from:"dependabot\[bot\] via rails\-dev"

[openstreetmap/openstreetmap-website] Bump coverallsapp/github-action from 2.3.0 to 2.3.1 (PR #5256)

2024-10-10 Thread dependabot[bot] via rails-dev

Bumps 
[coverallsapp/github-action](https://github.com/coverallsapp/github-action) 
from 2.3.0 to 2.3.1.

Release notes
Sourced from coverallsapp/github-action's
 releases.

v2.3.1
What's Changed
Extend behavior of fail-on-error option to 
setup failures by @afinetooth;
 in coverallsapp/github-action#226;


Technically an enhancement, these changes make the action behave as 
many customers already expect by ignoring any and all 
failures when the fail-on-error input is set to 
false.


Adds logic to handle any failures in "setup" tasks, 
including downloading the coverage-reporter binary, 
verifying the binary, and finding the binary by its expected name after 
extraction.


The new logic checks these actions and exits with code 
1 on failure, except if 
fail-on-error is set to true, 
in which case it returns exit code 0.


Adds a matrix workflow that tests the action for each 
os and the two key binary commands 
(coveralls report and coevralls 
done). Each of these scenarios implicitly tests our setup tasks 
since they run first in each scenario.


Also extends the behavior of debug: true to 
flip the shell-specific debug flag for each os 
including set -x for linux 
and macos and Set-PSDebug -Trace 
1 for windows.


Full Changelog: https://github.com/coverallsapp/github-action/compare/v2.3.0...v2.3.1;



Commits

1134c89;
 Extend behavior of fail-on-error option to setup 
failures (#226;)
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverallsapp/github-action&package-manager=github_actions&previous-version=2.3.0&new-version=2.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5256

-- Commit Summary --

  * Bump coverallsapp/github-action from 2.3.0 to 2.3.1

-- File Changes --

M .github/workflows/tests.yml (4)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5256.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5256.diff

-- 
Repl

[openstreetmap/openstreetmap-website] Bump eslint from 9.11.1 to 9.12.0 (PR #5249)

2024-10-04 Thread dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.11.1 to 9.12.0.

Release notes
Sourced from eslint's 
releases.

v9.12.0
Features

5a6a053;
 feat: update to jiti v2 (#18954;)
 (Arya Emami)
17a07fb;
 feat: Hooks for test cases (RuleTester) (#18771;)
 (Anna Bocharova)
2ff0e51;
 feat: Implement alternate config lookup (#18742;)
 (Nicholas C. Zakas)
2d17453;
 feat: Implement modified cyclomatic complexity (#18896;)
 (Dmitry Pashkevich)

Bug Fixes

ea380ca;
 fix: Upgrade retry to avoid EMFILE errors (#18986;)
 (Nicholas C. Zakas)
fdd6319;
 fix: Issues with type definitions (#18940;)
 (Arya Emami)

Documentation

ecbd522;
 docs: Mention code explorer (#18978;)
 (Nicholas C. Zakas)
7ea4ecc;
 docs: Clarifying the Use of Meta Objects (#18697;)
 (Amaresh  S M)
d3e4b2e;
 docs: Clarify how to exclude .js files (#18976;)
 (Milos Djermanovic)
57232ff;
 docs: Mention plugin-kit in language docs (#18973;)
 (Nicholas C. Zakas)
b80ed00;
 docs: Update README (GitHub Actions Bot)
cb69ab3;
 docs: Update README (GitHub Actions Bot)
7fb0d95;
 docs: Update README (GitHub Actions Bot)
493348a;
 docs: Update README (GitHub Actions Bot)
87a582c;
 docs: fix typo in id-match rule (#18944;)
 (Jay)

Chores

555aafd;
 chore: upgrade to @eslint/js@9.12.0 (#18987;)
 (Francesco Trotta)
873ae60;
 chore: package.json update for @eslint/js release 
(Jenkins)
d0a5414;
 refactor: replace strip-ansi with native module (#18982;)
 (Cristopher)
b827029;
 chore: Enable JSON5 linting (#18979;)
 (Milos Djermanovic)
[openstreetmap/openstreetmap-website] Bump eslint from 9.12.0 to 9.13.0 (PR #5271)


2024-10-18

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.12.0 to 9.13.0.

Release notes
Sourced from eslint's 
releases.

v9.13.0
Features

381c32b;
 feat: Allow languages to provide 
defaultLanguageOptions (#19003;)
 (Milos Djermanovic)
bf723bd;
 feat: Improve eslintrc warning message (#19023;)
 (Milos Djermanovic)
1def4cd;
 feat: drop support for jiti v1.21 (#18996;)
 (Francesco Trotta)
f879be2;
 feat: export ESLint.defaultConfig (#18983;)
 (Nitin Kumar)

Bug Fixes

78836d4;
 fix: update the complexity rule type (#19027;)
 (Nitin Kumar)
064c8b6;
 fix: update rule types (#18925;)
 (Nitin Kumar)

Documentation

abdbfa8;
 docs: mark LintMessage#nodeType as deprecated (#19019;)
 (Nitin Kumar)
19e68d3;
 docs: update deprecated rules type definitions (#19018;)
 (Nitin Kumar)
7dd402d;
 docs: Update examples of passing multiple values to a CLI option (#19006;)
 (Milos Djermanovic)
5dcbc51;
 docs: Add example with side-effect imports to no-restricted-imports (#18997;)
 (Milos Djermanovic)
1ee87ca;
 docs: Update README (GitHub Actions Bot)
2c3dbdc;
 docs: Use prerendered sponsors for README (#18988;)
 (Milos Djermanovic)

Chores

68d2d9d;
 chore: upgrade to @eslint/js@9.13.0 and 
@eslint/core@^0.7.0 (#19034;)
 (Francesco Trotta)
2211f0a;
 chore: package.json update for @eslint/js release 
(Jenkins)
c7abaef;
 perf: using Node.js compile cache (#19012;)
 (唯然)
1d7c077;
 chore: add pkg.type "commonjs" (#19011;)
 (唯然)
468e3bd;
 test: fix ESLint tests (#19021;)
 (Francesco Trotta)
ed4635f;
 ci: upgrade knip@5.32.0 (



[openstreetmap/openstreetmap-website] Bump coverallsapp/github-action from 2.3.2 to 2.3.3 (PR #5268)


2024-10-16

Thread
dependabot[bot] via rails-dev

Bumps 
[coverallsapp/github-action](https://github.com/coverallsapp/github-action) 
from 2.3.2 to 2.3.3.

Release notes
Sourced from coverallsapp/github-action's
 releases.

v2.3.3
What's Changed

Always point the major version tag to the latest release (fixes #222;)
 by @afinetooth;
 in coverallsapp/github-action#230;

Full Changelog: https://github.com/coverallsapp/github-action/compare/v2...v2.3.3;



Commits

4cdef0b;
 Always point the major version tag to the latest release (#230;)
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverallsapp/github-action&package-manager=github_actions&previous-version=2.3.2&new-version=2.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5268

-- Commit Summary --

  * Bump coverallsapp/github-action from 2.3.2 to 2.3.3

-- File Changes --

M .github/workflows/tests.yml (4)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5268.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5268.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5268
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump leaflet.locatecontrol from 0.81.1 to 0.82.0 (PR #5296)


2024-10-29

Thread
dependabot[bot] via rails-dev

Bumps 
[leaflet.locatecontrol](https://github.com/domoritz/leaflet-locatecontrol) from 
0.81.1 to 0.82.0.

Commits

20159f3;
 Release v0.82.0
20c6f18;
 chore: update deps, fix format, use npm
49e108e;
 refactor: Refactor L.Control.Locate source to an esm version of the locate 
co...
688fb13;
 Bump serve-static from 1.15.0 to 1.16.2 (#354;)
00f8cf7;
 Bump micromatch from 4.0.7 to 4.0.8 (#353;)
a2bbecc;
 feat: update deps and format
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=leaflet.locatecontrol&package-manager=npm_and_yarn&previous-version=0.81.1&new-version=0.82.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5296

-- Commit Summary --

  * Bump leaflet.locatecontrol from 0.81.1 to 0.82.0

-- File Changes --

M package.json (2)
M yarn.lock (8)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5296.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5296.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5296
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump eslint from 9.13.0 to 9.14.0 (PR #5299)


2024-11-01

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.13.0 to 9.14.0.

Release notes
Sourced from eslint's 
releases.

v9.14.0
Features

3fa009f;
 feat: add support for Import Attributes and RegExp Modifiers (#19076;)
 (Milos Djermanovic)
b0faee3;
 feat: add types for the @eslint/js package (#19010;)
 (Nitin Kumar)

Bug Fixes

24d0172;
 fix: enable retry concurrency limit for readFile() (#19077;)
 (Nicholas C. Zakas)
b442067;
 fix: Don't crash when directory is deleted during traversal. (#19067;)
 (Nicholas C. Zakas)
d474443;
 fix: avoid call stack overflow while processing globs (#19035;)
 (Livia Medeiros)

Documentation

151c965;
 docs: update context.languageOptions.parser 
description (#19084;)
 (Nitin Kumar)
dc34f94;
 docs: Update README (GitHub Actions Bot)
f16e846;
 docs: Update README (GitHub Actions Bot)
ee0a77e;
 docs: change link from @types/eslint to lib/types 
(#19049;)
 (Karl Horky)
50f03a1;
 docs: Clarify global ignores in config migration guide (#19032;)
 (Milos Djermanovic)

Build Related

37c9177;
 build: update @wdio/* dependencies (#19068;)
 (Francesco Trotta)
35a8858;
 build: exclude flawed dendency versions (#19065;)
 (Francesco Trotta)

Chores

f36cb16;
 chore: upgrade @eslint/js@9.14.0
 (#19086;)
 (Milos Djermanovic)
28be447;
 chore: package.json update for @eslint/js release 
(Jenkins)
f48a2a0;
 test: add no-invalid-regexp tests with RegExp 
Modifiers (#19075;)
 (Milos Djermanovic)
425202e;
 perf: Fix caching in config loaders (#19042;)
 (Milos Djermanovic)
3d44b3c;
 ci: run tests in Node.js 23 (#19055;)
 (Francesco Trotta)
[openstreetmap/openstreetmap-website] Bump coverallsapp/github-action from 2.3.3 to 2.3.4 (PR #5286)


2024-10-24

Thread
dependabot[bot] via rails-dev

Bumps 
[coverallsapp/github-action](https://github.com/coverallsapp/github-action) 
from 2.3.3 to 2.3.4.

Release notes
Sourced from coverallsapp/github-action's
 releases.

v2.3.4
What's Changed

Add coverage-reporter-platform input option 
by @afinetooth;
 in coverallsapp/github-action#233;

Since we have added support for 
coverage-reporter on aarch64, 
we need to provide users of our github-action the 
ability to select this architecture-specific version of 
coverage-reporter when they're using an 
aarch64 / arm64 runner in 
CI.



Full Changelog: https://github.com/coverallsapp/github-action/compare/v2...v2.3.4;



Commits

cfd0633;
 Add coverage-reporter-platform input option (#233;)
0db2c3c;
 Update README.md
29d7fa2;
 Add two more helpful steps to update-major-version-tag workflow (#231;)
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverallsapp/github-action&package-manager=github_actions&previous-version=2.3.3&new-version=2.3.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5286

-- Commit Summary --

  * Bump coverallsapp/github-action from 2.3.3 to 2.3.4

-- File Changes --

M .github/workflows/tests.yml (4)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5286.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5286.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5286
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump eslint from 9.11.0 to 9.11.1 (PR #5234)


2024-09-23

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.11.0 to 9.11.1.

Release notes
Sourced from eslint's 
releases.

v9.11.1
Bug Fixes

20fd916;
 fix: add @eslint/core, 
@types/estree, & 
@types/json-schema deps (#18938;)
 (Nitin Kumar)
2738322;
 fix: add missing types for require-atomic-updates 
rule (#18937;)
 (Kristóf Poduszló)
d71ff30;
 fix: add missing types for object-shorthand rule 
(#18935;)
 (Kristóf Poduszló)
561cadc;
 fix: add missing types for no-unsafe-negation rule 
(#18932;)
 (Kristóf Poduszló)
8843656;
 fix: add missing types for no-underscore-dangle rule 
(#18931;)
 (Kristóf Poduszló)
92cde5c;
 fix: add missing types for no-shadow rule (#18930;)
 (Kristóf Poduszló)
b3cbe11;
 fix: add missing types for no-sequences rule (#18929;)
 (Kristóf Poduszló)
976f77f;
 fix: add missing types for no-unused-expressions rule 
(#18933;)
 (Kristóf Poduszló)

Documentation

3eff709;
 docs: replace deprecated Linter.FlatConfig type with 
Linter.Config (#18941;)
 (Carlos Meira)

Chores

df4a859;
 chore: upgrade @eslint/js@9.11.1
 (#18943;)
 (Milos Djermanovic)
36d8095;
 chore: package.json update for @eslint/js release 
(Jenkins)




Changelog
Sourced from eslint's
 changelog.

v9.11.1 - September 23, 2024

df4a859;
 chore: upgrade @eslint/js@9.11.1
 (#18943;)
 (Milos Djermanovic)
36d8095;
 chore: package.json update for @eslint/js release 
(Jenkins)
20fd916;
 fix: add @eslint/core, 
@types/estree, & 
@types/json-schema deps (#18938;)
 (Nitin Kumar)
3eff709;
 docs: replace deprecated Linter.FlatConfig type with 
Linter.Config (#18941;)
 (Carlos Meira)
[openstreetmap/openstreetmap-website] Bump webrick from 1.8.1 to 1.8.2 (PR #5237)


2024-09-24

Thread
dependabot[bot] via rails-dev

Bumps [webrick](https://github.com/ruby/webrick) from 1.8.1 to 1.8.2.

Release notes
Sourced from webrick's 
releases.

v1.8.2
What's Changed

Drop commented-out line by @olleolleolle;
 in ruby/webrick#108;
Add Ruby 3.1 & 3.2 to CI matrix by @tricknotes;
 in ruby/webrick#109;
Fix/redos by @ooo-q;
 in ruby/webrick#114;
Raise HTTPStatus::BadRequest for requests with invalid/duplicate 
content-length headers by @jeremyevans;
 in ruby/webrick#120;
Bump actions/checkout from 3 to 4 by @dependabot;
 in ruby/webrick#121;
Improve CI by @hsbt;
 in ruby/webrick#123;
Fix WEBrick::TestFileHandler#test_short_filename test not working on 
mswin by @KJTsanaktsidis;
 in ruby/webrick#128;
Fix bug chunk extension detection by @jeremyevans;
 in ruby/webrick#125;
Fix CI. by @ioquatix;
 in ruby/webrick#131;
Merge multiple cookie headers, preserving semantic correctness. by 
@ioquatix;
 in ruby/webrick#130;
Test on macos-latest by @byroot;
 in ruby/webrick#132;
Require CRLF line endings in request line and headers by @jeremyevans;
 in ruby/webrick#138;
Prefer squigly heredocs. by @ioquatix;
 in ruby/webrick#143;
Only strip space and horizontal tab in headers by @jeremyevans;
 in ruby/webrick#141;
Treat missing CRLF separator after headers as an EOFError by @jeremyevans;
 in ruby/webrick#142;
Return 400 response for chunked requests with unexpected data after 
chunk by @jeremyevans;
 in ruby/webrick#136;
Fix reference to URI::REGEXP::PATTERN::HOST by @casperisfine;
 in ruby/webrick#144;
Prevent request smuggling by @jeremyevans;
 in ruby/webrick#146;

New Contributors

@tricknotes;
 made their first contribution in ruby/webrick#109;
@ooo-q;
 made their first contribution in ruby/webrick#114;
@KJTsanaktsidis;
 made their first contribution in ruby/webrick#128;
@byroot;
 made their first contribution in ruby/webrick#132;
@casperisfine;
 mad



[openstreetmap/openstreetmap-website] Bump eslint from 9.10.0 to 9.11.0 (PR #5230)


2024-09-20

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.10.0 to 9.11.0.

