Merge branch 'master' into dependabot/npm_and_yarn/typescript-eslint/…

…parser-7.4.0

.eslintrc.json

@@ -43,15 +43,6 @@
     ],
     "rules": {
         "accessor-pairs": "error",
-        "capitalized-comments": [
-            "error",
-            "always",
-            {
-                "ignorePattern": "case|[a-z]+[A-Z0-9]|[a-z]+\\.\\w",
-                "ignoreInlineComments": true,
-                "ignoreConsecutiveComments": true
-            }
-        ],
         "curly": ["error", "all"],
         "default-case-last": "error",
         "dot-notation": "error",
@@ -117,7 +108,7 @@
         "@stylistic/arrow-spacing": ["error", {"before": true, "after": true}],
         "@stylistic/block-spacing": ["error", "always"],
         "@stylistic/brace-style": ["error", "1tbs", {"allowSingleLine": true}],
-        "@stylistic/comma-dangle": ["error", "never"],
+        "@stylistic/comma-dangle": ["error", "always-multiline"],
         "@stylistic/comma-spacing": ["error", {"before": false, "after": true}],
         "@stylistic/comma-style": ["error", "last"],
         "@stylistic/computed-property-spacing": ["error", "never"],
@@ -398,7 +389,7 @@
                 "@typescript-eslint/no-misused-promises": "off",
                 "@typescript-eslint/no-redundant-type-constituents": "error",
                 "@typescript-eslint/no-unsafe-argument": "error",
-                "@typescript-eslint/no-unsafe-assignment": "off",
+                "@typescript-eslint/no-unsafe-assignment": "error",
                 "@typescript-eslint/no-unsafe-call": "off",
                 "@typescript-eslint/no-unsafe-enum-comparison": "off",
                 "@typescript-eslint/no-unsafe-member-access": "off",
@@ -567,6 +558,7 @@
                 "ext/js/display/pronunciation-generator.js",
                 "ext/js/display/structured-content-generator.js",
                 "ext/js/dom/css-style-applier.js",
+                "ext/js/language/CJK-util.js",
                 "ext/js/language/ja/japanese.js",
                 "ext/js/language/text-utilities.js",
                 "ext/js/templates/anki-template-renderer-content-manager.js",
@@ -639,24 +631,33 @@
                 "ext/js/general/cache-map.js",
                 "ext/js/general/object-property-accessor.js",
                 "ext/js/general/regex-util.js",
-                "ext/js/general/text-source-map.js",
                 "ext/js/language/ar/arabic-text-preprocessors.js",
+                "ext/js/language/CJK-util.js",
                 "ext/js/language/de/german-text-preprocessors.js",
+                "ext/js/language/de/german-transforms.js",
                 "ext/js/language/en/english-transforms.js",
+                "ext/js/language/es/spanish-transforms.js",
                 "ext/js/language/ja/japanese-text-preprocessors.js",
                 "ext/js/language/ja/japanese-transforms.js",
                 "ext/js/language/ja/japanese-wanakana.js",
                 "ext/js/language/ja/japanese.js",
+                "ext/js/language/ko/korean-text-processors.js",
+                "ext/js/language/ko/korean-transforms.js",
+                "ext/js/language/la/latin-transforms.js",
                 "ext/js/language/language-descriptors.js",
                 "ext/js/language/language-transformer.js",
                 "ext/js/language/language-transforms.js",
                 "ext/js/language/languages.js",
                 "ext/js/language/multi-language-transformer.js",
                 "ext/js/language/ru/russian-text-preprocessors.js",
                 "ext/js/language/sga/old-irish-transforms.js",
+                "ext/js/language/sh/serbo-croatian-text-preprocessors.js",
                 "ext/js/language/sq/albanian-transforms.js",
-                "ext/js/language/text-preprocessors.js",
+                "ext/js/language/vi/viet-text-preprocessors.js",
+                "ext/js/language/tl/tagalog-transforms.js",
+                "ext/js/language/text-processors.js",
                 "ext/js/language/translator.js",
+                "ext/js/language/zh/chinese.js",
                 "ext/js/media/audio-downloader.js",
                 "ext/js/media/media-util.js",
                 "ext/js/templates/template-patcher.js"
@@ -671,6 +672,47 @@
                 "crypto": "readonly",
                 "AbortController": "readonly"
             }
+        },
+        {
+            "files": [
+                "ext/data/recommended-dictionaries.json"
+            ],
+            "rules": {
+                "jsonc/sort-keys": ["error", {
+                    "pathPattern": ".*",
+                    "hasProperties": ["name"],
+                    "order": [
+                        "name",
+                        "description",
+                        "homepage",
+                        "downloadUrl"
+                    ]
+                }, {
+                    "pathPattern": ".*",
+                    "order": {
+                        "type": "asc"
+                    }
+                }]
+            }
+        },
+        {
+            "files": [
+                "ext/data/recommended-settings.json"
+            ],
+            "rules": {
+                "jsonc/sort-keys": ["error", {
+                    "pathPattern": ".*",
+                    "order": [
+                        "modification",
+                        "description"
+                    ]
+                }, {
+                    "pathPattern": ".*",
+                    "order": {
+                        "type": "asc"
+                    }
+                }]
+            }
         }
     ]
 }

