@fedify/fedify

Fedify changelog ================ Version 1.5.0 ------------- Released on March 28, 2025. - Improved activity delivery performance with large audiences through a two-stage queuing system. Sending activities to many recipients (e.g., accounts with many followers) is now significantly faster and uses less memory. [[#220]] - Added `FederationQueueOptions.fanout` option. - Changed the type of `FederationStartQueueOptions.queue` option to `"inbox" | "outbox" | "fanout" | undefined` (was `"inbox" | "outbox" | undefined`). - Added `SendActivityOptions.fanout` option. - Added OpenTelemetry instrumented span `activitypub.fanout`. - The `ForwardActivityOptions` interface became a type alias of `Omit<SendActivityOptions, "fanout"> & { skipIfUnsigned: boolean }`, which is still compatible with the previous version. - A `Federation` object now can have a canonical origin for web URLs and a canonical host for fediverse handles. This affects the URLs constructed by `Context` objects, and the WebFinger responses. - Added `CreateFederationOptions.origin` option. - Added `FederationOrigin` interface. - Added `Context.canonicalOrigin` property. - Followers collection synchronization ([FEP-8fcf]) is now turned off by default. - Added `SendActivityOptionsForCollection` interface. - The type of `Context.sendActivity({ identifier: string } | { username: string } | { handle: string }, "followers", Activity)` overload's fourth parameter became `SendActivityOptionsForCollection | undefined` (was `SendActivityOptions | undefined`). - Fedify now accepts PEM-PKCS#1 besides PEM-SPKI for RSA public keys. [[#209]] - `CryptographicKey` now can contain a `publicKey` with a PEM-PKCS#1 format (in addition to PEM-SPKI). - Added `importPkcs1()` function. - Added `importPem()` function. - The `fetchKey()` function became to choose the public key of the actor if `keyId` has no fragment and the actor has only one public key. [[#211]] - Added an optional parameter with `GetSignedKeyOptions` type to the `RequestContext.getSignedKey()` method. - Added `GetSignedKeyOptions` interface. - Added an optional parameter with `GetKeyOwnerOptions` type to the `RequestContext.getSignedKeyOwner()` method. - Deprecated the parameters of the `AuthorizePredicate` and `ObjectAuthorizePredicate` types to get the signed key and its owner in favor of the `RequestContext.getSignedKey()` and `RequestContext.getSignedKeyOwner()` methods. - Deprecated the third parameter of the `AuthorizePredicate` type in favor of the `RequestContext.getSignedKey()` method. - Deprecated the fourth parameter of the `AuthorizePredicate` type in favor of the `RequestContext.getSignedKeyOwner()` method. - Deprecated the third parameter of the `ObjectAuthorizePredicate` type in favor of the `RequestContext.getSignedKey()` method. - Deprecated the fourth parameter of the `ObjectAuthorizePredicate` type in favor of the `RequestContext.getSignedKeyOwner()` method. - Added an optional method `enqueueMany()` to `MessageQueue` interface for sending multiple activities at once. - Updated *@js-temporal/polyfill* to 0.5.0 for Node.js and Bun. On Deno, there is no change because the polyfill is not used. - Updated *uri-template-router* to 0.0.17 which fixes bundler errors on Rollup. [[#221]] - Improved error handling and logging for document loader when KV store operations fail. [[#223] by Revath S Kumar] - Fixed a bug of the `fedify inbox` command where it had failed to render the web interface when the `fedify` command was installed using `deno install` command from JSR. - The web interface of the `fedify inbox` command was slightly redesigned: - The Fedify logo with the cute dinosaur is now displayed at the top of the page. - You can easily copy the fediverse handle of the ephemeral actor. - Internalized the [multibase] package, which is obsolete and no longer maintained. [[#127], [#215] by Fróði Karlsson] - Added more log messages using the [LogTape] library. Currently the below logger categories are used: - `["fedify", "federation", "fanout"]` - `["fedify", "federation", "object"]` [#127]: https://github.com/fedify-dev/fedify/issues/127 [#209]: https://github.com/fedify-dev/fedify/issues/209 [#211]: https://github.com/fedify-dev/fedify/issues/211 [#215]: https://github.com/fedify-dev/fedify/pull/215 [#220]: https://github.com/fedify-dev/fedify/issues/220 [#221]: https://github.com/fedify-dev/fedify/issues/221 [#223]: https://github.com/fedify-dev/fedify/pull/223 [FEP-8fcf]: https://w3id.org/fep/8fcf [multibase]: https://github.com/multiformats/js-multibase Version 1.4.9 ------------- Released on March 26, 2025. - Fixed a `TypeError` thrown by the followers collection dispatcher when the `base-url` parameter was provided. - Fixed a `TypeError` thrown by the `signRequest()` function on Node.js. [[#222]] Version 1.4.8 ------------- Released on March 26, 2025. - Fixed a bug where the `totalItems` property of `OrderedCollection` objects returned by followers collection dispatcher had been an incorrect value if a `base-url` parameter was provided. - Fixed a bug where the `id` property of `OrderedCollection` and `OrderedCollectionPage` objects returned by followers collection dispatcher had been an incorrect value if a `base-url` parameter was provided. Version 1.4.7 ------------- Released on March 20, 2025. - Fixed a bug of WebFinger handler where it had failed to match `acct:` URIs with a host having a port number. [[#218], [#219] by Revath S Kumar] - Fixed a server error thrown when an invalid URL was passed to the `base-url` parameter of the followers collection. [[#217]] Version 1.4.6 ------------- Released on March 9, 2025. - Fedify no more depends on `node:punycode` module, which is deprecated in Node.js. Now it uses the built-in `node:url` module instead. [[#212], [#214] by Fróði Karlsson] Version 1.4.5 ------------- Released on February 28, 2025. - Made `fedify init` to install *@fedify/h3* 0.1.2 which is compatible with Fedify 1.0.0 or later versions when `--web-framework nitro` option is provided. [[#213]] - Fixed a bug where `fedify init` had failed to initialize a project with the `--runtime node --package-manager pnpm --web-framework nitro` option. [[#213]] Version 1.4.4 ------------- Released on February 25, 2025. - Added the following default context to `Application`, `Group`, `Organization`, `Person`, and `Service` classes: ~~~~ json { "Emoji": "http://joinmastodon.org/ns#Emoji" } ~~~~ Version 1.4.3 ------------- Released on February 22, 2025. - Added the following default contexts to `Follow`, `Undo`, and `Update` classes: - <https://w3id.org/security/v1> - <https://www.w3.org/ns/did/v1> - <https://w3id.org/security/multikey/v1> Version 1.4.2 ------------- Released on February 19, 2025. - Fixed a bug where the `fedify init` command had failed to locate package managers on Windows. [[#210]] - The `fedify` command became aware of `FEDIFY_LOG_FILE` environment variable to log messages to a file. If the variable is set, the command logs messages to the file specified by the variable. Version 1.4.1 ------------- Released on February 10, 2025. - Fixed a bug with nested object hydration in Activity Vocabulary API where deeply nested properties (like `Object.getAttribution()` on `Activity.getObject()`) were't being properly hydrated during `toJsonLd()` calls. Previously, subsequent calls to `toJsonLd()` on nested objects could result in inconsistent JSON-LD output where nested objects remained as URLs instead of being fully expanded. Version 1.4.0 ------------- Released on February 5, 2025. - Document loader and context loader are now configurable with a factory function for more flexibility. - Deprecated `CreateFederationOptions.documentLoader` option. Use `CreateFederationOptions.documentLoaderFactory` option instead. - Deprecated `CreateFederationOptions.contextLoader` option. Use `CreateFederationOptions.contextLoaderFactory` option instead. - Added `DocumentLoaderFactory` type. - Added `DocumentLoaderFactoryOptions` interface. - Added the second parameter with `DocumentLoaderFactoryOptions` type to `AuthenticatedDocumentLoaderFactory` type. - `GetAuthenticatedDocumentLoaderOptions` interface became to extend `DocumentLoaderFactoryOptions` interface. - Added a type parameter `TContextData` to `CreateFederationOptions` interface. - Fedify now assigns a random-generated *http:*/*https:* URI to activities if these do not have explicit `id` properties. This behavior can be disabled by excluding `autoIdAssigner()` from the `CreateFederationOptions.activityTransformers` option. - Introduced `ActivityTransformer`s for adjusting outgoing activities before sending them so that some ActivityPub implementations with quirks are satisfied. - Added `@fedify/fedify/compat` module. - Added `ActivityTransformer` type. - Added `autoIdAssigner()` function. - Added `actorDehydrator()` function. - Added `defaultActivityTransformers` constant. - Added `CreateFederationOptions.activityTransformers` option. - The `suppressError` option of Activity Vocabulary APIs, `traverseCollection()` function, and `Context.traverseCollection()` method now suppresses errors occurred JSON-LD processing. - WebFinger responses are now customizable. [[#3]] - Added `ActorCallbackSetters.mapAlias()` method. - Added `ActorAliasMapper` type. - Added `Context.getNodeInfo()` method. [[#203]] - Added `shares` property to `Object` class in Activity Vocabulary API. - Added `Object.sharesId` property. - Added `Object.getShares()` method. - `new Object()` constructor now accepts `shares` option. - `Object.clone()` method now accepts `shares` option. - Added `likes` property to `Object` class in Activity Vocabulary API. - Added `Object.likesId` property. - Added `Object.getLikes()` method. - `new Object()` constructor now accepts `likes` option. - `Object.clone()` method now accepts `likes` option. - Added `emojiReactions` property to `Object` class in Activity Vocabulary API. - Added `Object.emojiReactionsId` property - Added `Object.getEmojiReactions()` method. - `new Object()` constructor now accepts `emojiReactions` option. - `Object.clone()` method now accepts `emojiReactions` option. - Added `allowPrivateAddress` option to `LookupWebFingerOptions` interface. - Added more log messages using the [LogTape] library. Currently the below logger categories are used: - `["fedify", "compat", "transformers"]` - Added `-t`/`--traverse` option to the `fedify lookup` subcommand. [[#195]] - Added `-S`/`--suppress-errors` option to the `fedify lookup` subcommand. [[#195]] [#3]: https://github.com/fedify-dev/fedify/issues/3 [#195]: https://github.com/fedify-dev/fedify/issues/195 Version 1.3.16 -------------- Released on March 26, 2025. - Fixed a `TypeError` thrown by the followers collection dispatcher when the `base-url` parameter was provided. - Fixed a `TypeError` thrown by the `signRequest()` function on Node.js. [[#222]] Version 1.3.15 -------------- Released on March 26, 2025. - Fixed a bug where the `totalItems` property of `OrderedCollection` objects returned by followers collection dispatcher had been an incorrect value if a `base-url` parameter was provided. - Fixed a bug where the `id` property of `OrderedCollection` and `OrderedCollectionPage` objects returned by followers collection dispatcher had been an incorrect value if a `base-url` parameter was provided. Version 1.3.14 -------------- Released on March 20, 2025. - Fixed a bug of WebFinger handler where it had failed to match `acct:` URIs with a host having a port number. [[#218], [#219] by Revath S Kumar] - Fixed a server error thrown when an invalid URL was passed to the `base-url` parameter of the followers collection. [[#217]] Version 1.3.13 -------------- Released on March 9, 2025. - Fedify no more depends on `node:punycode` module, which is deprecated in Node.js. Now it uses the built-in `node:url` module instead. [[#212], [#214] by Fróði Karlsson] Version 1.3.12 -------------- Released on February 28, 2025. - Made `fedify init` to install *@fedify/h3* 0.1.2 which is compatible with Fedify 1.0.0 or later versions when `--web-framework nitro` option is provided. [[#213]] - Fixed a bug where `fedify init` had failed to initialize a project with the `--runtime node --package-manager pnpm --web-framework nitro` option. [[#213]] Version 1.3.11 -------------- Released on February 25, 2025. - Added the following default context to `Application`, `Group`, `Organization`, `Person`, and `Service` classes: ~~~~ json { "Emoji": "http://joinmastodon.org/ns#Emoji" } ~~~~ Version 1.3.10 -------------- Released on February 22, 2025. - Added the following default contexts to `Follow`, `Undo`, and `Update` classes: - <https://w3id.org/security/v1> - <https://www.w3.org/ns/did/v1> - <https://w3id.org/security/multikey/v1> Version 1.3.9 ------------- Released on February 19, 2025. - Fixed a bug where the `fedify init` command had failed to locate package managers on Windows. [[#210]] - The `fedify` command became aware of `FEDIFY_LOG_FILE` environment variable to log messages to a file. If the variable is set, the command logs messages to the file specified by the variable. Version 1.3.8 ------------- Released on February 10, 2025. - Fixed a bug with nested object hydration in Activity Vocabulary API where deeply nested properties (like `Object.getAttribution()` on `Activity.getObject()`) were't being properly hydrated during `toJsonLd()` calls. Previously, subsequent calls to `toJsonLd()` on nested objects could result in inconsistent JSON-LD output where nested objects remained as URLs instead of being fully expanded. Version 1.3.7 ------------- Released on February 1, 2025. - Updated [LogTape] to version 0.8.1, which fixes a bug where `lowestLevel` option had incorrectly behaved. Version 1.3.6 ------------- Released on January 31, 2025. - Fixed a bug where `getUserAgent()` function had returned a `User-Agent` string with a wrong JavaScript runtime name on Node.js. [[#203]] [#203]: https://github.com/fedify-dev/fedify/issues/203 Version 1.3.5 ------------- Released on January 21, 2025. - Fixed a bug where `CreateFederationOptions.allowPrivateAddress` option had been ignored by the `Context.lookupObject()` method when it had taken a fediverse handle. - The `lookupWebFinger()` function became to silently return `null` when it fails to fetch the WebFinger document due to accessing a private network address, instead of throwing a `UrlError`. Version 1.3.4 ------------- Released on January 21, 2025. - Fixed several security vulnerabilities of the `lookupWebFinger()` function. [[CVE-2025-23221]] - Fixed a security vulnerability where the `lookupWebFinger()` function had followed the infinite number of redirects, which could lead to a denial of service attack. Now it follows up to 5 redirects. - Fixed a security vulnerability where the `lookupWebFinger()` function had followed the redirects to other than the HTTP/HTTPS schemes, which could lead to a security breach. Now it follows only the same scheme as the original request. - Fixed a security vulnerability where the `lookupWebFinger()` function had followed the redirects to the private network addresses, which could lead to a SSRF attack. Now it follows only the public network addresses. Version 1.3.3 ------------- Released on December 30, 2024. - The `fetchDocumentLoader()` function now preloads the following JSON-LD context: <https://gotosocial.org/ns>. Version 1.3.2 ------------- Released on December 18, 2024. - Fixed the default document loader to handle the `Link` header with incorrect syntax. [[#196]] Version 1.3.1 ------------- Released on December 11, 2024. - Fixed idempotence check in inbox listeners to ensure activities for different origins are processed correctly. Version 1.3.0 ------------- Released on November 30, 2024. - `MessageQueue`s now can be differently configured for incoming and outgoing activities. - Changed the type of `CreateFederationOptions.queue` option to `FederationQueueOptions | MessageQueue | undefined` (was `MessageQueue | undefined`). - Added `FederationQueueOptions` interface. - Added `FederationStartQueueOptions.queue` option. - Fedify now makes HTTP requests with the proper `User-Agent` header. [[#162]] - Added `getUserAgent()` function. - Added `GetUserAgentOptions` interface. - Added `getDocumentLoader()` function. - Added `GetDocumentLoaderOptions` interface. - The type of `getAuthenticatedDocumentLoader()` function's second parameter became `GetAuthenticatedDocumentLoaderOptions | undefined` (was `boolean | undefined`). - Added `GetAuthenticatedDocumentLoaderOptions` interface. - Deprecated `fetchDocumentLoader()` function. - Added `LookupObjectOptions.userAgent` option. - Added the type of `getActorHandle()` function's second parameter became `GetActorHandleOptions | undefined` (was `NormalizeActorHandleOptions | undefined`). - Added `GetActorHandleOptions` interface. - Added the optional second parameter to `lookupWebFinger()` function. - Added `LookupWebFingerOptions` interface. - Added `GetNodeInfoOptions.userAgent` option. - Added `-u`/`--user-agent` option to `fedify lookup` subcommand. - Added `-u`/`--user-agent` option to `fedify node` subcommand. - Fedify now caches unavailable keys of remote actors as well to avoid trying fetching the same unavailable key multiple times. - The return type of the `KeyCache.get()` method became `Promise<CryptographicKey | MultiKey | null | undefined>` (was `Promise<CryptographicKey | MultiKey | null>`). - The type of the `KeyCache.set()` method's second parameter became `CryptographicKey | MultiKey | null` (was `CryptographicKey | MultiKey`). - Added `fetchKey()` function. - Added `FetchKeyOptions` interface. - Added `FetchKeyResult` interface. - The `Router` now provide the matched route's URI template besides the name. - The return type of `Router.route()` method became `RouterRouteResult | null` (was `{ name: string; values: Record<string, string> } | null`). - Added `RouterRouteResult` interface. - Added `getTypeId()` function. - `Context.sendActivity()` and `InboxContext.forwardActivity()` methods now reject when they fail to enqueue the task. [[#192]] - Fedify now allows you to manually route an `Activity` to the corresponding inbox listener. [[#193]] - Added `Context.routeActivity()` method. - Added `RouteActivityOptions` interface. - `Object.toJsonLd()` without any `format` option now returns its original JSON-LD object even if it not created from `Object.fromJsonLd()` but it is returned from another `Object`'s `get*()` method. - Fedify now supports OpenTelemetry for tracing. [[#170]] - Added `Context.tracerProvider` property. - Added `CreateFederationOptions.tracerProvider` option. - Added `LookupWebFingerOptions.tracerProvider` option. - Added `LookupObjectOptions.tracerProvider` option. - Added `GetActorHandleOptions.tracerProvider` option. - Added `VerifyRequestOptions.tracerProvider` option. - Added `SignRequestOptions` interface. - Added the optional fourth parameter to `signRequest()` function. - Added `VerifyProofOptions.tracerProvider` option. - Added `VerifyObjectOptions.tracerProvider` option. - Added `SignObjectOptions.tracerProvider` option. - Added `VerifySignatureOptions.tracerProvider` option. - Added `VerifyJsonLdOptions.tracerProvider` option. - Added `SignJsonLdOptions.tracerProvider` option. - Added `DoesActorOwnKeyOptions.tracerProvider` option. - Added `GetKeyOwnerOptions.tracerProvider` option. - Added `tracerProvider` option to the following Activity Vocabulary APIs: - The second parameters of constructors. - The second parameters of `fromJsonLd()` static methods. - The second parameters of `get*()` methods. - Added `@fedify/fedify/x/sveltekit` module for integrating with [SvelteKit] hook. [[#171], [#183] by Jiyu Park] - Added `fedifyHook()` function. - The scaffold project generated by `fedify init` command now enables tracing data into log messages. - Let the `fedify lookup` command take multiple arguments. [[#173], [#186] by PGD] [SvelteKit]: https://kit.svelte.dev/ [#162]: https://github.com/fedify-dev/fedify/issues/162 [#170]: https://github.com/fedify-dev/fedify/issues/170 [#171]: https://github.com/fedify-dev/fedify/issues/171 [#173]: https://github.com/fedify-dev/fedify/issues/173 [#183]: https://github.com/fedify-dev/fedify/pull/183 [#186]: https://github.com/fedify-dev/fedify/pull/186 [#192]: https://github.com/fedify-dev/fedify/issues/192 [#193]: https://github.com/fedify-dev/fedify/issues/193 Version 1.2.20 -------------- Released on March 26, 2025. - Fixed a `TypeError` thrown by the followers collection dispatcher when the `base-url` parameter was provided. - Fixed a `TypeError` thrown by the `signRequest()` function on Node.js. [[#222]] Version 1.2.19 -------------- Released on March 26, 2025. - Fixed a bug where the `totalItems` property of `OrderedCollection` objects returned by followers collection dispatcher had been an incorrect value if a `base-url` parameter was provided. - Fixed a bug where the `id` property of `OrderedCollection` and `OrderedCollectionPage` objects returned by followers collection dispatcher had been an incorrect value if a `base-url` parameter was provided. Version 1.2.18 -------------- Released on March 20, 2025. - Fixed a bug of WebFinger handler where it had failed to match `acct:` URIs with a host having a port number. [[#218], [#219] by Revath S Kumar] - Fixed a server error thrown when an invalid URL was passed to the `base-url` parameter of the followers collection. [[#217]] Version 1.2.17 -------------- Released on March 9, 2025. - Fedify no more depends on `node:punycode` module, which is deprecated in Node.js. Now it uses the built-in `node:url` module instead. [[#212], [#214] by Fróði Karlsson] Version 1.2.16 -------------- Released on February 28, 2025. - Made `fedify init` to install *@fedify/h3* 0.1.2 which is compatible with Fedify 1.0.0 or later versions when `--web-framework nitro` option is provided. [[#213]] - Fixed a bug where `fedify init` had failed to initialize a project with the `--runtime node --package-manager pnpm --web-framework nitro` option. [[#213]] - Made `fedify init` to install *@logtape/logtape* 0.7.2 which is the version used in Fedify 1.2.x. Version 1.2.15 -------------- Released on February 25, 2025. - Added the following default context to `Application`, `Group`, `Organization`, `Person`, and `Service` classes: ~~~~ json { "Emoji": "http://joinmastodon.org/ns#Emoji" } ~~~~ Version 1.2.14 -------------- Released on February 22, 2025. - Added the following default contexts to `Follow`, `Undo`, and `Update` classes: - <https://w3id.org/security/v1> - <https://www.w3.org/ns/did/v1> - <https://w3id.org/security/multikey/v1> Version 1.2.13 -------------- Released on February 19, 2025. - Fixed a bug where the `fedify init` command had failed to locate package managers on Windows. [[#210]] - The `fedify` command became aware of `FEDIFY_LOG_FILE` environment variable to log messages to a file. If the variable is set, the command logs messages to the file specified by the variable. Version 1.2.12 -------------- Released on February 10, 2025. - Fixed a bug with nested object hydration in Activity Vocabulary API where deeply nested properties (like `Object.getAttribution()` on `Activity.getObject()`) were't being properly hydrated during `toJsonLd()` calls. Previously, subsequent calls to `toJsonLd()` on nested objects could result in inconsistent JSON-LD output where nested objects remained as URLs instead of being fully expanded. Version 1.2.11 -------------- Released on January 21, 2025. - Fixed several security vulnerabilities of the `lookupWebFinger()` function. [[CVE-2025-23221]] - Fixed a security vulnerability where the `lookupWebFinger()` function had followed the infinite number of redirects, which could lead to a denial of service attack. Now it follows up to 5 redirects. - Fixed a security vulnerability where the `lookupWebFinger()` function had followed the redirects to other than the HTTP/HTTPS schemes, which could lead to a security breach. Now it follows only the same scheme as the original request. - Fixed a security vulnerability where the `lookupWebFinger()` function had followed the redirects to the private network addresses, which could lead to a SSRF attack. Now it follows only the public network addresses. Version 1.2.10 -------------- Released on December 18, 2024. - Fixed the default document loader to handle the `Link` header with incorrect syntax. [[#196]] Version 1.2.9 ------------- Released on December 11, 2024. - Fixed idempotence check in inbox listeners to ensure activities for different origins are processed correctly. Version 1.2.8 ------------- Released on November 23, 2024. - Fixed warnings from the `fedify inbox` command. [[#177], [#181] by WinterHana] - Fixed `ShikiError` on the `fedify inbox` command rendering web interface. [[#178], [#185] by Heesun Jung] - Fixed text overflow of the `fedify inbox` command's web log view. [[#180], [#188] by Lim Kyunghee] [#177]: https://github.com/fedify-dev/fedify/issues/177 [#181]: https://github.com/fedify-dev/fedify/pull/181 Version 1.2.7 ------------- Released on November 22, 2024. - Fixed a bug where `lookupWebFinger()` function had thrown a `TypeError` when the *.well-known/webfinger* redirects to a relative URI. [[#166]] Version 1.2.6 ------------- Released on November 19, 2024. - Fix a bug where `Actor`'s `inbox` and `outbox` properties had not been able to be set to an `OrderedCollectionPage` object, even though it is a subtype of `OrderedCollection` according to Activity Vocabulary specification. [[#165]] - The type of `Application()` constructor's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The type of `Application.clone()` method's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The return type of `Application.getInbox()` and `Application.getOutbox()` methods is now `OrderedCollection | OrderedCollectionPage | null` (was `OrderedCollection | null`). - The type of `Group()` constructor's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The type of `Group.clone()` method's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The return type of `Group.getInbox()` and `Group.getOutbox()` methods is now `OrderedCollection | OrderedCollectionPage | null` (was `OrderedCollection | null`). - The type of `Organization()` constructor's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The type of `Organization.clone()` method's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The return type of `Organization.getInbox()` and `Organization.getOutbox()` methods is now `OrderedCollection | OrderedCollectionPage | null` (was `OrderedCollection | null`). - The type of `Person()` constructor's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The type of `Person.clone()` method's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The return type of `Person.getInbox()` and `Person.getOutbox()` methods is now `OrderedCollection | OrderedCollectionPage | null` (was `OrderedCollection | null`). - The type of `Service()` constructor's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The type of `Service.clone()` method's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The return type of `Service.getInbox()` and `Service.getOutbox()` methods is now `OrderedCollection | OrderedCollectionPage | null` (was `OrderedCollection | null`). Version 1.2.5 ------------- Released on November 14, 2024. - Suppressed a `TypeError` with a message <q>unusable</q> due to Node.js's mysterious behavior. [[#159]] - The `verifyRequest()` function no longer throws a `TypeError` when a given `Request` object's body is already consumed or locked. Instead, it logs an error message to the `["fedify", "sig", "http"]` logger category and returns `null`. - The `Federation.fetch()` method no longer throws a `TypeError` when a given `Request` object's body is already consumed or locked. Instead, it logs an error message to the `["fedify", "federation", "inbox"]` logger category and responds with a `500 Internal Server Error`. Version 1.2.4 ------------- Released on November 12, 2024. - Fixed a bug where default document loaders had thrown a `TypeError` with a message <q>Body is unusable: Body has already been read</q> or <q>Body already consumed</q> when the content type of the response was an HTML document and there's no link to a JSON-LD document. - Fixed a bug where `verifySignature()` and `verifyJsonLd()` functions sometimes had thrown a `jsonld.ValidationError` error. Now such errors are caught and logged as warnings, and the signature to verify is considered as invalid. Version 1.2.3 ------------- Released on November 6, 2024. - The `fedify node` subcommand now can recognize multiple values of the `rel` attribute in the `<link>` HTML elements. Version 1.2.2 ------------- Released on November 1, 2024. - Handle connection errors (rather than HTTP errors) in the `Context.sendActivity()` method. - Support the `fedify` command on Windows on ARM64 via x64 emulation. [[#160]] [#160]: https://github.com/fedify-dev/fedify/issues/160 Version 1.2.1 ------------- Released on October 31, 2024. - Now `fedify node` command can render the node's favicon with `image/vnd.microsoft.icon` or `image/x-icon` format. Version 1.2.0 ------------- Released on October 31, 2024. - Added `InboxContext.recipient` property. - Added NodeInfo client functions. - Added `getNodeInfo()` function. - Added `GetNodeInfoOptions` interface. - Added `parseNodeInfo()` function. - Added `ParseNodeInfoOptions` interface. - Re-exported Semantic Versioning-related types and functions: - Added `SemVer` type. - Added `formatSemVer()` function. - Added `parseSemVer()` function. - Added `followedMessage` property to `Actor` type in Activity Vocabulary API. - Added `Application.followedMessage` property. - `new Application()` constructor now accepts `followedMessage` option. - `Application.clone()` method now accepts `followedMessage` option. - Added `Group.followedMessage` property. - `new Group()` constructor now accepts `followedMessage` option. - `Group.clone()` method now accepts `followedMessage` option. - Added `Organization.followedMessage` property. - `new Organization()` constructor now accepts `followedMessage` option. - `Organization.clone()` method now accepts `followedMessage` option. - Added `Person.followedMessage` property. - `new Person()` constructor now accepts `followedMessage` option. - `Person.clone()` method now accepts `followedMessage` option. - Added `Service.followedMessage` property. - `new Service()` constructor now accepts `followedMessage` option. - `Service.clone()` method now accepts `followedMessage` option. - Log messages now can be traced using [LogTape]'s [implicit contexts]. [[#118]] - Added options for an AMQP driver to `fedify init` command. - Added `amqp` value to the `-q`/`--message-queue` option of the `fedify init` command. - Added `fedify node` subcommand. - Added more log messages using the [LogTape] library. Currently the below logger categories are used: - `["fedify", "nodeinfo", "client"]` [implicit contexts]: https://logtape.org/manual/contexts#implicit-contexts [#118]: https://github.com/fedify-dev/fedify/issues/118 Version 1.1.20 -------------- Released on March 26, 2025. - Fixed a `TypeError` thrown by the followers collection dispatcher when the `base-url` parameter was provided. - Fixed a `TypeError` thrown by the `signRequest()` function on Node.js. [[#222]] Version 1.1.19 -------------- Released on March 26, 2025. - Fixed a bug where the `totalItems` property of `OrderedCollection` objects returned by followers collection dispatcher had been an incorrect value if a `base-url` parameter was provided. - Fixed a bug where the `id` property of `OrderedCollection` and `OrderedCollectionPage` objects returned by followers collection dispatcher had been an incorrect value if a `base-url` parameter was provided. Version 1.1.18 -------------- Released on March 20, 2025. - Fixed a bug of WebFinger handler where it had failed to match `acct:` URIs with a host having a port number. [[#218], [#219] by Revath S Kumar] - Fixed a server error thrown when an invalid URL was passed to the `base-url` parameter of the followers collection. [[#217]] Version 1.1.17 -------------- Released on March 9, 2025. - Fedify no more depends on `node:punycode` module, which is deprecated in Node.js. Now it uses the built-in `node:url` module instead. [[#212], [#214] by Fróði Karlsson] Version 1.1.16 -------------- Released on February 28, 2025. - Made `fedify init` to install *@fedify/h3* 0.1.2 which is compatible with Fedify 1.0.0 or later versions when `--web-framework nitro` option is provided. [[#213]] - Fixed a bug where `fedify init` had failed to initialize a project with the `--runtime node --package-manager pnpm --web-framework nitro` option. [[#213]] - Made `fedify init` to install *@logtape/logtape* 0.6.5 which is the version used in Fedify 1.1.x. Version 1.1.15 -------------- Released on