@fedify/fedify 2.2.0-pr.708.19 → 2.2.0-pr.710.22

package/dist/public-audience-5WWE-JTr.mjs

@@ -0,0 +1,181 @@
+import "@js-temporal/polyfill";
+import "urlpattern-polyfill";
+globalThis.addEventListener = () => {};
+import { PUBLIC_COLLECTION } from "@fedify/vocab";
+import { preloadedContexts } from "@fedify/vocab-runtime";
+import { getLogger } from "@logtape/logtape";
+import jsonld from "@fedify/vocab-runtime/jsonld";
+//#region src/compat/public-audience.ts
+const logger = getLogger([
+	"fedify",
+	"compat",
+	"public-audience"
+]);
+const PUBLIC_ADDRESSING_FIELDS = new Set([
+	"to",
+	"cc",
+	"bto",
+	"bcc",
+	"audience"
+]);
+const preloadedOnlyDocumentLoader = (url) => {
+	if (url in preloadedContexts) return Promise.resolve({
+		contextUrl: null,
+		documentUrl: url,
+		document: preloadedContexts[url]
+	});
+	return Promise.reject(/* @__PURE__ */ new Error("Refusing to fetch a non-preloaded JSON-LD context: " + url));
+};
+const AS_CONTEXT_URL = "https://www.w3.org/ns/activitystreams";
+const MAX_TRAVERSAL_DEPTH = 64;
+const KNOWN_SAFE_CONTEXT_URLS = new Set(Object.keys(preloadedContexts));
+function hasPublicCurieInAddressing(value, parentKey, depth = 0) {
+	if (typeof value === "string") return parentKey != null && PUBLIC_ADDRESSING_FIELDS.has(parentKey) && (value === "as:Public" || value === "Public");
+	if (depth >= MAX_TRAVERSAL_DEPTH) return false;
+	if (Array.isArray(value)) return value.some((item) => hasPublicCurieInAddressing(item, parentKey, depth + 1));
+	if (typeof value !== "object" || value == null) return false;
+	const record = value;
+	for (const key of Object.keys(record)) {
+		if (key === "@context") continue;
+		if (hasPublicCurieInAddressing(record[key], key, depth + 1)) return true;
+	}
+	return false;
+}
+function rewritePublicAudience(value, parentKey, depth = 0) {
+	if (typeof value === "string" && parentKey != null && PUBLIC_ADDRESSING_FIELDS.has(parentKey) && (value === "as:Public" || value === "Public")) return PUBLIC_COLLECTION.href;
+	if (depth >= MAX_TRAVERSAL_DEPTH) return value;
+	if (Array.isArray(value)) {
+		let changed = false;
+		const mapped = value.map((item) => {
+			const rewritten = rewritePublicAudience(item, parentKey, depth + 1);
+			if (rewritten !== item) changed = true;
+			return rewritten;
+		});
+		return changed ? mapped : value;
+	}
+	if (typeof value !== "object" || value == null) return value;
+	const record = value;
+	let changed = false;
+	const normalized = {};
+	for (const key of Object.keys(record)) {
+		const rewritten = key === "@context" ? record[key] : rewritePublicAudience(record[key], key, depth + 1);
+		if (rewritten !== record[key]) changed = true;
+		normalized[key] = rewritten;
+	}
+	return changed ? normalized : value;
+}
+/**
+* Reports whether `value` carries an `@context` property anywhere inside
+* its subtree (not counting the value itself).  A nested `@context` can
+* introduce a local term-definition scope that redefines `as:` or `Public`
+* even when the top-level `@context` is safe, so the fast path must defer
+* to the URDNA2015 equivalence check whenever one is present.
+*/
+function hasNestedContext(value, depth = 0) {
+	if (depth >= MAX_TRAVERSAL_DEPTH) return true;
+	if (Array.isArray(value)) return value.some((item) => hasNestedContext(item, depth + 1));
+	if (typeof value !== "object" || value == null) return false;
+	const record = value;
+	for (const key of Object.keys(record)) {
+		if (key === "@context") return true;
+		if (hasNestedContext(record[key], depth + 1)) return true;
+	}
+	return false;
+}
+/**
+* Checks whether the `@context` of a JSON-LD document is guaranteed not
+* to redefine the `as:` prefix or the bare `Public` term.  Only documents
+* whose `@context` is a string, or an array of strings, drawn from Fedify's
+* preloaded context set AND including the ActivityStreams URL qualify,
+* AND no nested subtree carries its own `@context` that might redefine
+* those terms within a local scope.  When all of that holds the rewrite
+* is provably semantics-preserving and the URDNA2015 equivalence check
+* can be skipped.  Any other shape (unknown external URLs, inline
+* objects at the top level, nested `@context` blocks) is treated as
+* potentially unsafe.
+*/
