Merge remote-tracking branch 'upstream/pull/6828'

Bump nokogiri from 1.19.0 to 1.19.1

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.19.0...v1.19.1)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-version: 1.19.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge remote-tracking branch 'upstream/pull/6827'

Bump the dependencies group with 2 updates

Bumps the dependencies group with 2 updates: [bootsnap](https://github.com/rails/bootsnap) and [binding_of_caller](https://github.com/banister/binding_of_caller).

Updates `bootsnap` from 1.22.0 to 1.23.0
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/bootsnap/compare/v1.22.0...v1.23.0)

Updates `binding_of_caller` from 1.0.1 to 2.0.0
- [Release notes](https://github.com/banister/binding_of_caller/releases)
- [Commits](https://github.com/banister/binding_of_caller/compare/v1.0.1...v2.0.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: binding_of_caller
  dependency-version: 2.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge remote-tracking branch 'upstream/pull/6823'

Avoid using positive tabindexes

The use of positive tabindexes is widely discouraged. Instead, we
should order the elements of the page in the same order as they
are displayed, which they are already.

Previously the tab indexes did match the order that these elements
were shown on the page, but the lack of tabindexes on certain other
elements was used to "skip over" things like explanatory links
in forms. This made these other elements hard to focus, and meant that
overall the focus skipped around the page unintuitively.

It is less confusing for keyboard users if the focus just moves around
in the same order that the elements are shown on the page, which is
also the same order they appear in the html.

See https://herb-tools.dev/linter/rules/html-no-positive-tab-index
and the list of references on that page, for further discussion.

Merge remote-tracking branch 'upstream/pull/6821'

Add database_consistency gem

Disable all failing and erroring checks, as a starting point.

Merge pull request #6820 from 1ec5/donate-6819

Avoid zombie Hardware Upgrade Fund translations

Renamed donation link string to avoid zombie translations

Drop bogus translations

Merge remote-tracking branch 'upstream/pull/6816'

Bump rack from 3.2.4 to 3.2.5

Bumps [rack](https://github.com/rack/rack) from 3.2.4 to 3.2.5.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v3.2.4...v3.2.5)

---
updated-dependencies:
- dependency-name: rack
  dependency-version: 3.2.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Localisation updates from https://translatewiki.net.

Raise linkify regex timeout

Merge remote-tracking branch 'upstream/pull/6810'

Merge remote-tracking branch 'upstream/pull/6798'

Explain how to regenerate a Postgres development volume

No idea how, but this appears to be interfering under macOS/arm64

Ensure version of Postgres compatible with client tools

Merge pull request #6797 from hlfan/html-attribute-double-quotes

Use double quotes for HTML atttribute values

Merge remote-tracking branch 'upstream/pull/6808'

Bump the dependencies group across 1 directory with 3 updates

Bumps the dependencies group with 3 updates in the / directory: [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js), [eslint](https://github.com/eslint/eslint) and [globals](https://github.com/sindresorhus/globals).

Updates `@eslint/js` from 9.39.2 to 10.0.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/HEAD/packages/js)

Updates `eslint` from 9.39.2 to 10.0.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.39.2...v10.0.0)

Updates `globals` from 14.0.0 to 17.3.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](https://github.com/sindresorhus/globals/compare/v14.0.0...v17.3.0)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 10.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: eslint
  dependency-version: 10.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: globals
  dependency-version: 17.3.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Require @eslint/js npm module explicitly

As of 5.x it is no longer an eslint dependency.

Require globals npm module explicitly

As of 5.x it is no longer an eslint dependency via eslintrc.

Update model annotations

Changes are due to https://github.com/drwl/annotaterb/issues/294
fixing issues with sorting not being applied correctly.

Fix new rubocop warnings

Update bundle

Block updates to dalli 5.x as it needs ruby 3.3

Unblock semver major updates for minitest

This was blocked to stop updates to 6.x but we've made that move now.

