Update dependency @fedify/hono to v2

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@fedify/hono (source)	1.9.1 → 2.0.0

---

Release Notes

fedify-dev/fedify (@​fedify/hono)

v2.0.0

Compare Source

Released on February 22, 2026.

@​fedify/fedify

• Remove contextLoader option (which was deprecated) from
  FederationOptions interface in favor of contextLoaderFactory option
  for better flexibility. [#​376, #​445 by Hasang Cho]

• Migrated from @​phensley/language-tag package and its LanguageTag class
  to the standardized Intl.Locale class for representing language tags.
  [#​280, #​392 by Jang Hanarae]

  • The LanguageString.language property is now LanguageString.locale and
    is of type Intl.Locale instead of LanguageTag.
  • The LanguageString constructor now accepts either an Intl.Locale
    object or a string for the language parameter.
  • The Link.language property is now of type Intl.Locale instead
    of LanguageTag.
  • Removed the @phensley/language-tag dependency.

• Remove documentLoader option (which was deprecated) from
  FederationOptions interface in favor of documentLoaderFactory option
  for better flexibility. [#​376, #​393 by Hasang Cho]

• Remove CreateFederationOptions<TContextData> interface (which was
  deprecated since 1.6.0). Use FederationOptions<TContextData> instead.
  [#​376]

• Remove fetchDocumentLoader() function (which was deprecated since 0.14.0).
  Use getDocumentLoader() from @fedify/vocab-runtime instead. [#​376]

• Remove { handle: string } parameter form from sendActivity(),
  forwardActivity(), getDocumentLoader(), and ParseUriResult.
  Use { identifier: string } or { username: string } instead. [#​376]

• Changed NodeInfo software.version field type from SemVer to string
  to properly handle non-SemVer version strings in accordance with the
  NodeInfo specification. [#​366, #​433 by Hyeonseo Kim]

  • The parseNodeInfo() function now returns version as string instead
    of SemVer object.
  • The Software.version field is now of string (was of SemVer).
  • Removed parseSemVer() and formatSemVer() functions.
  • Updated related CLI tools and documentation.

• Federation dispatchers are now only triggered when the request accepts
  ActivityPub-compatible content types. This improves compatibility with
  applications that serve both HTML and ActivityPub content from the same
  URLs. [#​434 by Emelia Smith]

  • Actor, object, and collection dispatchers will no longer be called for
    requests with Accept: text/html or other non-ActivityPub content
    types.
  • The notAcceptable callback is now triggered at the middleware level
    before dispatchers are invoked.
  • If your application relies on dispatchers being called regardless of
    Accept header, you may need to adjust your routing logic.

• Changed the default activity idempotency strategy from "per-origin" to
  "per-inbox" to align with standard ActivityPub behavior. [#​441]

  • Activities are now deduplicated per inbox by default, allowing the same
    activity ID to be processed once per inbox independently.
  • The previous "per-origin" strategy (deduplicate per receiving server)
    can still be explicitly configured using
    .withIdempotency("per-origin").
  • This change ensures proper delivery of activities to multiple inboxes
    on the same server, fixing issues where activities were incorrectly
    deduplicated globally.

• Separated modules from @fedify/fedify/runtime to improve modularity and
  reduce coupling between vocabulary generation and core federation
  functionality. [#​444, #​451 by ChanHaeng Lee]

  • Modules related to ActivityPub vocabulary generation have been extracted
    into the new @fedify/vocab-runtime package.
  • Other utility modules from @fedify/fedify/runtime have been
    reorganized into the @fedify/fedify/utils directory within the main
    package.
  • Updated import paths throughout the codebase to reflect the new module
    organization.

• Deprecated the @fedify/fedify/runtime module in favor of the new
  @fedify/vocab-runtime package. The @fedify/fedify/runtime module now
  re-exports all exports from @fedify/vocab-runtime for backward
  compatibility, but will be removed in a future version. Please migrate
  to @fedify/vocab-runtime directly. [#​560]

• The KvCacheParameters.rules option's type became
  [string | URL | URLPattern, Temporal.Duration | Temporal.DurationLike][]
  (was [string | URL | URLPattern, Temporal.Duration][]).