+function hasKnownSafeContext(jsonLd) {
+	if (typeof jsonLd !== "object" || jsonLd == null) return false;
+	const record = jsonLd;
+	if (!Object.hasOwn(record, "@context")) return false;
+	const ctx = record["@context"];
+	const entries = typeof ctx === "string" ? [ctx] : Array.isArray(ctx) ? ctx : null;
+	if (entries == null || entries.length === 0) return false;
+	let hasAs = false;
+	for (const entry of entries) {
+		if (typeof entry !== "string") return false;
+		if (!KNOWN_SAFE_CONTEXT_URLS.has(entry)) return false;
+		if (entry === AS_CONTEXT_URL) hasAs = true;
+	}
+	if (!hasAs) return false;
+	for (const key of Object.keys(record)) {
+		if (key === "@context") continue;
+		if (hasNestedContext(record[key])) return false;
+	}
+	return true;
+}
+/**
+* Rewrites the compact `as:Public` / `Public` CURIE appearing in activity
+* addressing fields (`to`, `cc`, `bto`, `bcc`, `audience`) to the fully
+* expanded `https://www.w3.org/ns/activitystreams#Public` URI.
+*
+* Several ActivityPub implementations, Lemmy among them, match these
+* fields as plain URLs without running JSON-LD expansion, and silently
+* drop activities whose public addressing appears in CURIE form.  This
+* helper works around that gap.
+*
+* For documents whose `@context` is drawn entirely from Fedify's
+* preloaded context set and includes the ActivityStreams URL, the
+* rewrite is applied directly: the content of every preloaded non-AS
+* context is known not to redefine the `as:` prefix or the bare `Public`
+* term, so the semantics are preserved by construction.  Any other
+* shape (an inline object, an unknown external URL, and so on) is
+* treated as potentially unsafe and gated on a JSON-LD equivalence
+* check; both forms are canonicalized with URDNA2015 and the resulting
+* N-Quads are compared.  When they differ, the original document is
+* returned unchanged.  Canonicalization failures also fall back to the
+* original document.
+*
+* When no `contextLoader` is supplied the helper falls back to an
+* internal loader that resolves only the URLs in Fedify's
+* preloaded-contexts set and rejects every other URL without issuing a
+* network request.  That behaviour is deliberately narrower than
+* `@fedify/vocab-runtime`'s `getDocumentLoader()`, which after its
+* `validatePublicUrl` check will happily fetch non-preloaded URLs: the
+* helper is reached from verification paths (`verifyProof()` /
+* `verifyObject()`) that operate on inbound, potentially adversarial
+* JSON-LD, and a default loader that fetches attacker-supplied
+* `@context` URLs on the caller's behalf would be an SSRF vector.
+* Canonicalization failures against the restricted loader fall back to
+* the original document, same as any other canonicalization error.
+* Callers that genuinely need the remote-fetch loader (for example
+* applications that sign local JSON-LD against a custom vocabulary)
+* should pass a `contextLoader` explicitly.
+*
+* Must be called before any signing step that canonicalizes the
+* compact form byte-for-byte (for example, Object Integrity Proofs
+* using the `eddsa-jcs-2022` cryptosuite), so the signed payload
+* matches what is sent on the wire.
+*/
+async function normalizePublicAudience(jsonLd, contextLoader) {
+	if (!hasPublicCurieInAddressing(jsonLd)) return jsonLd;
+	const normalized = rewritePublicAudience(jsonLd);
+	if (hasKnownSafeContext(jsonLd)) return normalized;
+	const loader = contextLoader ?? preloadedOnlyDocumentLoader;
+	try {
+		const [before, after] = await Promise.all([jsonld.canonize(jsonLd, {
+			format: "application/n-quads",
+			documentLoader: loader
+		}), jsonld.canonize(normalized, {
+			format: "application/n-quads",
+			documentLoader: loader
+		})]);
+		if (before === after) return normalized;
+		logger.warn("Expanding the public audience CURIE to its full URI would change the canonical form of the activity; sending the activity as is.  This usually means the active JSON-LD context redefines the `as:` prefix or the bare `Public` term.");
+	} catch (error) {
+		logger.debug("Failed to verify public audience normalization equivalence via JSON-LD canonicalization; sending the activity as is.\n{error}", { error });
+	}
+	return jsonLd;
+}
+//#endregion
+export { normalizePublicAudience as t };

