitlab)/:org/:repo',
+  }
+
+  static openApi = {
+    '/coderabbit/prs/{provider}/{org}/{repo}': {
+      get: {
+        summary: 'CodeRabbit Pull Request Reviews',
+        description:
+          'This badge pulls the number of PRs reviewed by [CodeRabbit](https://coderabbit.ai), AI code review tool',
+        parameters: pathParams(
+          {
+            name: 'provider',
+            example: 'github',
+            description: 'Version Control Provider',
+            schema: { type: 'string', enum: this.getEnum('provider') },
+          },
+          {
+            name: 'org',
+            example: 'coderabbitai',
+            description: 'Organization or User name',
+          },
+          {
+            name: 'repo',
+            example: 'ast-grep-essentials',
+            description: 'Repository name',
+          },
+        ),
+      },
+    },
+  }
+
+  static defaultBadgeData = {
+    label: 'coderabbit reviews',
+  }
+
+  static render({ reviews }) {
+    return {
+      message: metric(reviews),
+      color: 'blue',
+    }
+  }
+
+  async fetch({ provider, org, repo }) {
+    return this._requestJson({
+      schema,
+      url: `https://api.coderabbit.ai/stats/${provider}/${org}/${repo}`,
+      httpErrors: {
+        400: 'provider or repo not found',
+      },
+    })
+  }
+
+  async handle({ provider, org, repo }) {
+    const data = await this.fetch({ provider, org, repo })
+    return this.constructor.render(data)
+  }
+}
+
+export default CodeRabbitPullRequest
--- a/services/coderabbit/coderabbit-pull-request.tester.js
+++ b/services/coderabbit/coderabbit-pull-request.tester.js
@@ -0,0 +1,25 @@
+import { createServiceTester } from '../tester.js'
+import { isMetric } from '../test-validators.js'
+
+export const t = await createServiceTester()
+
+t.create('live CodeRabbitPullRequest')
+  .get('/prs/github/coderabbitai/ast-grep-essentials.json')
+  .expectBadge({
+    label: 'coderabbit reviews',
+    message: isMetric,
+  })
+
+t.create('live CodeRabbitPullRequest nonexistent org')
+  .get('/prs/github/not-valid/not-found.json')
+  .expectBadge({
+    label: 'coderabbit reviews',
+    message: 'provider or repo not found',
+  })
+
+t.create('live CodeRabbitPullRequest invalid repo')
+  .get('/prs/github/coderabbitai/invalid-repo-name.json')
+  .expectBadge({
+    label: 'coderabbit reviews',
+    message: 'provider or repo not found',
+  })
--- a/services/color-formatters.js
+++ b/services/color-formatters.js
@@ -6,7 +6,6 @@
 */

 import pep440 from '@renovatebot/pep440'
-import dayjs from 'dayjs'

 /**
 * Determines the color used for a badge based on version.
@@ -23,7 +22,10 @@ function version(version) {
  if (first === 'v') {
    first = version[1]
  }
-  if (first === '0' || /alpha|beta|snapshot|dev|pre|rc/i.test(version)) {
+  if (
+    first === '0' ||
+    /alpha|beta|snapshot|dev|pre|rc|scm|cvs/i.test(version)
+  ) {
    return 'orange'
  } else {
    return 'blue'
@@ -172,24 +174,7 @@ function colorScale(steps, colors, reversed) {
  }
 }

-/**
- * Determines the color used for a badge according to the age.
- * Age is calculated as days elapsed till current date.
- * The color varies from bright green to red as the age increases
- * or the other way around if `reverse` is given `true`.
- *
- * @param {string} date Date string
- * @param {boolean} reversed Reverse the color scale a.k.a. the older, the better
- * @returns {string} Badge color
- */
-function age(date, reversed = false) {
-  const colorByAge = colorScale([7, 30, 180, 365, 730], undefined, !reversed)
-  const daysElapsed = dayjs().diff(dayjs(date), 'days')
-  return colorByAge(daysElapsed)
-}
-
 export {
-  age,
  colorScale,
  coveragePercentage,
  downloadCount,
--- a/Show More
+++ b/Show More