Release notes
Sourced from eslint's 
releases.

v9.11.0
Features

ec30c73;
 feat: add "eslint/universal" to export 
Linter (#18883;)
 (唯然)
c591da6;
 feat: Add language to types (#18917;)
 (Nicholas C. Zakas)
492eb8f;
 feat: limit the name given to ImportSpecifier in 
id-length (#18861;)
 (Tanuj Kanti)
19c6856;
 feat: Add no-useless-constructor suggestion (#18799;)
 (Jordan Thomson)
a48f8c2;
 feat: add type FormatterFunction, update 
LoadedFormatter (#18872;)
 (Francesco Trotta)

Bug Fixes

5e5f39b;
 fix: add missing types for no-restricted-exports rule 
(#18914;)
 (Kristóf Poduszló)
8f630eb;
 fix: add missing types for no-param-reassign options 
(#18906;)
 (Kristóf Poduszló)
d715781;
 fix: add missing types for no-extra-boolean-cast 
options (#18902;)
 (Kristóf Poduszló)
2de5742;
 fix: add missing types for 
no-misleading-character-class options (#18905;)
 (Kristóf Poduszló)
c153084;
 fix: add missing types for no-implicit-coercion 
options (#18903;)
 (Kristóf Poduszló)
fa11b2e;
 fix: add missing types for no-empty-function options 
(#18901;)
 (Kristóf Poduszló)
a0deed1;
 fix: add missing types for camelcase options (#18897;)
 (Kristóf Poduszló)

Documentation

e4e5709;
 docs: correct prefer-object-has-own type definition 
comment (#18924;)
 (Nitin Kumar)
91cbd18;
 docs: add unicode abbreviations in no-irregular-whitespace rule (#18894;)
 (Alix Royere)
59cfc0f;
 docs: clarify resultsMeta in 
LoadedFormatter type (#18881;)
 (Milos Djermanovic)
adcc50d;
 docs: Update README (GitHub Actions Bot)
[openstreetmap/openstreetmap-website] Bump puma from 5.6.8 to 5.6.9 (PR #5229)


2024-09-20

Thread
dependabot[bot] via rails-dev

Bumps [puma](https://github.com/puma/puma) from 5.6.8 to 5.6.9.

Changelog
Sourced from puma's
 changelog.

5.6.9 / 2024-09-19

Security

Discards any headers using underscores if the non-underscore version 
also exists. Without this, an attacker could overwrite values set by 
intermediate proxies (e.g. X-Forwarded-For). (CVE-2024-45614/GHSA-9hf4-67fc-4vf4)






Commits

f196b23;
 Merge commit from fork
24eec19;
 5.6.9
3c8e8b0;
 5.6.9 release note [ci skip]
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=puma&package-manager=bundler&previous-version=5.6.8&new-version=5.6.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)
You can disable automated security fix PRs for this repo from the [Security 
Alerts 
page](https://github.com/openstreetmap/openstreetmap-website/network/alerts).


You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5229

-- Commit Summary --

  * Bump puma from 5.6.8 to 5.6.9

-- File Changes --

M Gemfile.lock (2)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5229.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5229.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5229
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump google-protobuf from 3.25.4 to 3.25.5 (PR #5227)


2024-09-19

Thread
dependabot[bot] via rails-dev

Bumps [google-protobuf](https://github.com/protocolbuffers/protobuf) from 
3.25.4 to 3.25.5.

Commits

70e85ae;
 Updating version.json and repo version numbers to: 25.5-dev
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google-protobuf&package-manager=bundler&previous-version=3.25.4&new-version=3.25.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)
You can disable automated security fix PRs for this repo from the [Security 
Alerts 
page](https://github.com/openstreetmap/openstreetmap-website/network/alerts).


You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5227

-- Commit Summary --

  * Bump google-protobuf from 3.25.4 to 3.25.5

-- File Changes --

M Gemfile.lock (2)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5227.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5227.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5227
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump coverallsapp/github-action from 2.3.0 to 2.3.2 (PR #5263)


2024-10-15

Thread
dependabot[bot] via rails-dev

Bumps 
[coverallsapp/github-action](https://github.com/coverallsapp/github-action) 
from 2.3.0 to 2.3.2.

Release notes
Sourced from coverallsapp/github-action's
 releases.

v2.3.2
What's Changed

Verify that coverage-reporter-version option 
is recognized by @afinetooth;
 in coverallsapp/github-action#229;
Add build-number to supported inputs options 
by @afinetooth;
 and @brianatgather;
 in coverallsapp/github-action#228;
Change sha256sum command flag to be 
compatible with alpine linux distros by @afinetooth;
 and @jdebbink;
 in coverallsapp/github-action#227;
Docs: Fix the action version in usage example by @Jeff-Tian;
 in coverallsapp/github-action#210;

New Contributors

@brianatgather;
 made their first contribution in coverallsapp/github-action#228;
 / coverallsapp/github-action#199;
@jdebbink;
 made their first contribution in coverallsapp/github-action#227;
 / coverallsapp/github-action#198;
@Jeff-Tian;
 made their first contribution in coverallsapp/github-action#210;

Full Changelog: https://github.com/coverallsapp/github-action/compare/v2.3.1...v2.3.2;
v2.3.1
What's Changed
Extend behavior of fail-on-error option to 
setup failures by @afinetooth;
 in coverallsapp/github-action#226;


Technically an enhancement, these changes make the action behave as 
many customers already expect by ignoring any and all 
failures when the fail-on-error input is set to 
false.


Adds logic to handle any failures in "setup" tasks, 
including downloading the coverage-reporter binary, 
verifying the binary, and finding the binary by its expected name after 
extraction.


The new logic checks these actions and exits with code 
1 on failure, except if 
fail-on-error is set to true, 
in which case it returns exit code 0.


Adds a matrix workflow that tests the action for each 
os and the two key binary commands 
(coveralls report and coevralls 
done). Each of these scenarios implicitly tests our setup tasks 
since they run first in each scenario.


Also extends the behavior of debug: true to 
flip the shell-specific debug flag for each os 
including set -x for linux 
and macos and Set-PSDebug -Trace 
1 for windows.


Full Changelog: https://github.com/coverallsapp/github-action/compare/v2.3.0...v2.3.1;



Commits

43f11c4;
 Verify that coverage-reporter-version option is 
recognized (#229;)
c258231;
 Add build 



Re: [openstreetmap/openstreetmap-website] Bump coverallsapp/github-action from 2.3.0 to 2.3.1 (PR #5256)


2024-10-15

Thread
dependabot[bot] via rails-dev

Closed #5256.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5256#event-14665707249
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





Re: [openstreetmap/openstreetmap-website] Bump coverallsapp/github-action from 2.3.0 to 2.3.1 (PR #5256)


2024-10-15

Thread
dependabot[bot] via rails-dev

Superseded by #5263.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5256#issuecomment-2415330100
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump eslint from 9.15.0 to 9.16.0 (PR #5360)


2024-11-29

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.15.0 to 9.16.0.

Release notes
Sourced from eslint's 
releases.

v9.16.0
Features

8f70eb1;
 feat: Add ignoreComputedKeys option in 
sort-keys rule (#19162;)
 (Milos Djermanovic)

Documentation

9eefc8f;
 docs: fix typos in use-isnan (#19190;)
 (루밀LuMir)
0c8cea8;
 docs: switch the order of words in no-unreachable 
(#19189;)
 (루밀LuMir)
0c19417;
 docs: add missing backtick to 
no-async-promise-executor (#19188;)
 (루밀LuMir)
8df9276;
 docs: add backtick in -0 in 
description of 
no-compare-neg-zero (#19186;)
 (루밀LuMir)
7e16e3f;
 docs: fix caseSensitive option's title of 
sort-keys (#19183;)
 (Tanuj Kanti)
0c6b842;
 docs: fix typos in migration-guide.md (#19180;)
 (루밀LuMir)
353266e;
 docs: fix a typo in debug.md (#19179;)
 (루밀LuMir)
5ff318a;
 docs: delete unnecessary horizontal rule(---) in 
nodejs-api (#19175;)
 (루밀LuMir)
576bcc5;
 docs: mark more rules as handled by TypeScript (#19164;)
 (Tanuj Kanti)
742d054;
 docs: note that no-restricted-syntax can be used with 
any language (#19148;)
 (Milos Djermanovic)

Chores

feb703b;
 chore: upgrade to @eslint/js@9.16.0 (#19195;)
 (Francesco Trotta)
df9bf95;
 chore: package.json update for @eslint/js release 
(Jenkins)
f831893;
 chore: add type for ignoreComputedKeys option of 
sort-keys (#19184;)
 (Tanuj Kanti)
3afb8a1;
 chore: update dependency @eslint/json to ^0.8.0 
(#19177;)
 (Milos Djermanovic)
1f77c53;
 chore: add repository.directory property to 
package.json (#19165;)
 (루밀LuMir)




[openstreetmap/openstreetmap-website] Bump qs from 6.13.0 to 6.13.1 (PR #5341)


2024-11-18

Thread
dependabot[bot] via rails-dev

Bumps [qs](https://github.com/ljharb/qs) from 6.13.0 to 6.13.1.

Changelog
Sourced from qs's
 changelog.

6.13.1

[Fix] stringify: avoid a crash when a 
filter key is null
[Fix] utils.merge: functions should not be 
stringified into keys
[Fix] parse: avoid a crash with 
interpretNumericEntities: true, comma: true, and iso charset
[Fix] stringify: ensure a non-string 
filter does not crash
[Refactor] use __proto__ syntax instead of 
Object.create for null objects
[Refactor] misc cleanup
[Tests] utils.merge: add some 
coverage
[Tests] fix a test case
[actions] split out node 10-20, and 20+
[Dev Deps] update es-value-fixtures, 
mock-property, 
object-inspect, 
tape




Commits

f1ee037;
 v6.13.1
afd20d0;
 [Dev Deps] update object-inspect
d185cee;
 [actions] split out node 10-20, and 20+
4cf5567;
 [Dev Deps] update es-value-fixtures, 
tape
3c8a6f5;
 [Refactor] use __proto__ syntax instead of 
Object.create for null objects
96f4d93;
 [Fix] stringify: avoid a crash when a 
filter key is null
aa1f0a8;
 [Fix] utils.merge: functions should not be 
stringified into keys
2a548a9;
 [Tests] utils.merge: add some coverage
3e750c1;
 [Refactor] misc cleanup
ca55d0f;
 [Fix] parse: avoid a crash with 
interpretNumericEntities: true, comma: true...
Additional commits viewable in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=qs&package-manager=npm_and_yarn&previous-version=6.13.0&new-version=6.13.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and sto



[openstreetmap/openstreetmap-website] Bump eslint from 9.14.0 to 9.15.0 (PR #5335)


2024-11-15

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.14.0 to 9.15.0.

Release notes
Sourced from eslint's 
releases.

v9.15.0
Features

01557ce;
 feat: Implement Language#normalizeLanguageOptions() (#19104;)
 (Nicholas C. Zakas)
2edc0e2;
 feat: add meta.defaultOptions (#17656;)
 (Josh Goldberg ✨)
bdec50e;
 feat: fix no-useless-computed-key false negative with 
__proto__ (#19123;)
 (Milos Djermanovic)
3087c9e;
 feat: add meta object to 
@eslint/js plugin (#19095;)
 (Francesco Trotta)

Bug Fixes

fd33f13;
 fix: update types for no-restricted-imports rule 
(#19060;)
 (Nitin Kumar)
bd35098;
 fix: switch away from Node.js node:assert and AssertionError (#19082;)
 (Josh Goldberg ✨)
9db5b15;
 fix: unsafe report for no-lonely-if (#19087;)
 (Abraham Guo)
68fa497;
 fix: ignore files on a different drive on Windows (#19069;)
 (Francesco Trotta)
4ce625a;
 fix: upgrade @humanwhocodes/retry@0.4.1
 to avoid debug logs (#19102;)
 (Milos Djermanovic)

Documentation

d927920;
 docs: fix styles in no-js mode (#18916;)
 (Tanuj Kanti)
09bc2a8;
 docs: Update README (GitHub Actions Bot)
39089c8;
 docs: add no-useless-computed-key examples with 
object patterns (#19109;)
 (Milos Djermanovic)
895c60f;
 docs: add missing messageId property and suggestion properties (#19122;)
 (fnx)
298625e;
 docs: Change CLI -c to use flat config (#19103;)
 (Nicholas C. Zakas)
522d8a3;
 docs: add deprecation on indent, 
quotes and semi rule types 
(#19090;)
 (Marco Pasqualetti)

Chores

2967d91;
 chore: upgrade @eslint/js@9.15.0
 (#19133;)
 (Milos Djermanovic)
[openstreetmap/openstreetmap-website] Bump rails-html-sanitizer from 1.6.0 to 1.6.1 (PR #5369)


2024-12-02

Thread
dependabot[bot] via rails-dev

Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) 
from 1.6.0 to 1.6.1.

Release notes
Sourced from rails-html-sanitizer's
 releases.

1.6.1 / 2024-12-02
This is a performance and security release which addresses several 
possible XSS vulnerabilities.


The dependency on Nokogiri is updated to v1.15.7 or 
>=1.16.8.
This change addresses CVE-2024-53985 (https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x;).
Mike Dalessio


Disallowed tags will be pruned when they appear in foreign content 
(i.e. SVG or MathML content),
regardless of the prune: option value. Previously, 
disallowed tags were "stripped" unless the
gem was configured with the prune: true 
option.
The CVEs addressed by this change are:

CVE-2024-53986 (https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-638j-pmjw-jq48;)
CVE-2024-53987 (https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-2x5m-9ch4-qgrr;)

Mike Dalessio


The tags "noscript", "mglyph", and 
"malignmark" will not be allowed, even if explicitly added to
the allowlist. If applications try to allow any of these tags, a warning is 
emitted and the tags
are removed from the allow-list.
The CVEs addressed by this change are:

CVE-2024-53988 (https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-cfjx-w229-hgx5;)
CVE-2024-53989 (https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rxv5-gxqc-xx8g;)

Please note that we may restore support for 
allowing "noscript" in a future release. We do not
expect to ever allow "mglyph" or 
"malignmark", though, especially since browser support is 
minimal
for these tags.
Mike Dalessio


Improve performance by eliminating needless operations on attributes 
that are being removed. #188;
Mike Dalessio





Changelog
Sourced from rails-html-sanitizer's
 changelog.

