Skip to content

Update dependency @fedify/cli to v1.10.3#1489

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/fedify-cli-1.x
Open

Update dependency @fedify/cli to v1.10.3#1489
renovate[bot] wants to merge 1 commit intomainfrom
renovate/fedify-cli-1.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 23, 2025

This PR contains the following updates:

Package Change Age Confidence
@fedify/cli (source) 1.9.11.10.3 age confidence

Release Notes

fedify-dev/fedify (@​fedify/cli)

v1.10.3

Compare Source

Released on February 1, 2026.

@​fedify/fedify
  • Fixed traverseCollection() yielding no items when a Collection has
    an inline CollectionPage in its first property without an explicit
    id. This is common in Mastodon's replies collections. The function
    previously used collection.firstId to determine pagination, which
    returned null for inline pages without an id, causing it to
    incorrectly fall into the non-paginated branch. [#​550 by Lee Dogeon]

v1.10.2

Compare Source

Released on January 23, 2026.

@​fedify/testing
  • Fixed TestContext.getActorKeyPairs() returning empty array instead of
    calling registered key pairs dispatcher. The method now properly invokes
    the key pairs dispatcher when it is registered via
    setKeyPairsDispatcher(). [#​530]

v1.10.1

Compare Source

Released on January 22, 2026.

@​fedify/testing
  • Fixed TestContext.getActor() and TestContext.getObject() returning
    null instead of calling registered dispatchers. The methods now properly
    invoke actor and object dispatchers when they are registered via
    setActorDispatcher() and setObjectDispatcher(). [[#​530]]

v1.10.0

Compare Source

Released on December 24, 2025.

@​fedify/fedify
  • Enhanced OpenTelemetry instrumentation with span events for capturing
    detailed activity data. Span events now record complete activity JSON
    payloads and verification status, enabling richer observability and
    debugging capabilities without relying solely on span attributes
    (which only support primitive values). [#​323]

    • Added activitypub.activity.received span event to the
      activitypub.inbox span, recording the full activity JSON,
      verification status (activity verified, HTTP signatures verified,
      Linked Data signatures verified), and actor information.
    • Added activitypub.activity.sent span event to the
      activitypub.send_activity span, recording the full activity JSON
      and target inbox URL.
    • Added activitypub.object.fetched span event to the
      activitypub.lookup_object span, recording the fetched object's
      type and complete JSON-LD representation.
  • Added OpenTelemetry spans for previously uninstrumented operations:
    [#​323]

    • Added activitypub.fetch_document span for document loader operations,
      tracking URL fetching, HTTP redirects, and final document URLs.
    • Added activitypub.verify_key_ownership span for cryptographic
      key ownership verification, recording actor ID, key ID, verification
      result, and the verification method used.
  • Added optional list() method to the KvStore interface for enumerating
    entries by key prefix. This method takes an optional prefix parameter;
    when omitted or empty, it returns all entries. This enables efficient
    prefix scanning which is useful for implementing features like distributed
    trace storage, cache invalidation by prefix, and listing related entries.
    [#​498, #​500]

    • Added KvStoreListEntry interface.
    • Implemented in MemoryKvStore.
  • Added FedifySpanExporter class that persists ActivityPub activity traces
    to a KvStore for distributed tracing support. This enables aggregating
    trace data across multiple nodes in a distributed deployment, making it
    possible to build debug dashboards that show complete request flows across
    web servers and background workers. [#​497, #​502]

    • Added @fedify/fedify/otel module.
    • Added FedifySpanExporter class implementing OpenTelemetry's
      SpanExporter interface.
    • Added TraceActivityRecord interface for stored activity data,
      including actorId and signatureDetails fields for debug dashboard
      support.
    • Added SignatureVerificationDetails interface for detailed signature
      verification information.
    • Added TraceSummary interface for trace listing.
    • Added FedifySpanExporterOptions interface.
    • Added GetRecentTracesOptions interface.
    • Added ActivityDirection type.
@​fedify/nestjs
  • Allowed Express 5 in the express peer dependency range to support NestJS 11.
    [#​492, #​493 by Cho Hasang]
@​fedify/sqlite
@​fedify/postgres
@​fedify/redis
@​fedify/denokv
@​fedify/cfworkers

v1.9.5

Compare Source

Released on February 1, 2026.

@​fedify/fedify
  • Fixed traverseCollection() yielding no items when a Collection has
    an inline CollectionPage in its first property without an explicit
    id. This is common in Mastodon's replies collections. The function
    previously used collection.firstId to determine pagination, which
    returned null for inline pages without an id, causing it to
    incorrectly fall into the non-paginated branch. [[#​550] by Lee Dogeon]

v1.9.4

Compare Source

Released on January 23, 2026.

