Merge branch 'main' into svg-embeds

mdn · Feb 14, 2025 · b4eb63f · b4eb63f
2 parents e1cb336 + 7f29fef
commit b4eb63f
Show file tree

Hide file tree

Showing 1,430 changed files with 16,597 additions and 5,593 deletions.
diff --git a/.github/workflows/auto-cleanup-bot.yml b/.github/workflows/auto-cleanup-bot.yml
@@ -5,6 +5,10 @@ on:
     - cron: "0 0 * * *"
   workflow_dispatch:
 
+# No GITHUB_TOKEN permissions, as we only use it to increase API limit.
+# We use AUTOMERGE_TOKEN to create the PR.
+permissions: {}
+
 jobs:
   fix:
     if: github.repository == 'mdn/content'
@@ -35,7 +39,7 @@ jobs:
 
       - name: Create PR with only fixable issues
         if: success()
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
         with:
           commit-message: "chore: auto-fix Markdownlint, Prettier, and front-matter issues"
           branch: markdownlint-auto-cleanup
@@ -50,7 +54,7 @@ jobs:
 
       - name: Create PR with notice on unfixed issues
         if: failure()
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
         with:
           commit-message: "chore: auto-fix Markdownlint, Prettier, and front-matter issues"
           branch: markdownlint-auto-cleanup

diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
@@ -3,12 +3,15 @@ name: auto-merge
 on:
   pull_request_target:
 
+# No GITHUB_TOKEN permissions, as we use AUTOMERGE_TOKEN instead.
+permissions: {}
+
 jobs:
   auto-merge:
     runs-on: ubuntu-latest
     if: github.event.pull_request.user.login == 'dependabot[bot]'
     steps:
-      - uses: ahmadnassri/action-dependabot-auto-merge@v2.6
+      - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2.6.6
         with:
           github-token: ${{ secrets.AUTOMERGE_TOKEN }}
           command: "squash and merge"

diff --git a/.github/workflows/idle-issues.yml b/.github/workflows/idle-issues.yml
@@ -3,6 +3,12 @@ on:
   schedule:
     - cron: "49 11,23 * * *"
 
+permissions:
+  # Label issues.
+  issues: write
+  # Label pull requests.
+  pull-requests: write
+
 jobs:
   idle:
     uses: mdn/workflows/.github/workflows/idle.yml@main

diff --git a/.github/workflows/interfacedata-updater.yml b/.github/workflows/interfacedata-updater.yml
@@ -6,6 +6,9 @@ on:
     - cron: "0 0 * * 6"
   workflow_dispatch:
 
+# No GITHUB_TOKEN permissions, as we use AUTOMERGE_TOKEN instead.
+permissions: {}
+
 jobs:
   update:
     if: github.repository == 'mdn/content'
@@ -35,7 +38,7 @@ jobs:
         run: node scripts/update-interface-data.js ../webref/
 
       - name: Create pull request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
         with:
           path: mdn-content
           token: ${{ secrets.AUTOMERGE_TOKEN }}

diff --git a/.github/workflows/issue-regex-labeler.yml b/.github/workflows/issue-regex-labeler.yml
@@ -3,6 +3,10 @@ on:
   issues:
     types: [opened]
 
+permissions:
+  # Label issues.
+  issues: write
+
 jobs:
   issue-labeler:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/lock-closed.yml b/.github/workflows/lock-closed.yml
@@ -3,6 +3,14 @@ on:
   schedule:
     - cron: "0 9 1 * *"
 
+permissions:
+  # Lock discussions.
+  discussions: write
+  # Lock issues.
+  issues: write
+  # Lock pull requests.
+  pull-requests: write
+
 jobs:
   lock:
     uses: mdn/workflows/.github/workflows/lock-closed.yml@main

diff --git a/.github/workflows/markdown-lint.yml b/.github/workflows/markdown-lint.yml
@@ -13,6 +13,9 @@ on:
       - .github/workflows/markdown-lint.yml
       - .github/workflows/markdownlint-problem-matcher.json
 
+# No GITHUB_TOKEN permissions, as we only use it to increase API limit.
+permissions: {}
+
 jobs:
   docs:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/new-issues.yml b/.github/workflows/new-issues.yml
@@ -6,12 +6,16 @@ on:
       - reopened
       - opened
 
+permissions:
+  # Label issues.
+  issues: write
+
 jobs:
   label-new-issues:
     runs-on: ubuntu-latest
     steps:
       - name: initial labelling
-        uses: andymckay/labeler@master
+        uses: andymckay/labeler@3a4296e9dcdf9576b0456050db78cfd34853f260 # master
         with:
           add-labels: "needs triage"
           ignore-if-assigned: true
diff --git a/.github/workflows/ping-other-repos.yml b/.github/workflows/ping-other-repos.yml
@@ -11,6 +11,10 @@ name: Ping other repos
 on:
   push:
     branches: [main]
+
+# No GITHUB_TOKEN permissions, as we use REPO_PINGER_MDN_SPEC_LINKS.
+permissions: {}
+
 jobs:
   ping:
     # Don't run in forks, or when Dependabot merges a PR.
@@ -22,7 +26,7 @@ jobs:
       - name: Ping w3c/mdn-spec-links
         # This is one of many possible repos we can ping. When adding other
         # repos, you can follow this w3c/mdn-spec-links one as an example.
-        uses: peter-evans/repository-dispatch@v3
+        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
         with:
           token: ${{ secrets.REPO_PINGER_MDN_SPEC_LINKS }}
           repository: w3c/mdn-spec-links

