Merge remote-tracking branch 'upstream/pull/7145'

Bump net-imap from 0.6.4 to 0.6.4.1

Bumps [net-imap](https://github.com/ruby/net-imap) from 0.6.4 to 0.6.4.1.
- [Release notes](https://github.com/ruby/net-imap/releases)
- [Commits](https://github.com/ruby/net-imap/compare/v0.6.4...v0.6.4.1)

---
updated-dependencies:
- dependency-name: net-imap
  dependency-version: 0.6.4.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge remote-tracking branch 'upstream/pull/7138'

Add query parameter that to suppress display of signup UI elements

This adds support for a query paramater "allow_signup" that will
suppress the rendering of signup UI elements during the OAuth2
authorisation flow.

This is the same solution as github implements for their "webflow"
OAuth2 process.

Resolves https://github.com/openstreetmap/openstreetmap-website/issues/5118

Merge pull request #7144 from tomhughes/js-minimise

Restore javascript minimisation in production

Restore javascript minimisation in production

Fixes #7143.

Merge pull request #7141 from openstreetmap/translatewiki

Localisation updates from https://translatewiki.net.

Localisation updates from https://translatewiki.net.

Merge remote-tracking branch 'upstream/pull/7131'

Merge pull request #7134 from tyrasd/iD-issue-10700

[iD] fix glitchy zoom level caused by out-of-order event handlers

fix detection of automatic hash changes for out-of-order events

see https://github.com/openstreetmap/iD/issues/10700#issuecomment-4615707609

Normally, the `onIframeHashChange` event is immediately followed by the respective `hashchange` event. But in some conditions (when the js main thread is busy with something else), it can happen that multiple `onIframeHashChange` events/messages are received right after each other, before the respective `hashchange` events are called.
The mechanism that detects wheter a hash change was "automatic" (set programmatically from inside the iframe by iD) relies on the order of events to function correctly.
This fixes the implementation by remembering which concrete hashchanges were triggered by the iframe message, avoiding duplicate/nop changes, and only updating the editor's map location if the hash change really did not come from the iD iframe itself.

fixes https://github.com/openstreetmap/iD/issues/10700

Merge pull request #7133 from openstreetmap/translatewiki

Localisation updates from https://translatewiki.net.

Localisation updates from https://translatewiki.net.

Merge pull request #7130 from openstreetmap/dependabot/npm_and_yarn/dependencies-35c92e866e

Bump the dependencies group with 2 updates

Merge pull request #7129 from openstreetmap/dependabot/bundler/rubocop-543235cdfe

Bump the rubocop group with 2 updates

Merge pull request #7128 from openstreetmap/dependabot/github_actions/dependencies-3a660dc918

Bump the dependencies group with 2 updates

Bump the dependencies group with 5 updates

Bumps the dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [bootsnap](https://github.com/rails/bootsnap) | `1.24.5` | `1.24.6` |
| [doorkeeper-openid_connect](https://github.com/doorkeeper-gem/doorkeeper-openid_connect) | `1.9.0` | `1.10.1` |
| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.224.0` | `1.225.0` |
| [image_processing](https://github.com/janko/image_processing) | `2.0.1` | `2.0.2` |
| [overcommit](https://github.com/sds/overcommit) | `0.69.0` | `0.70.0` |

Updates `bootsnap` from 1.24.5 to 1.24.6
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/bootsnap/compare/v1.24.5...v1.24.6)

Updates `doorkeeper-openid_connect` from 1.9.0 to 1.10.1
- [Release notes](https://github.com/doorkeeper-gem/doorkeeper-openid_connect/releases)
- [Changelog](https://github.com/doorkeeper-gem/doorkeeper-openid_connect/blob/master/CHANGELOG.md)
- [Commits](https://github.com/doorkeeper-gem/doorkeeper-openid_connect/compare/v1.9.0...v1.10.1)

Updates `aws-sdk-s3` from 1.224.0 to 1.225.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `image_processing` from 2.0.1 to 2.0.2
- [Changelog](https://github.com/janko/image_processing/blob/master/CHANGELOG.md)
- [Commits](https://github.com/janko/image_processing/compare/v2.0.1...v2.0.2)