@​fedify/testing
  • Fixed TestContext.getActorKeyPairs() returning empty array instead of
    calling registered key pairs dispatcher. The method now properly invokes
    the key pairs dispatcher when it is registered via
    setKeyPairsDispatcher(). [[#​530]]

v1.9.3

Compare Source

Released on January 22, 2026.

@​fedify/testing
  • Fixed TestContext.getActor() and TestContext.getObject() returning
    null instead of calling registered dispatchers. The methods now properly
    invoke actor and object dispatchers when they are registered via
    setActorDispatcher() and setObjectDispatcher(). [[#​530]]

v1.9.2

Compare Source

Released on December 20, 2025.

@​fedify/fedify
  • Fixed a ReDoS (Regular Expression Denial of Service) vulnerability in
    the document loader's HTML parsing. An attacker-controlled server could
    respond with a malicious HTML payload that blocked the event loop.
    [CVE-2025-68475]
@​fedify/sqlite
  • Fixed SyntaxError: Identifier 'Temporal' has already been declared error
    that occurred when using SqliteKvStore on Node.js or Bun. The error
    was caused by duplicate Temporal imports during the build process.
    [#​487]

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - Between 07:00 AM and 04:59 PM, only on Monday, Tuesday, Wednesday, and Thursday ( * 7-16 * * 1,2,3,4 ) (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@coderabbitai
Copy link

coderabbitai bot commented Dec 23, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch renovate/fedify-cli-1.x

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@renovate renovate bot force-pushed the renovate/fedify-cli-1.x branch from 1e0f14f to 68c5a01 Compare December 27, 2025 14:13
@renovate renovate bot changed the title Update dependency @fedify/cli to v1.9.2 Update dependency @fedify/cli to v1.10.0 Dec 27, 2025
@renovate renovate bot force-pushed the renovate/fedify-cli-1.x branch from 68c5a01 to 2ffe92a Compare January 8, 2026 21:10
@renovate renovate bot force-pushed the renovate/fedify-cli-1.x branch from 2ffe92a to c8a689b Compare January 19, 2026 15:20
@renovate renovate bot force-pushed the renovate/fedify-cli-1.x branch from c8a689b to 6a6dda4 Compare January 21, 2026 18:49
@renovate renovate bot changed the title Update dependency @fedify/cli to v1.10.0 Update dependency @fedify/cli to v1.9.2 Jan 21, 2026
@renovate renovate bot force-pushed the renovate/fedify-cli-1.x branch from 6a6dda4 to bad955e Compare January 21, 2026 22:40
@renovate renovate bot changed the title Update dependency @fedify/cli to v1.9.2 Update dependency @fedify/cli to v1.10.0 Jan 21, 2026
@renovate renovate bot force-pushed the renovate/fedify-cli-1.x branch from bad955e to 5c21ea1 Compare January 23, 2026 21:13
@renovate renovate bot force-pushed the renovate/fedify-cli-1.x branch from 5c21ea1 to 6549734 Compare January 24, 2026 18:55
@renovate renovate bot changed the title Update dependency @fedify/cli to v1.10.0 Update dependency @fedify/cli to v1.10.1 Jan 24, 2026
@renovate renovate bot force-pushed the renovate/fedify-cli-1.x branch from 6549734 to a0b8680 Compare January 26, 2026 08:31
@renovate renovate bot changed the title Update dependency @fedify/cli to v1.10.1 Update dependency @fedify/cli to v1.10.2 Jan 26, 2026
@renovate renovate bot force-pushed the renovate/fedify-cli-1.x branch from a0b8680 to d70e1ba Compare February 2, 2026 17:06
@renovate renovate bot force-pushed the renovate/fedify-cli-1.x branch from d70e1ba to d4fc69f Compare February 4, 2026 02:57
@renovate renovate bot changed the title Update dependency @fedify/cli to v1.10.2 Update dependency @fedify/cli to v1.10.3 Feb 4, 2026
@renovate renovate bot force-pushed the renovate/fedify-cli-1.x branch from d4fc69f to d56cfcb Compare February 12, 2026 12:47
@sagzy
Copy link
Contributor

sagzy commented Feb 15, 2026

@codex review

@chatgpt-codex-connector
Copy link

Codex Review: Didn't find any major issues. Keep it up!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the @fedify/cli development dependency from version 1.9.1 to 1.10.3, bringing in several bug fixes and new features from the Fedify ecosystem. The CLI tool is used for development and testing purposes and does not affect the runtime dependencies of the application.

Changes:

  • Updated @fedify/cli from 1.9.1 to 1.10.3 in package.json
  • Updated yarn.lock with corresponding package resolution and integrity hash

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
package.json Updated @fedify/cli devDependency version from 1.9.1 to 1.10.3
yarn.lock Updated package resolution, integrity hash, and registry information for @fedify/cli

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@renovate renovate bot force-pushed the renovate/fedify-cli-1.x branch from d56cfcb to fe77206 Compare February 17, 2026 14:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants