svemagie.net/indiekit-server
1
0
Fork 0
Code Issues 1 Actions Packages Projects Releases Activity

security: update @fedify/* to 2.2.1 via activitypub endpoint (SSRF patch)
Deploy Indiekit Server / deploy (push) Successful in 1m37s
Details

Browse Source
This commit is contained in:
Sven
2026-05-10 16:29:57 +02:00
parent 11b94618ed
commit be9dd08546
2 changed files with 64 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files
package-lock.json
Generated
+63 -63
View File
@@ -14,7 +14,7 @@
"@indiekit/indiekit": "^1.0.0-beta.27", "@indiekit/indiekit": "^1.0.0-beta.27",
"@indiekit/post-type-repost": "^1.0.0-beta.25", "@indiekit/post-type-repost": "^1.0.0-beta.25",
"@indiekit/store-github": "^1.0.0-beta.27", "@indiekit/store-github": "^1.0.0-beta.27",
"@rmdes/indiekit-endpoint-activitypub": "git+https://gitea.giersig.eu/svemagie/indiekit-endpoint-activitypub", "@rmdes/indiekit-endpoint-activitypub": "git+https://gitea.giersig.eu/svemagie/indiekit-endpoint-activitypub#bda09b98665a8f624d677312ba05d2b54347d812",
"@rmdes/indiekit-endpoint-auth": "^1.0.0-beta.25", "@rmdes/indiekit-endpoint-auth": "^1.0.0-beta.25",
"@rmdes/indiekit-endpoint-blogroll": "git+https://gitea.giersig.eu/svemagie/indiekit-endpoint-blogroll", "@rmdes/indiekit-endpoint-blogroll": "git+https://gitea.giersig.eu/svemagie/indiekit-endpoint-blogroll",
"@rmdes/indiekit-endpoint-comments": "^1.0.11", "@rmdes/indiekit-endpoint-comments": "^1.0.11",
@@ -313,9 +313,9 @@
} }
}, },
"node_modules/@digitalbazaar/http-client/node_modules/undici": { "node_modules/@digitalbazaar/http-client/node_modules/undici": {
"version": "6.24.1", "version": "6.25.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.24.1.tgz", "resolved": "https://registry.npmjs.org/undici/-/undici-6.25.0.tgz",
"integrity": "sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA==", "integrity": "sha512-ZgpWDC5gmNiuY9CnLVXEH8rl50xhRCuLNA97fAUnKi8RRuV4E6KG31pDTsLVUKnohJE0I3XDrTeEydAXRw47xg==",
"license": "MIT", "license": "MIT",
"engines": { "engines": {
"node": ">=18.17" "node": ">=18.17"
@@ -764,9 +764,9 @@
"license": "MIT" "license": "MIT"
}, },
"node_modules/@fedify/debugger": { "node_modules/@fedify/debugger": {
"version": "2.1.3", "version": "2.2.1",
"resolved": "https://registry.npmjs.org/@fedify/debugger/-/debugger-2.1.3.tgz", "resolved": "https://registry.npmjs.org/@fedify/debugger/-/debugger-2.2.1.tgz",
"integrity": "sha512-UhKWgmTp9r5lh3H56gk3neKaKgtEs1U1ChtiDkYAhlcYRpiYw6b/Alk6XN0px2/py2e20iGWQbhKDYMDhzhGEw==", "integrity": "sha512-rQ4U7RhSdYFOQOzsXGv91pS8XmOY5A8WBA5JiNzYBvB1PI66yG7df1DhQFXn6RoioHgehERcC6YwDOQRc/ZrzQ==",
"dependencies": { "dependencies": {
"@js-temporal/polyfill": "^0.5.1", "@js-temporal/polyfill": "^0.5.1",
"@logtape/logtape": "^2.0.5", "@logtape/logtape": "^2.0.5",
@@ -777,22 +777,22 @@
"hono": "^4.0.0" "hono": "^4.0.0"
}, },
"peerDependencies": { "peerDependencies": {
"@fedify/fedify": "^2.1.3" "@fedify/fedify": "^2.2.1"
} }
}, },
"node_modules/@fedify/fedify": { "node_modules/@fedify/fedify": {
"version": "2.1.3", "version": "2.2.1",
