@fedify/fedify 1.6.0-dev.798 → 1.6.0-dev.808

package/CHANGES.md

@@ -39,6 +39,20 @@ To be released.
 [#227]: https://github.com/fedify-dev/fedify/issues/227
 
 
+Version 1.5.3
+-------------
+
+Released on May 16, 2025.
+
+ -  Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which
+    caused a `500 Internal Server Error` when the received activity had
+    an invalid JSON-LD syntax.  Now it logs the error and responds with
+    a `400 Bad Request` error instead.  [[#232]]
+
+ -  The `exportJwk()` function now populates the `alg` property of a returned
+    `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key.
+
+
 Version 1.5.2
 -------------
 
@@ -188,6 +202,20 @@ Released on March 28, 2025.
 [multibase]: https://github.com/multiformats/js-multibase
 
 
+Version 1.4.11
+--------------
+
+Released on May 16, 2025.
+
+ -  Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which
+    caused a `500 Internal Server Error` when the received activity had
+    an invalid JSON-LD syntax.  Now it logs the error and responds with
+    a `400 Bad Request` error instead.  [[#232]]
+
+ -  The `exportJwk()` function now populates the `alg` property of a returned
+    `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key.
+
+
 Version 1.4.10
 --------------
 
@@ -412,6 +440,20 @@ Released on February 5, 2025.
 [#195]: https://github.com/fedify-dev/fedify/issues/195
 
 
+Version 1.3.18
+--------------
+
+Released on May 16, 2025.
+
+ -  Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which
+    caused a `500 Internal Server Error` when the received activity had
+    an invalid JSON-LD syntax.  Now it logs the error and responds with
+    a `400 Bad Request` error instead.  [[#232]]
+
+ -  The `exportJwk()` function now populates the `alg` property of a returned
+    `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key.
+
+
 Version 1.3.17
 --------------
 
@@ -752,6 +794,20 @@ Released on November 30, 2024.
 [#193]: https://github.com/fedify-dev/fedify/issues/193
 
 
+Version 1.2.22
+--------------
+
+Released on May 16, 2025.
+
+ -  Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which
+    caused a `500 Internal Server Error` when the received activity had
+    an invalid JSON-LD syntax.  Now it logs the error and responds with
+    a `400 Bad Request` error instead.  [[#232]]
+
+ -  The `exportJwk()` function now populates the `alg` property of a returned
+    `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key.
+
+
 Version 1.2.21
 --------------
 
@@ -1140,6 +1196,20 @@ Released on October 31, 2024.
 [#118]: https://github.com/fedify-dev/fedify/issues/118
 
 
+Version 1.1.22
+--------------
+
+Released on May 16, 2025.
+
+ -  Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which
+    caused a `500 Internal Server Error` when the received activity had
+    an invalid JSON-LD syntax.  Now it logs the error and responds with
+    a `400 Bad Request` error instead.  [[#232]]
+
+ -  The `exportJwk()` function now populates the `alg` property of a returned
+    `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key.
+
+
 Version 1.1.21
 --------------
 
@@ -1569,6 +1639,22 @@ Released on October 20, 2024.
 [#150]: https://github.com/fedify-dev/fedify/issues/150
 
 
+Version 1.0.25
+--------------
+
+Released on May 16, 2025.
+
+ -  Fixed a bug where inbox handler had thrown a `jsonld.SyntaxError` which
+    caused a `500 Internal Server Error` when the received activity had
+    an invalid JSON-LD syntax.  Now it logs the error and responds with
+    a `400 Bad Request` error instead.  [[#232]]
+
+ -  The `exportJwk()` function now populates the `alg` property of a returned
+    `JsonWebKey` object with `"Ed25519"` if the input key is an Ed25519 key.
+
+[#232]: https://github.com/fedify-dev/fedify/issues/232
+
+
 Version 1.0.24
 --------------
 

package/README.md

@@ -106,7 +106,7 @@ financial contributors:[^2]
 
 ### Backers
 
-Robin Riley, yamanoku, taye, Encyclia, okin, Andy Piper, box464, Evan Prodromou, Rafael Goulart, malte
+Robin Riley, yamanoku, Encyclia, taye, okin, Andy Piper, box464, Evan Prodromou, Rafael Goulart, malte
 