Updates `overcommit` from 0.69.0 to 0.70.0
- [Release notes](https://github.com/sds/overcommit/releases)
- [Changelog](https://github.com/sds/overcommit/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sds/overcommit/compare/v0.69.0...v0.70.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-version: 1.24.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: doorkeeper-openid_connect
  dependency-version: 1.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: aws-sdk-s3
  dependency-version: 1.225.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: image_processing
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: overcommit
  dependency-version: 0.70.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump the dependencies group with 2 updates

Bumps the dependencies group with 2 updates: [js-cookie](https://github.com/js-cookie/js-cookie) and [eslint](https://github.com/eslint/eslint).

Updates `js-cookie` from 3.0.7 to 3.0.8
- [Release notes](https://github.com/js-cookie/js-cookie/releases)
- [Commits](https://github.com/js-cookie/js-cookie/compare/v3.0.7...v3.0.8)

Updates `eslint` from 10.4.0 to 10.4.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.4.0...v10.4.1)

---
updated-dependencies:
- dependency-name: js-cookie
  dependency-version: 3.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: eslint
  dependency-version: 10.4.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump the rubocop group with 2 updates

Bumps the rubocop group with 2 updates: [rubocop](https://github.com/rubocop/rubocop) and [rubocop-rails](https://github.com/rubocop/rubocop-rails).

Updates `rubocop` from 1.86.2 to 1.87.0
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.86.2...v1.87.0)

Updates `rubocop-rails` from 2.35.2 to 2.35.3
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.35.2...v2.35.3)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-version: 1.87.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: rubocop
- dependency-name: rubocop-rails
  dependency-version: 2.35.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: rubocop
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump the dependencies group with 2 updates

Bumps the dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [devcontainers/ci](https://github.com/devcontainers/ci).

Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10)

Updates `devcontainers/ci` from 0.3.1900000449 to 0.3.1900000450
- [Release notes](https://github.com/devcontainers/ci/releases)
- [Commits](https://github.com/devcontainers/ci/compare/b63b30de439b47a52267f241112c5b453b673db5...513af61f4de4f75d37e4438f184ba4358f0fc1ca)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: devcontainers/ci
  dependency-version: 0.3.1900000450
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #7121 from openstreetmap/translatewiki

Localisation updates from https://translatewiki.net.

Localisation updates from https://translatewiki.net.

Allow turnstile for users#create as well as users#new

Drop custom image_optim gem

The upstream fix has now been released so we no longer need this.

Merge remote-tracking branch 'upstream/pull/7114'

Merge pull request #7113 from openstreetmap/dependabot/npm_and_yarn/dependencies-4387151758

Bump tag2link from 2026.5.6 to 2026.5.21 in the dependencies group

Merge pull request #7115 from openstreetmap/translatewiki

Localisation updates from https://translatewiki.net.

Localisation updates from https://translatewiki.net.

Bump the dependencies group with 10 updates

Bumps the dependencies group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [jbuilder](https://github.com/rails/jbuilder) | `2.15.0` | `2.15.1` |
| [bootsnap](https://github.com/rails/bootsnap) | `1.24.4` | `1.24.5` |
| [image_optim](https://github.com/tomhughes/image_optim) | ``745137c`` | ``1a88763`` |
| [dalli](https://github.com/petergoldstein/dalli) | `5.0.4` | `5.0.5` |
| [opentelemetry-instrumentation-all](https://github.com/open-telemetry/opentelemetry-ruby-contrib) | `0.93.0` | `0.94.0` |
| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.223.0` | `1.224.0` |
| [image_processing](https://github.com/janko/image_processing) | `2.0.0` | `2.0.1` |
| [jwt](https://github.com/jwt/ruby-jwt) | `2.10.2` | `2.10.3` |
| [puma](https://github.com/puma/puma) | `8.0.1` | `8.0.2` |
| [database_consistency](https://github.com/djezzzl/database_consistency) | `3.0.4` | `3.0.5` |

Updates `jbuilder` from 2.15.0 to 2.15.1
- [Release notes](https://github.com/rails/jbuilder/releases)
- [Commits](https://github.com/rails/jbuilder/compare/v2.15.0...v2.15.1)