"resolved": "https://registry.npmjs.org/@fedify/fedify/-/fedify-2.1.3.tgz", "resolved": "https://registry.npmjs.org/@fedify/fedify/-/fedify-2.2.1.tgz",
"integrity": "sha512-E40MJiyvct7shJxTvT8n5RqO620oeJ/Q2xp800I9O0QEekc2c6IN9HGMvEK2MDbFHhYayQbLA/zZU6oD4lOnxA==", "integrity": "sha512-OIxa7+Kp6KDpz8v6bgo67Zg8fWRNdyNbOx21WrJbPhh6RaSl7SkVm1GAQ2ehIS318ipoFUD00DvM6sKbcR+DYg==",
"funding": [ "funding": [
"https://opencollective.com/fedify", "https://opencollective.com/fedify",
"https://github.com/sponsors/dahlia" "https://github.com/sponsors/dahlia"
], ],
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@fedify/vocab": "2.1.3", "@fedify/vocab": "2.2.1",
"@fedify/vocab-runtime": "2.1.3", "@fedify/vocab-runtime": "2.2.1",
"@fedify/webfinger": "2.1.3", "@fedify/webfinger": "2.2.1",
"@js-temporal/polyfill": "^0.5.1", "@js-temporal/polyfill": "^0.5.1",
"@logtape/logtape": "^2.0.5", "@logtape/logtape": "^2.0.5",
"@opentelemetry/api": "^1.9.0", "@opentelemetry/api": "^1.9.0",
@@ -815,9 +815,9 @@
} }
}, },
"node_modules/@fedify/redis": { "node_modules/@fedify/redis": {
"version": "2.1.3", "version": "2.2.1",
"resolved": "https://registry.npmjs.org/@fedify/redis/-/redis-2.1.3.tgz", "resolved": "https://registry.npmjs.org/@fedify/redis/-/redis-2.2.1.tgz",
"integrity": "sha512-fkulXYHxoTmSrB6W2y6XF9UJqvKHksjy1iedqqffKLC+xRB8EUgrOzHFpU2+wb52ZmqgZYs9Igk65OS+SyKS2w==", "integrity": "sha512-9jX/U/A+sedaIrEHQrd4mWXKIDEfsAFYxYIrJZm8a2d7CccDsWFKRPULov6WaYqdlx7nCW5DymDUS4+xQudGGw==",
"funding": [ "funding": [
"https://opencollective.com/fedify", "https://opencollective.com/fedify",
"https://github.com/sponsors/dahlia" "https://github.com/sponsors/dahlia"
@@ -828,23 +828,23 @@
"@logtape/logtape": "^2.0.5" "@logtape/logtape": "^2.0.5"
}, },
"peerDependencies": { "peerDependencies": {
"@fedify/fedify": "^2.1.3", "@fedify/fedify": "^2.2.1",
"ioredis": "^5.8.2" "ioredis": "^5.8.2"
} }
}, },
"node_modules/@fedify/vocab": { "node_modules/@fedify/vocab": {
"version": "2.1.3", "version": "2.2.1",
"resolved": "https://registry.npmjs.org/@fedify/vocab/-/vocab-2.1.3.tgz", "resolved": "https://registry.npmjs.org/@fedify/vocab/-/vocab-2.2.1.tgz",
"integrity": "sha512-VM8iCFDEQJcWPCLTPr8LGvglpT67XFSnwBcQdEUltxxxxav0Ksc+UgJ5VLM9tuWZW4J1ZEXgLdY4DvI5J3bFSw==", "integrity": "sha512-sYVnwJLUYEiG6AuxR7Q+eYA3c+PzcZSDGxjmkFnMQ4mO1IU6G9Od85b66buGIV29g1+mgTYJLkBvNiLEOqBbaA==",
"funding": [ "funding": [
"https://opencollective.com/fedify", "https://opencollective.com/fedify",
"https://github.com/sponsors/dahlia" "https://github.com/sponsors/dahlia"
], ],
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@fedify/vocab-runtime": "2.1.3", "@fedify/vocab-runtime": "2.2.1",
"@fedify/vocab-tools": "2.1.3", "@fedify/vocab-tools": "2.2.1",
"@fedify/webfinger": "2.1.3", "@fedify/webfinger": "2.2.1",
"@js-temporal/polyfill": "^0.5.1", "@js-temporal/polyfill": "^0.5.1",
"@logtape/logtape": "^2.0.5", "@logtape/logtape": "^2.0.5",
"@multiformats/base-x": "^4.0.1", "@multiformats/base-x": "^4.0.1",
@@ -861,9 +861,9 @@
} }
}, },
"node_modules/@fedify/vocab-runtime": { "node_modules/@fedify/vocab-runtime": {
"version": "2.1.3", "version": "2.2.1",