February 25, 2025. - Added the following default context to `Application`, `Group`, `Organization`, `Person`, and `Service` classes: ~~~~ json { "Emoji": "http://joinmastodon.org/ns#Emoji" } ~~~~ Version 1.1.14 -------------- Released on February 22, 2025. - Added the following default contexts to `Follow`, `Undo`, and `Update` classes: - <https://w3id.org/security/v1> - <https://www.w3.org/ns/did/v1> - <https://w3id.org/security/multikey/v1> Version 1.1.13 -------------- Released on February 19, 2025. - Fixed a bug where the `fedify init` command had failed to locate package managers on Windows. [[#210]] - The `fedify` command became aware of `FEDIFY_LOG_FILE` environment variable to log messages to a file. If the variable is set, the command logs messages to the file specified by the variable. Version 1.1.12 -------------- Released on February 10, 2025. - Fixed a bug with nested object hydration in Activity Vocabulary API where deeply nested properties (like `Object.getAttribution()` on `Activity.getObject()`) were't being properly hydrated during `toJsonLd()` calls. Previously, subsequent calls to `toJsonLd()` on nested objects could result in inconsistent JSON-LD output where nested objects remained as URLs instead of being fully expanded. Version 1.1.11 -------------- Released on January 21, 2025. - Fixed several security vulnerabilities of the `lookupWebFinger()` function. [[CVE-2025-23221]] - Fixed a security vulnerability where the `lookupWebFinger()` function had followed the infinite number of redirects, which could lead to a denial of service attack. Now it follows up to 5 redirects. - Fixed a security vulnerability where the `lookupWebFinger()` function had followed the redirects to other than the HTTP/HTTPS schemes, which could lead to a security breach. Now it follows only the same scheme as the original request. - Fixed a security vulnerability where the `lookupWebFinger()` function had followed the redirects to the private network addresses, which could lead to a SSRF attack. Now it follows only the public network addresses. Version 1.1.10 -------------- Released on December 18, 2024. - Fixed the default document loader to handle the `Link` header with incorrect syntax. [[#196]] Version 1.1.9 ------------- Released on December 11, 2024. - Fixed idempotence check in inbox listeners to ensure activities for different origins are processed correctly. Version 1.1.8 ------------- Released on November 23, 2024. - Fixed `ShikiError` on the `fedify inbox` command rendering web interface. [[#178], [#185] by Heesun Jung] - Fixed text overflow of the `fedify inbox` command's web log view. [[#180], [#188] by Lim Kyunghee] [#178]: https://github.com/fedify-dev/fedify/issues/178 [#180]: https://github.com/fedify-dev/fedify/issues/180 [#185]: https://github.com/fedify-dev/fedify/pull/185 [#188]: https://github.com/fedify-dev/fedify/pull/188 Version 1.1.7 ------------- Released on November 22, 2024. - Fixed a bug where `lookupWebFinger()` function had thrown a `TypeError` when the *.well-known/webfinger* redirects to a relative URI. [[#166]] Version 1.1.6 ------------- Released on November 19, 2024. - Fix a bug where `Actor`'s `inbox` and `outbox` properties had not been able to be set to an `OrderedCollectionPage` object, even though it is a subtype of `OrderedCollection` according to Activity Vocabulary specification. [[#165]] - The type of `Application()` constructor's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The type of `Application.clone()` method's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The return type of `Application.getInbox()` and `Application.getOutbox()` methods is now `OrderedCollection | OrderedCollectionPage | null` (was `OrderedCollection | null`). - The type of `Group()` constructor's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The type of `Group.clone()` method's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The return type of `Group.getInbox()` and `Group.getOutbox()` methods is now `OrderedCollection | OrderedCollectionPage | null` (was `OrderedCollection | null`). - The type of `Organization()` constructor's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The type of `Organization.clone()` method's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The return type of `Organization.getInbox()` and `Organization.getOutbox()` methods is now `OrderedCollection | OrderedCollectionPage | null` (was `OrderedCollection | null`). - The type of `Person()` constructor's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The type of `Person.clone()` method's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The return type of `Person.getInbox()` and `Person.getOutbox()` methods is now `OrderedCollection | OrderedCollectionPage | null` (was `OrderedCollection | null`). - The type of `Service()` constructor's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The type of `Service.clone()` method's `inbox` and `outbox` options is now `OrderedCollection | OrderedCollectionPage | null | undefined` (was `OrderedCollection | null | undefined`). - The return type of `Service.getInbox()` and `Service.getOutbox()` methods is now `OrderedCollection | OrderedCollectionPage | null` (was `OrderedCollection | null`). Version 1.1.5 ------------- Released on November 14, 2024. - Suppressed a `TypeError` with a message <q>unusable</q> due to Node.js's mysterious behavior. [[#159]] - The `verifyRequest()` function no longer throws a `TypeError` when a given `Request` object's