• The @fedify/fedify/x/* modules are removed. Also, there are no Fresh
  integration for now. [#​391 by Chanhaeng Lee]

  • Removed @fedify/fedify/x/cfworkers in favor of @fedify/cfworkers.
  • Removed @fedify/fedify/x/denokv in favor of @fedify/denokv.
  • Removed @fedify/fedify/x/hono in favor of @fedify/hono.
  • Removed @fedify/fedify/x/sveltekit in favor of @fedify/sveltekit.
  • Removed @fedify/fedify/x/fresh (Fresh integration). [#​466]

• Deprecated the @fedify/fedify/vocab module in favor of the new
  @fedify/vocab package. The @fedify/fedify/vocab module now re-exports
  all exports from @fedify/vocab for backward compatibility, but will be
  removed in a future version. Please migrate to @fedify/vocab directly.
  [#​437, #​517 by ChanHaeng Lee]

• The KvStore.list() method is now required instead of optional.
  This method was added as optional in version 1.10.0 to give existing
  implementations time to add support. All official KvStore implementations
  already support this method. [#​499, #​506]

• Added orderingKey option to MessageQueueEnqueueOptions interface for
  ordered message delivery. Messages with the same ordering key are
  guaranteed to be processed in the order they were enqueued, while messages
  with different ordering keys can be processed in parallel. This helps
  prevent race conditions when processing related activities (e.g., ensuring
  a Delete activity is processed after a Create activity for the same
  object). [#​536, #​538, #​540, #​544]

  • Added MessageQueueEnqueueOptions.orderingKey property.
  • All properties in MessageQueueEnqueueOptions are now readonly.
  • InProcessMessageQueue now supports the orderingKey option.
  • Added SendActivityOptions.orderingKey option to ensure ordered
    delivery of activities for the same object. When specified, activities
    with the same orderingKey are guaranteed to be delivered in order
    to each recipient server.

• Added Federatable.setOutboxPermanentFailureHandler() method to handle
  permanent delivery failures (such as 410 Gone or 404 Not Found) when
  sending activities to remote inboxes. This allows applications to clean
  up unreachable followers and avoid future delivery attempts to permanently
  failed inboxes. [#​548, #​559]

• Added permanentFailureStatusCodes option to FederationOptions to
  configure which HTTP status codes are treated as permanent delivery
  failures. By default, 404 and 410 are treated as permanent failures.
  [#​548, #​559]

• Added SendActivityError class, a structured error that is thrown when
  an activity fails to send to a remote inbox. It includes the HTTP status
  code, the inbox URL, and the response body, making it easier to
  programmatically handle delivery errors. [#​548, #​559]

• Added traceId and spanId to LogTape context in federation middleware
  so that log records emitted during request handling and queue processing
  include the OpenTelemetry trace and span IDs in their properties. This
  enables the @fedify/debugger dashboard to display per-trace logs.
  [#​561, #​564]

• Fixed unbounded memory consumption when activity delivery fails with large
  error responses. The SendActivityError.responseBody property is now
  limited to 1 KiB to prevent memory pressure when remote servers return
  large HTML error pages (e.g., Cloudflare error pages of 50–100 KB each).
  This prevents potential OOM crashes in production environments with many
  unreachable inboxes. [#​569]

@​fedify/cli

• The Fedify CLI now runs natively on Node.js and Bun without requiring
  compiled binaries, providing a more natural JavaScript package experience
  for Node.js and Bun users. [#​374, #​456, #​457]

• Added fedify generate-vocab command to generate Activity Vocabulary
  classes from schema files. This command uses the new @​fedify/vocab-tools
  package internally and allows users to extend Activity Vocabulary with
  custom types. [#​444, #​458 by ChanHaeng Lee]

• Updated fedify init command for better DX.
  [#​397, #​435 by Chanhaeng Lee]

  • If the directory is not empty, prompts the user for confirmation
    before proceeding. If the user agrees, it moves the remaining directory
    to trash and continue the initialization from new created directory.
  • Ask again if some options is not specified or invalid.