"resolved": "https://registry.npmjs.org/@fedify/vocab-runtime/-/vocab-runtime-2.1.3.tgz", "resolved": "https://registry.npmjs.org/@fedify/vocab-runtime/-/vocab-runtime-2.2.1.tgz",
"integrity": "sha512-pfT2eiRaSMvLXIzaVtfrlYShlhzJJaPH09tHiY2FNiTXFGf7SEB4nbEIGJcFhjxnyXEVP7DmX68Qecjm8Rz/8A==", "integrity": "sha512-NRnlhUv2mmVGNMrjhmTUMN1gZaDax8KmBkUHV3U5PMDSA2aSGQ/iWCruoV4TeaCAI1nX1AW0kAH8Q9Uwkb6f8Q==",
"funding": [ "funding": [
"https://opencollective.com/fedify", "https://opencollective.com/fedify",
"https://github.com/sponsors/dahlia" "https://github.com/sponsors/dahlia"
@@ -885,9 +885,9 @@
} }
}, },
"node_modules/@fedify/vocab-tools": { "node_modules/@fedify/vocab-tools": {
"version": "2.1.3", "version": "2.2.1",
"resolved": "https://registry.npmjs.org/@fedify/vocab-tools/-/vocab-tools-2.1.3.tgz", "resolved": "https://registry.npmjs.org/@fedify/vocab-tools/-/vocab-tools-2.2.1.tgz",
"integrity": "sha512-BtQTcuoVjLfwcOPXPSJc4XHENTqM9odrkR5nmZIZe9C6oZLwpaIibelwmxxVFewFvecfBq5fGqwyRiwLfebpnw==", "integrity": "sha512-b8Gu/clgudHjSSWEVrzm3N85xlAk23keNAxLPL6uQp+oybtG7ZvBXyUMOwFvrQLKtAmcPvRh0XXVETMN2hWv2g==",
"funding": [ "funding": [
"https://opencollective.com/fedify", "https://opencollective.com/fedify",
"https://github.com/sponsors/dahlia" "https://github.com/sponsors/dahlia"
@@ -906,16 +906,16 @@
} }
}, },
"node_modules/@fedify/webfinger": { "node_modules/@fedify/webfinger": {
"version": "2.1.3", "version": "2.2.1",
"resolved": "https://registry.npmjs.org/@fedify/webfinger/-/webfinger-2.1.3.tgz", "resolved": "https://registry.npmjs.org/@fedify/webfinger/-/webfinger-2.2.1.tgz",
"integrity": "sha512-WMkPwv0FBFwpWHy7yCBgwXGBhNwYQiqSq3kerhJFQrRs8JSrebjCzFfuDZsQqRPp49EPr1zHRH0d9x1y0JQiog==", "integrity": "sha512-gRGgjCLgfvovLstTAa7U4d170SsQQSb0pIPCyE7hMRvzdgU+uIPwbtgm5Btbe/ZognzCN2Q6ELx+tAsuQGbY5g==",
"funding": [ "funding": [
"https://opencollective.com/fedify", "https://opencollective.com/fedify",
"https://github.com/sponsors/dahlia" "https://github.com/sponsors/dahlia"
], ],
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@fedify/vocab-runtime": "2.1.3", "@fedify/vocab-runtime": "2.2.1",
"@logtape/logtape": "^2.0.5", "@logtape/logtape": "^2.0.5",
"@opentelemetry/api": "^1.9.0", "@opentelemetry/api": "^1.9.0",
"es-toolkit": "1.43.0" "es-toolkit": "1.43.0"
@@ -1851,9 +1851,9 @@
"license": "MIT" "license": "MIT"
}, },
"node_modules/@logtape/logtape": { "node_modules/@logtape/logtape": {
"version": "2.0.5", "version": "2.0.7",
"resolved": "https://registry.npmjs.org/@logtape/logtape/-/logtape-2.0.5.tgz", "resolved": "https://registry.npmjs.org/@logtape/logtape/-/logtape-2.0.7.tgz",
"integrity": "sha512-UizDkh20ZPJVOddRxG1F77WhHdlNl/sbQgoO8T534R7XvUBMAJ9En9f35u+meW2tRsNLvjz6R87Zanwf53tspQ==", "integrity": "sha512-SUkjkEIfQ3zCadlLi8rfGfe4l/JRKNbp248bfLeowyUFs9KZME/k8y+5sugWYZet/gMYnmwCc9xa3J+kjDjSSQ==",
"funding": [ "funding": [
"https://github.com/sponsors/dahlia" "https://github.com/sponsors/dahlia"
], ],
@@ -1992,9 +1992,9 @@
} }
}, },
"node_modules/@opentelemetry/context-async-hooks": { "node_modules/@opentelemetry/context-async-hooks": {