1.6.1 / 2024-12-02
This is a performance and security release which addresses several 
possible XSS vulnerabilities.


The dependency on Nokogiri is updated to v1.15.7 or 
>=1.16.8.
This change addresses CVE-2024-53985 (GHSA-w8gc-x259-rc7x).
Mike Dalessio


Disallowed tags will be pruned when they appear in foreign content 
(i.e. SVG or MathML content),
regardless of the prune: option value. Previously, 
disallowed tags were "stripped" unless the
gem was configured with the prune: true 
option.
The CVEs addressed by this change are:

CVE-2024-53986 (GHSA-638j-pmjw-jq48)
CVE-2024-53987 (GHSA-2x5m-9ch4-qgrr)

Mike Dalessio


The tags "noscript", "mglyph", and 
"malignmark" will not be allowed, even if explicitly added to
the allowlist. If applications try to allow any of these tags, a warning is 
emitted and the tags
are removed from the allow-list.
The CVEs addressed by this change are:

CVE-2024-53988 (GHSA-cfjx-w229-hgx5)
CVE-2024-53989 (GHSA-rxv5-gxqc-xx8g)

Please note that we may restore support for 
allowing "noscript" in a future release. We do not
expect to ever allow "mglyph" or 
"malignmark", though, especially since browser support is 
minimal
for these tags.
Mike Dalessio


Improve performance by eliminating needless operations on attributes 
that are being removed. #188;
Mike Dalessio





Commits

[openstreetmap/openstreetmap-website] Bump @eslint/plugin-kit from 0.2.0 to 0.2.3 (PR #5334)


2024-11-15

Thread
dependabot[bot] via rails-dev

Bumps [@eslint/plugin-kit](https://github.com/eslint/rewrite) from 0.2.0 to 
0.2.3.

Release notes
Sourced from @eslint/plugin-kit's
 releases.

plugin-kit: v0.2.3
0.2.3;
 (2024-11-14)
Dependencies

The following workspace dependencies were updated

devDependencies

@eslint/core bumped from ^0.8.0 to 
^0.9.0





plugin-kit: v0.2.2
0.2.2;
 (2024-10-25)
Dependencies

The following workspace dependencies were updated

devDependencies

@eslint/core bumped from ^0.7.0 to 
^0.8.0





plugin-kit: v0.2.1
0.2.1;
 (2024-10-18)
Dependencies

The following workspace dependencies were updated

devDependencies

@eslint/core bumped from ^0.6.0 to 
^0.7.0








Commits

a957ee3;
 chore: release main (#130;)
3591a78;
 feat: Add Language#normalizeLanguageOptions() (#131;)
2fa68b7;
 chore: fix formatting error (#133;)
071be84;
 Merge commit from fork
e73b1dc;
 docs: Update README sponsors
d0b2e70;
 fix: non-optional properties in generic interfaces (#132;)
3a87bbb;
 fix: Support legacy schema properties (#128;)
c24083b;
 docs: Update README sponsors
0dc78d3;
 chore: release main (#125;)
ffa176f;
 feat: Add rule types (#110;)
Additional commits viewable in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@eslint/plugin-kit&package-manager=npm_and_yarn&previous-version=0.2.0&new-version=0.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve t



[openstreetmap/openstreetmap-website] Bump leaflet.locatecontrol from 0.83.0 to 0.83.1 (PR #5480)


2025-01-07

Thread
dependabot[bot] via rails-dev

Bumps 
[leaflet.locatecontrol](https://github.com/domoritz/leaflet-locatecontrol) from 
0.83.0 to 0.83.1.

Commits

04a5b83;
 Release v0.83.1
f757847;
 Fix LocateOptions parameter type (#361;)
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=leaflet.locatecontrol&package-manager=npm_and_yarn&previous-version=0.83.0&new-version=0.83.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5480

-- Commit Summary --

  * Bump leaflet.locatecontrol from 0.83.0 to 0.83.1

-- File Changes --

M yarn.lock (6)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5480.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5480.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5480
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump leaflet.locatecontrol from 0.82.0 to 0.83.0 (PR #5451)


2024-12-30

Thread
dependabot[bot] via rails-dev

Bumps 
[leaflet.locatecontrol](https://github.com/domoritz/leaflet-locatecontrol) from 
0.82.0 to 0.83.0.

Commits

dc47f6a;
 Release v0.83.0
bce8f8d;
 feat: Add typescript definitions (#360;)
9d9ff9f;
 Minor changes (#359;)
b20d77e;
 docs: document how to use with esm
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=leaflet.locatecontrol&package-manager=npm_and_yarn&previous-version=0.82.0&new-version=0.83.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5451

-- Commit Summary --

  * Bump leaflet.locatecontrol from 0.82.0 to 0.83.0

-- File Changes --

M package.json (2)
M yarn.lock (8)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5451.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5451.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5451
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump eslint from 9.19.0 to 9.20.0 (PR #5630)


2025-02-07

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.19.0 to 9.20.0.

Release notes
Sourced from eslint's 
releases.

v9.20.0
Features

e89a54a;
 feat: change behavior of inactive flags (#19386;)
 (Milos Djermanovic)

Bug Fixes

91d4d9f;
 fix: Bring types in sync with @eslint/core (#19157;)
 (Nicholas C. Zakas)
fa25c7a;
 fix: Emit warning when empty config file is used (#19399;)
 (Nicholas C. Zakas)
31a9fd0;
 fix: Clearer error message for wrong plugin format (#19380;)
 (Nicholas C. Zakas)
61d99e3;
 fix: Better error message for unserializable parser (#19384;)
 (Nicholas C. Zakas)
db1b9a6;
 fix: Ensure module scope is checked for references in 
consistent-this (#19383;)
 (Nicholas C. Zakas)
8bcd820;
 fix: arrow-body-style crash with single-token body 
(#19379;)
 (Milos Djermanovic)

Documentation

b7012c8;
 docs: rewrite examples with var using let and const (#19407;)
 (Mueez Javaid Hashmi)
6406376;
 docs: Update README (GitHub Actions Bot)
350f2b9;
 docs: rewrite some examples with var using let and const (#19404;)
 (Mueez Javaid Hashmi)
93c325a;
 docs: rewrite examples with var using let and const (#19398;)
 (Mueez Javaid Hashmi)
56ff404;
 docs: replace var with let or const in rules docs (#19396;)
 (Daniel Harbrueger)
4053226;
 docs: change sourceType in 
no-eval examples (#19393;)
 (Milos Djermanovic)
1324af0;
 docs: replace var with let and const in rules docs (#19392;)
 (Daniel Harbrueger)
8b87e00;
 docs: replace var with const 
and let in rules (#19389;)
 (Tanuj Kanti)
758c66b;
 docs: Explain what frozen rules mean (#19382;)
 (Nicholas C. Zakas)
0ef8bb8;
 docs: additional checks for rule examples ([openstreetmap/openstreetmap-website] Bump net-imap from 0.5.5 to 0.5.6 (PR #5644)


2025-02-10

Thread
dependabot[bot] via rails-dev

Bumps [net-imap](https://github.com/ruby/net-imap) from 0.5.5 to 0.5.6.

Release notes
Sourced from net-imap's 
releases.

v0.5.6
What's Changed
🔒 Security Fix
Fixes CVE-2025-25186 (GHSA-7fc5-f82f-cx69): A malicious server can 
exhaust client memory by sending APPENDUID or 
COPYUID responses with very large 
uid-set ranges. 
Net::IMAP::UIDPlusData expands these ranges into 
arrays of integers.
Fix with minor API changes
Set config.parser_use_deprecated_uidplus_data 
to false to replace 
UIDPlusData with 
AppendUIDData and 
CopyUIDData.  These classes store their UIDs as 
Net::IMAP::SequenceSet objects 
(not expanded into arrays of integers).  Code that does 
not handle APPENDUID or 
COPYUID responses should not see any difference.  Code 
that does handle these responses may need to be 
updated.
For v0.3.8, this option is not available
For v0.4.19, the default value is true.
For v0.5.6, the default value is :up_to_max_size.
For v0.6.0, the only allowed value will be false  
(UIDPlusData will be removed from 
v0.6).
Mitigate with backward compatible API
Adjust 
config.parser_max_deprecated_uidplus_data_size to 
limit the maximum UIDPlusData UID set size.
When config.parser_use_deprecated_uidplus_data == 
true, larger sets will crash.
When  config.parser_use_deprecated_uidplus_data == 
:up_to_max_size, larger sets will use 
AppendUIDData or 
CopyUIDData.
For v0.3,8, this limit is hard-coded to 10,000.
For v0.4.19, this limit defaults to 1000.
For v0.5.6, this limit defaults to 100.
For v0.6.0, the only allowed value will be 0  
(UIDPlusData will be removed from 
v0.6).
Please Note: unhandled responses
If the client does not add response handlers to prune unhandled 
responses, a malicious server can still eventually exhaust all client memory, 
by repeatedly sending malicious responses.  However, 
net-imap has always retained unhandled responses, and 
it has always been necessary for long-lived connections to prune these 
responses.  This is not significantly different from connecting to a trusted 
server with a long-lived connection.  To limit the maximum number of retained 
responses, a simple handler might look something like the following:
limit = 1000
imap.add_response_handler do |resp|
  next unless resp.respond_to?(:name) && resp.respond_to?(:data)
  name = resp.name
  code = resp.data.code&.name if 
resp.data.is_a?(Net::IMAP::ResponseText)
  imap.responses(name) { _1.slice!(0...-limit) }
  imap.responses(code) { _1.slice!(0...-limit) }
end

Added

🔧 Ensure ResponseParser config is mutable and non-global by @nevans;
 in ruby/net-imap#381;
✨ Add SequenceSet methods for querying about duplicates by @nevans;
 in ruby/net-imap#384;
✨ Add SequenceSet#each_ordered_number by 
@nevans;
 in ruby/net-imap#386;
✨ Add SequenceSet#find_ordered_index by 
@nevans;
 in ruby/net-imap#396;
✨ Add SequenceSet#ordered_at by @nevans;
 in ruby/net-imap#397;
✨ Add AppendUIDData and CopyUIDData classes by @nevans;
 in ruby/net-imap#400;
🔧 Add parser config for 
APPENDUID/COPYUID, 🗑️ 
Deprecate UIDPlusData by @nevans;
 in ruby/net-imap#401;

Fixed

🐛 Fix SequenceSet#append when its 
@string is nil by @nevans;
 in ruby/net-imap#376;
🐛 Fix SequenceSet merging in another Seq



[openstreetmap/openstreetmap-website] Bump @stylistic/eslint-plugin-js from 3.0.1 to 3.1.0 (PR #5648)


2025-02-10

Thread
dependabot[bot] via rails-dev

Bumps 
[@stylistic/eslint-plugin-js](https://github.com/eslint-stylistic/eslint-stylistic/tree/HEAD/packages/eslint-plugin-js)
 from 3.0.1 to 3.1.0.

Release notes
Sourced from @stylistic/eslint-plugin-js's
 releases.

v3.1.0
3.1.0;
 (2025-02-08)
Features

generic-spacing: remove spaces in type 
param instantiation (#677;)
 (2a29e28;)




Changelog
Sourced from @stylistic/eslint-plugin-js's
 changelog.

3.1.0;
 (2025-02-08)
Features

generic-spacing: remove spaces in type 
param instantiation (#677;)
 (2a29e28;)




Commits

6b42973;
 chore: release v3.1.0 (main) (#678;)
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@stylistic/eslint-plugin-js&package-manager=npm_and_yarn&previous-version=3.0.1&new-version=3.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5648

-- Commit Summary --

  * Bump @stylistic/eslint-plugin-js from 3.0.1 to 3.1.0

-- File Changes --

M yarn.lock (6)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5648.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5648.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5648
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump actionpack from 7.2.2 to 7.2.2.1 (PR #5392)


2024-12-10

Thread
dependabot[bot] via rails-dev

Bumps [actionpack](https://github.com/rails/rails) from 7.2.2 to 7.2.2.1.

Release notes
Sourced from actionpack's 
releases.

7.2.2.1
Active Support

No changes.

Active Model

No changes.

Active Record

No changes.

Action View

No changes.

Action Pack


Add validation to content security policies to disallow spaces and 
semicolons.
Developers should use multiple arguments, and different directive methods 
instead.
[CVE-2024-54133]
Gannon McGibbon


Active Job

No changes.

Action Mailer

No changes.

Action Cable

No changes.

Active Storage

No changes.



... (truncated)


Commits

33beb0a;
 Preparing for 7.2.2.1 release
3da2479;
 Add CSP directive validation
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actionpack&package-manager=bundler&previous-version=7.2.2&new-version=7.2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)
You can disable automated security fix PRs for this repo from the [Security 
Alerts 
page](https://github.com/openstreetmap/openstreetmap-website/network/alerts).


You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5392

-- Commit Summary --

  * Bump actionpack from 7.2.2 to 7.2.2.1

-- File Changes --

M Gemfile.lock (106)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5392.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5392.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5392
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





Re: [openstreetmap/openstreetmap-website] Bump actionpack from 7.2.2 to 7.2.2.1 (PR #5392)


2024-12-10

Thread
dependabot[bot] via rails-dev

Looks like actionpack is up-to-date now, so this is no longer needed.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5392#issuecomment-253316
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





Re: [openstreetmap/openstreetmap-website] Bump actionpack from 7.2.2 to 7.2.2.1 (PR #5392)


2024-12-10

Thread
dependabot[bot] via rails-dev

Closed #5392.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5392#event-15608852183
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump osm-community-index from 5.8.0 to 5.9.0 (PR #5405)


2024-12-16

Thread
dependabot[bot] via rails-dev

Bumps [osm-community-index](https://github.com/osmlab/osm-community-index) from 
5.8.0 to 5.9.0.

Release notes
Sourced from osm-community-index's
 releases.

v5.9.0
https://github.com/osmlab/osm-community-index/blob/main/CHANGELOG.md#590;
v5.8.1
https://github.com/osmlab/osm-community-index/blob/main/CHANGELOG.md#581;



Changelog
Sourced from osm-community-index's
 changelog.

5.9.0
2024-Dec-16

Updated dependencies, bump to location-conflation v1.4.1 / 
country-coder v5.3.1
Support new resource type: bluesky
Added:

Many community forum links (#741;,
 #742;,
 #743;,
 #744;,
 #745;,
 #746;,
 #747;,
 #748;,
 #752;):

Africa, Austria, Bangladesh, Canada, Croatia, Estonia, Finland, 
Hungary, Indonesia, Malaysia, Mexico, Nepal, Russia, Sweden, Ukraine, 
Venezuela


Social networks for OSM Colombia (#749;)
Social networks for TadeoMappers (#754;)
Nelson, New Zealand mapping group (#755;)
Georgia Matrix (#760;)
Croatia resources and remove IRC (#762;)
Bulgaria Matrix (#766;)


Updated:

Switch OSM Berlin from Telegram to Mastodon (#740;)
Many sort orders updated (#750;,
 #751;,
 #753;):

India, Ireland, Italy, Serbia, Thailand




Removed:

Ireland Meetup (#750;)
Indonesia mailing list
Many groups with dead links (#757;)
MapABQ (#759;)



#740:
 osmlab/osm-community-index#740;
#741:
 osmlab/osm-community-index#741;
#742:
 osmlab/osm-community-index#742;
#743:
 osmlab/osm-community-index#743;
#744:
 osmlab/osm-community-index#744;
#745:
 osmlab/osm-community-index#



[openstreetmap/openstreetmap-website] Bump eslint from 9.16.0 to 9.17.0 (PR #5398)


2024-12-13

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.16.0 to 9.17.0.