• The fedify lookup command now supports multiple URLs with the
  -t/--traverse option, allowing users to traverse multiple collections
  in a single command. [#​408, #​449 by Jiwon Kwon]

• The fedify init command now supports Elysia as a web framework option,
  with runtime-specific templates for Deno, Bun, and Node.js environments.
  [#​460, #​496 by Hyeonseo Kim]

• Fixed a bug in the fedify init command where Deno import map generation
  incorrectly handled dependencies with registry prefixes (e.g., npm:),
  creating invalid specifiers in deno.json.
  [#​460, #​496 by Hyeonseo Kim]

• Added fedify relay command to run an ephemeral ActivityPub relay server.
  [#​510, #​518 by Jiwon Kwon]

  • Supports both Mastodon and LitePub relay protocols via --protocol
    option.
  • Provides optional persistent storage via --persistent option with
    SQLite database.
  • Allows configuring subscription approval/rejection via --accept-follow
    and --reject-follow options.
  • Tunnels the relay server to the public internet by default for external
    access, with --no-tunnel option to run locally only.

• Added --tunnel-service option to fedify lookup, fedify inbox, and
  fedify relay commands to select the tunneling service (localhost.run,
  serveo.net, or pinggy.io). Also added --tunnel-service as an alias
  to the existing -s/--service option in fedify tunnel for consistency.
  [#​525, #​529, #​531 by Jiwon Kwon]

• Added configuration file support for CLI commands. The CLI now loads
  settings from configuration files at multiple levels, with a well-defined
  precedence chain. [#​555, #​566 by Jiwon Kwon]

  • By default, configuration is loaded (in order of increasing precedence)
    from a system-wide configuration file (/etc/xdg/fedify/config.toml),
    a user-level configuration file (~/.config/fedify/config.toml),
    and .fedify.toml in the current directory; later files override
    earlier ones.
  • Added --config option to specify a custom configuration file path;
    this file has the highest precedence over all other configuration
    sources.
  • Added --ignore-config option to skip configuration file loading.
  • All command options (inbox, lookup, webfinger, nodeinfo,
    tunnel, relay) can now be configured via any of the configuration
    files.

@​fedify/debugger

• Created the @​fedify/debugger package, an embedded real-time ActivityPub
  debug dashboard for Fedify. It wraps an existing Federation object as
  a proxy, intercepting requests to a configurable path prefix (default
  /__debug__) and serving an SSR-based web UI. [#​561, #​564]

  • Added createFederationDebugger() function that returns a
    Federation proxy with a built-in debug dashboard. When called
    without an exporter option, it automatically sets up OpenTelemetry
    tracing (creating MemoryKvStore, FedifySpanExporter,
    BasicTracerProvider) and registers it as the global tracer
    provider—no manual OTel configuration needed.
  • Traces list page showing trace IDs, activity types, activity counts,
    and timestamps, with auto-polling for real-time updates.
  • Trace detail page showing activity direction, type, actor, signature
    verification details, inbox URL, and expandable activity JSON.
  • JSON API endpoint at /__debug__/api/traces for programmatic access.
  • Added per-trace log collection using LogTape. The returned federation
    object now includes a sink property (a LogTape Sink function)
    that captures log records grouped by trace ID. In the simplified
    overload (without exporter), LogTape is auto-configured.
  • Trace detail page now shows a “Logs” section with log level, timestamp,
    logger category, and message for each log record in the trace.
  • JSON API endpoint at /__debug__/api/logs/:traceId for retrieving
    log records for a specific trace.
  • Added optional auth configuration for protecting the debug dashboard
    with authentication. Supports three modes: password-only,
    username + password, and request-based (e.g., IP filtering).
    Each mode supports both static credentials and callback functions.
    Uses cookie-based sessions with HMAC-signed tokens.

@​fedify/relay

• Created ActivityPub relay integration as the @​fedify/relay package.
  [#​359, #​459, #​471, #​490, #​510, #​518 by Jiwon Kwon]

  • Added Relay interface defining the common contract for relay
    implementations.
  • Added MastodonRelay class implementing Mastodon-compatible relay
    protocol.
  • Added LitePubRelay class implementing LitePub-compatible relay
    protocol.
  • Added SubscriptionRequestHandler type for custom subscription approval
    logic.
  • Added RelayOptions interface for relay configuration.
  • Added RelayType type alias to document the type-safe parameter
  • Added createRelay() factory function as a key public API

@​fedify/vocab-tools

• Created Activity Vocabulary code generator as the @​fedify/vocab-tools
  package. Separated vocabulary code generation tools from the main
  @​fedify/fedify package to improve modularity and enable custom vocabulary
  extensions across different JavaScript runtimes.
  [#​444, #​458 by ChanHaeng Lee]

  • Made the code generator runtime-agnostic, supporting Deno, Node.js,
    and Bun environments.
  • Provides programmatic API for generating vocabulary classes from
    schema files.
  • Integrated with fedify generate-vocab CLI command.
  • Published to both npm and JSR for broad ecosystem compatibility.

