@fedify/webfinger 2.3.0-dev.994 → 2.3.0-pr.809.37

package/dist/mod.cjs

@@ -4,7 +4,7 @@ let _logtape_logtape = require("@logtape/logtape");
 let _opentelemetry_api = require("@opentelemetry/api");
 //#region deno.json
 var name = "@fedify/webfinger";
-var version = "2.3.0-dev.994+9071ca0a";
+var version = "2.3.0-pr.809.37+0574ba5c";
 //#endregion
 //#region src/lookup.ts
 const logger = (0, _logtape_logtape.getLogger)([
@@ -13,6 +13,58 @@ const logger = (0, _logtape_logtape.getLogger)([
 	"lookup"
 ]);
 const DEFAULT_MAX_REDIRECTION = 5;
+const WEBFINGER_HISTOGRAM_BUCKETS = [
+	5,
+	10,
+	25,
+	50,
+	75,
+	100,
+	250,
+	500,
+	750,
+	1e3,
+	2500,
+	5e3,
+	7500,
+	1e4
+];
+const webFingerInstruments = /* @__PURE__ */ new WeakMap();
+function getWebFingerInstruments(meterProvider) {
+	let instruments = webFingerInstruments.get(meterProvider);
+	if (instruments == null) {
+		const meter = meterProvider.getMeter(name, version);
+		instruments = {
+			lookup: meter.createCounter("webfinger.lookup", {
+				description: "Outgoing WebFinger lookup attempts.",
+				unit: "{lookup}"
+			}),
+			lookupDuration: meter.createHistogram("webfinger.lookup.duration", {
+				description: "Duration of outgoing WebFinger lookups.",
+				unit: "ms",
+				advice: { explicitBucketBoundaries: [...WEBFINGER_HISTOGRAM_BUCKETS] }
+			})
+		};
+		webFingerInstruments.set(meterProvider, instruments);
+	}
+	return instruments;
+}
+function getResourceScheme(resource) {
+	if (typeof resource === "string") {
+		const colon = resource.indexOf(":");
+		return colon > 0 ? resource.substring(0, colon).toLowerCase() : "";
+	}
+	return resource.protocol.replace(/:$/, "").toLowerCase();
+}
+const WEBFINGER_LOOKUP_SCHEME_WHITELIST = new Set([
+	"acct",
+	"http",
+	"https",
+	"mailto"
+]);
+function getMetricResourceScheme(scheme) {
+	return WEBFINGER_LOOKUP_SCHEME_WHITELIST.has(scheme) ? scheme : "other";
+}
 /**
 * Looks up a WebFinger resource.
 * @param resource The resource URL to look up.
@@ -21,17 +73,25 @@ const DEFAULT_MAX_REDIRECTION = 5;
 * @since 0.2.0
 */
 async function lookupWebFinger(resource, options = {}) {
-	return await (options.tracerProvider ?? _opentelemetry_api.trace.getTracerProvider()).getTracer(name, version).startActiveSpan("webfinger.lookup", {
+	const tracer = (options.tracerProvider ?? _opentelemetry_api.trace.getTracerProvider()).getTracer(name, version);
+	const scheme = getResourceScheme(resource);
+	return await tracer.startActiveSpan("webfinger.lookup", {
 		kind: _opentelemetry_api.SpanKind.CLIENT,
 		attributes: {
 			"webfinger.resource": resource.toString(),
-			"webfinger.resource.scheme": typeof resource === "string" ? resource.replace(/:.*$/, "") : resource.protocol.replace(/:$/, "")
+			"webfinger.resource.scheme": scheme
 		}
 	}, async (span) => {
+		const meterProvider = options.meterProvider;
+		const start = meterProvider == null ? 0 : performance.now();
+		let outcome = {
+			resource: null,
+			result: "error"
+		};
 		try {
-			const result = await lookupWebFingerInternal(resource, options);
-			span.setStatus({ code: result === null ? _opentelemetry_api.SpanStatusCode.ERROR : _opentelemetry_api.SpanStatusCode.OK });
-			return result;
+			outcome = await lookupWebFingerInternal(resource, options);
+			span.setStatus({ code: outcome.resource === null ? _opentelemetry_api.SpanStatusCode.ERROR : _opentelemetry_api.SpanStatusCode.OK });
+			return outcome.resource;
 		} catch (error) {
 			span.setStatus({
 				code: _opentelemetry_api.SpanStatusCode.ERROR,
@@ -39,19 +99,41 @@ async function lookupWebFinger(resource, options = {}) {
 			});
 			throw error;
 		} finally {
+			if (meterProvider != null) recordWebFingerLookup(meterProvider, Math.max(0, performance.now() - start), scheme, outcome);
 			span.end();
 		}
 	});
 }
+function recordWebFingerLookup(meterProvider, durationMs, scheme, outcome) {
+	const attributes = {