.github/ISSUE_TEMPLATE/3-language-feature.md

@@ -0,0 +1,9 @@
+---
+name: Language specific issue
+about: Report a language-specific issue or feature request
+title: '[REPLACE ME WITH YOUR REQUESTED LANGUAGE]: '
+labels: 'area/linguistics'
+assignees: ''
+
+---
+

.github/ISSUE_TEMPLATE/4-tech-debt.md

@@ -0,0 +1,10 @@
+---
+name: Tech Debt
+about: Track any tech debt or dev improvements
+title: ''
+labels: area/tech-debt
+assignees: ''
+
+---
+
+

.github/dependabot.yml

@@ -31,7 +31,7 @@ updates:
       # These dependencies should be updated manually:
       - dependency-name: "vitest"
         # Benchmarking is an experimental feature in vitest:
-        # https://github.com/themoeway/yomitan/pull/583#issuecomment-1925047371
+        # https://github.com/yomidevs/yomitan/pull/583#issuecomment-1925047371
       - dependency-name: "@vitest/coverage-v8"
         # Pinned to stay on the same version as vitest
       - dependency-name: "@types/node"

.github/release.yml

@@ -6,7 +6,7 @@ changelog:
     - title: Breaking Changes
       labels:
         - kind/breaking-change
-    - title: Enhancement
+    - title: Enhancements
       labels:
         - kind/enhancement
     - title: Bug Fixes

.github/workflows/auto-approve-run.yml

@@ -14,7 +14,7 @@ jobs:
     if: github.actor == 'djahandarie'
     steps:
       - name: Download workflow artifact
-        uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4
+        uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6
         with:
             github_token: ${{ secrets.GITHUB_TOKEN }}
             workflow: auto-approve.yml

.github/workflows/bench.yml

@@ -1,5 +1,6 @@
 name: Performance Benchmarks
-
+permissions:
+  contents: read
 on:
   push:
     branches: [master]

.github/workflows/broken-links.yml

@@ -21,7 +21,7 @@ jobs:
         run: npm ci
       - name: Build Legal
         run: npm run license-report:html
-      - uses: lycheeverse/lychee-action@c053181aa0c3d17606addfe97a9075a32723548a
+      - uses: lycheeverse/lychee-action@v2.0.0
         with:
           fail: true
           jobSummary: false

.github/workflows/codeql.yml

@@ -10,7 +10,8 @@
 # supported CodeQL languages.
 #
 name: "CodeQL"
-
+permissions:
+  contents: read
 on:
   push:
     branches: [ "master" ]
@@ -50,7 +51,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v3.26.12
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -64,7 +65,7 @@ jobs:
     # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@v3.26.12
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -77,6 +78,6 @@ jobs:
     #     ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v3.26.12
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/create-prerelease-on-tag.yml

@@ -40,21 +40,21 @@ jobs:
 
       - name: Release
         id: release
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # pin@v0.1.15
+        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # pin@v2
         with:
           generate_release_notes: true
           prerelease: true
           files: builds/*
 
       - name: Dispatch publish-chrome-development
-        uses: aurelien-baudet/workflow-dispatch@93e95b157d791ae7f42aef8f8a0d3d723eba1c31 # pin@v2
+        uses: aurelien-baudet/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7 # pin@v2
         with:
           workflow: publish-chrome-development
           token: ${{ secrets.GITHUB_TOKEN }}
           wait-for-completion: false
 
