@fedify/fedify 1.5.2 → 1.5.3

package/CHANGES.md

@@ -3,6 +3,20 @@
 Fedify changelog
 ================
 
+Version 1.5.3
+-------------
+
+Released on May 16, 2025.
+
+ -  Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which
+    caused a `500 Internal Server Error` when the received activity had
+    an invalid JSON-LD syntax.  Now it logs the error and responds with
+    a `400 Bad Request` error instead.  [[#232]]
+
+ -  The `exportJwk()` function now populates the `alg` property of a returned
+    `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key.
+
+
 Version 1.5.2
 -------------
 
@@ -152,6 +166,20 @@ Released on March 28, 2025.
 [multibase]: https://github.com/multiformats/js-multibase
 
 
+Version 1.4.11
+--------------
+
+Released on May 16, 2025.
+
+ -  Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which
+    caused a `500 Internal Server Error` when the received activity had
+    an invalid JSON-LD syntax.  Now it logs the error and responds with
+    a `400 Bad Request` error instead.  [[#232]]
+
+ -  The `exportJwk()` function now populates the `alg` property of a returned
+    `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key.
+
+
 Version 1.4.10
 --------------
 
@@ -376,6 +404,20 @@ Released on February 5, 2025.
 [#195]: https://github.com/fedify-dev/fedify/issues/195
 
 
+Version 1.3.18
+--------------
+
+Released on May 16, 2025.
+
+ -  Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which
+    caused a `500 Internal Server Error` when the received activity had
+    an invalid JSON-LD syntax.  Now it logs the error and responds with
+    a `400 Bad Request` error instead.  [[#232]]
+
+ -  The `exportJwk()` function now populates the `alg` property of a returned
+    `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key.
+
+
 Version 1.3.17
 --------------
 
@@ -716,6 +758,20 @@ Released on November 30, 2024.
 [#193]: https://github.com/fedify-dev/fedify/issues/193
 
 
+Version 1.2.22
+--------------
+
+Released on May 16, 2025.
+
+ -  Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which
+    caused a `500 Internal Server Error` when the received activity had
+    an invalid JSON-LD syntax.  Now it logs the error and responds with
+    a `400 Bad Request` error instead.  [[#232]]
+
+ -  The `exportJwk()` function now populates the `alg` property of a returned
+    `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key.
+
+
 Version 1.2.21
 --------------
 
@@ -1104,6 +1160,20 @@ Released on October 31, 2024.
 [#118]: https://github.com/fedify-dev/fedify/issues/118
 
 
+Version 1.1.22
+--------------
+
+Released on May 16, 2025.
+
+ -  Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which
+    caused a `500 Internal Server Error` when the received activity had
+    an invalid JSON-LD syntax.  Now it logs the error and responds with
+    a `400 Bad Request` error instead.  [[#232]]
+
+ -  The `exportJwk()` function now populates the `alg` property of a returned
+    `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key.
+
+
 Version 1.1.21
 --------------
 
@@ -1533,6 +1603,22 @@ Released on October 20, 2024.
 [#150]: https://github.com/fedify-dev/fedify/issues/150
 
 
+Version 1.0.25
+--------------
+
+Released on May 16, 2025.
+
+ -  Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which
+    caused a `500 Internal Server Error` when the received activity had
+    an invalid JSON-LD syntax.  Now it logs the error and responds with
+    a `400 Bad Request` error instead.  [[#232]]
+
+ -  The `exportJwk()` function now populates the `alg` property of a returned
+    `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key.
+
+[#232]: https://github.com/fedify-dev/fedify/issues/232
+
+
 Version 1.0.24
 --------------
 

package/README.md

@@ -101,14 +101,15 @@ financial contributors:[^2]
 - [Daniel Supernault](https://pixelfed.org/)
 - [tkgka](https://opencollective.com/tkgka)
 - [Blaine](https://opencollective.com/blaine)
+- [Erick González Aguilar](https://opencollective.com/erick-gonzalez-aguilar)
 
 ### Backers
 
-yamanoku, taye, Encyclia, okin, Andy Piper, box464, Evan Prodromou, Rafael Goulart, malte
+Robin Riley, yamanoku, Encyclia, taye, okin, Andy Piper, box464, Evan Prodromou, Rafael Goulart, malte
 
 ### One-time donations
 
-Markus P, Nils Bergmann, Rameez
+Robin Riley, Markus P, Nils Bergmann, Rameez
 
 <!-- /DO NOT EDIT -->
 <!-- cSpell: enable -->

package/SPONSORS.md

@@ -21,16 +21,17 @@ Supporters
 - [Daniel Supernault](https://pixelfed.org/)
 - [tkgka](https://opencollective.com/tkgka)
 - [Blaine](https://opencollective.com/blaine)
+- [Erick González Aguilar](https://opencollective.com/erick-gonzalez-aguilar)
 
