Merge pull request #7103 from openstreetmap/translatewiki

Localisation updates from https://translatewiki.net.

Localisation updates from https://translatewiki.net.

Install libvips-dev for workflows that load the bundle

Require ruby-vips explicitly

As of 2.x the image_processing no longer requires it automatically.

Update test for change in message from third party gem

Merge remote-tracking branch 'upstream/pull/7102'

Merge remote-tracking branch 'upstream/pull/7101'

Merge remote-tracking branch 'upstream/pull/7100'

Merge remote-tracking branch 'upstream/pull/7099'

Bump the dependencies group with 8 updates

Bumps the dependencies group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [jbuilder](https://github.com/rails/jbuilder) | `2.14.1` | `2.15.0` |
| [strong_migrations](https://github.com/ankane/strong_migrations) | `2.7.0` | `2.8.0` |
| [omniauth-microsoft_graph](https://github.com/synth/omniauth-microsoft_graph) | `2.1.0` | `2.2.0` |
| [doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) | `5.9.0` | `5.9.1` |
| [dalli](https://github.com/petergoldstein/dalli) | `5.0.2` | `5.0.4` |
| [marcel](https://github.com/rails/marcel) | `1.1.0` | `1.2.1` |
| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.222.0` | `1.223.0` |
| [image_processing](https://github.com/janko/image_processing) | `1.14.0` | `2.0.0` |

Updates `jbuilder` from 2.14.1 to 2.15.0
- [Release notes](https://github.com/rails/jbuilder/releases)
- [Commits](https://github.com/rails/jbuilder/compare/v2.14.1...v2.15.0)

Updates `strong_migrations` from 2.7.0 to 2.8.0
- [Changelog](https://github.com/ankane/strong_migrations/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/strong_migrations/compare/v2.7.0...v2.8.0)

Updates `omniauth-microsoft_graph` from 2.1.0 to 2.2.0
- [Release notes](https://github.com/synth/omniauth-microsoft_graph/releases)
- [Changelog](https://github.com/synth/omniauth-microsoft_graph/blob/main/CHANGELOG.md)
- [Commits](https://github.com/synth/omniauth-microsoft_graph/compare/2.1.0...2.2.0)

Updates `doorkeeper` from 5.9.0 to 5.9.1
- [Release notes](https://github.com/doorkeeper-gem/doorkeeper/releases)
- [Changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/main/CHANGELOG.md)
- [Commits](https://github.com/doorkeeper-gem/doorkeeper/compare/v.5.9.0...v5.9.1)

Updates `dalli` from 5.0.2 to 5.0.4
- [Changelog](https://github.com/petergoldstein/dalli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/petergoldstein/dalli/compare/v5.0.2...v5.0.4)

Updates `marcel` from 1.1.0 to 1.2.1
- [Release notes](https://github.com/rails/marcel/releases)
- [Commits](https://github.com/rails/marcel/compare/v1.1.0...v1.2.1)

Updates `aws-sdk-s3` from 1.222.0 to 1.223.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `image_processing` from 1.14.0 to 2.0.0
- [Changelog](https://github.com/janko/image_processing/blob/master/CHANGELOG.md)
- [Commits](https://github.com/janko/image_processing/compare/v1.14.0...v2.0.0)

---
updated-dependencies:
- dependency-name: jbuilder
  dependency-version: 2.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: strong_migrations
  dependency-version: 2.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: omniauth-microsoft_graph
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: doorkeeper
  dependency-version: 5.9.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: dalli
  dependency-version: 5.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: marcel
  dependency-version: 1.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: aws-sdk-s3
  dependency-version: 1.223.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: image_processing
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump the dependencies group with 2 updates

Bumps the dependencies group with 2 updates: [js-cookie](https://github.com/js-cookie/js-cookie) and [eslint](https://github.com/eslint/eslint).

Updates `js-cookie` from 3.0.5 to 3.0.7
- [Release notes](https://github.com/js-cookie/js-cookie/releases)
- [Commits](https://github.com/js-cookie/js-cookie/compare/v3.0.5...v3.0.7)

Updates `eslint` from 10.3.0 to 10.4.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.3.0...v10.4.0)

---
updated-dependencies:
- dependency-name: js-cookie
  dependency-version: 3.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: eslint
  dependency-version: 10.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump rubocop-rails from 2.35.0 to 2.35.2 in the rubocop group

Bumps the rubocop group with 1 update: [rubocop-rails](https://github.com/rubocop/rubocop-rails).