Merge pull request #6802 from openstreetmap/dependabot/npm_and_yarn/dependencies-2b1b988cf7

Bump the dependencies group across 1 directory with 5 updates

Bump the dependencies group across 1 directory with 5 updates

Bumps the dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [i18n-js](https://github.com/fnando/i18n) | `4.5.1` | `4.5.2` |
| [leaflet.locatecontrol](https://github.com/domoritz/leaflet-locatecontrol) | `0.87.0` | `0.88.0` |
| [maplibre-gl](https://github.com/maplibre/maplibre-gl-js) | `5.17.0` | `5.18.0` |
| [@herb-tools/linter](https://github.com/marcoroth/herb/tree/HEAD/javascript/packages/linter) | `0.8.9` | `0.8.10` |
| [@stylistic/eslint-plugin](https://github.com/eslint-stylistic/eslint-stylistic/tree/HEAD/packages/eslint-plugin) | `5.7.1` | `5.8.0` |

Updates `i18n-js` from 4.5.1 to 4.5.2
- [Changelog](https://github.com/fnando/i18n/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fnando/i18n/compare/v4.5.1...v4.5.2)

Updates `leaflet.locatecontrol` from 0.87.0 to 0.88.0
- [Changelog](https://github.com/domoritz/leaflet-locatecontrol/blob/gh-pages/CHANGELOG.md)
- [Commits](https://github.com/domoritz/leaflet-locatecontrol/compare/v0.87.0...v0.88.0)

Updates `maplibre-gl` from 5.17.0 to 5.18.0
- [Release notes](https://github.com/maplibre/maplibre-gl-js/releases)
- [Changelog](https://github.com/maplibre/maplibre-gl-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/maplibre/maplibre-gl-js/compare/v5.17.0...v5.18.0)

Updates `@herb-tools/linter` from 0.8.9 to 0.8.10
- [Release notes](https://github.com/marcoroth/herb/releases)
- [Commits](https://github.com/marcoroth/herb/commits/v0.8.10/javascript/packages/linter)

Updates `@stylistic/eslint-plugin` from 5.7.1 to 5.8.0
- [Release notes](https://github.com/eslint-stylistic/eslint-stylistic/releases)
- [Changelog](https://github.com/eslint-stylistic/eslint-stylistic/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint-stylistic/eslint-stylistic/commits/v5.8.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: i18n-js
  dependency-version: 4.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: leaflet.locatecontrol
  dependency-version: 0.88.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: maplibre-gl
  dependency-version: 5.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: "@herb-tools/linter"
  dependency-version: 0.8.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: "@stylistic/eslint-plugin"
  dependency-version: 5.8.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Enable some Herb HTML linting rules

Use double quotes for HTML atttribute values

Merge pull request #6789 from Oivo35/leisure-track

Incorrect english term for `leisure=track`

Merge pull request #6784 from hlfan/herb

Add Herb parser and linter

Merge remote-tracking branch 'upstream/pull/6792'

Initalise the MiniMaps only when the style is acually needed

Merge remote-tracking branch 'upstream/pull/6612'

Merge remote-tracking branch 'upstream/pull/6772'

Merge remote-tracking branch 'upstream/pull/6720'

Update track label to 'Racetrack (Non-Motorsport)'

Explicitly disable path processing in HTML/Markdown linkification

Forward normalisation rule to shorten_host

Split linkify shortening functions

Merge pull request #6781 from tomhughes/memcached-protocol

Use meta protocol for memcached connections

Migrate MapLayers lib to output maplibre styles

Add basic tests for MapLayers lib

Drop bogus translations

Merge remote-tracking branch 'upstream/pull/6786'

Bump faraday from 2.14.0 to 2.14.1

Bumps [faraday](https://github.com/lostisland/faraday) from 2.14.0 to 2.14.1.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1)

---
updated-dependencies:
- dependency-name: faraday
  dependency-version: 2.14.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Localisation updates from https://translatewiki.net.

Scope wiki linkification characters using POSIX words

Add a test case and simplify assertions for linkify spec test

Merge pull request #6785 from tomhughes/ubuntu-latest

Use ubuntu-latest for all workflows

Use ubuntu-latest for all workflows

Add Herb parser and linter

Fix syntax for tag.path attributes

Merge remote-tracking branch 'upstream/pull/6783'

Clean up HTML structure

Use tag helper for dynamic attributes

Remove self-closing tags for void elements

Merge remote-tracking branch 'upstream/pull/6780'

Merge remote-tracking branch 'upstream/pull/6617'

expose the enhanced changeset stats via the API

Added Donate button to navigation bar

Made donation form URL configurable

Use meta protocol for memcached connections

This fixes a deprecation warning and prepares for dalli 5.x which
will switch to meta as the only supported protocol.

Merge pull request #6754 from CommanderStorm/no-validateStyle

Disable `validateStyle` for minor initalisation performance gains on slower hardware

Disable `validateStyle` for minor initalisation performance gains on slower hardware

Merge remote-tracking branch 'upstream/pull/6728'

Merge remote-tracking branch 'upstream/pull/6773'

Localisation updates from https://translatewiki.net.