Release notes
Sourced from eslint's 
releases.

v9.17.0
Features

eed91d1;
 feat: add suggestions to no-unused-vars (#18352;)
 (Tanuj Kanti)

Bug Fixes

67d683d;
 fix: fix crash when message.fix is nullish (#19168;)
 (ntnyq)
c618707;
 fix: ignore vars with non-identifier references in no-useless-assignment 
(#19200;)
 (YeonJuan)

Documentation

3c22d2a;
 docs: update yoda to Yoda in 
yoda.md for consistency (#19230;)
 (루밀LuMir)
e0a2203;
 docs: add missing backticks to no-sequences (#19233;)
 (루밀LuMir)
4cc4881;
 docs: Update README (GitHub Actions Bot)
3db6fdf;
 docs: [no-await-in-loop] expand on benefits and inapplicability (#19211;)
 (Kirk Waiblinger)
bf2a4f6;
 docs: add missing backticks to func-style (#19227;)
 (루밀LuMir)
ba098bd;
 docs: add missing header to prefer-spread (#19224;)
 (루밀LuMir)
b607ae6;
 docs: update description of no-param-reassign (#19220;)
 (루밀LuMir)
1eb424d;
 docs: add missing backticks to prefer-destructuring 
(#19223;)
 (루밀LuMir)
85998d1;
 docs: add missing backticks to no-unneeded-ternary 
(#19222;)
 (루밀LuMir)
b75b32c;
 docs: add missing backticks to no-new-func (#19219;)
 (루밀LuMir)
a7700bc;
 docs: add missing backticks to id-length (#19217;)
 (루밀LuMir)
e2bb429;
 docs: add missing backticks to complexity.md (#19214;)
 (루밀LuMir)
045d716;
 docs: add missing ) to 
id-denylist (#19213;)
 (루밀LuMir)
7fe4114;
 docs: Update README (GitHub Actions Bot)




Re: [openstreetmap/openstreetmap-website] Bump rails-html-sanitizer from 1.6.0 to 1.6.1 (PR #5369)


2024-12-03

Thread
dependabot[bot] via rails-dev

Looks like rails-html-sanitizer is up-to-date now, so this is no longer needed.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5369#issuecomment-2515320833
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





Re: [openstreetmap/openstreetmap-website] Bump rails-html-sanitizer from 1.6.0 to 1.6.1 (PR #5369)


2024-12-03

Thread
dependabot[bot] via rails-dev

Closed #5369.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5369#event-15514594813
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump eslint from 9.17.0 to 9.18.0 (PR #5491)


2025-01-10

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.17.0 to 9.18.0.

Release notes
Sourced from eslint's 
releases.

v9.18.0
Features

e84e6e2;
 feat: Report allowed methods for no-console rule 
(#19306;)
 (Anna Bocharova)
8efc2d0;
 feat: unflag TypeScript config files (#19266;)
 (Francesco Trotta)
87a9352;
 feat: check imports and class names in 
no-shadow-restricted-names (#19272;)
 (Milos Djermanovic)

Bug Fixes

da768d4;
 fix: correct overrideConfigFile type (#19289;)
 (Francesco Trotta)

Documentation

d9c23c5;
 docs: replace var with const 
in rule examples (#19325;)
 (Tanuj Kanti)
8e1a898;
 docs: add tabs to cli code blocks (#18784;)
 (Jay)
f3aeefb;
 docs: rewrite using let and const in rule examples (#19320;)
 (PoloSpark)
0b680b3;
 docs: Update README (GitHub Actions Bot)
98c86a9;
 docs: Edit this page button link to different 
branches (#19228;)
 (Tanuj Kanti)
6947901;
 docs: remove hardcoded edit link (#19323;)
 (Milos Djermanovic)
03f2f44;
 docs: rewrite var with const in rules examples (#19317;)
 (Thiago)
26c3003;
 docs: Clarify dangers of eslint:all (#19318;)
 (Nicholas C. Zakas)
c038257;
 docs: add eqeqeq in related rules to 
no-eq-null (#19310;)
 (루밀LuMir)
89c8fc5;
 docs: rewrite examples with var using let and const (#19315;)
 (Amaresh  S M)
db574c4;
 docs: add missing backticks to no-void (#19313;)
 (루밀LuMir)
8d943c3;
 docs: add missing backticks to default-case-last 
(#19311;)
 (루밀LuMir)
36ef8bb;
 docs: rewrite examples with var using let and const (#19298;)
 (Amaresh  S M)
[openstreetmap/openstreetmap-website] Bump eslint from 9.18.0 to 9.19.0 (PR #5552)


2025-01-24

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.18.0 to 9.19.0.

Release notes
Sourced from eslint's 
releases.

v9.19.0
Features

1637b8e;
 feat: add --report-unused-inline-configs (#19201;)
 (Josh Goldberg ✨)

Bug Fixes

aae6717;
 fix: sync rule type header comments automatically (#19276;)
 (Francesco Trotta)

Documentation

cfea9ab;
 docs: Clarify overrideConfig option (#19370;)
 (Nicholas C. Zakas)
2b84f66;
 docs: Update README (#19362;)
 (Nicholas C. Zakas)
044f93c;
 docs: clarify frozen rule description (#19351;)
 (Pavel)
797ee7c;
 docs: fix Bluesky links (#19368;)
 (Milos Djermanovic)
81a9c0e;
 docs: Update README (GitHub Actions Bot)
093fb3d;
 docs: replace var with let 
and const in rule examples (#19365;)
 (Tanuj Kanti)
417de32;
 docs: replace var with const in rule examples (#19352;)
 (jj)
17f2aae;
 docs: update getting-started config to match default generated config (#19308;)
 (0xDev)
8a0a5a8;
 docs: better global ignores instruction (#19297;)
 (Jacopo Marrone)
6671a2c;
 docs: Update README (GitHub Actions Bot)
e39d3f2;
 docs: fix divider for rule category (#19264;)
 (Tanuj Kanti)
e0cf53f;
 docs: fix search result box position for small screens (#19328;)
 (Tanuj Kanti)
f92a680;
 docs: replace var with let or const in rule examples (#19331;)
 (Ravi Teja Kolla)
b04b84b;
 docs: revert accidental changes in TS config files docs (#19336;)
 (Francesco Trotta)

Chores

9b9cb05;
 chore: upgrade @eslint/js@9.19.0
 (#19371;)
 (Milos Djermanovic)
58560e7;
 chore: package.json u



[openstreetmap/openstreetmap-website] Bump coverallsapp/github-action from 2.3.4 to 2.3.5 (PR #5553)


2025-01-24

Thread
dependabot[bot] via rails-dev

Bumps 
[coverallsapp/github-action](https://github.com/coverallsapp/github-action) 
from 2.3.4 to 2.3.5.

Release notes
Sourced from coverallsapp/github-action's
 releases.

v2.3.5
What's Changed

Automatically detect the platform to install by @fredden;
 in coverallsapp/github-action#238;
README/Inputs: list all (non-deprecated) inputs by @jrfnl;
 in coverallsapp/github-action#239;

New Contributors

@fredden;
 made their first contribution in coverallsapp/github-action#238;
@jrfnl;
 made their first contribution in coverallsapp/github-action#239;

Full Changelog: https://github.com/coverallsapp/github-action/compare/v2...v2.3.5;



Commits

773b6d8;
 README/Inputs: list all (non-deprecated) inputs (#239;)
72709f8;
 Automatically detect the platform to install (#238;)
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverallsapp/github-action&package-manager=github_actions&previous-version=2.3.4&new-version=2.3.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5553

-- Commit Summary --

  * Bump coverallsapp/github-action from 2.3.4 to 2.3.5

-- File Changes --

M .github/workflows/tests.yml (4)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5553.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5553.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5553
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-



[openstreetmap/openstreetmap-website] Bump coverallsapp/github-action from 2.3.5 to 2.3.6 (PR #5564)


2025-01-27

Thread
dependabot[bot] via rails-dev

Bumps 
[coverallsapp/github-action](https://github.com/coverallsapp/github-action) 
from 2.3.5 to 2.3.6.

Release notes
Sourced from coverallsapp/github-action's
 releases.

v2.3.6
What's Changed

Explicitly set auto-detect as default for platform by @fredden;
 in coverallsapp/github-action#240;

Full Changelog: https://github.com/coverallsapp/github-action/compare/v2...v2.3.6;



Commits

648a8eb;
 Explicitly set auto-detect as default for platform (#240;)
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverallsapp/github-action&package-manager=github_actions&previous-version=2.3.5&new-version=2.3.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5564

-- Commit Summary --

  * Bump coverallsapp/github-action from 2.3.5 to 2.3.6

-- File Changes --

M .github/workflows/tests.yml (4)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5564.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5564.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5564
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump osm-community-index from 5.9.0 to 5.9.1 (PR #5502)


2025-01-15

Thread
dependabot[bot] via rails-dev

Bumps [osm-community-index](https://github.com/osmlab/osm-community-index) from 
5.9.0 to 5.9.1.

Release notes
Sourced from osm-community-index's
 releases.

v5.9.1
https://github.com/osmlab/osm-community-index/blob/main/CHANGELOG.md#591;



Changelog
Sourced from osm-community-index's
 changelog.

5.9.1
2025-Jan-15

Added:

YouthMappers UFRJ and IVIDES (#765;)
DE Mainz Signal Group (#767;)
OSM Iraq Twitter (#768;)


Updated:

Swedish community resources (#775;)


Removed:

OSM Belgium Twitter (#776;)



#765:
 osmlab/osm-community-index#765;
#767:
 osmlab/osm-community-index#767;
#768:
 osmlab/osm-community-index#768;
#775:
 osmlab/osm-community-index#775;
#776:
 osmlab/osm-community-index#776;



Commits

f806c5b;
 v5.9.1
5b241f4;
 npm run txpull
dfcff7d;
 Cleanup Mapeadores IVIDES and YouthMappers UFRJ, add 
rio_de_janiero.geojson
e271ba3;
 Create mapeadoresYouthMappersUFRJ_youtube.json
7b90640;
 Create mapeadoresYouthMappersUFRJ_instagram.json
606cea2;
 Create mapeadoresYouthMappersUFRJ_facebook.json
c2bd248;
 Create mapeadoresivides_instagram.json
81ae16f;
 Create mapeadoresivides_youtube.json
308d35d;
 Create mapeadoresivides_facebook.json
973bb2a;
 osm.be has decided to discontinue this channel
Additional commits viewable in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=osm-community-index&package-manager=npm_and_yarn&previous-version=5.9.0&new-version=5.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebas



[openstreetmap/openstreetmap-website] Bump qs from 6.13.1 to 6.14.0 (PR #5501)


2025-01-14

Thread
dependabot[bot] via rails-dev

Bumps [qs](https://github.com/ljharb/qs) from 6.13.1 to 6.14.0.

Changelog
Sourced from qs's
 changelog.

6.14.0

[New] parse: add 
throwOnParameterLimitExceeded option (#517;)
[Refactor] parse: use 
utils.combine more
[patch] parse: add explicit 
throwOnLimitExceeded default
[actions] use shared action; re-add finishers
[meta] Fix changelog formatting bug
[Deps] update side-channel
[Dev Deps] update es-value-fixtures, 
has-bigints, has-proto, 
has-symbols
[Tests] increase coverage




Commits

32dcc63;
 v6.14.0
4ec582b;
 [Dev Deps] update es-value-fixtures, 
has-bigints
a240c52;
 [Tests] increase coverage
25956a7;
 [Refactor] parse: use 
utils.combine more
b189ed4;
 [patch] parse: add explicit 
throwOnLimitExceeded default
1d590de;
 [actions] simplify finisher
6cd60a5;
 [actions] use shared action
89edfd2;
 [Deps] update side-channel
e26e7a8;
 [Dev Deps] update has-proto, 
has-symbols
51fdc98;
 [actions] re-add finishers
Additional commits viewable in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=qs&package-manager=npm_and_yarn&previous-version=6.13.1&new-version=6.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5501

-- Commit Summary --

  * Bump qs from 6.13.1 to 6.14.0

-- File Changes --





[openstreetmap/openstreetmap-website] Bump eslint from 9.20.0 to 9.20.1 (PR #5657)


2025-02-11

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.20.0 to 9.20.1.

Release notes
Sourced from eslint's 
releases.

v9.20.1
Bug Fixes

274f054;
 fix: fix RuleContext type (#19417;)
 (Francesco Trotta)

Documentation

fe3ccb2;
 docs: allow typing in search box while dropdown is open (#19424;)
 (Amaresh  S M)
93c78a5;
 docs: Add instructions for pnpm compat (#19422;)
 (Nicholas C. Zakas)
b476a93;
 docs: Fix Keyboard Navigation for Search Results (#19416;)
 (Amaresh  S M)
ccb60c0;
 docs: Update README (GitHub Actions Bot)




Changelog
Sourced from eslint's
 changelog.

v9.20.1 - February 11, 2025

fe3ccb2;
 docs: allow typing in search box while dropdown is open (#19424;)
 (Amaresh  S M)
274f054;
 fix: fix RuleContext type (#19417;)
 (Francesco Trotta)
93c78a5;
 docs: Add instructions for pnpm compat (#19422;)
 (Nicholas C. Zakas)
b476a93;
 docs: Fix Keyboard Navigation for Search Results (#19416;)
 (Amaresh  S M)
ccb60c0;
 docs: Update README (GitHub Actions Bot)




Commits

07b2ffd;
 9.20.1
01ff142;
 Build: changelog update for 9.20.1
fe3ccb2;
 docs: allow typing in search box while dropdown is open (#19424;)
274f054;
 fix: fix RuleContext type (#19417;)
93c78a5;
 docs: Add instructions for pnpm compat (#19422;)
b476a93;
 docs: Fix Keyboard Navigation for Search Results (#19416;)
ccb60c0;
 docs: Update README
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=eslint&package-manager=npm_and_yarn&previous-version=9.20.0&new-version=9.20.1)](https://docs.github.com/en/github/managing-security-vulner



[openstreetmap/openstreetmap-website] Bump eslint from 9.22.0 to 9.23.0 (PR #5836)


2025-03-21

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.22.0 to 9.23.0.

