Fedify 2.0.11

Released on April 7, 2026.

@fedify/fedify

• Fixed sendActivity() not awaiting fanoutQueue.enqueue() in the fanout path, which could cause fanout messages to be silently dropped on runtimes like Cloudflare Workers that may terminate an isolate as soon as the response is sent. [#661]

@fedify/cfworkers

• Fixed a TypeScript type mismatch that occurred when passing wrangler types-generated binding types (e.g. KVNamespace, Queue) to WorkersKvStore and WorkersMessageQueue constructors. The package previously imported these types from @cloudflare/workers-types/experimental, which includes extra members (such as KVNamespace.deleteBulk()) absent from types generated by wrangler types, causing TypeScript assignment errors at the call site. The import now uses the stable @cloudflare/workers-types entrypoint, whose definitions match what wrangler types generates. [#662]

Fedify 1.10.7

Released on April 7, 2026.

@fedify/fedify

• Fixed sendActivity() not awaiting fanoutQueue.enqueue() in the fanout path, which could cause fanout messages to be silently dropped on runtimes like Cloudflare Workers that may terminate an isolate as soon as the response is sent. [#661]

Fedify 1.9.8

Released on April 7, 2026.

@fedify/fedify

• Fixed sendActivity() not awaiting fanoutQueue.enqueue() in the fanout path, which could cause fanout messages to be silently dropped on runtimes like Cloudflare Workers that may terminate an isolate as soon as the response is sent. [#661]

Fedify 2.1.3

Released on March 31, 2026.

@fedify/init

• Restored the npm entrypoint contract for @fedify/init after the tsdown upgrade started publishing dist/*.mjs files while the package metadata still exported dist/*.js and dist/*.d.ts. Node consumers such as @fedify/cli can start again, including npx -y @fedify/cli --help. [#655]

@fedify/create

• Restored the npm CLI entrypoint for @fedify/create so the published bin and exports paths once again point to generated dist/mod.js output instead of missing dist/mod.js files. This prevents the same packaging regression from breaking npm init @fedify. [#655]

Fedify 2.0.10

Released on March 31, 2026.

@fedify/lint

• Fixed the published ESM output paths for @fedify/lint so the package exports and type declarations point to the actual files generated by tsdown. This restores imports such as import fedifyLint from "@fedify/lint" in documentation examples and other TypeScript consumers.

@fedify/init

• Restored the npm entrypoint contract for @fedify/init after the tsdown upgrade started publishing dist/*.mjs files while the package metadata still exported dist/*.js and dist/*.d.ts. Node consumers such as @fedify/cli can start again, including npx -y @fedify/cli --help. [#655]

@fedify/create

• Restored the npm CLI entrypoint for @fedify/create so the published bin and exports paths once again point to generated dist/mod.js output instead of missing dist/mod.js files. This prevents the same packaging regression from breaking npm init @fedify. [#655]

Fedify 2.1.2

Released on March 29, 2026.

@fedify/fedify

• Fixed CommonJS builds of @fedify/fedify/vocab missing the Object export from the entry point. Older tsdown output generated an invalid CommonJS re-export, causing require("@fedify/fedify/vocab").Object to be undefined. Updated the bundler toolchain and added a regression test for the built CommonJs entry point. [#651]

Fedify 2.0.9

Released on March 29, 2026.

@fedify/fedify

• Fixed CommonJS builds of @fedify/fedify/vocab missing the Object export from the entry point. Older tsdown output generated an invalid CommonJS re-export, causing require("@fedify/fedify/vocab").Object to be undefined. Updated the bundler toolchain and added a regression test for the built CommonJs entry point. [#651]

Fedify 1.10.6

Released on March 29, 2026.

@fedify/fedify

• Fixed CommonJS builds of @fedify/fedify/vocab missing the Object export from the entry point. Older tsdown output generated an invalid CommonJS re-export, causing require("@fedify/fedify/vocab").Object to be undefined. Updated the bundler toolchain and added a regression test for the built CommonJs entry point. [#651]

Fedify 1.9.7

Released on March 29, 2026.

@fedify/fedify

• Fixed CommonJS builds of @fedify/fedify/vocab missing the Object export from the entry point. Older tsdown output generated an invalid CommonJS re-export, causing require("@fedify/fedify/vocab").Object to be undefined. Updated the bundler toolchain and added a regression test for the built CommonJs entry point. [#651]

Fedify 2.1.1

Released on March 27, 2026.

@fedify/fedify

• Limited the number of HTTP redirects followed by the remote document loaders and signed HTTP fetches to mitigate resource exhaustion during remote key and document resolution. [CVE-2026-34148 by Abhinav Jaswal]

• Stopped the remote document loaders and signed HTTP fetches from revisiting the same URL within a redirect chain, preventing self-referential redirect loops. [CVE-2026-34148 by Abhinav Jaswal]

• Persisted negative public key cache entries for failed remote key fetches, reducing repeated retries against the same unavailable key across requests. [CVE-2026-34148 by Abhinav Jaswal]