Updates `rubocop-rails` from 2.35.0 to 2.35.2
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.35.0...v2.35.2)

---
updated-dependencies:
- dependency-name: rubocop-rails
  dependency-version: 2.35.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: rubocop
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump ruby/setup-ruby from 1.307.0 to 1.310.0 in the dependencies group

Bumps the dependencies group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).

Updates `ruby/setup-ruby` from 1.307.0 to 1.310.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/6aaa311d81eba98ae12eaffbcb63296ace0efcde...afeafc3d1ab54a631816aba4c914a0081c12ff2f)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.310.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge remote-tracking branch 'upstream/pull/7091'

Merge remote-tracking branch 'upstream/pull/7098'

Bump faraday from 2.14.1 to 2.14.2

Bumps [faraday](https://github.com/lostisland/faraday) from 2.14.1 to 2.14.2.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2)

---
updated-dependencies:
- dependency-name: faraday
  dependency-version: 2.14.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge remote-tracking branch 'upstream/pull/7095'

Merge remote-tracking branch 'upstream/pull/7096'

Localisation updates from https://translatewiki.net.

No need to call Yarn within Bundler

Merge pull request #7092 from openstreetmap/dependabot/bundler/rubocop-8dcd05a09e

Bump the rubocop group across 1 directory with 2 updates

Bump the rubocop group across 1 directory with 2 updates

Bumps the rubocop group with 2 updates in the / directory: [rubocop](https://github.com/rubocop/rubocop) and [rubocop-rails](https://github.com/rubocop/rubocop-rails).

Updates `rubocop` from 1.86.1 to 1.86.2
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.86.1...v1.86.2)

Updates `rubocop-rails` from 2.34.3 to 2.35.0
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.34.3...v2.35.0)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-version: 1.86.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: rubocop
- dependency-name: rubocop-rails
  dependency-version: 2.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: rubocop
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #7090 from tomhughes/params

Improve parameter validation using rails parameter methods

Add ::1 (IPv6 local) to allowed http redirect_uris for OAuth

Allows one to do local testing and to use IPv6. Previously only IPv4 was
supported (127.0.0.1), but not ::1.

Related discussions:
https://github.com/openstreetmap/openstreetmap-website/pull/4287
https://github.com/openstreetmap/openstreetmap-website/issues/3613

Improve parameter validation using rails parameter methods

Merge pull request #7085 from dschweisguth/run-update-wiki-pages

Run script/misc/update-wiki-pages

Merge pull request #7088 from openstreetmap/dependabot/bundler/dependencies-555bebb177

Bump the dependencies group with 5 updates

Merge pull request #7086 from openstreetmap/dependabot/github_actions/dependencies-da8be134b1

Bump ruby/setup-ruby from 1.306.0 to 1.307.0 in the dependencies group

Bump the dependencies group with 5 updates

Bumps the dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [bootsnap](https://github.com/rails/bootsnap) | `1.24.3` | `1.24.4` |
| [opentelemetry-exporter-otlp](https://github.com/open-telemetry/opentelemetry-ruby) | `0.33.0` | `0.34.0` |
| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `1.11.0` | `1.12.0` |
| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.221.0` | `1.222.0` |
| [selenium-webdriver](https://github.com/SeleniumHQ/selenium) | `4.43.0` | `4.44.0` |

Updates `bootsnap` from 1.24.3 to 1.24.4
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/bootsnap/compare/v1.24.3...v1.24.4)

Updates `opentelemetry-exporter-otlp` from 0.33.0 to 0.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp/v0.33.0...opentelemetry-exporter-otlp/v0.34.0)

Updates `opentelemetry-sdk` from 1.11.0 to 1.12.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-sdk/v1.11.0...opentelemetry-sdk/v1.12.0)

Updates `aws-sdk-s3` from 1.221.0 to 1.222.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `selenium-webdriver` from 4.43.0 to 4.44.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.43.0...selenium-4.44.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-version: 1.24.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: opentelemetry-exporter-otlp
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: opentelemetry-sdk
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: aws-sdk-s3
  dependency-version: 1.222.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: selenium-webdriver
  dependency-version: 4.44.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump ruby/setup-ruby from 1.306.0 to 1.307.0 in the dependencies group

Bumps the dependencies group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).

Updates `ruby/setup-ruby` from 1.306.0 to 1.307.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/c4e5b1316158f92e3d49443a9d58b31d25ac0f8f...6aaa311d81eba98ae12eaffbcb63296ace0efcde)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.307.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #6533 from spixi/master

Add Nominatim description terms

Add Nominatim description terms

Merge pull request #7013 from Adi-gitX/docs/contributor-terms-wording

Use Contributor Terms wording in signup prompt

Run script/misc/update-wiki-pages

Merge remote-tracking branch 'upstream/pull/7084'

Avoid string interpolation into bash commands

Although the `clone_url` and `sha` are safe, other similar aspects of
the pull request head are not (e.g. `head.ref`, `pull_request.title` etc)
and these must not be interpolated.