Release notes
Sourced from eslint's 
releases.

v9.23.0
Features

557a0d2;
 feat: support TypeScript syntax in no-useless-constructor (#19535;)
 (Josh Goldberg ✨)
8320241;
 feat: support TypeScript syntax in default-param-last 
(#19431;)
 (Josh Goldberg ✨)
833c4a3;
 feat: defineConfig() supports "flat/" config prefix (#19533;)
 (Nicholas C. Zakas)
4a0df16;
 feat: circular autofix/conflicting rules detection (#19514;)
 (Milos Djermanovic)
be56a68;
 feat: support TypeScript syntax in 
class-methods-use-this (#19498;)
 (Josh Goldberg ✨)

Bug Fixes

0e20aa7;
 fix: move deprecated RuleContext methods to subtype 
(#19531;)
 (Francesco Trotta)
cc3bd00;
 fix: reporting variable used in catch block in 
no-useless-assignment (#19423;)
 (Tanuj Kanti)
d46ff83;
 fix: no-dupe-keys false positive with proto setter 
(#19508;)
 (Milos Djermanovic)
e732773;
 fix: navigation of search results on pressing Enter (#19502;)
 (Tanuj Kanti)
f4e9c5f;
 fix: allow RuleTester to test files inside 
node_modules/ (#19499;)
 (fisker Cheung)

Documentation

5405939;
 docs: show red underlines in TypeScript examples in rules docs (#19547;)
 (Milos Djermanovic)
48b53d6;
 docs: replace var with const in examples (#19539;)
 (Nitin Kumar)
c39d7db;
 docs: Update README (GitHub Actions Bot)
a4f8760;
 docs: revert accidental changes (#19542;)
 (Francesco Trotta)
280128f;
 docs: add copy button (#19512;)
 (xbinaryx)
cd83eaa;
 docs: replace var with const 
in examples (#19530;)
 (Nitin Kumar)
7ff0cde;
 docs: Update README (GitHub Actions Bot)
[openstreetmap/openstreetmap-website] Bump @types/leaflet from 1.9.16 to 1.9.17 (PR #5843)


2025-03-24

Thread
dependabot[bot] via rails-dev

Bumps 
[@types/leaflet](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/leaflet)
 from 1.9.16 to 1.9.17.

Commits

See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/leaflet&package-manager=npm_and_yarn&previous-version=1.9.16&new-version=1.9.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5843

-- Commit Summary --

  * Bump @types/leaflet from 1.9.16 to 1.9.17

-- File Changes --

M yarn.lock (6)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5843.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5843.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5843
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump eslint from 9.23.0 to 9.24.0 (PR #5890)


2025-04-04

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.23.0 to 9.24.0.

Release notes
Sourced from eslint's 
releases.

v9.24.0
Features

556c25b;
 feat: support loading TS config files using 
--experimental-strip-types (#19401;)
 (Arya Emami)
72650ac;
 feat: support TS syntax in init-declarations (#19540;)
 (Nitin Kumar)
03fb0bc;
 feat: normalize patterns to handle "./" prefix in files and 
ignores (#19568;)
 (Pixel998)
071dcd3;
 feat: support TS syntax in no-dupe-class-members 
(#19558;)
 (Nitin Kumar)
cd72bcc;
 feat: Introduce a way to suppress violations (#19159;)
 (Iacovos Constantinou)
2a81578;
 feat: support TS syntax in no-loss-of-precision 
(#19560;)
 (Nitin Kumar)
30ae4ed;
 feat: add new options to class-methods-use-this (#19527;)
 (sethamus)
b79ade6;
 feat: support TypeScript syntax in 
no-array-constructor (#19493;)
 (Tanuj Kanti)

Bug Fixes

b23d1c5;
 fix: deduplicate variable names in no-loop-func error messages (#19595;)
 (Nitin Kumar)
fb8cdb8;
 fix: use any[] type for 
context.options (#19584;)
 (Francesco Trotta)

Documentation

f857820;
 docs: update documentation for 
--experimental-strip-types (#19594;)
 (Nikolas Schröter)
803e4af;
 docs: simplify gitignore path handling in includeIgnoreFile section (#19596;)
 (Thomas Broyer)
6d979cc;
 docs: Update README (GitHub Actions Bot)
82177e4;
 docs: Update README (GitHub Actions Bot)
e849dc0;
 docs: replace existing var with const (#19578;)
 (Sweta Tanwar)
0c65c62;
 docs: don't pass filename when linting rule examples (#19571;)
 (Milos Djermanovic)
6be36c9;
 docs: Update custom-rules.md code example of fixer (#19555;)
 (Yifan Pan)

Build Related





[openstreetmap/openstreetmap-website] Bump leaflet.locatecontrol from 0.83.1 to 0.84.1 (PR #5874)


2025-04-01

Thread
dependabot[bot] via rails-dev

Bumps 
[leaflet.locatecontrol](https://github.com/domoritz/leaflet-locatecontrol) from 
0.83.1 to 0.84.1.

Commits

e62b7dd;
 Release v0.84.1
0cfdde5;
 chore: rebuild
548583e;
 Release v0.84.0
5992d5a;
 chore: update deps
9b11542;
 Set style as attributes instead of properties (#364;)
0992a3c;
 chore: also commit lock file when bumping
e3d97bb;
 chore: update lockfile
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=leaflet.locatecontrol&package-manager=npm_and_yarn&previous-version=0.83.1&new-version=0.84.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5874

-- Commit Summary --

  * Bump leaflet.locatecontrol from 0.83.1 to 0.84.1

-- File Changes --

M package.json (2)
M yarn.lock (8)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5874.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5874.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5874
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump nokogiri from 1.18.7 to 1.18.8 (PR #5945)


2025-04-21

Thread
dependabot[bot] via rails-dev

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.18.7 to 
1.18.8.

Release notes
Sourced from nokogiri's
 releases.

v1.18.8 / 2025-04-21
Security

[CRuby] Vendored libxml2 is updated to v2.13.8;
 to address CVE-2025-32414 and CVE-2025-32415. See GHSA-5w6v-399v-w3cc;
 for more information.


36badd2eb281fca6214a5188e24a34399b15d89730639a068d12931e2adc210e
  nokogiri-1.18.8-aarch64-linux-gnu.gem
664e0f9a77a7122a66d6c03abba7641ca610769a4728db55ee1706a0838b78a2  
nokogiri-1.18.8-aarch64-linux-musl.gem
483b5b9fb33653f6f05cbe00d09ea315f268f0e707cfc809aa39b62993008212  
nokogiri-1.18.8-arm64-darwin.gem
17de01ca3adf9f8e187883ed73c672344d3dbb3c260f88ffa1008e8dc255a28e  
nokogiri-1.18.8-arm-linux-gnu.gem
6e6d7e71fc39572bd613a82d528cf54392c3de1ba5ce974f05c832b8187a040b  
nokogiri-1.18.8-arm-linux-musl.gem
8c7464875d9ca7f71080c24c0db7bcaa3940e8be3c6fc4bcebccf8b9a0016365  
nokogiri-1.18.8.gem
41002596960ff854198a20aaeb34cff0d445406d5ad85ba7ca9c3fd0c8f03de0  
nokogiri-1.18.8-java.gem
11ab0f76772c5f2d718fb253fca5b74c6ef7628b72bbf8deba6ab1ffc93344cf  
nokogiri-1.18.8-x64-mingw-ucrt.gem
024cdfe7d9ae3466bba6c06f348fb2a8395d9426b66a3c82f1961b907945cc0c  
nokogiri-1.18.8-x86_64-darwin.gem
4a747875db873d18a2985ee2c320a6070c4a414ad629da625fbc58d1a20e5ecc  
nokogiri-1.18.8-x86_64-linux-gnu.gem
ddd735fba49475a395b9ea793bb6474e3a3125b89960339604d08a5397de1165  
nokogiri-1.18.8-x86_64-linux-musl.gem




Changelog
Sourced from nokogiri's
 changelog.

v1.18.8 / 2025-04-21
Security

[CRuby] Vendored libxml2 is updated to v2.13.8;
 to address CVE-2025-32414 and CVE-2025-32415. See GHSA-5w6v-399v-w3cc;
 for more information.




Commits

9187f4a;
 version bump to v1.18.8
1deea04;
 dep: libxml2 to v2.13.8 (branch v1.18.x) (#3509;)
6457fe6;
 dep: libxml2 to v2.13.8
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nokogiri&package-manager=bundler&previous-version=1.18.7&new-version=1.18.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this depen



[openstreetmap/openstreetmap-website] Bump eslint from 9.24.0 to 9.25.0 (PR #5939)


2025-04-18

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.24.0 to 9.25.0.

Release notes
Sourced from eslint's 
releases.

v9.25.0
Features

dcd95aa;
 feat: support TypeScript syntax in no-empty-function rule (#19551;)
 (sethamus)
77d6d5b;
 feat: support TS syntax in no-unused-expressions 
(#19564;)
 (Sweta Tanwar)
90228e5;
 feat: support JSRuleDefinition type (#19604;)
 (루밀LuMir)
59ba6b7;
 feat: add allowObjects option to no-restricted-properties (#19607;)
 (sethamus)
db650a0;
 feat: support TypeScript syntax in no-invalid-this 
rule (#19532;)
 (Tanuj Kanti)
9535cff;
 feat: support TS syntax in no-loop-func (#19559;)
 (Nitin Kumar)

Bug Fixes

910bd13;
 fix: nodeTypeKey not being used in 
NodeEventGenerator (#19631;)
 (StyleShit)

Documentation

ca7a735;
 docs: update no-undef-init when not to use section 
(#19624;)
 (Tanuj Kanti)
1b870c9;
 docs: use eslint-config-xo in the getting started 
guide (#19629;)
 (Nitin Kumar)
5d4af16;
 docs: add types for multiple rule options (#19616;)
 (Tanuj Kanti)
e8f8d57;
 docs: Update README (GitHub Actions Bot)
a40348f;
 docs: no-use-before-define tweaks (#19622;)
 (Kirk Waiblinger)
0ba3ae3;
 docs: Update README (GitHub Actions Bot)
865dbfe;
 docs: ensure "learn more" deprecation links point to useful 
resource (#19590;)
 (Kirk Waiblinger)
f80b746;
 docs: add known limitations for no-self-compare (#19612;)
 (Nitin Kumar)
865aed6;
 docs: Update README (GitHub Actions Bot)

Chores

88dc196;
 chore: upgrade @eslint/js@9.25.0
 (#19636;)
 (Milos Djermanovic)
345288d;
 chore: pac



Re: [openstreetmap/openstreetmap-website] Bump nokogiri from 1.18.7 to 1.18.8 (PR #5945)


2025-04-22

Thread
dependabot[bot] via rails-dev

dependabot[bot] left a comment (openstreetmap/openstreetmap-website#5945)

Looks like nokogiri is up-to-date now, so this is no longer needed.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5945#issuecomment-2821973862
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





Re: [openstreetmap/openstreetmap-website] Bump nokogiri from 1.18.7 to 1.18.8 (PR #5945)


2025-04-22

Thread
dependabot[bot] via rails-dev

Closed #5945.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5945#event-17357503982
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump leaflet.locatecontrol from 0.84.1 to 0.84.2 (PR #5949)


2025-04-24

Thread
dependabot[bot] via rails-dev

Bumps 
[leaflet.locatecontrol](https://github.com/domoritz/leaflet-locatecontrol) from 
0.84.1 to 0.84.2.

Commits

f87fe2b;
 Release v0.84.2
70b2da1;
 Fix compass rotation center (#368;)
e97716d;
 Fix code-link for options (#365;)
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=leaflet.locatecontrol&package-manager=npm_and_yarn&previous-version=0.84.1&new-version=0.84.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5949

-- Commit Summary --

  * Bump leaflet.locatecontrol from 0.84.1 to 0.84.2

-- File Changes --

M yarn.lock (6)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5949.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5949.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5949
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump osm-community-index from 5.9.1 to 5.9.2 (PR #5948)


2025-04-24

Thread
dependabot[bot] via rails-dev

Bumps [osm-community-index](https://github.com/osmlab/osm-community-index) from 
5.9.1 to 5.9.2.

Release notes
Sourced from osm-community-index's
 releases.

v5.9.2
https://github.com/osmlab/osm-community-index/blob/main/CHANGELOG.md#592;



Changelog
Sourced from osm-community-index's
 changelog.

5.9.2
2025-Apr-24

Bump required Node to 22
Added:

Minas Gerais, Brazil Discord (#803;)
Punjab region resources (#784;)
YouthMappers UFRJ and IVIDES Bluesky, LinkedIn (#781;,
 #790;,
 #791;,
 #792;)


Updated:

Rename Twitter to "X" instead of 
"𝕏" due to accessibility concerns (#804;)
Fix Latvia Zulip Chat URL (#795;)
Hungary resources and sort orders (#794;)
MapRVA links (#782;)
IVIDES Youtube channel ID (#779;)


Removed:

United Kingdom Loomio Chat (#801;)
Mainz Telegram Chat (#798;)
YouthMappers UFRJ and IVIDES Instagram, Facebook (#785;,
 #786;,
 #787;,
 #788;)



#779:
 osmlab/osm-community-index#779;
#781:
 osmlab/osm-community-index#781;
#782:
 osmlab/osm-community-index#782;
#784:
 osmlab/osm-community-index#784;
#785:
 osmlab/osm-community-index#785;
#786:
 osmlab/osm-community-index#786;
#787:
 osmlab/osm-community-index#787;
#788:
 osmlab/osm-community-index#788;
#790:
 osmlab/osm-community-index#790;
#791:
 osmlab/osm-community-index#791;
#792:
 [openstreetmap/openstreetmap-website] Bump eslint from 9.25.1 to 9.26.0 (PR #5975)


2025-05-02

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.25.1 to 9.26.0.

Release notes
Sourced from eslint's 
releases.

v9.26.0
Features

e9754e7;
 feat: add reportGlobalThis to no-shadow-restricted-names (#19670;)
 (sethamus)
0fa2b7a;
 feat: add suggestions for eqeqeq rule (#19640;)
 (Nitin Kumar)
dcbdcc9;
 feat: Add MCP server (#19592;)
 (Nicholas C. Zakas)
2dfd83e;
 feat: add ignoreDirectives option in 
no-unused-expressions (#19645;)
 (sethamus)

Bug Fixes

96e84de;
 fix: check cache file existence before deletion (#19648;)
 (sethamus)
d683aeb;
 fix: don't crash on tests with circular references in 
RuleTester (#19664;)
 (Milos Djermanovic)
9736d5d;
 fix: add namespace to 
Plugin.meta type (#19661;)
 (Milos Djermanovic)
17bae69;
 fix: update RuleTester.run() type (#19634;)
 (Nitin Kumar)

Documentation

dd98d63;
 docs: Update README (GitHub Actions Bot)
c25e858;
 docs: Update README (GitHub Actions Bot)
b2397e9;
 docs: Update README (GitHub Actions Bot)
addd0a6;
 docs: fix formatting of unordered lists in Markdown (#19660;)
 (Milos Djermanovic)
a21b38d;
 docs: Update README (GitHub Actions Bot)
c0721a7;
 docs: fix double space in command (#19657;)
 (CamWass)

Chores

5b247c8;
 chore: upgrade to @eslint/js@9.26.0 (#19681;)
 (Francesco Trotta)
d6fa4ac;
 chore: package.json update for @eslint/js release 
(Jenkins)
0958690;
 chore: disambiguate internal types LanguageOptions 
and Rule (#19669;)
 (Francesco Trotta)
f1c858e;
 chore: fix internal type references to Plugin and 
Rule (#19665;)
 (Francesco Trotta)
[openstreetmap/openstreetmap-website] Bump eslint from 9.25.0 to 9.25.1 (PR #5944)


2025-04-21

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.25.0 to 9.25.1.