"version": "2.6.1", "version": "2.7.1",
"resolved": "https://registry.npmjs.org/@opentelemetry/context-async-hooks/-/context-async-hooks-2.6.1.tgz", "resolved": "https://registry.npmjs.org/@opentelemetry/context-async-hooks/-/context-async-hooks-2.7.1.tgz",
"integrity": "sha512-XHzhwRNkBpeP8Fs/qjGrAf9r9PRv67wkJQ/7ZPaBQQ68DYlTBBx5MF9LvPx7mhuXcDessKK2b+DcxqwpgkcivQ==", "integrity": "sha512-OPFBYuXEn1E4ja3Y6eeA7O+ZnLBNcXTV5Cgsn1VaqBZ6hC5FnpZPLBNme1LJY8ZtF4aOujPKFoeWN4ik487KuQ==",
"license": "Apache-2.0", "license": "Apache-2.0",
"engines": { "engines": {
"node": "^18.19.0 || >=20.6.0" "node": "^18.19.0 || >=20.6.0"
@@ -2004,9 +2004,9 @@
} }
}, },
"node_modules/@opentelemetry/core": { "node_modules/@opentelemetry/core": {
"version": "2.6.1", "version": "2.7.1",
"resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-2.6.1.tgz", "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-2.7.1.tgz",
"integrity": "sha512-8xHSGWpJP9wBxgBpnqGL0R3PbdWQndL1Qp50qrg71+B28zK5OQmUgcDKLJgzyAAV38t4tOyLMGDD60LneR5W8g==", "integrity": "sha512-QAqIj32AtK6+pEVNG7EOVxHdE06RP+FM5qpiEJ4RtDcFIqKUZHYhl7/7UY5efhwmwNAg7j8QbJVBLxMerc0+gw==",
"license": "Apache-2.0", "license": "Apache-2.0",
"dependencies": { "dependencies": {
"@opentelemetry/semantic-conventions": "^1.29.0" "@opentelemetry/semantic-conventions": "^1.29.0"
@@ -2019,12 +2019,12 @@
} }
}, },
"node_modules/@opentelemetry/resources": { "node_modules/@opentelemetry/resources": {
"version": "2.6.1", "version": "2.7.1",
"resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-2.6.1.tgz", "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-2.7.1.tgz",
"integrity": "sha512-lID/vxSuKWXM55XhAKNoYXu9Cutoq5hFdkbTdI/zDKQktXzcWBVhNsOkiZFTMU9UtEWuGRNe0HUgmsFldIdxVA==", "integrity": "sha512-DeT6KKolmC4e/dRQvMQ/RwlnzhaqeiFOXY5ngoOPJ07GgVVKxZOg9EcrNZb5aTzUn+iCrJldAgOfQm1O/QfPAQ==",
"license": "Apache-2.0", "license": "Apache-2.0",
"dependencies": { "dependencies": {
"@opentelemetry/core": "2.6.1", "@opentelemetry/core": "2.7.1",
"@opentelemetry/semantic-conventions": "^1.29.0" "@opentelemetry/semantic-conventions": "^1.29.0"
}, },
"engines": { "engines": {
@@ -2035,13 +2035,13 @@
} }
}, },
"node_modules/@opentelemetry/sdk-trace-base": { "node_modules/@opentelemetry/sdk-trace-base": {
"version": "2.6.1", "version": "2.7.1",
"resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-2.6.1.tgz", "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-2.7.1.tgz",
"integrity": "sha512-r86ut4T1e8vNwB35CqCcKd45yzqH6/6Wzvpk2/cZB8PsPLlZFTvrh8yfOS3CYZYcUmAx4hHTZJ8AO8Dj8nrdhw==", "integrity": "sha512-NAYIlsF8MPUsKqJMiDQJTMPOmlbawC1Iz/omMLygZ1C9am8fTKYjTaI+OZM+WTY3t3Glo0wnOg/6/pac6RGPPw==",
"license": "Apache-2.0", "license": "Apache-2.0",
"dependencies": { "dependencies": {
"@opentelemetry/core": "2.6.1", "@opentelemetry/core": "2.7.1",
"@opentelemetry/resources": "2.6.1", "@opentelemetry/resources": "2.7.1",
"@opentelemetry/semantic-conventions": "^1.29.0" "@opentelemetry/semantic-conventions": "^1.29.0"
}, },
"engines": { "engines": {
@@ -2419,12 +2419,12 @@
}, },