Updates `bootsnap` from 1.24.4 to 1.24.5
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/bootsnap/compare/v1.24.4...v1.24.5)

Updates `image_optim` from `745137c` to `1a88763`
- [Commits](https://github.com/tomhughes/image_optim/compare/745137caf615ab07b29082c291416c8fbe0ac3b9...1a887639492923d05256d60c063e357c93d648d8)

Updates `dalli` from 5.0.4 to 5.0.5
- [Changelog](https://github.com/petergoldstein/dalli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/petergoldstein/dalli/compare/v5.0.4...v5.0.5)

Updates `opentelemetry-instrumentation-all` from 0.93.0 to 0.94.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-ruby-contrib/compare/opentelemetry-instrumentation-all/v0.93.0...opentelemetry-instrumentation-all/v0.94.0)

Updates `aws-sdk-s3` from 1.223.0 to 1.224.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `image_processing` from 2.0.0 to 2.0.1
- [Changelog](https://github.com/janko/image_processing/blob/master/CHANGELOG.md)
- [Commits](https://github.com/janko/image_processing/compare/v2.0.0...v2.0.1)

Updates `jwt` from 2.10.2 to 2.10.3
- [Release notes](https://github.com/jwt/ruby-jwt/releases)
- [Changelog](https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jwt/ruby-jwt/compare/v2.10.2...v2.10.3)

Updates `puma` from 8.0.1 to 8.0.2
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](https://github.com/puma/puma/compare/v8.0.1...v8.0.2)

Updates `database_consistency` from 3.0.4 to 3.0.5
- [Changelog](https://github.com/djezzzl/database_consistency/blob/master/CHANGELOG.md)
- [Commits](https://github.com/djezzzl/database_consistency/compare/v3.0.4...v3.0.5)

---
updated-dependencies:
- dependency-name: jbuilder
  dependency-version: 2.15.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: bootsnap
  dependency-version: 1.24.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: image_optim
  dependency-version: 1a887639492923d05256d60c063e357c93d648d8
  dependency-type: direct:production
  dependency-group: dependencies
- dependency-name: dalli
  dependency-version: 5.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: opentelemetry-instrumentation-all
  dependency-version: 0.94.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: aws-sdk-s3
  dependency-version: 1.224.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: image_processing
  dependency-version: 2.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: jwt
  dependency-version: 2.10.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: puma
  dependency-version: 8.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: database_consistency
  dependency-version: 3.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump tag2link from 2026.5.6 to 2026.5.21 in the dependencies group

Bumps the dependencies group with 1 update: [tag2link](https://github.com/JOSM/tag2link).

Updates `tag2link` from 2026.5.6 to 2026.5.21
- [Release notes](https://github.com/JOSM/tag2link/releases)
- [Commits](https://github.com/JOSM/tag2link/compare/2026.5.6...2026.5.21)

---
updated-dependencies:
- dependency-name: tag2link
  dependency-version: 2026.5.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge remote-tracking branch 'upstream/pull/7110'

Localisation updates from https://translatewiki.net.

Merge remote-tracking branch 'upstream/pull/7109'

Add banner configuration for State of the Map Colombia 2026

Banner images for SotMCol26

Merge remote-tracking branch 'upstream/pull/7108'

Add more wiki prefixes

Merge remote-tracking branch 'upstream/pull/7106'

Fix crash due to cgi gem not fully loaded

Merge pull request #7103 from openstreetmap/translatewiki

Localisation updates from https://translatewiki.net.

Localisation updates from https://translatewiki.net.

Install libvips-dev for workflows that load the bundle

Require ruby-vips explicitly

As of 2.x the image_processing no longer requires it automatically.