+		"webfinger.lookup.result": outcome.result,
+		"webfinger.resource.scheme": getMetricResourceScheme(scheme)
+	};
+	if (outcome.remoteHost != null) attributes["activitypub.remote.host"] = outcome.remoteHost;
+	if (outcome.statusCode != null) attributes["http.response.status_code"] = outcome.statusCode;
+	const instruments = getWebFingerInstruments(meterProvider);
+	instruments.lookup.add(1, attributes);
+	instruments.lookupDuration.record(durationMs, attributes);
+}
 async function lookupWebFingerInternal(resource, options = {}) {
 	if (typeof resource === "string") resource = new URL(resource);
 	let protocol = "https:";
 	let server;
-	if (resource.protocol === "acct:") {
+	if (resource.protocol === "acct:" || resource.protocol === "mailto:") {
 		const atPos = resource.pathname.lastIndexOf("@");
-		if (atPos < 0) return null;
+		if (atPos < 0) return {
+			resource: null,
+			result: "invalid"
+		};
 		server = resource.pathname.substring(atPos + 1);
-		if (server === "") return null;
+		if (server === "" || /[/?#]/.test(server)) return {
+			resource: null,
+			result: "invalid"
+		};
+		if (resource.protocol === "acct:" && (resource.search !== "" || resource.hash !== "")) return {
+			resource: null,
+			result: "invalid"
+		};
 	} else {
 		protocol = resource.protocol;
 		server = resource.host;
@@ -60,6 +142,7 @@ async function lookupWebFingerInternal(resource, options = {}) {
 	url.searchParams.set("resource", resource.href);
 	let redirected = 0;
 	while (true) {
+		const remoteHost = url.host;
 		logger.debug("Fetching WebFinger resource descriptor from {url}...", { url: url.href });
 		let response;
 		if (options.allowPrivateAddress !== true) try {
@@ -67,7 +150,11 @@ async function lookupWebFingerInternal(resource, options = {}) {
 		} catch (e) {
 			if (e instanceof _fedify_vocab_runtime.UrlError) {
 				logger.error("Invalid URL for WebFinger resource descriptor: {error}", { error: e });
-				return null;
+				return {
+					resource: null,
+					result: "network_error",
+					remoteHost
+				};
 			}
 			throw e;
 		}
@@ -85,22 +172,50 @@ async function lookupWebFingerInternal(resource, options = {}) {
 				url: url.href,
 				error
 			});
-			return null;
+			return {
+				resource: null,
+				result: "network_error",
+				remoteHost
+			};
 		}
 		if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
 			redirected++;
 			const maxRedirection = options.maxRedirection ?? DEFAULT_MAX_REDIRECTION;
-			if (redirected >= maxRedirection) {
+			if (redirected > maxRedirection) {
 				logger.error("Too many redirections ({redirections}) while fetching WebFinger resource descriptor.", { redirections: redirected });
-				return null;
+				return {
+					resource: null,
+					result: "invalid",
+					statusCode: response.status,
+					remoteHost
+				};
+			}
+			let redirectedUrl;
+			try {
+				redirectedUrl = new URL(response.headers.get("Location"), response.url == null || response.url === "" ? url : response.url);
+			} catch (e) {
+				logger.error("Invalid Location header while following WebFinger redirect: {error}", {
+					url: url.href,
+					error: e
+				});
+				return {
+					resource: null,
+					result: "invalid",
+					statusCode: response.status,
+					remoteHost
+				};
 			}
-			const redirectedUrl = new URL(response.headers.get("Location"), response.url == null || response.url === "" ? url : response.url);
 			if (redirectedUrl.protocol !== url.protocol) {
 				logger.error("Redirected to a different protocol ({protocol} to {redirectedProtocol}) while fetching WebFinger resource descriptor.", {
 					protocol: url.protocol,
 					redirectedProtocol: redirectedUrl.protocol
 				});
-				return null;
+				return {
+					resource: null,
+					result: "invalid",
+					statusCode: response.status,
+					remoteHost
+				};
 			}
 			url = redirectedUrl;
 			continue;