Merge remote-tracking branch 'upstream/pull/6777'

Merge remote-tracking branch 'upstream/pull/6776'

Merge remote-tracking branch 'upstream/pull/6775'

Bump the dependencies group with 5 updates

Bumps the dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [turbo-rails](https://github.com/hotwired/turbo-rails) | `2.0.22` | `2.0.23` |
| [bootsnap](https://github.com/rails/bootsnap) | `1.21.1` | `1.22.0` |
| [dalli](https://github.com/petergoldstein/dalli) | `4.2.0` | `4.3.0` |
| [brakeman](https://github.com/presidentbeef/brakeman) | `7.1.2` | `8.0.2` |
| [annotaterb](https://github.com/drwl/annotaterb) | `4.20.0` | `4.21.0` |

Updates `turbo-rails` from 2.0.22 to 2.0.23
- [Release notes](https://github.com/hotwired/turbo-rails/releases)
- [Commits](https://github.com/hotwired/turbo-rails/compare/v2.0.22...v2.0.23)

Updates `bootsnap` from 1.21.1 to 1.22.0
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/bootsnap/compare/v1.21.1...v1.22.0)

Updates `dalli` from 4.2.0 to 4.3.0
- [Changelog](https://github.com/petergoldstein/dalli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/petergoldstein/dalli/compare/v4.2.0...v4.3.0)

Updates `brakeman` from 7.1.2 to 8.0.2
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v7.1.2...v8.0.2)

Updates `annotaterb` from 4.20.0 to 4.21.0
- [Changelog](https://github.com/drwl/annotaterb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/drwl/annotaterb/compare/v4.20.0...v4.21.0)

---
updated-dependencies:
- dependency-name: turbo-rails
  dependency-version: 2.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: bootsnap
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: dalli
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: brakeman
  dependency-version: 8.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: annotaterb
  dependency-version: 4.21.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump rubocop from 1.84.0 to 1.84.1 in the rubocop group

Bumps the rubocop group with 1 update: [rubocop](https://github.com/rubocop/rubocop).

Updates `rubocop` from 1.84.0 to 1.84.1
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.84.0...v1.84.1)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-version: 1.84.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: rubocop
...

Signed-off-by: dependabot[bot] <support@github.com>

Bump ruby/setup-ruby from 1.286.0 to 1.288.0 in the dependencies group

Bumps the dependencies group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).

Updates `ruby/setup-ruby` from 1.286.0 to 1.288.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/90be1154f987f4dc0fe0dd0feedac9e473aa4ba8...09a7688d3b55cf0e976497ff046b70949eeaccfd)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.288.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

Remove CI guard on minitest/focus require

There is now a Minitest/Focus cop in rubocop-minitest, which will
catch any inadvertent usage of focus in a commit.

Merge pull request #6593 from deevroman/more-limits-for-notes-form

Hide the anonymous note creation form when the limit is exceeded

Document project roles, permissions, and eligibility criteria

The aim of this is both transparency around these roles, but also
some support to contributors so that they know what's involved.

Merge remote-tracking branch 'upstream/pull/6744'

Merge remote-tracking branch 'upstream/pull/6771'

Fix unclosed HTML elements

Indicate content state in header

Localisation updates from https://translatewiki.net.

Merge pull request #6760 from tomhughes/danger-vendor

Add a danger warning for changes to vendored files

Merge pull request #6683 from CommanderStorm/maplibre-minimap

Minimap migration from Leaflet to MapLibre

Merge remote-tracking branch 'upstream/pull/6458'

Add a danger warning for changes to vendored files

Don't import maplibre more than necessary

Migrate the minimaps from leaflet to MapLibre

Merge remote-tracking branch 'upstream/pull/6753'

Create raster tile equivalents to leaflets definitions

Localisation updates from https://translatewiki.net.

Merge pull request #6746 from CommanderStorm/snap_zoom

Activate `zoomSnap` on raster based map styles

Activate `zoomSnap` on raster based maps

Merge pull request #6751 from openstreetmap/dependabot/bundler/rubocop-d52ee5082b

Bump rubocop from 1.82.1 to 1.84.0 in the rubocop group

Merge pull request #6752 from openstreetmap/dependabot/npm_and_yarn/dependencies-f44a9feed0

Bump the dependencies group with 3 updates