@​fedify/vocab-runtime

• Created ActivityPub vocabulary runtime as the @​fedify/vocab-runtime
  package. Separated core vocabulary generation and processing modules
  from the main @​fedify/fedify package to improve modularity and reduce
  coupling between vocabulary processing and federation functionality.
  [#​444, #​451 by ChanHaeng Lee]

  • Extracted DocumentLoader, RemoteDocument, and related types from
    the main package.
  • Moved cryptographic key processing utilities, e.g., importSpki,
    exportSpki, importMultibaseKey, exportMultibaseKey.
  • Relocated multibase encoding/decoding functionality.
  • Separated language string processing (LanguageString class).
  • This package is primarily used by generated vocabulary classes and
    provides the runtime infrastructure for ActivityPub object processing.

@​fedify/elysia

• Added deno.json configuration file to enable proper Deno tooling support
  in the package. [#​460, #​496]

@​fedify/lint

• Created Fedify linting tools as the @​fedify/lint package.
  This package provides shared Deno Lint and ESLint configurations for
  consistent code style across Fedify packages and user projects.
  [#​297, #​494 by ChanHaeng Lee]

@​fedify/fresh

• Created a new @​fedify/fresh package that provides seamless integration
  between Fedify and Fresh 2.0, replacing the deprecated
  @fedify/fedify/x/fresh module that was designed for Fresh 1.x.
  [#​466, #​478 by Hyeonseo Kim]

@​fedify/webfinger

• Created WebFinger utilities as the @​fedify/webfinger package.
  This package provides tools for working with WebFinger resources,
  including parsing and generating WebFinger documents.
  [#​517 by ChanHaeng Lee]

@​fedify/vocab

• Created ActivityPub Vocabulary API package as the @​fedify/vocab package.
  This package contains the generated Activity Vocabulary classes and
  related types, separated from the main @​fedify/fedify package to
  improve modularity and enable custom vocabulary extensions.
  The previous @fedify/fedify/vocab module is now deprecated and
  re-exports all exports from this package for backward compatibility.
  [#​437, #​517 by ChanHaeng Lee]

• @fedify/vocab now re-exports LanguageString, DocumentLoader,
  GetUserAgentOptions, and RemoteDocument from @fedify/vocab-runtime
  so that downstream consumers do not need to depend on
  @fedify/vocab-runtime directly. [#​560]

• Fixed @fedify/vocab-runtime being bundled inline into @fedify/vocab's
  ESM/CJS output instead of being kept as an external dependency. This
  caused instanceof LanguageString checks to fail because two distinct
  LanguageString classes existed at runtime. [#​560]

@​fedify/sqlite

• Added SqliteMessageQueue class implementing MessageQueue interface
  using SQLite as the backing store. This implementation uses polling to
  check for new messages and is suitable for single-node deployments and
  development environments. [#​477, #​526 by ChanHaeng Lee]

  • Added SqliteMessageQueue class.
  • Added SqliteMessageQueueOptions interface.

• SqliteMessageQueue now supports the orderingKey option to ensure
  messages with the same ordering key are processed sequentially.
  [#​538, #​540]

  • Added ordering_key column to the message queue table schema.
  • The new table schema is created when SqliteMessageQueue.initialize()
    is called on a fresh database.

@​fedify/testing

• Added testMessageQueue() utility function for standardized testing of
  MessageQueue implementations. This function provides a reusable test
  harness that covers common message queue operations including enqueue(),
  enqueue() with delay, enqueueMany(), and multiple listener scenarios.
  [#​477, #​526 by ChanHaeng Lee]

  • Added testMessageQueue() function.
  • Added waitFor() helper function.
  • Added getRandomKey() helper function.

• Added TestMessageQueueOptions interface and optional options parameter
  to testMessageQueue() function. [#​538, #​540]

  • Added TestMessageQueueOptions interface.
  • Added testOrderingKey option to enable ordering key tests.