 ### One-time donations
 

package/SPONSORS.md

@@ -26,7 +26,7 @@ Supporters
 Backers
 -------
 
-Robin Riley, yamanoku, taye, Encyclia, okin, Andy Piper, box464, Evan Prodromou, Rafael Goulart, malte
+Robin Riley, yamanoku, Encyclia, taye, okin, Andy Piper, box464, Evan Prodromou, Rafael Goulart, malte
 
 One-time donations
 ------------------

package/esm/deno.js

@@ -1,6 +1,6 @@
 export default {
     "name": "@fedify/fedify",
-    "version": "1.6.0-dev.798+10c851d3",
+    "version": "1.6.0-dev.808+214560bd",
     "license": "MIT",
     "exports": {
         ".": "./mod.ts",

package/esm/federation/handler.js

@@ -1,6 +1,6 @@
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
-import { accepts } from "../deps/jsr.io/@std/http/1.0.15/negotiation.js";
+import { accepts } from "../deps/jsr.io/@std/http/1.0.16/negotiation.js";
 import metadata from "../deno.js";
 import { verifyRequest } from "../sig/http.js";
 import { detachSignature, verifyJsonLd } from "../sig/ld.js";
@@ -376,12 +376,25 @@ async function handleInboxInternal(request, { recipient, context: ctx, inboxCont
         });
     }
     const keyCache = new KvKeyCache(kv, kvPrefixes.publicKey, ctx);
-    const ldSigVerified = await verifyJsonLd(json, {
-        contextLoader: ctx.contextLoader,
-        documentLoader: ctx.documentLoader,
-        keyCache,
-        tracerProvider,
-    });
+    let ldSigVerified;
+    try {
+        ldSigVerified = await verifyJsonLd(json, {
+            contextLoader: ctx.contextLoader,
+            documentLoader: ctx.documentLoader,
+            keyCache,
+            tracerProvider,
+        });
+    }
+    catch (error) {
+        if (error instanceof Error && error.name === "jsonld.SyntaxError") {
+            logger.error("Failed to parse JSON-LD:\n{error}", { recipient, error });
+            return new Response("Invalid JSON-LD.", {
+                status: 400,
+                headers: { "Content-Type": "text/plain; charset=utf-8" },
+            });
+        }
+        ldSigVerified = false;
+    }
     const jsonWithoutSig = detachSignature(json);
     let activity = null;
     if (ldSigVerified) {

package/esm/runtime/key.js

@@ -1,5 +1,5 @@
 import * as dntShim from "../_dnt.shims.js";
-import { concat } from "../deps/jsr.io/@std/bytes/1.0.5/concat.js";
+import { concat } from "../deps/jsr.io/@std/bytes/1.0.6/concat.js";
 import { decodeBase64, encodeBase64 } from "../deps/jsr.io/@std/encoding/1.0.7/base64.js";
 import { decodeBase64Url } from "../deps/jsr.io/@std/encoding/1.0.7/base64url.js";
 import { decodeHex } from "../deps/jsr.io/@std/encoding/1.0.7/hex.js";

package/esm/sig/http.js

@@ -2,7 +2,7 @@ import * as dntShim from "../_dnt.shims.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace, } from "@opentelemetry/api";
 import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_URL_FULL, } from "@opentelemetry/semantic-conventions";
-import { timingSafeEqual } from "../deps/jsr.io/@std/crypto/1.0.4/timing_safe_equal.js";
+import { timingSafeEqual } from "../deps/jsr.io/@std/crypto/1.0.5/timing_safe_equal.js";
 import { decodeBase64, encodeBase64 } from "../deps/jsr.io/@std/encoding/1.0.7/base64.js";
 import { encodeHex } from "../deps/jsr.io/@std/encoding/1.0.7/hex.js";
 import { decodeDict, encodeItem, Item, } from "structured-field-values";

package/esm/vocab/lookup.js

@@ -1,7 +1,7 @@
 import * as dntShim from "../_dnt.shims.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
-import { delay } from "../deps/jsr.io/@std/async/1.0.12/delay.js";
+import { delay } from "../deps/jsr.io/@std/async/1.0.13/delay.js";
 import metadata from "../deno.js";
 import { getDocumentLoader, } from "../runtime/docloader.js";
 import { lookupWebFinger } from "../webfinger/lookup.js";