package/dist/{send-Cqy2NRSV.mjs → send-CCwbKHXy.mjs}

@@ -1,8 +1,8 @@
 import "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
-import { n as version, t as name } from "./deno-D544KGtd.mjs";
-import { n as doubleKnock } from "./http-6m2N3LCD.mjs";
+import { n as version, t as name } from "./deno-sxAmy69e.mjs";
+import { n as doubleKnock } from "./http-BKrXOLjL.mjs";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
 import { getLogger } from "@logtape/logtape";
 //#region src/federation/send.ts

package/dist/sig/http.test.mjs

@@ -7,8 +7,8 @@ import { a as assertExists, t as assertStringIncludes } from "../std__assert-Dui
 import { n as assertFalse, t as assertRejects } from "../assert_rejects-B-qJtC9Z.mjs";
 import { t as assertThrows } from "../assert_throws-4NwKEy2q.mjs";
 import { t as assert } from "../assert-ddO5KLpe.mjs";
-import { t as exportJwk } from "../key-CCuaH5jy.mjs";
-import { a as parseRfc9421Signature, c as timingSafeEqual, i as formatRfc9421SignatureParameters, l as verifyRequest, n as doubleKnock, o as parseRfc9421SignatureInput, r as formatRfc9421Signature, s as signRequest, t as createRfc9421SignatureBase, u as verifyRequestDetailed } from "../http-6m2N3LCD.mjs";
+import { t as exportJwk } from "../key-CwG1d1a2.mjs";
+import { a as parseRfc9421Signature, c as timingSafeEqual, i as formatRfc9421SignatureParameters, l as verifyRequest, n as doubleKnock, o as parseRfc9421SignatureInput, r as formatRfc9421Signature, s as signRequest, t as createRfc9421SignatureBase, u as verifyRequestDetailed } from "../http-BKrXOLjL.mjs";
 import { i as rsaPrivateKey2, l as rsaPublicKey5, o as rsaPublicKey1, s as rsaPublicKey2 } from "../keys-BAK-tUlf.mjs";
 import { createTestTracerProvider, mockDocumentLoader, test } from "@fedify/fixture";
 import { FetchError, exportSpki } from "@fedify/vocab-runtime";

package/dist/sig/key.test.mjs

@@ -5,7 +5,7 @@ import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import "../std__assert-Duiq_YC9.mjs";
 import { t as assertRejects } from "../assert_rejects-B-qJtC9Z.mjs";
 import { t as assertThrows } from "../assert_throws-4NwKEy2q.mjs";
-import { a as importJwk, i as generateCryptoKeyPair, n as fetchKey, o as validateCryptoKey, r as fetchKeyDetailed, t as exportJwk } from "../key-CCuaH5jy.mjs";
+import { a as importJwk, i as generateCryptoKeyPair, n as fetchKey, o as validateCryptoKey, r as fetchKeyDetailed, t as exportJwk } from "../key-CwG1d1a2.mjs";
 import { c as rsaPublicKey3, i as rsaPrivateKey2, o as rsaPublicKey1, s as rsaPublicKey2, t as ed25519Multikey } from "../keys-BAK-tUlf.mjs";
 import { createTestTracerProvider, mockDocumentLoader, test } from "@fedify/fixture";
 import { CryptographicKey, Multikey } from "@fedify/vocab";