@​fedify/redis

• Fixed a race condition in RedisMessageQueue.listen() where pub/sub
  notifications could be missed if enqueue() was called immediately after
  listen() started. The issue occurred because the message handler was
  attached inside an async callback, allowing a timing window where messages
  could be published before the handler was ready.
  [#​515, #​532 by Jiwon Kwon]

• RedisMessageQueue now supports the orderingKey option to ensure
  messages with the same ordering key are processed sequentially.
  [#​538, #​540]

@​fedify/postgres

• PostgresMessageQueue now supports the orderingKey option to ensure
  messages with the same ordering key are processed sequentially.
  [#​538, #​540]

  • Added ordering_key column to the message queue table schema.
  • The new table schema is created when PostgresMessageQueue.initialize()
    is called on a fresh database.

• Fixed a race condition in PostgresMessageQueue.initialize() where
  concurrent calls from listen() and enqueue() would run DDL
  statements in parallel, causing redundant table creation and
  ALTER TABLE operations. The initialization promise is now cached
  so that concurrent callers share the same work.

• Fixed PostgresMessageQueue.listen() spawning many concurrent
  poll() calls when a burst of NOTIFY signals arrived (e.g., from
  bulk enqueue of 100 messages), causing excessive database contention.
  Poll executions are now serialized so that at most one runs at a time,
  with subsequent requests queued after the current one finishes.

@​fedify/amqp

• AmqpMessageQueue now supports the orderingKey option to ensure
  messages with the same ordering key are processed sequentially.
  [#​538, #​540]

  • Uses RabbitMQ's rabbitmq_consistent_hash_exchange plugin to route
    messages with the same ordering key to the same queue.
  • The plugin must be enabled on the RabbitMQ server for ordering key
    support to work.

@​fedify/cfworkers

• WorkersMessageQueue now supports the orderingKey option to ensure
  messages with the same ordering key are processed sequentially.
  [#​538, #​540]

  • Added WorkersMessageQueueOptions interface with orderingKv,
    orderingKeyPrefix, and orderingLockTtl options.
  • Added processMessage() method to handle lock acquisition and release.
  • Requires a Workers KV namespace for lock management.
  • Due to Workers KV eventual consistency, ordering is best-effort.

@​fedify/init

• Created project initializer as the @​fedify/init package. Separated
  the fedify init functionality from @​fedify/cli into a standalone
  package to improve modularity and enable reuse by other tools such as
  @fedify/create. [#​482 by Chanhaeng Lee]

  • Added runInit() function as the main initialization action handler.
  • Added initCommand and initOptions for CLI integration.
  • Added testInitCommand for comprehensive testing of all init
    combinations.

@​fedify/create

• Created standalone project scaffolding CLI as the @​fedify/create
  package. This enables creating new Fedify projects without installing
  the full @fedify/cli toolchain. [#​351 by Chanhaeng Lee]

  • Supports npm init @​fedify, pnpm create @​fedify,
    yarn create @​fedify, and bunx @​fedify/create.
  • Uses @fedify/init internally for all initialization logic.
  • Supports the same interactive prompts and CLI options as
    fedify init.

v1.10.3

Compare Source

Released on February 1, 2026.

@​fedify/fedify

• Fixed traverseCollection() yielding no items when a Collection has
  an inline CollectionPage in its first property without an explicit
  id. This is common in Mastodon's replies collections. The function
  previously used collection.firstId to determine pagination, which
  returned null for inline pages without an id, causing it to
  incorrectly fall into the non-paginated branch. [#​550 by Lee Dogeon]

v1.10.2

Compare Source

Released on January 23, 2026.

@​fedify/testing

• Fixed TestContext.getActorKeyPairs() returning empty array instead of
  calling registered key pairs dispatcher. The method now properly invokes
  the key pairs dispatcher when it is registered via
  setKeyPairsDispatcher(). [#​530]

v1.10.1

Compare Source

Released on January 22, 2026.

@​fedify/testing

• Fixed TestContext.getActor() and TestContext.getObject() returning
  null instead of calling registered dispatchers. The methods now properly
  invoke actor and object dispatchers when they are registered via
  setActorDispatcher() and setObjectDispatcher(). [[#​530]]

v1.10.0

Compare Source

Released on December 24, 2025.

@​fedify/fedify

• Enhanced OpenTelemetry instrumentation with span events for capturing
  detailed activity data. Span events now record complete activity JSON
  payloads and verification status, enabling richer observability and
  debugging capabilities without relying solely on span attributes
  (which only support primitive values). [#​323]

  • Added activitypub.activity.received span event to the
    activitypub.inbox span, recording the full activity JSON,
    verification status (activity verified, HTTP signatures verified,
    Linked Data signatures verified), and actor information.
  • Added activitypub.activity.sent span event to the
    activitypub.send_activity span, recording the full activity JSON
    and target inbox URL.
  • Added activitypub.object.fetched span event to the
    activitypub.lookup_object span, recording the fetched object's
    type and complete JSON-LD representation.