Release notes
Sourced from eslint's 
releases.

v9.25.1
Bug Fixes

cdc8e8c;
 fix: revert directive detection in no-unused-expressions (#19639;)
 (sethamus)

Chores

1f2b057;
 chore: upgrade @eslint/js@9.25.1
 (#19642;)
 (Milos Djermanovic)
771317f;
 chore: package.json update for @eslint/js release 
(Jenkins)




Changelog
Sourced from eslint's
 changelog.

v9.25.1 - April 21, 2025

1f2b057;
 chore: upgrade @eslint/js@9.25.1
 (#19642;)
 (Milos Djermanovic)
771317f;
 chore: package.json update for @eslint/js release 
(Jenkins)
cdc8e8c;
 fix: revert directive detection in no-unused-expressions (#19639;)
 (sethamus)




Commits

3ed4b36;
 9.25.1
7a19ccd;
 Build: changelog update for 9.25.1
1f2b057;
 chore: upgrade @eslint/js@9.25.1
 (#19642;)
771317f;
 chore: package.json update for @eslint/js 
release
cdc8e8c;
 fix: revert directive detection in no-unused-expressions (#19639;)
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=eslint&package-manager=npm_and_yarn&previous-version=9.25.0&new-version=9.25.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
o



[openstreetmap/openstreetmap-website] Bump @stylistic/eslint-plugin-js from 3.1.0 to 4.0.0 (PR #5704)


2025-02-18

Thread
dependabot[bot] via rails-dev

Bumps 
[@stylistic/eslint-plugin-js](https://github.com/eslint-stylistic/eslint-stylistic/tree/HEAD/packages/eslint-plugin-js)
 from 3.1.0 to 4.0.0.

Release notes
Sourced from @stylistic/eslint-plugin-js's
 releases.

v4.0.0
4.0.0;
 (2025-02-18)
⚠ BREAKING CHANGES

migrate to ESM-only, requires ESLint v9+ (#670;)

Features

semi-spacing: support handling 
typescript (#687;)
 (8b76c93;)
space-infix-ops: allow to ignore types 
in ts variant (#684;)
 (c83ce20;)

Chores

release-please-mark (b894a75;)

v4.0.0-beta.1
4.0.0-beta.1;
 (2025-02-10)
⚠ BREAKING CHANGES

migrate to ESM-only, requires ESLint v9+ (#670;)

Features

migrate to ESM-only, requires ESLint v9+ (#670;)
 (3145d50;)

Chores

release-please-mark (100a4fd;)




Changelog
Sourced from @stylistic/eslint-plugin-js's
 changelog.

4.0.0;
 (2025-02-18)
Features

semi-spacing: support handling 
typescript (#687;)
 (8b76c93;)
space-infix-ops: allow to ignore types 
in ts variant (#684;)
 (c83ce20;)

Chores

release-please-mark (b894a75;)

4.0.0-beta.1;
 (2025-02-10)
⚠ BREAKING CHANGES

migrate to ESM-only, requires ESLint v9+ (#670;)

Features

migrate to ESM-only, requires ESLint v9+ (#670;)
 (3145d50;)

Chores

release-please-mark (100a4fd;)




Commits

522e55f;
 chore: release v4.0.0 (main) (#688;)
c83ce20;
 feat(space-infix-ops): allow to ignore types in ts variant ([openstreetmap/openstreetmap-website] Bump @stylistic/eslint-plugin-js from 3.1.0 to 4.0.1 (PR #5708)


2025-02-19

Thread
dependabot[bot] via rails-dev

Bumps 
[@stylistic/eslint-plugin-js](https://github.com/eslint-stylistic/eslint-stylistic/tree/HEAD/packages/eslint-plugin-js)
 from 3.1.0 to 4.0.1.

Release notes
Sourced from @stylistic/eslint-plugin-js's
 releases.

v4.0.1
4.0.1;
 (2025-02-19)
Bug Fixes

indent-binary-ops: handle 
{ for left token check (#693;)
 (7f2740e;)

Chores

merge block-spacing (#690;)
 (b239b71;)

v4.0.0
4.0.0;
 (2025-02-18)
⚠ BREAKING CHANGES

migrate to ESM-only, requires ESLint v9+ (#670;)

Features

semi-spacing: support handling 
typescript (#687;)
 (8b76c93;)
space-infix-ops: allow to ignore types 
in ts variant (#684;)
 (c83ce20;)

Chores

release-please-mark (b894a75;)

v4.0.0-beta.1
4.0.0-beta.1;
 (2025-02-10)
⚠ BREAKING CHANGES

migrate to ESM-only, requires ESLint v9+ (#670;)

Features

migrate to ESM-only, requires ESLint v9+ (#670;)
 (3145d50;)

Chores

release-please-mark (100a4fd;)




Changelog
Sourced from @stylistic/eslint-plugin-js's
 changelog.

4.0.1;
 (2025-02-19)
Bug Fixes

indent-binary-ops: handle 
{ for left token check (#693;)
 (7f2740e;)

Chores

merge block-spacing (#690;)
 (b239b71;)

4.0.0;
 (2025-02-18)
Features

semi-spacing: support handling 
typescript (#687;)
 (8b76c93;)
space-infix-ops: allow to ignore types 
in ts variant (#684;)
 (c83ce20;)

Chores

release-please-mark (Re: [openstreetmap/openstreetmap-website] Bump @stylistic/eslint-plugin-js from 3.1.0 to 4.0.0 (PR #5704)


2025-02-19

Thread
dependabot[bot] via rails-dev

dependabot[bot] left a comment (openstreetmap/openstreetmap-website#5704)

Superseded by #5708.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5704#issuecomment-2668475566
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





Re: [openstreetmap/openstreetmap-website] Bump @stylistic/eslint-plugin-js from 3.1.0 to 4.0.0 (PR #5704)


2025-02-19

Thread
dependabot[bot] via rails-dev

Closed #5704.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5704#event-16364604166
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump nokogiri from 1.18.2 to 1.18.3 (PR #5709)


2025-02-19

Thread
dependabot[bot] via rails-dev

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.18.2 to 
1.18.3.

Release notes
Sourced from nokogiri's
 releases.

v1.18.3 / 2025-02-18
Security

[CRuby] Vendored libxml2 is updated to v2.13.6;
 to address CVE-2025-24928 and CVE-2024-56171. See GHSA-vvfq-8hwr-qm4m;
 for more information.


cab20305133078a8f6b60cf96311b48319175038cc7772e5ec586ff624cb7838
  nokogiri-1.18.3-aarch64-linux-gnu.gem
acb256bb3213a180b1ed84a49c06d5d4c6c1da26f33bc9681f1fece4dab09a79  
nokogiri-1.18.3-aarch64-linux-musl.gem
ce088965cd424b8e752d82087dcf017069d55791f157098ed1f671d966857610  
nokogiri-1.18.3-arm64-darwin.gem
37b73a55e0d1e8a058a24abb16868903e81cb4773049739c532b864f87236b1b  
nokogiri-1.18.3-arm-linux-gnu.gem
09407970cd13736cf87e975fae69c13e1178bab0313d07b35580ee4dd3650793  
nokogiri-1.18.3-arm-linux-musl.gem
6b9fc3b14fd0cedd21f6cad8cf565123ba7401e56b5d0aec180c23cdca28fd5a  
nokogiri-1.18.3.gem
236078c5f80ffc3d49c223fa98933d970543455403f9d672ca0aa5a6178a84fe  
nokogiri-1.18.3-java.gem
216be1cb454c4657fc64747e5ae32b2ab4015843183766f238e4f4a62fb1f6be  
nokogiri-1.18.3-x64-mingw-ucrt.gem
d729406bb5a7b1bbe7ed3c0922336dd2c46085ed444d6de2a0a4c33950a4edea  
nokogiri-1.18.3-x86_64-darwin.gem
3c7ad5cee39855ed9c746065f39b584b9fd2aaff61df02d0f85ba8d671bbe497  
nokogiri-1.18.3-x86_64-linux-gnu.gem
8aaecc22c0e5f12dac613e15f9a04059c3ec859d6f98f493cc831bd88fe8e731  
nokogiri-1.18.3-x86_64-linux-musl.gem





Changelog
Sourced from nokogiri's
 changelog.

v1.18.3 / 2025-02-18
Security

[CRuby] Vendored libxml2 is updated v2.13.6;
 to address CVE-2025-24928 and CVE-2024-56171. Nokogiri's maintainers 
believe these vulnerabilities do not affect users of Nokogiri, but we advise 
upgrading at your earliest convenience anyway.




Commits

fd3ca2e;
 version bump to v1.18.3
a8c526a;
 dep: update libxml2 to v2.13.6 (#3437;)
0847cf8;
 ci: tired of waiting for gnome mirrors
11945c8;
 dep: update libxml2 to v2.13.6
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nokogiri&package-manager=bundler&previous-version=1.18.2&new-version=1.18.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot igno



Re: [openstreetmap/openstreetmap-website] Bump @stylistic/eslint-plugin-js from 3.1.0 to 4.0.1 (PR #5708)


2025-02-19

Thread
dependabot[bot] via rails-dev

dependabot[bot] left a comment (openstreetmap/openstreetmap-website#5708)

OK, I won't notify you again about this release, but will get in touch when a 
new version is available. If you'd rather skip all updates until the next major 
or minor version, let me know by commenting `@dependabot ignore this major 
version` or `@dependabot ignore this minor version`. You can also ignore all 
major, minor, or patch releases for a dependency by adding an [`ignore` 
condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore)
 with the desired `update_types` to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on 
it.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5708#issuecomment-2669389624
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump @stylistic/eslint-plugin-js from 4.1.0 to 4.2.0 (PR #5746)


2025-03-03

Thread
dependabot[bot] via rails-dev

Bumps 
[@stylistic/eslint-plugin-js](https://github.com/eslint-stylistic/eslint-stylistic/tree/HEAD/packages/eslint-plugin-js)
 from 4.1.0 to 4.2.0.

Release notes
Sourced from @stylistic/eslint-plugin-js's
 releases.

v4.2.0
4.2.0;
 (2025-03-03)
Features

config: update 
yield-star-spacing and 
generator-star-spacing config to align with Prettier 
(86d17c8;)

Documentation

remove legacy config option, close #703;
 (de8369e;)




Changelog
Sourced from @stylistic/eslint-plugin-js's
 changelog.

4.2.0;
 (2025-03-03)
Features

config: update 
yield-star-spacing and 
generator-star-spacing config to align with Prettier 
(86d17c8;)

Documentation

remove legacy config option, close #703;
 (de8369e;)




Commits

c430ddf;
 chore: release v4.2.0 (main) (#706;)
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@stylistic/eslint-plugin-js&package-manager=npm_and_yarn&previous-version=4.1.0&new-version=4.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5746

-- Commit Summary --

  * Bump @stylistic/eslint-plugin-js from 4.1.0 to 4.2.0

-- File Changes --

M yarn.lock (6)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5746.patch
https://github.com/openstreetmap/openstreetmap-website/pu



[openstreetmap/openstreetmap-website] Bump eslint from 9.21.0 to 9.22.0 (PR #5773)


2025-03-07

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.21.0 to 9.22.0.

Release notes
Sourced from eslint's 
releases.

v9.22.0
Features

7ddb095;
 feat: Export defineConfig, globalIgnores (#19487;)
 (Nicholas C. Zakas)

Bug Fixes

19c0127;
 fix: improve message for no-console suggestions 
(#19483;)
 (Francesco Trotta)
49e624f;
 fix: improve error message for falsy parsed JS AST (#19458;)
 (Josh Goldberg ✨)

Documentation

86c5f37;
 docs: Update README (GitHub Actions Bot)
fbdeff0;
 docs: Update README (GitHub Actions Bot)
c9e8510;
 docs: generate deprecation notice in TSDoc comments from rule metadata (#19461;)
 (Francesco Trotta)
2f386ad;
 docs: replace var with const 
in rule examples (#19469;)
 (Tanuj Kanti)
0e688e3;
 docs: Update README (GitHub Actions Bot)
06b596d;
 docs: Restore the carrot to the position where the search input was lost 
(#19459;)
 (Amaresh  S M)

Chores

97f788b;
 chore: upgrade @eslint/js@9.22.0
 (#19489;)
 (Milos Djermanovic)
eed409a;
 chore: package.json update for @eslint/js release 
(Jenkins)
f9a56d3;
 chore: upgrade eslint-scope@8.3.0 (#19488;)
 (Milos Djermanovic)




Changelog
Sourced from eslint's
 changelog.

v9.22.0 - March 7, 2025

97f788b;
 chore: upgrade @eslint/js@9.22.0
 (#19489;)
 (Milos Djermanovic)
eed409a;
 chore: package.json update for @eslint/js release 
(Jenkins)
f9a56d3;
 chore: upgrade eslint-scope@8.3.0 (#19488;)
 (Milos Djermanovic)
7ddb095;
 feat: Export defineConfig, globalIgnores (#19487;)
 (Nicholas C. Zakas)
86c5f37;
 docs: Update README (GitHub Actions Bot)
19c0127;
 fix: imp



[openstreetmap/openstreetmap-website] Bump rack from 2.2.12 to 2.2.13 (PR #5788)


2025-03-10

Thread
dependabot[bot] via rails-dev

Bumps [rack](https://github.com/rack/rack) from 2.2.12 to 2.2.13.

Changelog
Sourced from rack's
 changelog.

[2.2.13] - 2025-03-11
Security

CVE-2025-27610;
 Local file inclusion in Rack::Static.




Commits

df6c473;
 Bump patch verison.
cceb70c;
 Update changelog.
873d39e;
 Use a fully resolved file path when confirming if a file can be served by 
`Ra...
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack&package-manager=bundler&previous-version=2.2.12&new-version=2.2.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)
You can disable automated security fix PRs for this repo from the [Security 
Alerts 
page](https://github.com/openstreetmap/openstreetmap-website/network/alerts).


You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5788

-- Commit Summary --

  * Bump rack from 2.2.12 to 2.2.13

-- File Changes --

M Gemfile.lock (2)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5788.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5788.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5788
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump json from 2.10.1 to 2.10.2 (PR #5795)


2025-03-12

Thread
dependabot[bot] via rails-dev

Bumps [json](https://github.com/ruby/json) from 2.10.1 to 2.10.2.

Release notes
Sourced from json's 
releases.

v2.10.2
What's Changed

Fix a potential crash in the C extension parser.
Raise a ParserError on all incomplete unicode escape sequence. This 
was the behavior until 2.10.0 unadvertently changed 
it.
Ensure document snippets that are included in parser errors don't 
include truncated multibyte characters.
Ensure parser error snippets are valid UTF-8.
Fix JSON::GeneratorError#detailed_message on 
Ruby < 3.2

Full Changelog: https://github.com/ruby/json/compare/v2.10.1...v2.10.2;



Changelog
Sourced from json's
 changelog.