@@ -111,14 +226,29 @@ async function lookupWebFingerInternal(resource, options = {}) {
 				status: response.status,
 				statusText: response.statusText
 			});
-			return null;
+			return {
+				resource: null,
+				result: response.status === 404 || response.status === 410 ? "not_found" : "error",
+				statusCode: response.status,
+				remoteHost
+			};
 		}
 		try {
-			return await response.json();
+			return {
+				resource: await response.json(),
+				result: "found",
+				statusCode: response.status,
+				remoteHost
+			};
 		} catch (e) {
 			if (e instanceof SyntaxError) {
 				logger.debug("Failed to parse WebFinger resource descriptor as JSON: {error}", { error: e });
-				return null;
+				return {
+					resource: null,
+					result: "invalid",
+					statusCode: response.status,
+					remoteHost
+				};
 			}
 			throw e;
 		}

package/dist/mod.d.cts

@@ -1,5 +1,5 @@
 import { GetUserAgentOptions } from "@fedify/vocab-runtime";
-import { TracerProvider } from "@opentelemetry/api";
+import { MeterProvider, TracerProvider } from "@opentelemetry/api";
 
 //#region src/jrd.d.ts
 /**
@@ -63,6 +63,28 @@ interface Link {
 //#endregion
 //#region src/lookup.d.ts
 /**
+* The terminal classification of an outgoing {@link lookupWebFinger} call,
+* recorded as the `webfinger.lookup.result` attribute on the
+* `webfinger.lookup` counter and `webfinger.lookup.duration` histogram.
+*
+*  -  `found`: the lookup returned a {@link ResourceDescriptor}.
+*  -  `not_found`: the remote responded with HTTP `404 Not Found` or
+*     `410 Gone`.  Recorded together with `http.response.status_code`.
+*  -  `invalid`: the remote responded with content Fedify could not parse
+*     into a {@link ResourceDescriptor} (JSON parse failure), the
+*     redirect chain exceeded `maxRedirection`, the remote redirected to
+*     a different protocol, or the queried `acct:` resource itself was
+*     malformed.
+*  -  `network_error`: no HTTP response was received (the URL was
+*     rejected as a private address, `fetch()` threw, or an `AbortError`
+*     cancelled the request).
+*  -  `error`: the remote responded with a non-2xx HTTP response that is
+*     neither `404` nor `410`, or any other unexpected failure bubbled up
+*     from the lookup.
+* @since 2.3.0
+*/
+type WebFingerLookupResult = "found" | "not_found" | "invalid" | "network_error" | "error";
+/**
 * Options for {@link lookupWebFinger}.
 * @since 1.3.0
 */
@@ -95,6 +117,15 @@ interface LookupWebFingerOptions {
   */
   tracerProvider?: TracerProvider;
   /**
+  * The OpenTelemetry meter provider used to record the `webfinger.lookup`
+  * counter and `webfinger.lookup.duration` histogram.  If omitted, no
+  * metric measurements are emitted (the helper is opt-in to avoid
+  * touching the global meter provider for callers that do not use
+  * OpenTelemetry).
+  * @since 2.3.0
+  */
+  meterProvider?: MeterProvider;
+  /**
   * AbortSignal for cancelling the request.
   * @since 1.8.0
   */
@@ -109,4 +140,4 @@ interface LookupWebFingerOptions {
 */
 declare function lookupWebFinger(resource: URL | string, options?: LookupWebFingerOptions): Promise<ResourceDescriptor | null>;
 //#endregion
-export { Link, LookupWebFingerOptions, ResourceDescriptor, lookupWebFinger };
+export { Link, LookupWebFingerOptions, ResourceDescriptor, WebFingerLookupResult, lookupWebFinger };

package/dist/mod.d.ts

@@ -1,5 +1,5 @@
 import { GetUserAgentOptions } from "@fedify/vocab-runtime";
-import { TracerProvider } from "@opentelemetry/api";
+import { MeterProvider, TracerProvider } from "@opentelemetry/api";
 
 //#region src/jrd.d.ts
 /**
@@ -63,6 +63,28 @@ interface Link {
 //#endregion
 //#region src/lookup.d.ts
 /**
+* The terminal classification of an outgoing {@link lookupWebFinger} call,
+* recorded as the `webfinger.lookup.result` attribute on the
+* `webfinger.lookup` counter and `webfinger.lookup.duration` histogram.
