From bda09b98665a8f624d677312ba05d2b54347d812 Mon Sep 17 00:00:00 2001 From: svemagie <869694+svemagie@users.noreply.github.com> Date: Sun, 10 May 2026 16:27:13 +0200 Subject: [PATCH] security: update @fedify/* to 2.2.1 (SSRF patch CVE via IPv4-mapped IPv6) --- package-lock.json | 104 +++++++++++++++++++++++----------------------- package.json | 6 +-- 2 files changed, 55 insertions(+), 55 deletions(-) diff --git a/package-lock.json b/package-lock.json index fadd5e0..3711cb5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,17 +1,17 @@ { "name": "@rmdes/indiekit-endpoint-activitypub", - "version": "3.13.3", + "version": "3.13.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@rmdes/indiekit-endpoint-activitypub", - "version": "3.13.3", + "version": "3.13.4", "license": "MIT", "dependencies": { - "@fedify/debugger": "^2.1.0", - "@fedify/fedify": "^2.1.0", - "@fedify/redis": "^2.1.0", + "@fedify/debugger": "^2.1.12", + "@fedify/fedify": "^2.1.12", + "@fedify/redis": "^2.1.12", "@js-temporal/polyfill": "^0.5.0", "@rmdes/indiekit-startup-gate": "^1.0.0", "express": "^5.0.0", @@ -24,9 +24,9 @@ "node": ">=22" }, "peerDependencies": { - "@indiekit/endpoint-micropub": "^1.0.0-beta.25", - "@indiekit/error": "^1.0.0-beta.25", - "@indiekit/frontend": "^1.0.0-beta.25" + "@indiekit/endpoint-micropub": "^1.0.0-beta.27", + "@indiekit/error": "^1.0.0-beta.27", + "@indiekit/frontend": "^1.0.0-beta.27" } }, "node_modules/@accessible-components/tag-input": { @@ -516,9 +516,9 @@ } }, "node_modules/@fedify/debugger": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@fedify/debugger/-/debugger-2.1.0.tgz", - "integrity": "sha512-4s3L3/NkofZCUXR1jADq5ukSbWybpWqgqF4TEg3PHxlXkC3bT/LI4as8zFxTpkkCvM5fE6tXCi5z56rJ9tXzag==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/@fedify/debugger/-/debugger-2.2.1.tgz", + "integrity": "sha512-rQ4U7RhSdYFOQOzsXGv91pS8XmOY5A8WBA5JiNzYBvB1PI66yG7df1DhQFXn6RoioHgehERcC6YwDOQRc/ZrzQ==", "dependencies": { "@js-temporal/polyfill": "^0.5.1", "@logtape/logtape": "^2.0.5", @@ -529,22 +529,22 @@ "hono": "^4.0.0" }, "peerDependencies": { - "@fedify/fedify": "^2.1.0" + "@fedify/fedify": "^2.2.1" } }, "node_modules/@fedify/fedify": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@fedify/fedify/-/fedify-2.1.0.tgz", - "integrity": "sha512-CMGlL9HEaqyuQL4Ma0Jv+9/QgtLjj+HLmjNrg1e/WUQrEwZg9p5WYKk4iNKXF4aIG3XJkAv5UGJlHKF09HifNA==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/@fedify/fedify/-/fedify-2.2.1.tgz", + "integrity": "sha512-OIxa7+Kp6KDpz8v6bgo67Zg8fWRNdyNbOx21WrJbPhh6RaSl7SkVm1GAQ2ehIS318ipoFUD00DvM6sKbcR+DYg==", "funding": [ "https://opencollective.com/fedify", "https://github.com/sponsors/dahlia" ], "license": "MIT", "dependencies": { - "@fedify/vocab": "2.1.0", - "@fedify/vocab-runtime": "2.1.0", - "@fedify/webfinger": "2.1.0", + "@fedify/vocab": "2.2.1", + "@fedify/vocab-runtime": "2.2.1", + "@fedify/webfinger": "2.2.1", "@js-temporal/polyfill": "^0.5.1", "@logtape/logtape": "^2.0.5", "@opentelemetry/api": "^1.9.0", @@ -567,9 +567,9 @@ } }, "node_modules/@fedify/redis": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@fedify/redis/-/redis-2.1.0.tgz", - "integrity": "sha512-Fqud46FIEBFXDFad029rS46ZlVlWZU2zT6yhBs63jtat7QwMIHDSisizvoVyky4a41TX0ItBNqiAdYELLv/0NQ==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/@fedify/redis/-/redis-2.2.1.tgz", + "integrity": "sha512-9jX/U/A+sedaIrEHQrd4mWXKIDEfsAFYxYIrJZm8a2d7CccDsWFKRPULov6WaYqdlx7nCW5DymDUS4+xQudGGw==", "funding": [ "https://opencollective.com/fedify", "https://github.com/sponsors/dahlia" @@ -580,23 +580,23 @@ "@logtape/logtape": "^2.0.5" }, "peerDependencies": { - "@fedify/fedify": "^2.1.0", + "@fedify/fedify": "^2.2.1", "ioredis": "^5.8.2" } }, "node_modules/@fedify/vocab": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@fedify/vocab/-/vocab-2.1.0.tgz", - "integrity": "sha512-tGCgo8kCj6Zwf1JxYsXtEwReujzgitndf59Pdo1BY21UgpAlAe0daY8vdpRM+NybZ4JbOBtM4bH473LVtJlVEA==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/@fedify/vocab/-/vocab-2.2.1.tgz", + "integrity": "sha512-sYVnwJLUYEiG6AuxR7Q+eYA3c+PzcZSDGxjmkFnMQ4mO1IU6G9Od85b66buGIV29g1+mgTYJLkBvNiLEOqBbaA==", "funding": [ "https://opencollective.com/fedify", "https://github.com/sponsors/dahlia" ], "license": "MIT", "dependencies": { - "@fedify/vocab-runtime": "2.1.0", - "@fedify/vocab-tools": "2.1.0", - "@fedify/webfinger": "2.1.0", + "@fedify/vocab-runtime": "2.2.1", + "@fedify/vocab-tools": "2.2.1", + "@fedify/webfinger": "2.2.1", "@js-temporal/polyfill": "^0.5.1", "@logtape/logtape": "^2.0.5", "@multiformats/base-x": "^4.0.1", @@ -613,9 +613,9 @@ } }, "node_modules/@fedify/vocab-runtime": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@fedify/vocab-runtime/-/vocab-runtime-2.1.0.tgz", - "integrity": "sha512-rISQFJbuRrt1OX9yG+xVUn7DwBTajpOOvy5jdx2ZuRUMvtlD7bgDEUSSS5a7pFuYliKVbR5ZFk6BPAkJC1OnAw==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/@fedify/vocab-runtime/-/vocab-runtime-2.2.1.tgz", + "integrity": "sha512-NRnlhUv2mmVGNMrjhmTUMN1gZaDax8KmBkUHV3U5PMDSA2aSGQ/iWCruoV4TeaCAI1nX1AW0kAH8Q9Uwkb6f8Q==", "funding": [ "https://opencollective.com/fedify", "https://github.com/sponsors/dahlia" @@ -637,9 +637,9 @@ } }, "node_modules/@fedify/vocab-tools": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@fedify/vocab-tools/-/vocab-tools-2.1.0.tgz", - "integrity": "sha512-Gn07LbMoDRVDjklDZH9y/fZ2nwH7ryjillgLpw8qsbjUeVaTViR1Oz/oG2N7S13UqyKttYPzK8hH/utKr1LbXg==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/@fedify/vocab-tools/-/vocab-tools-2.2.1.tgz", + "integrity": "sha512-b8Gu/clgudHjSSWEVrzm3N85xlAk23keNAxLPL6uQp+oybtG7ZvBXyUMOwFvrQLKtAmcPvRh0XXVETMN2hWv2g==", "funding": [ "https://opencollective.com/fedify", "https://github.com/sponsors/dahlia" @@ -658,16 +658,16 @@ } }, "node_modules/@fedify/webfinger": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@fedify/webfinger/-/webfinger-2.1.0.tgz", - "integrity": "sha512-G5yrCPw1oWijvkGOMjWZFOWohmljQ4pmHgK7BuESshcAizpKRU0t5GcOGMyPzcNrO4+diaddGNg48GFzZ9mK/g==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/@fedify/webfinger/-/webfinger-2.2.1.tgz", + "integrity": "sha512-gRGgjCLgfvovLstTAa7U4d170SsQQSb0pIPCyE7hMRvzdgU+uIPwbtgm5Btbe/ZognzCN2Q6ELx+tAsuQGbY5g==", "funding": [ "https://opencollective.com/fedify", "https://github.com/sponsors/dahlia" ], "license": "MIT", "dependencies": { - "@fedify/vocab-runtime": "2.1.0", + "@fedify/vocab-runtime": "2.2.1", "@logtape/logtape": "^2.0.5", "@opentelemetry/api": "^1.9.0", "es-toolkit": "1.43.0" @@ -1200,14 +1200,14 @@ } }, "node_modules/@indiekit/frontend": { - "version": "1.0.0-beta.25", - "resolved": "https://registry.npmjs.org/@indiekit/frontend/-/frontend-1.0.0-beta.25.tgz", - "integrity": "sha512-iukVUIRlqvpvi5x8ld7viT6xOkTqtd4un2awf2ceQXOGyKt4dylHWHvO90K6eP4rMZ19alWVKxQ1lmAC4YIy5g==", + "version": "1.0.0-beta.27", + "resolved": "https://registry.npmjs.org/@indiekit/frontend/-/frontend-1.0.0-beta.27.tgz", + "integrity": "sha512-VEHD71gRBvTaOjHglOzXn0m7o70Ui89OxwQKDE+kC7avZrXXuvl5Qr+NsPON7doUTBYty/nYG4gBU/CCikNcSQ==", "license": "MIT", "peer": true, "dependencies": { "@accessible-components/tag-input": "^0.2.0", - "@indiekit/error": "^1.0.0-beta.25", + "@indiekit/error": "^1.0.0-beta.27", "@indiekit/util": "^1.0.0-beta.25", "color": "^5.0.0", "easymde": "^2.18.0", @@ -1532,13 +1532,13 @@ "peer": true }, "node_modules/asn1js": { - "version": "3.0.7", - "resolved": "https://registry.npmjs.org/asn1js/-/asn1js-3.0.7.tgz", - "integrity": "sha512-uLvq6KJu04qoQM6gvBfKFjlh6Gl0vOKQuR5cJMDHQkmwfMOQeN3F3SHCv9SNYSL+CRoHvOGFfllDlVz03GQjvQ==", + "version": "3.0.10", + "resolved": "https://registry.npmjs.org/asn1js/-/asn1js-3.0.10.tgz", + "integrity": "sha512-S2s3aOytiKdFRdulw2qPE51MzjzVOisppcVv7jVFR+Kw0kxwvFrDcYA0h7Ndqbmj0HkMIXYWaoj7fli8kgx1eg==", "license": "BSD-3-Clause", "dependencies": { "pvtsutils": "^1.3.6", - "pvutils": "^1.1.3", + "pvutils": "^1.1.5", "tslib": "^2.8.1" }, "engines": { @@ -3645,9 +3645,9 @@ "peer": true }, "node_modules/undici": { - "version": "6.24.1", - "resolved": "https://registry.npmjs.org/undici/-/undici-6.24.1.tgz", - "integrity": "sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA==", + "version": "6.25.0", + "resolved": "https://registry.npmjs.org/undici/-/undici-6.25.0.tgz", + "integrity": "sha512-ZgpWDC5gmNiuY9CnLVXEH8rl50xhRCuLNA97fAUnKi8RRuV4E6KG31pDTsLVUKnohJE0I3XDrTeEydAXRw47xg==", "license": "MIT", "engines": { "node": ">=18.17" @@ -3758,9 +3758,9 @@ "license": "ISC" }, "node_modules/yaml": { - "version": "2.8.3", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz", - "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==", + "version": "2.8.4", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.4.tgz", + "integrity": "sha512-ml/JPOj9fOQK8RNnWojA67GbZ0ApXAUlN2UQclwv2eVgTgn7O9gg9o7paZWKMp4g0H3nTLtS9LVzhkpOFIKzog==", "license": "ISC", "bin": { "yaml": "bin.mjs" diff --git a/package.json b/package.json index 89553c6..cbf7d3e 100644 --- a/package.json +++ b/package.json @@ -37,9 +37,9 @@ "url": "https://github.com/rmdes/indiekit-endpoint-activitypub/issues" }, "dependencies": { - "@fedify/debugger": "^2.1.0", - "@fedify/fedify": "^2.1.0", - "@fedify/redis": "^2.1.0", + "@fedify/debugger": "^2.1.12", + "@fedify/fedify": "^2.1.12", + "@fedify/redis": "^2.1.12", "@js-temporal/polyfill": "^0.5.0", "@rmdes/indiekit-startup-gate": "^1.0.0", "express": "^5.0.0",