"node_modules/@rmdes/indiekit-endpoint-activitypub": { "node_modules/@rmdes/indiekit-endpoint-activitypub": {
"version": "3.13.4", "version": "3.13.4",
"resolved": "git+https://gitea.giersig.eu/svemagie/indiekit-endpoint-activitypub#f03f9050d97f7879e8a22c905f05a11a41ce8b96", "resolved": "git+https://gitea.giersig.eu/svemagie/indiekit-endpoint-activitypub#bda09b98665a8f624d677312ba05d2b54347d812",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@fedify/debugger": "^2.1.0", "@fedify/debugger": "^2.1.12",
"@fedify/fedify": "^2.1.0", "@fedify/fedify": "^2.1.12",
"@fedify/redis": "^2.1.0", "@fedify/redis": "^2.1.12",
"@js-temporal/polyfill": "^0.5.0", "@js-temporal/polyfill": "^0.5.0",
"@rmdes/indiekit-startup-gate": "^1.0.0", "@rmdes/indiekit-startup-gate": "^1.0.0",
"express": "^5.0.0", "express": "^5.0.0",
@@ -3512,13 +3512,13 @@
"license": "MIT" "license": "MIT"
}, },
"node_modules/asn1js": { "node_modules/asn1js": {
"version": "3.0.7", "version": "3.0.10",
"resolved": "https://registry.npmjs.org/asn1js/-/asn1js-3.0.7.tgz", "resolved": "https://registry.npmjs.org/asn1js/-/asn1js-3.0.10.tgz",
"integrity": "sha512-uLvq6KJu04qoQM6gvBfKFjlh6Gl0vOKQuR5cJMDHQkmwfMOQeN3F3SHCv9SNYSL+CRoHvOGFfllDlVz03GQjvQ==", "integrity": "sha512-S2s3aOytiKdFRdulw2qPE51MzjzVOisppcVv7jVFR+Kw0kxwvFrDcYA0h7Ndqbmj0HkMIXYWaoj7fli8kgx1eg==",
"license": "BSD-3-Clause", "license": "BSD-3-Clause",
"dependencies": { "dependencies": {
"pvtsutils": "^1.3.6", "pvtsutils": "^1.3.6",
"pvutils": "^1.1.3", "pvutils": "^1.1.5",
"tslib": "^2.8.1" "tslib": "^2.8.1"
}, },
"engines": { "engines": {
@@ -5205,9 +5205,9 @@
} }
}, },
"node_modules/hono": { "node_modules/hono": {
"version": "4.12.9", "version": "4.12.18",
"resolved": "https://registry.npmjs.org/hono/-/hono-4.12.9.tgz", "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.18.tgz",
"integrity": "sha512-wy3T8Zm2bsEvxKZM5w21VdHDDcwVS1yUFFY6i8UobSsKfFceT7TOwhbhfKsDyx7tYQlmRM5FLpIuYvNFyjctiA==", "integrity": "sha512-RWzP96k/yv0PQfyXnWjs6zot20TqfpfsNXhOnev8d1InAxubW93L11/oNUc3tQqn2G0bSdAOBpX+2uDFHV7kdQ==",
"license": "MIT", "license": "MIT",
"engines": { "engines": {
"node": ">=16.9.0" "node": ">=16.9.0"
package.json
+1 -1
View File
@@ -27,7 +27,7 @@
"@indiekit/indiekit": "^1.0.0-beta.27", "@indiekit/indiekit": "^1.0.0-beta.27",
"@indiekit/post-type-repost": "^1.0.0-beta.25", "@indiekit/post-type-repost": "^1.0.0-beta.25",
"@indiekit/store-github": "^1.0.0-beta.27", "@indiekit/store-github": "^1.0.0-beta.27",
"@rmdes/indiekit-endpoint-activitypub": "git+https://gitea.giersig.eu/svemagie/indiekit-endpoint-activitypub", "@rmdes/indiekit-endpoint-activitypub": "git+https://gitea.giersig.eu/svemagie/indiekit-endpoint-activitypub#bda09b98665a8f624d677312ba05d2b54347d812",
"@rmdes/indiekit-endpoint-auth": "^1.0.0-beta.25", "@rmdes/indiekit-endpoint-auth": "^1.0.0-beta.25",
"@rmdes/indiekit-endpoint-blogroll": "git+https://gitea.giersig.eu/svemagie/indiekit-endpoint-blogroll", "@rmdes/indiekit-endpoint-blogroll": "git+https://gitea.giersig.eu/svemagie/indiekit-endpoint-blogroll",
"@rmdes/indiekit-endpoint-comments": "^1.0.11", "@rmdes/indiekit-endpoint-comments": "^1.0.11",