+*
+*  -  `found`: the lookup returned a {@link ResourceDescriptor}.
+*  -  `not_found`: the remote responded with HTTP `404 Not Found` or
+*     `410 Gone`.  Recorded together with `http.response.status_code`.
+*  -  `invalid`: the remote responded with content Fedify could not parse
+*     into a {@link ResourceDescriptor} (JSON parse failure), the
+*     redirect chain exceeded `maxRedirection`, the remote redirected to
+*     a different protocol, or the queried `acct:` resource itself was
+*     malformed.
+*  -  `network_error`: no HTTP response was received (the URL was
+*     rejected as a private address, `fetch()` threw, or an `AbortError`
+*     cancelled the request).
+*  -  `error`: the remote responded with a non-2xx HTTP response that is
+*     neither `404` nor `410`, or any other unexpected failure bubbled up
+*     from the lookup.
+* @since 2.3.0
+*/
+type WebFingerLookupResult = "found" | "not_found" | "invalid" | "network_error" | "error";
+/**
 * Options for {@link lookupWebFinger}.
 * @since 1.3.0
 */
@@ -95,6 +117,15 @@ interface LookupWebFingerOptions {
   */
   tracerProvider?: TracerProvider;
   /**
+  * The OpenTelemetry meter provider used to record the `webfinger.lookup`
+  * counter and `webfinger.lookup.duration` histogram.  If omitted, no
+  * metric measurements are emitted (the helper is opt-in to avoid
+  * touching the global meter provider for callers that do not use
+  * OpenTelemetry).
+  * @since 2.3.0
+  */
+  meterProvider?: MeterProvider;
+  /**
   * AbortSignal for cancelling the request.
   * @since 1.8.0
   */
@@ -109,4 +140,4 @@ interface LookupWebFingerOptions {
 */
 declare function lookupWebFinger(resource: URL | string, options?: LookupWebFingerOptions): Promise<ResourceDescriptor | null>;
 //#endregion
-export { Link, LookupWebFingerOptions, ResourceDescriptor, lookupWebFinger };
+export { Link, LookupWebFingerOptions, ResourceDescriptor, WebFingerLookupResult, lookupWebFinger };

package/dist/mod.js

@@ -3,7 +3,7 @@ import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
 //#region deno.json
 var name = "@fedify/webfinger";
-var version = "2.3.0-dev.994+9071ca0a";
+var version = "2.3.0-pr.809.37+0574ba5c";
 //#endregion
 //#region src/lookup.ts
 const logger = getLogger([
@@ -12,6 +12,58 @@ const logger = getLogger([
 	"lookup"
 ]);
 const DEFAULT_MAX_REDIRECTION = 5;
+const WEBFINGER_HISTOGRAM_BUCKETS = [
+	5,
+	10,
+	25,
+	50,
+	75,
+	100,
+	250,
+	500,
+	750,
+	1e3,
+	2500,
+	5e3,
+	7500,
+	1e4
+];
+const webFingerInstruments = /* @__PURE__ */ new WeakMap();
+function getWebFingerInstruments(meterProvider) {
+	let instruments = webFingerInstruments.get(meterProvider);
+	if (instruments == null) {
+		const meter = meterProvider.getMeter(name, version);
+		instruments = {
+			lookup: meter.createCounter("webfinger.lookup", {
+				description: "Outgoing WebFinger lookup attempts.",
+				unit: "{lookup}"
+			}),
+			lookupDuration: meter.createHistogram("webfinger.lookup.duration", {
+				description: "Duration of outgoing WebFinger lookups.",
+				unit: "ms",
+				advice: { explicitBucketBoundaries: [...WEBFINGER_HISTOGRAM_BUCKETS] }
+			})
+		};
+		webFingerInstruments.set(meterProvider, instruments);
+	}
+	return instruments;
+}
+function getResourceScheme(resource) {
+	if (typeof resource === "string") {
+		const colon = resource.indexOf(":");
+		return colon > 0 ? resource.substring(0, colon).toLowerCase() : "";
+	}
+	return resource.protocol.replace(/:$/, "").toLowerCase();
+}
+const WEBFINGER_LOOKUP_SCHEME_WHITELIST = new Set([
+	"acct",
+	"http",
+	"https",
+	"mailto"
+]);
+function getMetricResourceScheme(scheme) {
+	return WEBFINGER_LOOKUP_SCHEME_WHITELIST.has(scheme) ? scheme : "other";
+}
 /**
 * Looks up a WebFinger resource.