So let's use the convention of putting such data into environment
variables, where the contents are not interpolated into the bash
commands and are instead passed directly to the called program.

https://docs.github.com/en/actions/reference/security/secure-use#use-an-intermediate-environment-variable

Merge pull request #7082 from openstreetmap/translatewiki

Localisation updates from https://translatewiki.net.

Localisation updates from https://translatewiki.net.

Merge remote-tracking branch 'upstream/pull/7080'

Merge remote-tracking branch 'upstream/pull/7077'

Change banner hide method

chore: updated sotm africa conference banner

Merge remote-tracking branch 'upstream/pull/7074'

Merge pull request #7062 from tyrasd/history-geolink

sync location hash on the "History" link in header navigation

sync location hash on the "History" link in header navigation

fixes https://github.com/openstreetmap/iD/issues/12287

Generalize color scheme evaluating logic

Merge remote-tracking branch 'upstream/pull/7073'

update iD to v2.40.0

Merge remote-tracking branch 'upstream/pull/7071'

Merge remote-tracking branch 'upstream/pull/7072'

Localisation updates from https://translatewiki.net.

Remove pessimistic version constraints

We were ignoring them in dependabot so they aren't really necessary.

We can add constraints when we run into specific problems, but otherwise
we should be optimistic that, for the vast majority of cases, the new version
of a gem will either work fine as-is or will be flagged up by CI.

Remove explicit mini_racer dependency

This was originally added to constrain the transitive dependency (via rtlcss)
but the associated bug is now fixed and the version constraint was automatically
changed by dependabot anyway.

Merge remote-tracking branch 'upstream/pull/7070'

Remove minimum version constraints from Gemfile

It's very unlikely that a `bundle update` will:

* lead a version downgrade
* ... and that version falls below the nominal minimum version
* ... and that version causes a breakage
* ... and that breakage is not picked up by CI

It's therefore better for legibility and clarity of other constraints
if we remove the ones that aren't necessary.

Skip big-pr check for translatewiki

These are often large, for example when we add more strings or when
a new language crosses the inclusion threshold.

Merge remote-tracking branch 'upstream/pull/7069'

Merge remote-tracking branch 'upstream/pull/7068'

Bump aws-sdk-s3 from 1.220.0 to 1.221.0 in the dependencies group

Bumps the dependencies group with 1 update: [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby).

Updates `aws-sdk-s3` from 1.220.0 to 1.221.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-version: 1.221.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump the dependencies group with 2 updates

Bumps the dependencies group with 2 updates: [leaflet.locatecontrol](https://github.com/domoritz/leaflet-locatecontrol) and [tag2link](https://github.com/JOSM/tag2link).

Updates `leaflet.locatecontrol` from 0.89.1 to 0.90.0
- [Changelog](https://github.com/domoritz/leaflet-locatecontrol/blob/gh-pages/CHANGELOG.md)
- [Commits](https://github.com/domoritz/leaflet-locatecontrol/compare/v0.89.1...v0.90.0)

Updates `tag2link` from 2026.3.21 to 2026.5.6
- [Release notes](https://github.com/JOSM/tag2link/releases)
- [Commits](https://github.com/JOSM/tag2link/compare/2026.3.21...2026.5.6)

---
updated-dependencies:
- dependency-name: leaflet.locatecontrol
  dependency-version: 0.90.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: tag2link
  dependency-version: 2026.5.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge remote-tracking branch 'upstream/pull/7066'

Merge remote-tracking branch 'upstream/pull/7065'

Merge remote-tracking branch 'upstream/pull/7064'

Bump the dependencies group with 3 updates

Bumps the dependencies group with 3 updates: [bootsnap](https://github.com/rails/bootsnap), [bootstrap_form](https://github.com/bootstrap-ruby/bootstrap_form) and [minitest](https://github.com/minitest/minitest).

