Loading .github/workflows/build.yaml +7 −3 Original line number Diff line number Diff line Loading @@ -173,7 +173,7 @@ jobs: working-directory: ${{ github.workspace }}/fedify/ - run: deno task npm working-directory: ${{ github.workspace }}/fedify/ - run: npm publish --dry-run fedify-fedify-*.tgz - run: npm publish --dry-run --tag latest fedify-fedify-*.tgz working-directory: ${{ github.workspace }}/fedify/ env: DNT_SKIP_TEST: "true" Loading Loading @@ -286,7 +286,11 @@ jobs: set -ex npm config set //registry.npmjs.org/:_authToken "$NPM_AUTH_TOKEN" if [[ "$GITHUB_REF_TYPE" = "tag" ]]; then npm publish --provenance --access public fedify-fedify-*.tgz npm publish \ --provenance \ --access public \ --tag latest \ fedify-fedify-*.tgz elif [[ "$GITHUB_EVENT_NAME" = "pull_request_target" ]]; then npm publish \ --provenance \ Loading @@ -304,7 +308,7 @@ jobs: run: | set -ex npm config set //registry.npmjs.org/:_authToken "$NPM_AUTH_TOKEN" npm publish --provenance --access public fedify-cli-*.tgz npm publish --provenance --access public --tag latest fedify-cli-*.tgz env: NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} working-directory: ${{ github.workspace }}/cli/ Loading CHANGES.md +8 −8 Original line number Diff line number Diff line Loading @@ -6,7 +6,14 @@ Fedify changelog Version 1.6.13 -------------- To be released. Released on December 20, 2025. - Fixed a ReDoS (Regular Expression Denial of Service) vulnerability in the document loader's HTML parsing. An attacker-controlled server could respond with a malicious HTML payload that blocked the event loop. [[CVE-2025-68475]] [CVE-2025-68475]: https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93 Version 1.6.12 Loading Loading @@ -124,13 +131,6 @@ Released on June 30, 2025. typed literal object (e.g., `"votersCount":{"type":"xsd:nonNegativeInteger", "@value":123}`). - Fixed a ReDoS (Regular Expression Denial of Service) vulnerability in the document loader's HTML parsing. An attacker-controlled server could respond with a malicious HTML payload that blocked the event loop. [[CVE-2025-68475]] [CVE-2025-68475]: https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93 Version 1.6.2 ------------- Loading fedify/package.json +1 −1 Original line number Diff line number Diff line { "name": "@fedify/fedify", "version": "1.6.12", "version": "1.6.13", "description": "An ActivityPub server framework", "keywords": [ "ActivityPub", Loading Loading
.github/workflows/build.yaml +7 −3 Original line number Diff line number Diff line Loading @@ -173,7 +173,7 @@ jobs: working-directory: ${{ github.workspace }}/fedify/ - run: deno task npm working-directory: ${{ github.workspace }}/fedify/ - run: npm publish --dry-run fedify-fedify-*.tgz - run: npm publish --dry-run --tag latest fedify-fedify-*.tgz working-directory: ${{ github.workspace }}/fedify/ env: DNT_SKIP_TEST: "true" Loading Loading @@ -286,7 +286,11 @@ jobs: set -ex npm config set //registry.npmjs.org/:_authToken "$NPM_AUTH_TOKEN" if [[ "$GITHUB_REF_TYPE" = "tag" ]]; then npm publish --provenance --access public fedify-fedify-*.tgz npm publish \ --provenance \ --access public \ --tag latest \ fedify-fedify-*.tgz elif [[ "$GITHUB_EVENT_NAME" = "pull_request_target" ]]; then npm publish \ --provenance \ Loading @@ -304,7 +308,7 @@ jobs: run: | set -ex npm config set //registry.npmjs.org/:_authToken "$NPM_AUTH_TOKEN" npm publish --provenance --access public fedify-cli-*.tgz npm publish --provenance --access public --tag latest fedify-cli-*.tgz env: NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} working-directory: ${{ github.workspace }}/cli/ Loading
CHANGES.md +8 −8 Original line number Diff line number Diff line Loading @@ -6,7 +6,14 @@ Fedify changelog Version 1.6.13 -------------- To be released. Released on December 20, 2025. - Fixed a ReDoS (Regular Expression Denial of Service) vulnerability in the document loader's HTML parsing. An attacker-controlled server could respond with a malicious HTML payload that blocked the event loop. [[CVE-2025-68475]] [CVE-2025-68475]: https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93 Version 1.6.12 Loading Loading @@ -124,13 +131,6 @@ Released on June 30, 2025. typed literal object (e.g., `"votersCount":{"type":"xsd:nonNegativeInteger", "@value":123}`). - Fixed a ReDoS (Regular Expression Denial of Service) vulnerability in the document loader's HTML parsing. An attacker-controlled server could respond with a malicious HTML payload that blocked the event loop. [[CVE-2025-68475]] [CVE-2025-68475]: https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93 Version 1.6.2 ------------- Loading
fedify/package.json +1 −1 Original line number Diff line number Diff line { "name": "@fedify/fedify", "version": "1.6.12", "version": "1.6.13", "description": "An ActivityPub server framework", "keywords": [ "ActivityPub", Loading