Update test for change in message from third party gem

Merge remote-tracking branch 'upstream/pull/7102'

Merge remote-tracking branch 'upstream/pull/7101'

Merge remote-tracking branch 'upstream/pull/7100'

Merge remote-tracking branch 'upstream/pull/7099'

Bump the dependencies group with 8 updates

Bumps the dependencies group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [jbuilder](https://github.com/rails/jbuilder) | `2.14.1` | `2.15.0` |
| [strong_migrations](https://github.com/ankane/strong_migrations) | `2.7.0` | `2.8.0` |
| [omniauth-microsoft_graph](https://github.com/synth/omniauth-microsoft_graph) | `2.1.0` | `2.2.0` |
| [doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) | `5.9.0` | `5.9.1` |
| [dalli](https://github.com/petergoldstein/dalli) | `5.0.2` | `5.0.4` |
| [marcel](https://github.com/rails/marcel) | `1.1.0` | `1.2.1` |
| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.222.0` | `1.223.0` |
| [image_processing](https://github.com/janko/image_processing) | `1.14.0` | `2.0.0` |

Updates `jbuilder` from 2.14.1 to 2.15.0
- [Release notes](https://github.com/rails/jbuilder/releases)
- [Commits](https://github.com/rails/jbuilder/compare/v2.14.1...v2.15.0)

Updates `strong_migrations` from 2.7.0 to 2.8.0
- [Changelog](https://github.com/ankane/strong_migrations/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/strong_migrations/compare/v2.7.0...v2.8.0)

Updates `omniauth-microsoft_graph` from 2.1.0 to 2.2.0
- [Release notes](https://github.com/synth/omniauth-microsoft_graph/releases)
- [Changelog](https://github.com/synth/omniauth-microsoft_graph/blob/main/CHANGELOG.md)
- [Commits](https://github.com/synth/omniauth-microsoft_graph/compare/2.1.0...2.2.0)

Updates `doorkeeper` from 5.9.0 to 5.9.1
- [Release notes](https://github.com/doorkeeper-gem/doorkeeper/releases)
- [Changelog](https://github.com/doorkeeper-gem/doorkeeper/blob/main/CHANGELOG.md)
- [Commits](https://github.com/doorkeeper-gem/doorkeeper/compare/v.5.9.0...v5.9.1)

Updates `dalli` from 5.0.2 to 5.0.4
- [Changelog](https://github.com/petergoldstein/dalli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/petergoldstein/dalli/compare/v5.0.2...v5.0.4)

Updates `marcel` from 1.1.0 to 1.2.1
- [Release notes](https://github.com/rails/marcel/releases)
- [Commits](https://github.com/rails/marcel/compare/v1.1.0...v1.2.1)

Updates `aws-sdk-s3` from 1.222.0 to 1.223.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `image_processing` from 1.14.0 to 2.0.0
- [Changelog](https://github.com/janko/image_processing/blob/master/CHANGELOG.md)
- [Commits](https://github.com/janko/image_processing/compare/v1.14.0...v2.0.0)

---
updated-dependencies:
- dependency-name: jbuilder
  dependency-version: 2.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: strong_migrations
  dependency-version: 2.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: omniauth-microsoft_graph
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: doorkeeper
  dependency-version: 5.9.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: dalli
  dependency-version: 5.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: marcel
  dependency-version: 1.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: aws-sdk-s3
  dependency-version: 1.223.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: image_processing
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump the dependencies group with 2 updates

Bumps the dependencies group with 2 updates: [js-cookie](https://github.com/js-cookie/js-cookie) and [eslint](https://github.com/eslint/eslint).

Updates `js-cookie` from 3.0.5 to 3.0.7
- [Release notes](https://github.com/js-cookie/js-cookie/releases)
- [Commits](https://github.com/js-cookie/js-cookie/compare/v3.0.5...v3.0.7)

Updates `eslint` from 10.3.0 to 10.4.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.3.0...v10.4.0)

---
updated-dependencies:
- dependency-name: js-cookie
  dependency-version: 3.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: eslint
  dependency-version: 10.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump rubocop-rails from 2.35.0 to 2.35.2 in the rubocop group

Bumps the rubocop group with 1 update: [rubocop-rails](https://github.com/rubocop/rubocop-rails).

Updates `rubocop-rails` from 2.35.0 to 2.35.2
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.35.0...v2.35.2)

---
updated-dependencies:
- dependency-name: rubocop-rails
  dependency-version: 2.35.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: rubocop
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump ruby/setup-ruby from 1.307.0 to 1.310.0 in the dependencies group

Bumps the dependencies group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).