body is already consumed or locked. Instead, it logs an error message to the `["fedify", "sig", "http"]` logger category and returns `null`. - The `Federation.fetch()` method no longer throws a `TypeError` when a given `Request` object's body is already consumed or locked. Instead, it logs an error message to the `["fedify", "federation", "inbox"]` logger category and responds with a `500 Internal Server Error`. Version 1.1.4 ------------- Released on November 12, 2024. - Fixed a bug where default document loaders had thrown a `TypeError` with a message <q>Body is unusable: Body has already been read</q> or <q>Body already consumed</q> when the content type of the response was an HTML document and there's no link to a JSON-LD document. - Fixed a bug where `verifySignature()` and `verifyJsonLd()` functions sometimes had thrown a `jsonld.ValidationError` error. Now such errors are caught and logged as warnings, and the signature to verify is considered as invalid. Version 1.1.3 ------------- Released on October 31, 2024. - Fixed a bug where `fetchDocumentLoader()` function had disallowed redirecting to a private network address when the second parameter, a `boolean` value to allow private network addresses, was `true`. Version 1.1.2 ------------- Released on October 27, 2024. - Fixed default document loaders' incorrect handling of relative URIs in `Link` headers with `rel=alternate`. [[#155] by Emelia Smith] - The `fetchDocumentLoader()` function now preloads the following JSON-LD context: <http://schema.org/>. Version 1.1.1 ------------- Released on October 23, 2024. - The `fetchDocumentLoader()` function now preloads the following JSON-LD context: <https://purl.archive.org/socialweb/webfinger>. Version 1.1.0 ------------- Released on October 20, 2024. - Added utility functions for traversing remote collections. [[#150]] - Added `Context.traverseCollection()` method. - Added `traverseCollection()` function. - Added `TraverseCollectionOptions` interface. - Added `EmojiReact` class to Activity Vocabulary API. [[FEP-c0e0]] - Added `successor` property to the `Actor` types in the Activity Vocabulary API. - Added `Application.getSuccessor()` method. - `new Application()` constructor now accepts `successor` option. - `Application.clone()` method now accepts `successor` option. - Added `Group.getSuccessor()` method. - `new Group()` constructor now accepts `successor` option. - `Group.clone()` method now accepts `successor` option. - Added `Organization.getSuccessor()` method. - `new Organization()` constructor now accepts `successor` option. - `Organization.clone()` method now accepts `successor` option. - Added `Person.getSuccessor()` method. - `new Person()` constructor now accepts `successor` option. - `Person.clone()` method now accepts `successor` option. - Added `Service.getSuccessor()` method. - `new Service()` constructor now accepts `successor` option. - `Service.clone()` method now accepts `successor` option. - Added `DidService` class to Activity Vocabulary API. [[FEP-9091], [#146]] - Added `Export` class to Activity Vocabulary API. [[FEP-9091], [#146]] - Added `service` property to the `Actor` types in the Activity Vocabulary API. [[FEP-9091], [#146]] - Added `Application.getService()` method. - Added `Application.getServices()` method. - `new Application()` constructor now accepts `service` option. - `new Application()` constructor now accepts `services` option. - `Application.clone()` method now accepts `service` option. - `Application.clone()` method now accepts `services` option. - Added `Group.getService()` method. - Added `Group.getServices()` method. - `new Group()` constructor now accepts `service` option. - `new Group()` constructor now accepts `services` option. - `Group.clone()` method now accepts `service` option. - `Group.clone()` method now accepts `services` option. - Added `Organization.getService()` method. - Added `Organization.getServices()` method. - `new Organization()` constructor now accepts `service` option. - `new Organization()` constructor now accepts `services` option. - `Organization.clone()` method now accepts `service` option. - `Organization.clone()` method now accepts `services` option. - Added `Person.getService()` method. - Added `Person.getServices()` method. - `new Person()` constructor now accepts `service` option. - `new Person()` constructor now accepts `services` option. - `Person.clone()` method now accepts `service` option. - `Person.clone()` method now accepts `services` option. - Added `Service.getService()` method. - Added `Service.getServices()` method. - `new Service()` constructor now accepts `service` option. - `new Service()` constructor now accepts `services` option. - `Service.clone()` method now accepts `service` option. - `Service.clone()` method now accepts `services` option. - The default time window for verifying HTTP Signatures of incoming requests is now an hour (was a minute). This new default window is according to the [ActivityPub and HTTP Signatures] document. - The default value of `VerifyRequestOptions.timeWindow` option became `{ hours: 1 }` (was `{ minutes: 1 }`). - The default value of `CreateFederationOptions.signatureTimeWindow` option became `{ hours: 1 }` (was `{ minutes: 1 }`). - The type of `VerifyRequestOptions.timeWindow` property became `Temporal.Duration | Temporal.DurationLike | false` (was `Temporal.DurationLike | false`). - The type of `CreateFederationOptions.signatureTimeWindow` property became `Temporal.Dura