 * @param resource The resource URL to look up.
@@ -20,17 +72,25 @@ const DEFAULT_MAX_REDIRECTION = 5;
 * @since 0.2.0
 */
 async function lookupWebFinger(resource, options = {}) {
-	return await (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version).startActiveSpan("webfinger.lookup", {
+	const tracer = (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version);
+	const scheme = getResourceScheme(resource);
+	return await tracer.startActiveSpan("webfinger.lookup", {
 		kind: SpanKind.CLIENT,
 		attributes: {
 			"webfinger.resource": resource.toString(),
-			"webfinger.resource.scheme": typeof resource === "string" ? resource.replace(/:.*$/, "") : resource.protocol.replace(/:$/, "")
+			"webfinger.resource.scheme": scheme
 		}
 	}, async (span) => {
+		const meterProvider = options.meterProvider;
+		const start = meterProvider == null ? 0 : performance.now();
+		let outcome = {
+			resource: null,
+			result: "error"
+		};
 		try {
-			const result = await lookupWebFingerInternal(resource, options);
-			span.setStatus({ code: result === null ? SpanStatusCode.ERROR : SpanStatusCode.OK });
-			return result;
+			outcome = await lookupWebFingerInternal(resource, options);
+			span.setStatus({ code: outcome.resource === null ? SpanStatusCode.ERROR : SpanStatusCode.OK });
+			return outcome.resource;
 		} catch (error) {
 			span.setStatus({
 				code: SpanStatusCode.ERROR,
@@ -38,19 +98,41 @@ async function lookupWebFinger(resource, options = {}) {
 			});
 			throw error;
 		} finally {
+			if (meterProvider != null) recordWebFingerLookup(meterProvider, Math.max(0, performance.now() - start), scheme, outcome);
 			span.end();
 		}
 	});
 }
+function recordWebFingerLookup(meterProvider, durationMs, scheme, outcome) {
+	const attributes = {
+		"webfinger.lookup.result": outcome.result,
+		"webfinger.resource.scheme": getMetricResourceScheme(scheme)
+	};
+	if (outcome.remoteHost != null) attributes["activitypub.remote.host"] = outcome.remoteHost;
+	if (outcome.statusCode != null) attributes["http.response.status_code"] = outcome.statusCode;
+	const instruments = getWebFingerInstruments(meterProvider);
+	instruments.lookup.add(1, attributes);
+	instruments.lookupDuration.record(durationMs, attributes);
+}
 async function lookupWebFingerInternal(resource, options = {}) {
 	if (typeof resource === "string") resource = new URL(resource);
 	let protocol = "https:";
 	let server;
-	if (resource.protocol === "acct:") {
+	if (resource.protocol === "acct:" || resource.protocol === "mailto:") {
 		const atPos = resource.pathname.lastIndexOf("@");
-		if (atPos < 0) return null;
+		if (atPos < 0) return {
+			resource: null,
+			result: "invalid"
+		};
 		server = resource.pathname.substring(atPos + 1);
-		if (server === "") return null;
+		if (server === "" || /[/?#]/.test(server)) return {
+			resource: null,
+			result: "invalid"
+		};
+		if (resource.protocol === "acct:" && (resource.search !== "" || resource.hash !== "")) return {
+			resource: null,
+			result: "invalid"
+		};
 	} else {
 		protocol = resource.protocol;
 		server = resource.host;
@@ -59,6 +141,7 @@ async function lookupWebFingerInternal(resource, options = {}) {
 	url.searchParams.set("resource", resource.href);
 	let redirected = 0;
 	while (true) {
+		const remoteHost = url.host;
 		logger.debug("Fetching WebFinger resource descriptor from {url}...", { url: url.href });
 		let response;
 		if (options.allowPrivateAddress !== true) try {
@@ -66,7 +149,11 @@ async function lookupWebFingerInternal(resource, options = {}) {
 		} catch (e) {
 			if (e instanceof UrlError) {
 				logger.error("Invalid URL for WebFinger resource descriptor: {error}", { error: e });