Updates `ruby/setup-ruby` from 1.307.0 to 1.310.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/6aaa311d81eba98ae12eaffbcb63296ace0efcde...afeafc3d1ab54a631816aba4c914a0081c12ff2f)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.310.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge remote-tracking branch 'upstream/pull/7091'

Merge remote-tracking branch 'upstream/pull/7098'

Bump faraday from 2.14.1 to 2.14.2

Bumps [faraday](https://github.com/lostisland/faraday) from 2.14.1 to 2.14.2.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2)

---
updated-dependencies:
- dependency-name: faraday
  dependency-version: 2.14.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge remote-tracking branch 'upstream/pull/7095'

Merge remote-tracking branch 'upstream/pull/7096'

Localisation updates from https://translatewiki.net.

No need to call Yarn within Bundler

Merge pull request #7092 from openstreetmap/dependabot/bundler/rubocop-8dcd05a09e

Bump the rubocop group across 1 directory with 2 updates

Bump the rubocop group across 1 directory with 2 updates

Bumps the rubocop group with 2 updates in the / directory: [rubocop](https://github.com/rubocop/rubocop) and [rubocop-rails](https://github.com/rubocop/rubocop-rails).

Updates `rubocop` from 1.86.1 to 1.86.2
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.86.1...v1.86.2)

Updates `rubocop-rails` from 2.34.3 to 2.35.0
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.34.3...v2.35.0)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-version: 1.86.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: rubocop
- dependency-name: rubocop-rails
  dependency-version: 2.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: rubocop
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #7090 from tomhughes/params

Improve parameter validation using rails parameter methods

Add ::1 (IPv6 local) to allowed http redirect_uris for OAuth

Allows one to do local testing and to use IPv6. Previously only IPv4 was
supported (127.0.0.1), but not ::1.

Related discussions:
https://github.com/openstreetmap/openstreetmap-website/pull/4287
https://github.com/openstreetmap/openstreetmap-website/issues/3613

Improve parameter validation using rails parameter methods

Merge pull request #7085 from dschweisguth/run-update-wiki-pages

Run script/misc/update-wiki-pages

Merge pull request #7088 from openstreetmap/dependabot/bundler/dependencies-555bebb177

Bump the dependencies group with 5 updates

Merge pull request #7086 from openstreetmap/dependabot/github_actions/dependencies-da8be134b1

Bump ruby/setup-ruby from 1.306.0 to 1.307.0 in the dependencies group

Bump the dependencies group with 5 updates

Bumps the dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [bootsnap](https://github.com/rails/bootsnap) | `1.24.3` | `1.24.4` |
| [opentelemetry-exporter-otlp](https://github.com/open-telemetry/opentelemetry-ruby) | `0.33.0` | `0.34.0` |
| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `1.11.0` | `1.12.0` |
| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.221.0` | `1.222.0` |
| [selenium-webdriver](https://github.com/SeleniumHQ/selenium) | `4.43.0` | `4.44.0` |

Updates `bootsnap` from 1.24.3 to 1.24.4
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/bootsnap/compare/v1.24.3...v1.24.4)

Updates `opentelemetry-exporter-otlp` from 0.33.0 to 0.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp/v0.33.0...opentelemetry-exporter-otlp/v0.34.0)

Updates `opentelemetry-sdk` from 1.11.0 to 1.12.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-ruby/releases)
- [Commits](https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-sdk/v1.11.0...opentelemetry-sdk/v1.12.0)

Updates `aws-sdk-s3` from 1.221.0 to 1.222.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `selenium-webdriver` from 4.43.0 to 4.44.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.43.0...selenium-4.44.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-version: 1.24.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: opentelemetry-exporter-otlp
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: opentelemetry-sdk
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: aws-sdk-s3
  dependency-version: 1.222.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: selenium-webdriver
  dependency-version: 4.44.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump ruby/setup-ruby from 1.306.0 to 1.307.0 in the dependencies group

Bumps the dependencies group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).