package/dist/sig/ld.test.mjs

@@ -5,9 +5,9 @@ import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import { n as assertFalse, t as assertRejects } from "../assert_rejects-B-qJtC9Z.mjs";
 import { t as assertThrows } from "../assert_throws-4NwKEy2q.mjs";
 import { t as assert } from "../assert-ddO5KLpe.mjs";
-import { i as generateCryptoKeyPair } from "../key-CCuaH5jy.mjs";
+import { i as generateCryptoKeyPair } from "../key-CwG1d1a2.mjs";
 import { a as rsaPrivateKey3, c as rsaPublicKey3, i as rsaPrivateKey2, n as ed25519PrivateKey, s as rsaPublicKey2, t as ed25519Multikey } from "../keys-BAK-tUlf.mjs";
-import { a as signJsonLd, i as hasSignatureLike, n as createSignature, o as verifyJsonLd, r as detachSignature, s as verifySignature, t as attachSignature } from "../ld-DN2lsaG8.mjs";
+import { a as signJsonLd, i as hasSignatureLike, n as createSignature, o as verifyJsonLd, r as detachSignature, s as verifySignature, t as attachSignature } from "../ld-t2WD3nYp.mjs";
 import { mockDocumentLoader, test } from "@fedify/fixture";
 import { CryptographicKey } from "@fedify/vocab";
 import { encodeBase64 } from "byte-encodings/base64";

package/dist/sig/mod.cjs

@@ -1,8 +1,8 @@
 const { Temporal } = require("@js-temporal/polyfill");
 const { URLPattern } = require("urlpattern-polyfill");
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const require_http = require("../http-BMsHAyvq.cjs");
-const require_proof = require("../proof-3RKiVMZP.cjs");
+const require_http = require("../http-C1BAaJ_m.cjs");
+const require_proof = require("../proof-0fe_hpBU.cjs");
 exports.attachSignature = require_proof.attachSignature;
 exports.createProof = require_proof.createProof;
 exports.createSignature = require_proof.createSignature;

package/dist/sig/mod.js

@@ -1,5 +1,5 @@
 import "@js-temporal/polyfill";
 import "urlpattern-polyfill";
-import { a as verifyRequestDetailed, c as fetchKeyDetailed, f as formatAcceptSignature, h as validateAcceptSignature, i as verifyRequest, l as generateCryptoKeyPair, m as parseAcceptSignature, o as exportJwk, p as fulfillAcceptSignature, r as signRequest, s as fetchKey, u as importJwk } from "../http-CxVGLNoz.js";
-import { a as verifyProof, c as attachSignature, d as hasSignatureLike, f as signJsonLd, i as verifyObject, l as createSignature, m as verifySignature, n as hasProofLike, o as doesActorOwnKey, p as verifyJsonLd, r as signObject, s as getKeyOwner, t as createProof, u as detachSignature } from "../proof-0cJIZBgO.js";
+import { a as verifyRequestDetailed, c as fetchKeyDetailed, f as formatAcceptSignature, h as validateAcceptSignature, i as verifyRequest, l as generateCryptoKeyPair, m as parseAcceptSignature, o as exportJwk, p as fulfillAcceptSignature, r as signRequest, s as fetchKey, u as importJwk } from "../http-DI4R9CTK.js";
+import { a as verifyProof, c as getKeyOwner, d as detachSignature, f as hasSignatureLike, h as verifySignature, i as verifyObject, l as attachSignature, m as verifyJsonLd, n as hasProofLike, p as signJsonLd, r as signObject, s as doesActorOwnKey, t as createProof, u as createSignature } from "../proof-DJiXN7Qc.js";
 export { attachSignature, createProof, createSignature, detachSignature, doesActorOwnKey, exportJwk, fetchKey, fetchKeyDetailed, formatAcceptSignature, fulfillAcceptSignature, generateCryptoKeyPair, getKeyOwner, hasProofLike, hasSignatureLike, importJwk, parseAcceptSignature, signJsonLd, signObject, signRequest, validateAcceptSignature, verifyJsonLd, verifyObject, verifyProof, verifyRequest, verifyRequestDetailed, verifySignature };

