fedify-dev
diff --git a/‎.github/workflows/main.yaml‎
Lines changed: 0 additions & 1 deletion b/‎.github/workflows/main.yaml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎CHANGES.md‎
Lines changed: 26 additions & 0 deletions b/‎CHANGES.md‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎deno.json‎
Lines changed: 4 additions & 4 deletions b/‎deno.json‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎deno.lock‎
Lines changed: 35 additions & 32 deletions b/‎deno.lock‎
Lines changed: 35 additions & 32 deletions
@@ -64,7 +64,6 @@ jobs:
     - uses: pnpm/action-setup@v4
       with:
         version: latest
-    - run: npm install -g npm@latest && npm --version
     - if: github.ref_type == 'branch'
       run: |
         set -euo pipefail
 
@@ -7,6 +7,20 @@ Version 0.5.0
 To be released.
 
 
+Version 0.4.1
+-------------
+
+Released on May 12, 2026.
+
+### @fedify/botkit
+
+ -  Upgraded Fedify to 2.1.12, which addresses a private network protection
+    bypass vulnerability.  This vulnerability allowed certain IPv4-mapped IPv6
+    literals (e.g., `http://[::ffff:127.0.0.1]/`) to bypass SSRF (Server-Side
+    Request Forgery) protection, potentially allowing attackers to access
+    internal network resources.
+
+
 Version 0.4.0
 -------------
 
@@ -72,6 +86,18 @@ Released on March 30, 2026.
 [#19]: https://github.com/fedify-dev/botkit/pull/19
 
 
+Version 0.3.2
+-------------
+
+Released on May 12, 2026.
+
+ -  Upgraded Fedify to 1.9.10, which addresses a private network protection
+    bypass vulnerability.  This vulnerability allowed certain IPv4-mapped IPv6
+    literals (e.g., `http://[::ffff:127.0.0.1]/`) to bypass SSRF (Server-Side
+    Request Forgery) protection, potentially allowing attackers to access
+    internal network resources.
+
+
 Version 0.3.1
 -------------
 
 
@@ -2,10 +2,10 @@
   "workspace": ["packages/*", "examples/*"],
   "unstable": ["kv", "temporal"],
   "imports": {
-    "@fedify/denokv": "jsr:@fedify/denokv@2.1.2",
-    "@fedify/fedify": "jsr:@fedify/fedify@2.1.2",
-    "@fedify/vocab": "jsr:@fedify/vocab@2.1.2",
-    "@fedify/vocab-runtime": "jsr:@fedify/vocab-runtime@2.1.2",
+    "@fedify/denokv": "jsr:@fedify/denokv@2.1.12",
+    "@fedify/fedify": "jsr:@fedify/fedify@2.1.12",
+    "@fedify/vocab": "jsr:@fedify/vocab@2.1.12",
+    "@fedify/vocab-runtime": "jsr:@fedify/vocab-runtime@2.1.12",
     "@logtape/logtape": "jsr:@logtape/logtape@^1.3.5",
     "@std/fs": "jsr:@std/fs@^1.0.19",
     "@std/path": "jsr:@std/path@^1.1.1",