Updates `bootsnap` from 1.24.1 to 1.24.3
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/bootsnap/compare/v1.24.1...v1.24.3)

Updates `bootstrap_form` from 5.6.0 to 5.6.1
- [Release notes](https://github.com/bootstrap-ruby/bootstrap_form/releases)
- [Changelog](https://github.com/bootstrap-ruby/bootstrap_form/blob/main/CHANGELOG.md)
- [Commits](https://github.com/bootstrap-ruby/bootstrap_form/compare/v5.6.0...v5.6.1)

Updates `minitest` from 6.0.5 to 6.0.6
- [Changelog](https://github.com/minitest/minitest/blob/master/History.rdoc)
- [Commits](https://github.com/minitest/minitest/compare/v6.0.5...v6.0.6)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-version: 1.24.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: bootstrap_form
  dependency-version: 5.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: minitest
  dependency-version: 6.0.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump the dependencies group with 3 updates

Bumps the dependencies group with 3 updates: [leaflet.locatecontrol](https://github.com/domoritz/leaflet-locatecontrol), [eslint](https://github.com/eslint/eslint) and [globals](https://github.com/sindresorhus/globals).

Updates `leaflet.locatecontrol` from 0.89.0 to 0.89.1
- [Changelog](https://github.com/domoritz/leaflet-locatecontrol/blob/gh-pages/CHANGELOG.md)
- [Commits](https://github.com/domoritz/leaflet-locatecontrol/compare/v0.89.0...v0.89.1)

Updates `eslint` from 10.2.1 to 10.3.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.2.1...v10.3.0)

Updates `globals` from 17.5.0 to 17.6.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](https://github.com/sindresorhus/globals/compare/v17.5.0...v17.6.0)

---
updated-dependencies:
- dependency-name: leaflet.locatecontrol
  dependency-version: 0.89.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: eslint
  dependency-version: 10.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: globals
  dependency-version: 17.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump rubocop-capybara from 2.22.1 to 2.23.0 in the rubocop group

Bumps the rubocop group with 1 update: [rubocop-capybara](https://github.com/rubocop/rubocop-capybara).

Updates `rubocop-capybara` from 2.22.1 to 2.23.0
- [Release notes](https://github.com/rubocop/rubocop-capybara/releases)
- [Changelog](https://github.com/rubocop/rubocop-capybara/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-capybara/compare/v2.22.1...v2.23.0)

---
updated-dependencies:
- dependency-name: rubocop-capybara
  dependency-version: 2.23.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: rubocop
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge remote-tracking branch 'upstream/pull/7001'

Merge remote-tracking branch 'upstream/pull/7063'

Configure dependabot to respect Gemfile constraints

This allows us to use constraints in the Gemfile, without having to
remember to repeat them in the dependabot configuration.

Actually use notification preferences

Form to manage notification preferences

Ruby API to manage notification preferences

Merge remote-tracking branch 'upstream/pull/7060'

Merge remote-tracking branch 'upstream/pull/7059'

Fix GPX import mailers, which expected different tag objects

Embrace bug, which will be future behaviour

Merge remote-tracking branch 'upstream/pull/7057'

Bump net-imap from 0.6.3 to 0.6.4

Bumps [net-imap](https://github.com/ruby/net-imap) from 0.6.3 to 0.6.4.
- [Release notes](https://github.com/ruby/net-imap/releases)
- [Commits](https://github.com/ruby/net-imap/compare/v0.6.3...v0.6.4)

---
updated-dependencies:
- dependency-name: net-imap
  dependency-version: 0.6.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge remote-tracking branch 'upstream/pull/7053'

Merge remote-tracking branch 'upstream/pull/7056'

Add kw to UI languages

Localisation updates from https://translatewiki.net.

Move hash and title sync logic from iframe to parent

Merge remote-tracking branch 'upstream/pull/6713'

Merge pull request #7055 from lonvia/patch-1

Fix link to FAQ

fix link to FAQ

Cache social link platform and name at save time (#6950)

Cache rendered HTML fragment for social links using Rails.cache.fetch
instead of re-parsing URLs on every page load. This avoids repeated
regex matching and HTTP calls to resolve platform metadata.

Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>

Merge pull request #7048 from tomhughes/md5-passwords

Drop support for legacy MD5 passwords

Block creation of notes within moderation zones

Add table+model to store geoblock zones

Add PostGIS adapter for ActiveRecord

Enable PostGIS

Drop support for MD5 legacy passwords

Remove support for validating MD5 passwords and migrate any such
passwords in the database to an invalid password.

Reported-by: Jorge Gonzalez Milla <jorge@jmilla.es>

Redirect users with invalid password to the reset flow

Test login error cases for sessions controller

Drop unused require of securerandom

Merge remote-tracking branch 'upstream/pull/7051'

Merge pull request #7052 from openstreetmap/translatewiki

Localisation updates from https://translatewiki.net.

Localisation updates from https://translatewiki.net.

Merge pull request #7049 from openstreetmap/dependabot/github_actions/dependencies-4a0b9de8bd

Bump ruby/setup-ruby from 1.305.0 to 1.306.0 in the dependencies group