diff --git a/.github/workflows/pr-check-lint_content.yml b/.github/workflows/pr-check-lint_content.yml
@@ -10,6 +10,7 @@ on:
       - "files/**/*.md"
 
 permissions:
+  # Compare commits and add reviewdog comments.
   pull-requests: write
 
 concurrency:
@@ -130,7 +131,7 @@ jobs:
 
       - name: Setup reviewdog
         if: env.FILES_MODIFIED == 'true' || env.MD_LINT_FAILED == 'true'
-        uses: reviewdog/action-setup@v1
+        uses: reviewdog/action-setup@3f401fe1d58fe77e10d665ab713057375e39b887 # v1.3.0
         with:
           reviewdog_version: latest
 

diff --git a/.github/workflows/pr-check_cspell_lists.yml b/.github/workflows/pr-check_cspell_lists.yml
@@ -7,6 +7,9 @@ on:
     paths:
       - .vscode/dictionaries/*
 
+# No GITHUB_TOKEN permissions, as we don't use it.
+permissions: {}
+
 jobs:
   docs:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/pr-check_javascript.yml b/.github/workflows/pr-check_javascript.yml
@@ -10,6 +10,9 @@ on:
       - "**/*.mjs"
       - .github/workflows/pr-check_javascript.yml
 
+# No GITHUB_TOKEN permissions, as we only use it to increase API limit.
+permissions: {}
+
 jobs:
   lint-js:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/pr-check_json.yml b/.github/workflows/pr-check_json.yml
@@ -10,6 +10,9 @@ on:
       - "**/*.jsonc"
       - .github/workflows/pr-check_json.yml
 
+# No GITHUB_TOKEN permissions, as we only use it to increase API limit.
+permissions: {}
+
 jobs:
   lint-json:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/pr-check_redirects.yml b/.github/workflows/pr-check_redirects.yml
@@ -5,6 +5,9 @@ on:
     branches:
       - main
 
+# No GITHUB_TOKEN permissions, as we only use it to increase API limit.
+permissions: {}
+
 jobs:
   check-redirects:
     runs-on: ubuntu-latest
@@ -21,7 +24,7 @@ jobs:
       # This is a "required" workflow so path filtering can not be used:
       # https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/troubleshooting-required-status-checks#handling-skipped-but-required-checks
       # We have to rely on a custom filtering mechanism to run the checks only if required files are modified.
-      - uses: dorny/paths-filter@v3
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
         name: See if any file needs checking
         id: filter
         with:

diff --git a/.github/workflows/pr-check_scripts.yml b/.github/workflows/pr-check_scripts.yml
@@ -10,6 +10,9 @@ on:
       - yarn.lock
       - .github/workflows/pr-check_scripts.yml
 
+# No GITHUB_TOKEN permissions, as we only use it to increase API limit.
+permissions: {}
+
 jobs:
   up-to-date-check:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/pr-check_url-issues.yml b/.github/workflows/pr-check_url-issues.yml
@@ -7,6 +7,9 @@ on:
     paths:
       - "files/**/*.md"
 
+# No GITHUB_TOKEN permissions, as we don't use it.
+permissions: {}
+
 jobs:
   check_url_issues:
     #if: github.repository == 'mdn/content'

diff --git a/.github/workflows/pr-check_yml.yml b/.github/workflows/pr-check_yml.yml
@@ -10,6 +10,9 @@ on:
       - "**/*.yml"
       - .github/workflows/pr-check_yml.yml
 
+# No GITHUB_TOKEN permissions, as we only use it to increase API limit.
+permissions: {}
+
 jobs:
   lint-yml:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
@@ -4,8 +4,11 @@ on:
   - pull_request_target
 
 permissions:
+  # Patch issues, see: https://github.com/CodelyTV/pr-size-labeler/pull/89
   issues: write
+  # Label pull requests.
   pull-requests: write
+  # Fetch files (used by actions/labeler to get config).
   contents: read
 
 jobs:
@@ -29,7 +32,7 @@ jobs:
     name: Label by size
     runs-on: ubuntu-latest
     steps:
-      - uses: codelytv/pr-size-labeler@v1
+      - uses: codelytv/pr-size-labeler@1c3422395d899286d5ee2c809fd5aed264d5eb9b # v1.10.2
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           github_api_url: "https://api.github.com"

diff --git a/.github/workflows/pr-rebase-needed.yml b/.github/workflows/pr-rebase-needed.yml
@@ -5,6 +5,10 @@ on:
   pull_request_target:
     types: [synchronize]
 