package/dist/sig/owner.test.mjs

@@ -6,7 +6,7 @@ import "../std__assert-Duiq_YC9.mjs";
 import { n as assertFalse } from "../assert_rejects-B-qJtC9Z.mjs";
 import { t as assert } from "../assert-ddO5KLpe.mjs";
 import { o as rsaPublicKey1, s as rsaPublicKey2 } from "../keys-BAK-tUlf.mjs";
-import { n as getKeyOwner, t as doesActorOwnKey } from "../owner-B34dTvD2.mjs";
+import { n as getKeyOwner, t as doesActorOwnKey } from "../owner-J1wYUBAp.mjs";
 import { createTestTracerProvider, mockDocumentLoader, test } from "@fedify/fixture";
 import { Create, CryptographicKey, lookupObject } from "@fedify/vocab";
 //#region src/sig/owner.test.ts

package/dist/sig/proof.test.mjs

@@ -7,9 +7,10 @@ import { n as assertFalse, t as assertRejects } from "../assert_rejects-B-qJtC9Z
 import { t as assertInstanceOf } from "../assert_instance_of-C4Ri6VuN.mjs";
 import { t as assert } from "../assert-ddO5KLpe.mjs";
 import { i as rsaPrivateKey2, n as ed25519PrivateKey, r as ed25519PublicKey, s as rsaPublicKey2, t as ed25519Multikey } from "../keys-BAK-tUlf.mjs";
-import { a as verifyProof, i as verifyObject, n as hasProofLike, r as signObject, t as createProof } from "../proof-grJLXdIM.mjs";
+import { t as normalizePublicAudience } from "../public-audience-5WWE-JTr.mjs";
+import { a as verifyProof, i as verifyObject, n as hasProofLike, r as signObject, t as createProof } from "../proof-DngAmXc3.mjs";
 import { mockDocumentLoader, test } from "@fedify/fixture";
-import { Create, DataIntegrityProof, Multikey, Note, Place } from "@fedify/vocab";
+import { Create, DataIntegrityProof, Multikey, Note, PUBLIC_COLLECTION, Place } from "@fedify/vocab";
 import { decodeMultibase, importMultibaseKey } from "@fedify/vocab-runtime";
 import { decodeHex } from "byte-encodings/hex";
 //#region src/sig/proof.test.ts
@@ -151,6 +152,39 @@ test("signObject()", async () => {
 		created,
 		contextLoader: mockDocumentLoader
 	}), TypeError, "Unsupported algorithm");
+	const signed = await signObject(new Create({
+		id: new URL("https://server.example/activities/2"),
+		actor: new URL("https://server.example/users/alice"),
+		object: new Note({
+			id: new URL("https://server.example/objects/2"),
+			attribution: new URL("https://server.example/users/alice"),
+			content: "Hello public"
+		}),
+		tos: [PUBLIC_COLLECTION]
+	}), fep8b32TestVectorPrivateKey, fep8b32TestVectorKeyId, {
+		...options,
+		created
+	});
+	const [proof] = await Array.fromAsync(signed.getProofs(options));
+	assertInstanceOf(proof, DataIntegrityProof);
+	const signedJson = await normalizePublicAudience(await signed.toJsonLd(options), mockDocumentLoader);
+	assertEquals(signedJson.to, PUBLIC_COLLECTION.href);
+	const verifyCache = {};
+	const verifyOptions = {
+		contextLoader: mockDocumentLoader,
+		documentLoader: mockDocumentLoader,
+		keyCache: {
+			get: (keyId) => Promise.resolve(verifyCache[keyId.href]),
+			set: (keyId, key) => {
+				verifyCache[keyId.href] = key;
+				return Promise.resolve();
+			}
+		}
+	};
+	assertInstanceOf(await verifyProof(signedJson, proof, verifyOptions), Multikey);
+	const signedJsonWithCurie = await signed.toJsonLd(options);
+	assertEquals(signedJsonWithCurie.to, "as:Public");
+	assertInstanceOf(await verifyProof(signedJsonWithCurie, proof, verifyOptions), Multikey);
 });
 test("hasProofLike()", () => {
 	assert(hasProofLike({ proof: {
@@ -252,6 +286,30 @@ test("verifyProof()", async () => {
 		}
 	}, proof, options), null);
 	assertEquals(await verifyProof(jsonLd, proof.clone({ created: Temporal.Now.instant() }), options), null);
+	assertEquals(await verifyProof({
+		...jsonLd,
+		"https://w3id.org/security#proof": {
+			"@type": ["https://w3id.org/security#DataIntegrityProof"],
+			"https://w3id.org/security#proofValue": [{ "@value": "stale" }]
+		}
+	}, proof, options), expectedKey);
+	assertEquals(await verifyProof([jsonLd], proof, options), null);
+	assertEquals(await verifyProof({
+		"@context": ["https://www.w3.org/ns/activitystreams", "https://attacker.example/ctx"],
+		id: "https://server.example/activities/attacker",
+		type: "Create",
+		actor: "https://server.example/users/alice",
+		object: {
+			id: "https://server.example/objects/attacker",
+			type: "Note",
+			attributedTo: "https://server.example/users/alice",
+			content: "n/a",
+			to: "as:Public"
+		}
+	}, proof, {
+		documentLoader: mockDocumentLoader,
+		keyCache: options.keyCache
+	}), null);
 });
 test("verifyObject()", async () => {
 	const options = {