Updates `ruby/setup-ruby` from 1.306.0 to 1.307.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/c4e5b1316158f92e3d49443a9d58b31d25ac0f8f...6aaa311d81eba98ae12eaffbcb63296ace0efcde)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.307.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #6533 from spixi/master

Add Nominatim description terms

Add Nominatim description terms

Merge pull request #7013 from Adi-gitX/docs/contributor-terms-wording

Use Contributor Terms wording in signup prompt

Run script/misc/update-wiki-pages

Merge remote-tracking branch 'upstream/pull/7084'

Avoid string interpolation into bash commands

Although the `clone_url` and `sha` are safe, other similar aspects of
the pull request head are not (e.g. `head.ref`, `pull_request.title` etc)
and these must not be interpolated.

So let's use the convention of putting such data into environment
variables, where the contents are not interpolated into the bash
commands and are instead passed directly to the called program.

https://docs.github.com/en/actions/reference/security/secure-use#use-an-intermediate-environment-variable

Merge pull request #7082 from openstreetmap/translatewiki

Localisation updates from https://translatewiki.net.

Localisation updates from https://translatewiki.net.

Merge remote-tracking branch 'upstream/pull/7080'

Merge remote-tracking branch 'upstream/pull/7077'

Change banner hide method

chore: updated sotm africa conference banner

Merge remote-tracking branch 'upstream/pull/7074'

Merge pull request #7062 from tyrasd/history-geolink

sync location hash on the "History" link in header navigation

sync location hash on the "History" link in header navigation

fixes https://github.com/openstreetmap/iD/issues/12287

Generalize color scheme evaluating logic

Merge remote-tracking branch 'upstream/pull/7073'

update iD to v2.40.0

Merge remote-tracking branch 'upstream/pull/7071'

Merge remote-tracking branch 'upstream/pull/7072'

Localisation updates from https://translatewiki.net.

Remove pessimistic version constraints

We were ignoring them in dependabot so they aren't really necessary.

We can add constraints when we run into specific problems, but otherwise
we should be optimistic that, for the vast majority of cases, the new version
of a gem will either work fine as-is or will be flagged up by CI.

Remove explicit mini_racer dependency

This was originally added to constrain the transitive dependency (via rtlcss)
but the associated bug is now fixed and the version constraint was automatically
changed by dependabot anyway.

Merge remote-tracking branch 'upstream/pull/7070'

Remove minimum version constraints from Gemfile

It's very unlikely that a `bundle update` will:

* lead a version downgrade
* ... and that version falls below the nominal minimum version
* ... and that version causes a breakage
* ... and that breakage is not picked up by CI

It's therefore better for legibility and clarity of other constraints
if we remove the ones that aren't necessary.

Skip big-pr check for translatewiki

These are often large, for example when we add more strings or when
a new language crosses the inclusion threshold.

Merge remote-tracking branch 'upstream/pull/7069'

Merge remote-tracking branch 'upstream/pull/7068'

Bump aws-sdk-s3 from 1.220.0 to 1.221.0 in the dependencies group

Bumps the dependencies group with 1 update: [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby).

Updates `aws-sdk-s3` from 1.220.0 to 1.221.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-version: 1.221.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump the dependencies group with 2 updates

Bumps the dependencies group with 2 updates: [leaflet.locatecontrol](https://github.com/domoritz/leaflet-locatecontrol) and [tag2link](https://github.com/JOSM/tag2link).

Updates `leaflet.locatecontrol` from 0.89.1 to 0.90.0
- [Changelog](https://github.com/domoritz/leaflet-locatecontrol/blob/gh-pages/CHANGELOG.md)
- [Commits](https://github.com/domoritz/leaflet-locatecontrol/compare/v0.89.1...v0.90.0)

Updates `tag2link` from 2026.3.21 to 2026.5.6
- [Release notes](https://github.com/JOSM/tag2link/releases)
- [Commits](https://github.com/JOSM/tag2link/compare/2026.3.21...2026.5.6)

---
updated-dependencies:
- dependency-name: leaflet.locatecontrol
  dependency-version: 0.90.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: tag2link
  dependency-version: 2026.5.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge remote-tracking branch 'upstream/pull/7066'