       - name: Dispatch publish-firefox-development
-        uses: aurelien-baudet/workflow-dispatch@93e95b157d791ae7f42aef8f8a0d3d723eba1c31 # pin@v2
+        uses: aurelien-baudet/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7 # pin@v2
         with:
           workflow: publish-firefox-development
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -67,7 +67,7 @@ jobs:
       actions: read # To read the workflow path.
       id-token: write # To sign the provenance.
       contents: write # To add assets to a release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
     with:
       base64-subjects: "${{ needs.build.outputs.hashes }}"
       upload-assets: true

.github/workflows/delay.yml

@@ -31,7 +31,7 @@ jobs:
       actions: write
     steps:
       - name: Start the next attempt
-        uses: aurelien-baudet/workflow-dispatch@93e95b157d791ae7f42aef8f8a0d3d723eba1c31 # pin@v2
+        uses: aurelien-baudet/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7 # pin@v2
         with:
           workflow: ${{ github.event.inputs.workflow }}
           token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/dependency-review.yml

@@ -0,0 +1,27 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required,
+# PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
+        with:
+          egress-policy: audit
+
+      - name: 'Checkout Repository'
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4

.github/workflows/playwright.yml

@@ -10,6 +10,11 @@ jobs:
     timeout-minutes: 60
     runs-on: ubuntu-latest
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
+
       - name: Remove all fonts
         run: rm -rf /usr/share/fonts
 
@@ -47,17 +52,17 @@ jobs:
       - name: Grab latest dictionaries from dictionaries branch
         uses: actions/checkout@v4
         with:
-          repository: themoeway/yomitan # so that this works on forks
+          repository: yomidevs/yomitan # so that this works on forks
           ref: dictionaries
           path: dictionaries
 
       - name: Grab latest screenshots from master branch
-        uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # pin@v2
+        uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # pin@v2
         continue-on-error: true
         id: master-screenshots
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          repo: themoeway/yomitan # so that this works on forks
+          repo: yomidevs/yomitan # so that this works on forks
           name: playwright-screenshots
           branch: master
           workflow: playwright.yml

.github/workflows/playwright_comment.yml

@@ -15,16 +15,21 @@ jobs:
       github.event.workflow_run.event == 'pull_request' &&
       github.event.workflow_run.conclusion == 'success'
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
+        with:
+          egress-policy: audit
+
       - name: Grab playwright-output from PR run
-        uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # pin@v2
+        uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # pin@v2
         continue-on-error: true
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           run_id: ${{ github.event.workflow_run.id }}
           name: playwright-output
 
       - name: Grab master-screenshots-outcome from PR run
-        uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # pin@v2
+        uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # pin@v2
         continue-on-error: true
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -68,6 +73,7 @@ jobs:
             :heavy_check_mark: No visual differences introduced by this PR.
 
             <a href="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.event.workflow_run.id }}#artifacts">View Playwright Report</a> (note: open the "playwright-report" artifact)
+          update-only: true
 
       - name: "[Comment] Warning: Visual differences introduced by this PR"
         uses: mshick/add-pr-comment@dd126dd8c253650d181ad9538d8b4fa218fc31e8 # pin@v2

.github/workflows/publish-chrome-development.yml

@@ -38,14 +38,14 @@ jobs:
               return attempt < max ? attempt + 1 : '';
             }
 
-      - uses: robinraju/release-downloader@368754b9c6f47c345fcfbf42bcb577c2f0f5f395 # pin@v1.9
+      - uses: robinraju/release-downloader@a96f54c1b5f5e09e47d9504526e96febd949d4c2 # pin@v1.11
         with:
           tag: ${{ github.ref_name }}
           fileName: "*"
 
       - name: Fetch Google API access token
         id: fetchAccessToken
-        uses: cardinalby/google-api-fetch-token-action@24c99245e2a2494cc4c4b1037203d319a184b15b # [email protected].3
+        uses: cardinalby/google-api-fetch-token-action@f455422472a558d48d939e77a65cdcec38e707b5 # [email protected].4
         with:
           clientId: ${{ secrets.G_CLIENT_ID }}
           clientSecret: ${{ secrets.G_CLIENT_SECRET }}
@@ -65,7 +65,7 @@ jobs:
       # Schedule a next attempt if store refused to accept new version because it
       # still has a previous one in review
       - name: Start the next attempt with the delay
-        uses: aurelien-baudet/workflow-dispatch@93e95b157d791ae7f42aef8f8a0d3d723eba1c31 # pin@v2
+        uses: aurelien-baudet/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7 # pin@v2
         if: |
           steps.getNextAttemptNumber.outputs.result &&
           steps.webStoreUpload.outputs.inReviewError == 'true'