+permissions:
+  # Label pull requests.
+  pull-requests: write
+
 jobs:
   label-rebase-needed:
     uses: mdn/workflows/.github/workflows/pr-rebase-needed.yml@main

diff --git a/.github/workflows/pr-review-companion.yml b/.github/workflows/pr-review-companion.yml
@@ -11,6 +11,12 @@ on:
     types:
       - completed
 
+permissions:
+  # Download artifact.
+  actions: read
+  # Post comment in pull request.
+  pull-requests: write
+
 jobs:
   review:
     runs-on: ubuntu-latest
@@ -55,7 +61,7 @@ jobs:
 
       - name: Install Python poetry
         if: env.HAS_ARTIFACT
-        uses: snok/install-poetry@v1.4
+        uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
         with:
           virtualenvs-create: true
           virtualenvs-in-project: true

diff --git a/.github/workflows/pr-test-legacy.yml b/.github/workflows/pr-test-legacy.yml
@@ -11,13 +11,14 @@ on:
     branches:
       - main
 
+permissions:
+  # Compare two commits.
+  contents: read
+
 jobs:
   tests:
     if: github.repository == 'mdn/content'
     runs-on: ubuntu-latest
-    # Set the permissions to `read-all`, preventing the workflow from
-    # any accidental write access to the repository.
-    permissions: read-all
     env:
       BASE_SHA: ${{ github.event.pull_request.base.sha }}
       HEAD_SHA: ${{ github.event.pull_request.head.sha }}

diff --git a/.github/workflows/pr-test.yml b/.github/workflows/pr-test.yml
@@ -11,13 +11,14 @@ on:
     branches:
       - main
 
+permissions:
+  # Compare two commits.
+  contents: read
+
 jobs:
   tests:
     if: github.repository == 'mdn/content'
     runs-on: ubuntu-latest
-    # Set the permissions to `read-all`, preventing the workflow from
-    # any accidental write access to the repository.
-    permissions: read-all
     env:
       BASE_SHA: ${{ github.event.pull_request.base.sha }}
       HEAD_SHA: ${{ github.event.pull_request.head.sha }}

diff --git a/.github/workflows/spelling-check-bot.yml b/.github/workflows/spelling-check-bot.yml
@@ -5,6 +5,10 @@ on:
     - cron: "0 0 * * mon"
   workflow_dispatch:
 
+permissions:
+  # Create issue.
+  issues: write
+
 jobs:
   sync:
     if: github.repository == 'mdn/content'

diff --git a/.github/workflows/system-file-changes.yml b/.github/workflows/system-file-changes.yml
@@ -10,6 +10,9 @@ on:
       - package.json
       - yarn.lock
 
+# No GITHUB_TOKEN permissions, as we don't use it.
+permissions: {}
+
 jobs:
   block:
     # This makes sure it only runs on our origin repo

diff --git a/.vscode/dictionaries/ignore-list.txt b/.vscode/dictionaries/ignore-list.txt
@@ -231,6 +231,7 @@ notavideo
 notebox
 nytimes
 Odtsetseg
+Oggi
 opensas
 opensesame
 OPQRTUVXYZ
@@ -321,3 +322,4 @@ YSDEgCDwkICAIOaWhyDwn6aE
 Yuckymeat
 YWxhZGRpbjpvcGVuc2VzYW1l
 Zorp
+ZRWB
diff --git a/.vscode/dictionaries/terms-abbreviations.txt b/.vscode/dictionaries/terms-abbreviations.txt
@@ -633,6 +633,7 @@ snapport
 snapshotted
 snapshotting
 SNES
+spammy
 spatialization
 spatializations
 spatialize

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -4,7 +4,7 @@ Thanks for taking the time to contribute to [MDN Web Docs](https://developer.moz
 
 This document covers project setup steps along with a set of guidelines for contributing to MDN Web Docs content.
 Everyone participating in this project is expected to follow our [Code of Conduct](https://github.com/mdn/content/blob/main/CODE_OF_CONDUCT.md), which means adhering to [Mozilla's Community Participation Guidelines](https://www.mozilla.org/en-US/about/governance/policies/participation/).
-If you want to jump right in, see [Getting started with MDN Web Docs][] for an overview of how to join, and the [Contribute page][] on MDN for a filtered list of tasks.
+If you want to jump right in, see [Getting started with MDN Web Docs][] for an overview of how to join, and the [Community resources][] on MDN.
 
 ## Getting started
 
@@ -419,7 +419,7 @@ There are some important rules of etiquette to remember that will help during th
 When contributing to the content you agree to license your contributions
 according to [our license](LICENSE.md).
 
-[contribute page]: https://developer.mozilla.org/en-US/docs/MDN/Community/Contributing
+[community resources]: https://developer.mozilla.org/en-US/docs/MDN/Community
 [getting started with mdn web docs]: https://developer.mozilla.org/en-US/docs/MDN/Community/Contributing/Getting_started
 [getting ready to contribute]: https://developer.mozilla.org/en-US/docs/MDN/Community/Contributing/Getting_started#getting_ready_to_contribute
 [how to write in markdown]: https://developer.mozilla.org/en-US/docs/MDN/Writing_guidelines/Howto/Markdown_in_MDN