-				return null;
+				return {
+					resource: null,
+					result: "network_error",
+					remoteHost
+				};
 			}
 			throw e;
 		}
@@ -84,22 +171,50 @@ async function lookupWebFingerInternal(resource, options = {}) {
 				url: url.href,
 				error
 			});
-			return null;
+			return {
+				resource: null,
+				result: "network_error",
+				remoteHost
+			};
 		}
 		if (response.status >= 300 && response.status < 400 && response.headers.has("Location")) {
 			redirected++;
 			const maxRedirection = options.maxRedirection ?? DEFAULT_MAX_REDIRECTION;
-			if (redirected >= maxRedirection) {
+			if (redirected > maxRedirection) {
 				logger.error("Too many redirections ({redirections}) while fetching WebFinger resource descriptor.", { redirections: redirected });
-				return null;
+				return {
+					resource: null,
+					result: "invalid",
+					statusCode: response.status,
+					remoteHost
+				};
+			}
+			let redirectedUrl;
+			try {
+				redirectedUrl = new URL(response.headers.get("Location"), response.url == null || response.url === "" ? url : response.url);
+			} catch (e) {
+				logger.error("Invalid Location header while following WebFinger redirect: {error}", {
+					url: url.href,
+					error: e
+				});
+				return {
+					resource: null,
+					result: "invalid",
+					statusCode: response.status,
+					remoteHost
+				};
 			}
-			const redirectedUrl = new URL(response.headers.get("Location"), response.url == null || response.url === "" ? url : response.url);
 			if (redirectedUrl.protocol !== url.protocol) {
 				logger.error("Redirected to a different protocol ({protocol} to {redirectedProtocol}) while fetching WebFinger resource descriptor.", {
 					protocol: url.protocol,
 					redirectedProtocol: redirectedUrl.protocol
 				});
-				return null;
+				return {
+					resource: null,
+					result: "invalid",
+					statusCode: response.status,
+					remoteHost
+				};
 			}
 			url = redirectedUrl;
 			continue;
@@ -110,14 +225,29 @@ async function lookupWebFingerInternal(resource, options = {}) {
 				status: response.status,
 				statusText: response.statusText
 			});
-			return null;
+			return {
+				resource: null,
+				result: response.status === 404 || response.status === 410 ? "not_found" : "error",
+				statusCode: response.status,
+				remoteHost
+			};
 		}
 		try {
-			return await response.json();
+			return {
+				resource: await response.json(),
+				result: "found",
+				statusCode: response.status,
+				remoteHost
+			};
 		} catch (e) {
 			if (e instanceof SyntaxError) {
 				logger.debug("Failed to parse WebFinger resource descriptor as JSON: {error}", { error: e });
-				return null;
+				return {
+					resource: null,
+					result: "invalid",
+					statusCode: response.status,
+					remoteHost
+				};
 			}
 			throw e;
 		}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fedify/webfinger",
-  "version": "2.3.0-dev.994+9071ca0a",
+  "version": "2.3.0-pr.809.37+0574ba5c",
   "homepage": "https://fedify.dev/",
   "repository": {
     "type": "git",
@@ -52,15 +52,15 @@
   "devDependencies": {
     "@types/node": "^24.2.1",
     "fetch-mock": "^12.5.4",
-    "tsdown": "^0.21.6",
-    "typescript": "^5.9.2",
+    "tsdown": "^0.22.0",
+    "typescript": "^6.0.0",
     "@fedify/fixture": "2.0.0"
   },
   "dependencies": {
-    "@logtape/logtape": "^2.0.5",
-    "@opentelemetry/api": "^1.9.0",
-    "es-toolkit": "1.43.0",
-    "@fedify/vocab-runtime": "2.3.0-dev.994+9071ca0a"
+    "@logtape/logtape": "^2.1.0",
+    "@opentelemetry/api": "^1.9.1",
+    "es-toolkit": "1.46.1",
+    "@fedify/vocab-runtime": "2.3.0-pr.809.37+0574ba5c"
   },
   "scripts": {
     "build:self": "tsdown",