2025-03-12 (2.10.2)

Fix a potential crash in the C extension parser.
Raise a ParserError on all incomplete unicode escape sequence. This 
was the behavior until 2.10.0 unadvertently changed 
it.
Ensure document snippets that are included in parser errors don't 
include truncated multibyte characters.
Ensure parser error snippets are valid UTF-8.
Fix JSON::GeneratorError#detailed_message on 
Ruby < 3.2




Commits

350c1fd;
 Release 2.10.2
c56db31;
 Merge commit from fork
cf242d8;
 Fix potential out of bound read in 
json_string_unescape.
57911f1;
 Merge pull request #762;
 from byroot/invalid-escape
7d0637b;
 Raise a ParserError on all incomplete unicode escape sequence.
c079793;
 Avoid fast-path IO writes when IO has ext enc
ac30b69;
 Merge pull request #757;
 from rahim/fix-generator-error-no-method-error
2e015ff;
 Fix JSON::GeneratorError#detailed_message with Ruby < 3.2
f3e1136;
 Merge pull request #756;
 from byroot/utf8-snippets
e144793;
 Ensure parser error snippets are valid UTF-8
Additional commits viewable in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json&package-manager=bundler&previous-version=2.10.1&new-version=2.10.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same resu



[openstreetmap/openstreetmap-website] Bump rack from 2.2.10 to 2.2.11 (PR #5665)


2025-02-12

Thread
dependabot[bot] via rails-dev

Bumps [rack](https://github.com/rack/rack) from 2.2.10 to 2.2.11.

Changelog
Sourced from rack's
 changelog.

Changelog
All notable changes to this project will be documented in this file. 
For info on how to format all future additions to this file please reference 
Keep A 
Changelog.
Unreleased
Added

Introduce Rack::VERSION constant. (#2199;,
 [@ioquatix;])
ISO-2022-JP encoded parts within MIME Multipart sections of an HTTP 
request body will now be converted to UTF-8. (#2245;,
 [@nappa;])

Changed

Invalid cookie keys will now raise an error. (#2193;,
 [@ioquatix;])
Rack::MediaType#params now handles empty 
strings. (#2229;,
 [@jeremyevans;])

Deprecated

Rack::Auth::AbstractRequest#request is 
deprecated without replacement. (#2229;,
 [@jeremyevans;])
Rack::Request#parse_multipart (private 
method designed to be overridden in subclasses) is deprecated without 
replacement. (#2229;,
 [@jeremyevans;])

Removed

Rack::Request#values_at is removed. (#2200;,
 [@ioquatix;])
Rack::Logger is removed with no replacement. 
(#2196;,
 [@ioquatix;])
Automatic cache invalidation in 
Rack::Request#{GET,POST} has been removed. (#2230;,
 [@jeremyevans;])

Fixed

Rack::RewindableInput::Middleware no longer 
wraps a nil input. (#2259;,
 @tt;)

[3.1.9] - 2025-01-31
Fixed

Rack::MediaType#params now handles 
parameters without values. (#2263;,
 @AllyMarthaJ;)

[3.1.8] - 2024-10-14
Fixed

Resolve deprecation warnings about uri 
DEFAULT_PARSER. (#2249;,
 [@earlopain;])

[3.1.7] - 2024-07-11
Fixed

Do not remove escaped opening/closing quotes for content-disposition 
filenames. (#2229;,
 [@jeremyevans;])
Fix encoding setting for non-binary IO-like objects in 
MockRequest#env_for. (#2227;,
 [@jeremyevans;])
Rack::Response should not generate invalid 
content-length header. (#2219;,
 [@ioquatix;])



... (truncated)


Commits

aa5a0f5;
 Bump patch version.
f8b41c1;
 Escape non-printable characters when logging.
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack&package-manager=bundler&pr



[openstreetmap/openstreetmap-website] Bump eslint from 9.20.1 to 9.21.0 (PR #5718)


2025-02-21

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.20.1 to 9.21.0.

Release notes
Sourced from eslint's 
releases.

v9.21.0
Features

418717f;
 feat: introduce new deprecated types for rules (#19238;)
 (fnx)
5c5b802;
 feat: Add --ext CLI option (#19405;)
 (Milos Djermanovic)

Bug Fixes

db5340d;
 fix: update missing plugin message template (#19445;)
 (Milos Djermanovic)
d8ffdd4;
 fix: do not exit process on rule crash (#19436;)
 (Francesco Trotta)

Documentation

c5561ea;
 docs: Update README (GitHub Actions Bot)
80b0485;
 docs: replace var with let 
and const in rule example (#19434;)
 (Tanuj Kanti)
f67d5e8;
 docs: Update README (GitHub Actions Bot)
75afc61;
 docs: Update README (GitHub Actions Bot)
0636cab;
 docs: Update Eleventy from v2 to v3 (#19415;)
 (Amaresh  S M)
dd7d930;
 docs: Update README (GitHub Actions Bot)

Chores

a8c9a9f;
 chore: update @eslint/eslintrc and 
@eslint/js (#19453;)
 (Francesco Trotta)
265e0cf;
 chore: package.json update for @eslint/js release 
(Jenkins)
3401b85;
 test: add test for Rule.ReportDescriptor type (#19449;)
 (Francesco Trotta)
e497aa7;
 chore: update rewrite dependencies (#19448;)
 (Francesco Trotta)
dab5478;
 chore: better error message for missing plugin in config (#19402;)
 (Tanuj Kanti)
ebfe2eb;
 chore: set js language for bug report issue config block (#19439;)
 (Josh Goldberg ✨)
5fd211d;
 test: processors can return subpaths (#19425;)
 (Milos Djermanovic)




Changelog
Sourced from eslint's
 changelog.

v9.21.0 - February 21, 2025

a8c9a9f;
 chore: update @eslint/eslintrc and 
@esli



[openstreetmap/openstreetmap-website] Bump @stylistic/eslint-plugin-js from 4.0.1 to 4.1.0 (PR #5728)


2025-02-26

Thread
dependabot[bot] via rails-dev

Bumps 
[@stylistic/eslint-plugin-js](https://github.com/eslint-stylistic/eslint-stylistic/tree/HEAD/packages/eslint-plugin-js)
 from 4.0.1 to 4.1.0.

Release notes
Sourced from @stylistic/eslint-plugin-js's
 releases.

v4.1.0
4.1.0;
 (2025-02-26)
Features

add module.exports named export for 
require(esm) compatibility (#700;)
 (668c955;)

Documentation

update merged note (07b08f1;)

Chores

merge lines-around-comment (#691;)
 (f59605b;)
merge space-before-blocks (#698;)
 (6e8554d;)
merge space-infix-ops (#697;)
 (1a1b388;)
remove unnecessary ternary expression (#695;)
 (66a4b18;)




Changelog
Sourced from @stylistic/eslint-plugin-js's
 changelog.

4.1.0;
 (2025-02-26)
Features

add module.exports named export for 
require(esm) compatibility (#700;)
 (668c955;)

Documentation

update merged note (07b08f1;)

Chores

merge lines-around-comment (#691;)
 (f59605b;)
merge space-before-blocks (#698;)
 (6e8554d;)
merge space-infix-ops (#697;)
 (1a1b388;)
remove unnecessary ternary expression (#695;)
 (66a4b18;)




Commits

d3ee9e5;
 chore: release v4.1.0 (main) (#701;)
668c955;
 feat: add module.exports named export for 
require(esm) compatibility (#700;)
See full diff in [openstreetmap/openstreetmap-website] Bump rack from 3.1.13 to 3.1.14 (PR #5995)


2025-05-08

Thread
dependabot[bot] via rails-dev

Bumps [rack](https://github.com/rack/rack) from 3.1.13 to 3.1.14.

Changelog
Sourced from rack's
 changelog.

[3.1.14] - 2025-05-06
Security

CVE-2025-46727;
 Unbounded parameter parsing in Rack::QueryParser can 
lead to memory exhaustion.




Commits

5440b2c;
 Bump patch version.
cd6b70a;
 Merge commit from fork
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack&package-manager=bundler&previous-version=3.1.13&new-version=3.1.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)
You can disable automated security fix PRs for this repo from the [Security 
Alerts 
page](https://github.com/openstreetmap/openstreetmap-website/network/alerts).


You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/5995

-- Commit Summary --

  * Bump rack from 3.1.13 to 3.1.14

-- File Changes --

M Gemfile.lock (2)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/5995.patch
https://github.com/openstreetmap/openstreetmap-website/pull/5995.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5995
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump eslint from 9.26.0 to 9.27.0 (PR #6019)


2025-05-16

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.26.0 to 9.27.0.

Release notes
Sourced from eslint's 
releases.

v9.27.0
Features

d71e37f;
 feat: Allow flags to be set in ESLINT_FLAGS env variable (#19717;)
 (Nicholas C. Zakas)
ba456e0;
 feat: Externalize MCP server (#19699;)
 (Nicholas C. Zakas)
07c1a7e;
 feat: add allowRegexCharacters to 
no-useless-escape (#19705;)
 (sethamus)
7bc6c71;
 feat: add no-unassigned-vars rule (#19618;)
 (Jacob Bandes-Storch)
ee40364;
 feat: convert no-array-constructor suggestions to autofixes (#19621;)
 (sethamus)
32957cd;
 feat: support TS syntax in max-params (#19557;)
 (Nitin Kumar)

Bug Fixes

5687ce7;
 fix: correct mismatched removed rules (#19734;)
 (루밀LuMir)
dc5ed33;
 fix: correct types and tighten type definitions in 
SourceCode class (#19731;)
 (루밀LuMir)
de1b5de;
 fix: correct service property name in 
Linter.ESLintParseResult type (#19713;)
 (Francesco Trotta)
60c3e2c;
 fix: sort keys in eslint-suppressions.json to avoid git churn (#19711;)
 (Ron Waldon-Howe)
9da90ca;
 fix: add allowReserved to 
Linter.ParserOptions type (#19710;)
 (Francesco Trotta)
fbb8be9;
 fix: add info to 
ESLint.DeprecatedRuleUse type (#19701;)
 (Francesco Trotta)

Documentation

25de550;
 docs: Update description of frozen rules to mention TypeScript (#19736;)
 (Nicholas C. Zakas)
bd5def6;
 docs: Clean up configuration files docs (#19735;)
 (Nicholas C. Zakas)
4d0c60d;
 docs: Add Neovim to editor integrations (#19729;)
 (Maria José Solano)
71317eb;
 docs: Update README (GitHub Actions Bot)
4c289e6;
 docs: Update README (GitHub Actions Bot)
[openstreetmap/openstreetmap-website] Bump @types/leaflet from 1.9.17 to 1.9.18 (PR #6029)


2025-05-19

Thread
dependabot[bot] via rails-dev

Bumps 
[@types/leaflet](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/leaflet)
 from 1.9.17 to 1.9.18.

Commits

See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/leaflet&package-manager=npm_and_yarn&previous-version=1.9.17&new-version=1.9.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/6029

-- Commit Summary --

  * Bump @types/leaflet from 1.9.17 to 1.9.18

-- File Changes --

M yarn.lock (6)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/6029.patch
https://github.com/openstreetmap/openstreetmap-website/pull/6029.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/6029
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump @stylistic/eslint-plugin-js from 4.2.0 to 4.4.0 (PR #6055)


2025-05-26

Thread
dependabot[bot] via rails-dev

Bumps 
[@stylistic/eslint-plugin-js](https://github.com/eslint-stylistic/eslint-stylistic/tree/HEAD/packages/eslint-plugin-js)
 from 4.2.0 to 4.4.0.

Release notes
Sourced from @stylistic/eslint-plugin-js's
 releases.

v4.4.0
4.4.0;
 (2025-05-24)
Features

deprecate sub packages and emit warnings (#793;)
 (48503aa;)

v4.3.0
4.3.0;
 (2025-05-24)
Features

configs: add new severity option for all 
rules (#733;)
 (#736;)
 (c553a9c;)
jsx-sort-props: support custom 
reservedFirst and reservedLast (#744;)
 (fb17e96;)

Bug Fixes

eslint-plugin: only export interfaces in 
index (#763;)
 (93a4eb1;)
handle new AST change on TSImportType (8f31461;)
indent: handle 
ChainExpression and 
AwaitExpression when 
offsetTernaryExpressionsOffsetCallExpressions (#751;)
 (a1af663;)
indent: wrong PropertyDefinition value 
offset when ts type have multiple line (#774;)
 (140e18f;)
no-extra-parens: do not break specific 
ReturnStatement (#738;)
 (a375a92;)

Documentation

deprecate jsx-indent (#741;)
 (ca23ce1;)
fix comment example (#759;)
 (c841bb6;)
fix eslint error (#775;)
 (f2866f9;)
fix eslint error tip does not display (#792;)
 (b09756d;)
incorrect error tip should display (#747;)
 (7e06b81;)
typo (#723;)
 (b6ed751;)

Chores

comma-dangle (#716;)
 (Re: [openstreetmap/openstreetmap-website] Bump @stylistic/eslint-plugin-js from 4.2.0 to 4.4.0 (PR #6055)


2025-05-27

Thread
dependabot[bot] via rails-dev

dependabot[bot] left a comment (openstreetmap/openstreetmap-website#6055)

Sorry, only users with push access can use that command.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/6055#issuecomment-2913009386
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump rack from 3.1.15 to 3.1.16 (PR #6088)


2025-06-04

Thread
dependabot[bot] via rails-dev

Bumps [rack](https://github.com/rack/rack) from 3.1.15 to 3.1.16.

Changelog
Sourced from rack's
 changelog.

Changelog
All notable changes to this project will be documented in this file. 
For info on how to format all future additions to this file please reference 
Keep A 
Changelog.
Unreleased
SPEC Changes

Request environment keys must now be strings. #2310;,
 [@jeremyevans;])
Add nil as a valid return from a Response 
body.to_path (#2318;,
 [@MSP-Greg;])

Added

Introduce Rack::VERSION constant. (#2199;,
 [@ioquatix;])
ISO-2022-JP encoded parts within MIME Multipart sections of an HTTP 
request body will now be converted to UTF-8. (#2245;,
 @nappa;)

Changed

Invalid cookie keys will now raise an error. (#2193;,
 [@ioquatix;])
Rack::MediaType#params now handles empty 
strings. (#2229;,
 [@jeremyevans;])
Avoid unnecessary calls to the ip_filter 
lambda to evaluate Request#ip (#2287;,
 [@willbryant;])
Only calculate Request#ip once per request 
(#2292;,
 [@willbryant;])

Deprecated

Rack::Auth::AbstractRequest#request is 
deprecated without replacement. (#2229;,
 [@jeremyevans;])
Rack::Request#parse_multipart (private 
method designed to be overridden in subclasses) is deprecated without 
replacement. (#2229;,
 [@jeremyevans;])

Removed

Rack::Request#values_at is removed. (#2200;,
 [@ioquatix;])
Rack::Logger is removed with no replacement. 
(#2196;,
 [@ioquatix;])
Automatic cache invalidation in 
Rack::Request#{GET,POST} has been removed. (#2230;,
 [@jeremyevans;])
Support for CGI::Cookie has been removed. 
(#2332;,
 [@ioquatix;])

Fixed

Rack::RewindableInput::Middleware no longer 
wraps a nil input. (#2259;,
 @tt;)
Fix NoMethodError in 
Rack::Request#wrap_ipv6 when 
x-forwarded-host is empty. (#2270;,
 @oieioi;)
Fix the specification for SERVER_PORT which 
was incorrectly documented as required to be an 
Integer if present - it must be a 
String containing digits only. (#2296;,
 [@ioquatix;])
SERVER_NAME and 
HTTP_HOST are now more strictly validated according to 
the relevant specifications. (#2298;,
 [@ioquatix;])


<



[openstreetmap/openstreetmap-website] Bump eslint from 9.27.0 to 9.28.0 (PR #6068)


2025-05-30

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.27.0 to 9.28.0.