• Added OpenTelemetry spans for previously uninstrumented operations:
  [#​323]

  • Added activitypub.fetch_document span for document loader operations,
    tracking URL fetching, HTTP redirects, and final document URLs.
  • Added activitypub.verify_key_ownership span for cryptographic
    key ownership verification, recording actor ID, key ID, verification
    result, and the verification method used.

• Added optional list() method to the KvStore interface for enumerating
  entries by key prefix. This method takes an optional prefix parameter;
  when omitted or empty, it returns all entries. This enables efficient
  prefix scanning which is useful for implementing features like distributed
  trace storage, cache invalidation by prefix, and listing related entries.
  [#​498, #​500]

  • Added KvStoreListEntry interface.
  • Implemented in MemoryKvStore.

• Added FedifySpanExporter class that persists ActivityPub activity traces
  to a KvStore for distributed tracing support. This enables aggregating
  trace data across multiple nodes in a distributed deployment, making it
  possible to build debug dashboards that show complete request flows across
  web servers and background workers. [#​497, #​502]

  • Added @fedify/fedify/otel module.
  • Added FedifySpanExporter class implementing OpenTelemetry's
    SpanExporter interface.
  • Added TraceActivityRecord interface for stored activity data,
    including actorId and signatureDetails fields for debug dashboard
    support.
  • Added SignatureVerificationDetails interface for detailed signature
    verification information.
  • Added TraceSummary interface for trace listing.
  • Added FedifySpanExporterOptions interface.
  • Added GetRecentTracesOptions interface.
  • Added ActivityDirection type.

@​fedify/nestjs

• Allowed Express 5 in the express peer dependency range to support NestJS 11.
  [#​492, #​493 by Cho Hasang]

@​fedify/sqlite

• Implemented list() method in SqliteKvStore. [#​498, #​500]

@​fedify/postgres

• Implemented list() method in PostgresKvStore. [#​498, #​500]

@​fedify/redis

• Implemented list() method in RedisKvStore. [#​498, #​500]

@​fedify/denokv

• Implemented list() method in DenoKvStore. [#​498, #​500]

@​fedify/cfworkers

• Implemented list() method in WorkersKvStore. [#​498, #​500]

v1.9.5

Compare Source

Released on February 1, 2026.

@​fedify/fedify

• Fixed traverseCollection() yielding no items when a Collection has
  an inline CollectionPage in its first property without an explicit
  id. This is common in Mastodon's replies collections. The function
  previously used collection.firstId to determine pagination, which
  returned null for inline pages without an id, causing it to
  incorrectly fall into the non-paginated branch. [[#​550] by Lee Dogeon]

v1.9.4

Compare Source

Released on January 23, 2026.

@​fedify/testing

• Fixed TestContext.getActorKeyPairs() returning empty array instead of
  calling registered key pairs dispatcher. The method now properly invokes
  the key pairs dispatcher when it is registered via
  setKeyPairsDispatcher(). [[#​530]]

v1.9.3

Compare Source

Released on January 22, 2026.

@​fedify/testing

• Fixed TestContext.getActor() and TestContext.getObject() returning
  null instead of calling registered dispatchers. The methods now properly
  invoke actor and object dispatchers when they are registered via
  setActorDispatcher() and setObjectDispatcher(). [[#​530]]

v1.9.2

Compare Source

Released on December 20, 2025.

@​fedify/fedify

• Fixed a ReDoS (Regular Expression Denial of Service) vulnerability in
  the document loader's HTML parsing. An attacker-controlled server could
  respond with a malicious HTML payload that blocked the event loop.
  [CVE-2025-68475]

@​fedify/sqlite

• Fixed SyntaxError: Identifier 'Temporal' has already been declared error
  that occurred when using SqliteKvStore on Node.js or Bun. The error
  was caused by duplicate Temporal imports during the build process.
  [#​487]

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - Between 07:00 AM and 04:59 PM, only on Monday, Tuesday, Wednesday, and Thursday ( * 7-16 * * 1,2,3,4 ) (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.