package/dist/utils/docloader.test.mjs

@@ -5,9 +5,9 @@ import { t as esm_default } from "../esm-DVILvP5e.mjs";
 import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import "../std__assert-Duiq_YC9.mjs";
 import { t as assertRejects } from "../assert_rejects-B-qJtC9Z.mjs";
-import { l as verifyRequest } from "../http-6m2N3LCD.mjs";
+import { l as verifyRequest } from "../http-BKrXOLjL.mjs";
 import { i as rsaPrivateKey2 } from "../keys-BAK-tUlf.mjs";
-import { t as getAuthenticatedDocumentLoader } from "../docloader-CXAw1Ofx.mjs";
+import { t as getAuthenticatedDocumentLoader } from "../docloader-CAcGw6pQ.mjs";
 import { mockDocumentLoader, test } from "@fedify/fixture";
 import { UrlError } from "@fedify/vocab-runtime";
 //#region src/utils/docloader.test.ts

package/dist/utils/mod.cjs

@@ -1,6 +1,6 @@
 const { Temporal } = require("@js-temporal/polyfill");
 const { URLPattern } = require("urlpattern-polyfill");
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const require_kv_cache = require("../kv-cache-D0srbjWc.cjs");
+const require_kv_cache = require("../kv-cache-p33MTfBu.cjs");
 exports.getAuthenticatedDocumentLoader = require_kv_cache.getAuthenticatedDocumentLoader;
 exports.kvCache = require_kv_cache.kvCache;

package/dist/utils/mod.js

@@ -1,4 +1,4 @@
 import "@js-temporal/polyfill";
 import "urlpattern-polyfill";
-import { n as getAuthenticatedDocumentLoader, t as kvCache } from "../kv-cache-CBQPqEDj.js";
+import { n as getAuthenticatedDocumentLoader, t as kvCache } from "../kv-cache-BQS2P8gv.js";
 export { getAuthenticatedDocumentLoader, kvCache };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fedify/fedify",
-  "version": "2.2.0-pr.708.19+4267edbb",
+  "version": "2.2.0-pr.710.22+527afb16",
   "description": "An ActivityPub server framework",
   "keywords": [
     "ActivityPub",
@@ -144,9 +144,9 @@
     "uri-template-router": "^1.0.0",
     "url-template": "^3.1.1",
     "urlpattern-polyfill": "^10.1.0",
-    "@fedify/vocab": "2.2.0-pr.708.19+4267edbb",
-    "@fedify/vocab-runtime": "2.2.0-pr.708.19+4267edbb",
-    "@fedify/webfinger": "2.2.0-pr.708.19+4267edbb"
+    "@fedify/vocab": "2.2.0-pr.710.22+527afb16",
+    "@fedify/webfinger": "2.2.0-pr.710.22+527afb16",
+    "@fedify/vocab-runtime": "2.2.0-pr.710.22+527afb16"
   },
   "devDependencies": {
     "@std/assert": "npm:@jsr/std__assert@^0.226.0",
@@ -159,7 +159,7 @@
     "typescript": "^5.9.2",
     "wrangler": "^4.17.0",
     "@fedify/fixture": "2.0.0",
-    "@fedify/vocab-tools": "^2.2.0-pr.708.19+4267edbb"
+    "@fedify/vocab-tools": "^2.2.0-pr.710.22+527afb16"
   },
   "scripts": {
     "build:self": "tsdown",