Release notes
Sourced from eslint's 
releases.

v9.28.0
Features

b0674be;
 feat: Customization of serialization for languageOptions (#19760;)
 (Nicholas C. Zakas)
a95721f;
 feat: Add --pass-on-unpruned-suppressions CLI option 
(#19773;)
 (Milos Djermanovic)
bfd0e7a;
 feat: support TypeScript syntax in 
no-use-before-define (#19566;)
 (Tanuj Kanti)
68c61c0;
 feat: support TS syntax in no-shadow (#19565;)
 (Nitin Kumar)
0f773ef;
 feat: support TS syntax in no-magic-numbers (#19561;)
 (Nitin Kumar)
c4a6b60;
 feat: add allowTypeAnnotation to func-style (#19754;)
 (sethamus)
b03ad17;
 feat: add TypeScript support to prefer-arrow-callback 
(#19678;)
 (Tanuj Kanti)
bc3c331;
 feat: ignore overloaded function declarations in func-style rule (#19755;)
 (sethamus)

Bug Fixes

eea3e7e;
 fix: Remove configured global variables from 
GlobalScope#implicit (#19779;)
 (Milos Djermanovic)
a467de3;
 fix: update context.report types (#19751;)
 (Nitin Kumar)
fd467bb;
 fix: remove interopDefault to use jiti's default (#19697;)
 (sethamus)
72d16e3;
 fix: avoid false positive in no-unassigned-vars for 
declare module (#19746;)
 (Azat S.)
81c3c93;
 fix: curly types (#19750;)
 (Eli)

Documentation

3ec2082;
 docs: Nested arrays in files config entry (#19799;)
 (Nicholas C. Zakas)
89a65b0;
 docs: clarify how config arrays can apply to subsets of files (#19788;)
 (Shais Ch)
2ba8a0d;
 docs: Add description of meta.namespace to plugin docs (#19798;)
 (Nicholas C. Zakas)
59dd7e6;
 docs: update func-style with examples ([openstreetmap/openstreetmap-website] Bump @types/leaflet from 1.9.18 to 1.9.19 (PR #6132)


2025-06-24

Thread
dependabot[bot] via rails-dev

Bumps 
[@types/leaflet](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/leaflet)
 from 1.9.18 to 1.9.19.

Commits

See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/leaflet&package-manager=npm_and_yarn&previous-version=1.9.18&new-version=1.9.19)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/6132

-- Commit Summary --

  * Bump @types/leaflet from 1.9.18 to 1.9.19

-- File Changes --

M yarn.lock (6)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/6132.patch
https://github.com/openstreetmap/openstreetmap-website/pull/6132.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/6132
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump eslint from 9.28.0 to 9.29.0 (PR #6097)


2025-06-13

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.28.0 to 9.29.0.

Release notes
Sourced from eslint's 
releases.

v9.29.0
Features

f686fcb;
 feat: add ecmaVersion: 2026, parsing 
using and await using (#19832;)
 (Milos Djermanovic)
19cdd22;
 feat: prune suppressions for non-existent files (#19825;)
 (TKDev7)
b3d720f;
 feat: add ES2025 globals (#19835;)
 (fisker Cheung)
677a283;
 feat: add auto-accessor fields support to class-methods-use-this (#19789;)
 (sethamus)
dbba058;
 feat: allow global type declaration in no-var (#19714;)
 (Remco Haszing)
342bd29;
 feat: ignore type annotations in no-restricted-globals (#19781;)
 (sethamus)
786bcd1;
 feat: add allowProperties option to no-restricted-properties (#19772;)
 (sethamus)
05b66d0;
 feat: add sourceCode.isGlobalReference(node) method 
(#19695;)
 (Nitin Kumar)

Bug Fixes

85c082c;
 fix: explicit matching behavior with negated patterns and arrays (#19845;)
 (Milos Djermanovic)
9bda4a9;
 fix: fix LintOptions.filterCodeBlock types (#19837;)
 (ntnyq)
7ab77a2;
 fix: correct breaking deprecation of FlatConfig type (#19826;)
 (Logicer)
1ba3318;
 fix: add language and 
dialects to 
no-use-before-define (#19808;)
 (Francesco Trotta)

Documentation

00e3e6a;
 docs: add support for custom name parameter to 
includeIgnoreFile (#19795;)
 (루밀LuMir)
3aed075;
 docs: Update README (GitHub Actions Bot)
a2f888d;
 docs: enhance documentation with links and fix typos (#19761;)
 (루밀LuMir)
53c3235;
 docs: update to clarify prompt usage (#19748;)
 (Jennifer Davis)

Chores

5c114c9;
 chore: upgrade @eslint/js@9<



[openstreetmap/openstreetmap-website] Bump @stylistic/eslint-plugin-js from 4.4.0 to 4.4.1 (PR #6087)


2025-06-04

Thread
dependabot[bot] via rails-dev

Bumps 
[@stylistic/eslint-plugin-js](https://github.com/eslint-stylistic/eslint-stylistic/tree/HEAD/packages/eslint-plugin-js)
 from 4.4.0 to 4.4.1.

Release notes
Sourced from @stylistic/eslint-plugin-js's
 releases.

v4.4.1
4.4.1;
 (2025-06-02)
Bug Fixes

keyword-spacing: check spaces around the 
type keyword in export 
declarations (#797;)
 (6854a3c;)

Chores

indent-binary-ops: use unified testing 
tool (#806;)
 (3a8fc53;)
type-generic-spacing: unify spacing 
checks (#800;)
 (6f8b01c;)




Changelog
Sourced from @stylistic/eslint-plugin-js's
 changelog.

4.4.1;
 (2025-06-02)
Bug Fixes

keyword-spacing: check spaces around the 
type keyword in export 
declarations (#797;)
 (6854a3c;)

Chores

indent-binary-ops: use unified testing 
tool (#806;)
 (3a8fc53;)
type-generic-spacing: unify spacing 
checks (#800;)
 (6f8b01c;)




Commits

0a22599;
 chore: release v4.4.1 (main) (#802;)
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@stylistic/eslint-plugin-js&package-manager=npm_and_yarn&previous-version=4.4.0&new-version=4.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reop



[openstreetmap/openstreetmap-website] Bump eslint from 9.30.0 to 9.30.1 (PR #6160)


2025-07-01

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.30.0 to 9.30.1.

Release notes
Sourced from eslint's 
releases.

v9.30.1
Bug Fixes

e91bb87;
 fix: allow separate default and named type imports (#19899;)
 (xbinaryx)

Documentation

ab7c625;
 docs: Update README (GitHub Actions Bot)
dae1e5b;
 docs: update jsdoc's link (#19896;)
 (JamesVanWaza)

Chores

b035f74;
 chore: upgrade to @eslint/js@9.30.1 (#19906;)
 (Francesco Trotta)
b3dbc16;
 chore: package.json update for @eslint/js release 
(Jenkins)




Changelog
Sourced from eslint's
 changelog.

v9.30.1 - July 1, 2025

b035f74;
 chore: upgrade to @eslint/js@9.30.1 (#19906;)
 (Francesco Trotta)
b3dbc16;
 chore: package.json update for @eslint/js release 
(Jenkins)
e91bb87;
 fix: allow separate default and named type imports (#19899;)
 (xbinaryx)
ab7c625;
 docs: Update README (GitHub Actions Bot)
dae1e5b;
 docs: update jsdoc's link (#19896;)
 (JamesVanWaza)




Commits

6769b5f;
 9.30.1
b2950ac;
 Build: changelog update for 9.30.1
b035f74;
 chore: upgrade to @eslint/js@9.30.1 (#19906;)
b3dbc16;
 chore: package.json update for @eslint/js 
release
e91bb87;
 fix: allow separate default and named type imports (#19899;)
ab7c625;
 docs: Update README
dae1e5b;
 docs: update jsdoc's link (#19896;)
See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=eslint&package-manager=npm_and_yarn&previous-version=9.30.0&new-version=9.30.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dep



[openstreetmap/openstreetmap-website] Bump eslint from 9.29.0 to 9.30.0 (PR #6140)


2025-06-27

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.29.0 to 9.30.0.

Release notes
Sourced from eslint's 
releases.

v9.30.0
Features

52a5fca;
 feat: Support basePath property in config objects 
(#19879;)
 (Milos Djermanovic)
4ab4482;
 feat: add allowSeparateTypeImports option to 
no-duplicate-imports (#19872;)
 (sethamus)
b8a7e7a;
 feat: throw error when column is negative in 
getIndexFromLoc (#19831;)
 (루밀LuMir)

Bug Fixes

6a0f164;
 fix: handle null type loc in 
getIndexFromLoc method (#19862;)
 (루밀LuMir)
3fbcd70;
 fix: update error message for 
no-restricted-properties (#19855;)
 (Tanuj Kanti)
7ef4cf7;
 fix: remove unnecessary semicolon from fixes (#19857;)
 (Francesco Trotta)
7dabc38;
 fix: use process.version in 
--env-info (#19865;)
 (TKDev7)

Documentation

8662ed1;
 docs: adopt eslint-stylistic sub packages related changes (#19887;)
 (ntnyq)
20158b0;
 docs: typo in comment for unused variables handling (#19870;)
 (leopardracer)
ebfb5b4;
 docs: Fixed Typo in configuration-files.md (#19873;)
 (0-20)
4112fd0;
 docs: clarify that boolean is still allowed for rule 
meta.deprecated (#19866;)
 (Bryan Mishkin)

Chores

2b6491c;
 chore: upgrade to @eslint/js@9.30.0 (#19889;)
 (Francesco Trotta)
5a5d526;
 chore: package.json update for @eslint/js release 
(Jenkins)
eaf8a41;
 chore: Correct typos in linter tests (#19878;)
 (kilavvy)




Changelog
Sourced from eslint's
 changelog.

v9.30.0 - June 27, 2025

2b6491c;
 chore: upgrade to @eslint/js@9.30.0 (#19889;)
 (Francesco Trotta)
5a5d526;
 chore: package.json update for @eslint/js release 
(Jenkins)




[openstreetmap/openstreetmap-website] Bump @types/leaflet from 1.9.19 to 1.9.20 (PR #6174)


2025-07-08

Thread
dependabot[bot] via rails-dev

Bumps 
[@types/leaflet](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/leaflet)
 from 1.9.19 to 1.9.20.

Commits

See full diff in compare
 view






[![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/leaflet&package-manager=npm_and_yarn&previous-version=1.9.19&new-version=1.9.20)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have 
been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block 
automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You 
can achieve the same result by closing it manually
- `@dependabot show  ignore conditions` will show all of 
the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot 
creating any more for this dependency (unless you reopen the PR or upgrade to 
it yourself)



You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/6174

-- Commit Summary --

  * Bump @types/leaflet from 1.9.19 to 1.9.20

-- File Changes --

M yarn.lock (6)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/6174.patch
https://github.com/openstreetmap/openstreetmap-website/pull/6174.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/6174
You are receiving this because you are subscribed to this thread.

Message ID: 
___
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev





[openstreetmap/openstreetmap-website] Bump eslint from 9.30.1 to 9.31.0 (PR #6183)


2025-07-11

Thread
dependabot[bot] via rails-dev

Bumps [eslint](https://github.com/eslint/eslint) from 9.30.1 to 9.31.0.

Release notes
Sourced from eslint's 
releases.

v9.31.0
Features

35cf44c;
 feat: output full actual location in rule tester if different (#19904;)
 (ST-DDT)
a6a6325;
 feat: support explicit resource management in 
no-loop-func (#19895;)
 (Milos Djermanovic)
4682cdc;
 feat: support explicit resource management in 
no-undef-init (#19894;)
 (Milos Djermanovic)
5848216;
 feat: support explicit resource management in 
init-declarations (#19893;)
 (Milos Djermanovic)
bb370b8;
 feat: support explicit resource management in 
no-const-assign (#19892;)
 (Milos Djermanovic)

Bug Fixes

07fac6c;
 fix: retry on EMFILE when writing autofix results (#19926;)
 (TKDev7)
28cc7ab;
 fix: Remove incorrect RuleContext types (#19910;)
 (Nicholas C. Zakas)

Documentation

664cb44;
 docs: Update README (GitHub Actions Bot)
40dbe2a;
 docs: fix mismatch between globalIgnores() code and 
text (#19914;)
 (MaoShizhong)
5a0069d;
 docs: Update README (GitHub Actions Bot)
fef04b5;
 docs: Update working on issues info (#19902;)
 (Nicholas C. Zakas)

Chores

3ddd454;
 chore: upgrade to @eslint/js@9.31.0 (#19935;)
 (Francesco Trotta)
d5054e5;
 chore: package.json update for @eslint/js release 
(Jenkins)
0f4a378;
 chore: update eslint (#19933;)
 (renovate[bot])
76c2340;
 chore: bump mocha to v11 (#19917;)
 (루밀LuMir)




Changelog
Sourced from eslint's
 changelog.

v9.31.0 - July 11, 2025

3ddd454;
 chore: upgrade to @eslint/js@9.31.0 (#19935;)
 (Francesco Trotta)
d5054e5;
 chore: package.json update for @eslint/js release 
(Jenkins)

v2.3.1

What's Changed

v9.12.0

Features

Bug Fixes

Documentation

Chores

v9.13.0

Features

Bug Fixes

Documentation

Chores

v2.3.3

What's Changed

v9.14.0

Features

Bug Fixes

Documentation

Build Related

Chores

v2.3.4

What's Changed

v9.11.1

Bug Fixes

Documentation

Chores

v1.8.2

What's Changed

New Contributors

v9.11.0

Features

Bug Fixes

Documentation

5.6.9 / 2024-09-19

v2.3.2

What's Changed

New Contributors

v2.3.1

What's Changed

v9.16.0

Features

Documentation

Chores

6.13.1

v9.15.0

Features

Bug Fixes

Documentation

Chores

1.6.1 / 2024-12-02

1.6.1 / 2024-12-02

plugin-kit: v0.2.3

0.2.3; (2024-11-14)

Dependencies

plugin-kit: v0.2.2

0.2.2; (2024-10-25)

Dependencies

plugin-kit: v0.2.1

0.2.1; (2024-10-18)

Dependencies

v9.20.0

Features

Bug Fixes

Documentation

v0.5.6

What's Changed

🔒 Security Fix

Fix with minor API changes

Mitigate with backward compatible API

Please Note: unhandled responses

Added

Fixed

v3.1.0

3.1.0; (2025-02-08)

Features

3.1.0; (2025-02-08)

Features

7.2.2.1

Active Support

Active Model