 Backers
 -------
 
-yamanoku, taye, Encyclia, okin, Andy Piper, box464, Evan Prodromou, Rafael Goulart, malte
+Robin Riley, yamanoku, Encyclia, taye, okin, Andy Piper, box464, Evan Prodromou, Rafael Goulart, malte
 
 One-time donations
 ------------------
 
-Markus P, Nils Bergmann, Rameez
+Robin Riley, Markus P, Nils Bergmann, Rameez
 
 <!-- /DO NOT EDIT -->
 <!-- cSpell: enable -->

package/esm/deno.js

@@ -1,6 +1,6 @@
 export default {
     "name": "@fedify/fedify",
-    "version": "1.5.2",
+    "version": "1.5.3",
     "license": "MIT",
     "exports": {
         ".": "./mod.ts",

package/esm/deps/jsr.io/@std/bytes/{1.0.5 → 1.0.6}/equals.js

@@ -48,7 +48,7 @@ function equals32Bit(a, b) {
  * Byte length threshold for when to use 32-bit comparisons, based on
  * benchmarks.
  *
- * @see {@link https://github.com/denoland/deno_std/pull/4635}
+ * @see {@link https://github.com/denoland/std/pull/4635}
  */
 const THRESHOLD_32_BIT = 160;
 /**

package/esm/federation/handler.js

@@ -1,6 +1,6 @@
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
-import { accepts } from "../deps/jsr.io/@std/http/1.0.15/negotiation.js";
+import { accepts } from "../deps/jsr.io/@std/http/1.0.16/negotiation.js";
 import metadata from "../deno.js";
 import { verifyRequest } from "../sig/http.js";
 import { detachSignature, verifyJsonLd } from "../sig/ld.js";
@@ -376,12 +376,25 @@ async function handleInboxInternal(request, { recipient, context: ctx, inboxCont
         });
     }
     const keyCache = new KvKeyCache(kv, kvPrefixes.publicKey, ctx);
-    const ldSigVerified = await verifyJsonLd(json, {
-        contextLoader: ctx.contextLoader,
-        documentLoader: ctx.documentLoader,
-        keyCache,
-        tracerProvider,
-    });
+    let ldSigVerified;
+    try {
+        ldSigVerified = await verifyJsonLd(json, {
+            contextLoader: ctx.contextLoader,
+            documentLoader: ctx.documentLoader,
+            keyCache,
+            tracerProvider,
+        });
+    }
+    catch (error) {
+        if (error instanceof Error && error.name === "jsonld.SyntaxError") {
+            logger.error("Failed to parse JSON-LD:\n{error}", { recipient, error });
+            return new Response("Invalid JSON-LD.", {
+                status: 400,
+                headers: { "Content-Type": "text/plain; charset=utf-8" },
+            });
+        }
+        ldSigVerified = false;
+    }
     const jsonWithoutSig = detachSignature(json);
     let activity = null;
     if (ldSigVerified) {

package/esm/runtime/key.js

@@ -1,5 +1,5 @@
 import * as dntShim from "../_dnt.shims.js";
-import { concat } from "../deps/jsr.io/@std/bytes/1.0.5/concat.js";
+import { concat } from "../deps/jsr.io/@std/bytes/1.0.6/concat.js";
 import { decodeBase64, encodeBase64 } from "../deps/jsr.io/@std/encoding/1.0.7/base64.js";
 import { decodeBase64Url } from "../deps/jsr.io/@std/encoding/1.0.7/base64url.js";
 import { decodeHex } from "../deps/jsr.io/@std/encoding/1.0.7/hex.js";

package/esm/sig/http.js

@@ -2,7 +2,7 @@ import * as dntShim from "../_dnt.shims.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace, } from "@opentelemetry/api";
 import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_URL_FULL, } from "@opentelemetry/semantic-conventions";
-import { equals } from "../deps/jsr.io/@std/bytes/1.0.5/mod.js";
+import { equals } from "../deps/jsr.io/@std/bytes/1.0.6/mod.js";
 import { decodeBase64, encodeBase64 } from "../deps/jsr.io/@std/encoding/1.0.7/base64.js";
 import { encodeHex } from "../deps/jsr.io/@std/encoding/1.0.7/hex.js";
 import metadata from "../deno.js";

package/esm/vocab/lookup.js

@@ -1,7 +1,7 @@
 import * as dntShim from "../_dnt.shims.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
-import { delay } from "../deps/jsr.io/@std/async/1.0.12/delay.js";
+import { delay } from "../deps/jsr.io/@std/async/1.0.13/delay.js";
 import metadata from "../deno.js";
 import { getDocumentLoader, } from "../runtime/docloader.js";
 import { lookupWebFinger } from "../webfinger/lookup.js";