Bump @fedify/fedify from 1.9.2 to 1.10.0

[dependabot]

Bumps @fedify/fedify from 1.9.2 to 1.10.0.

Release notes

Sourced from @​fedify/fedify's releases.

Fedify 1.10.0

Released on December 24, 2025.

@​fedify/fedify

• Enhanced OpenTelemetry instrumentation with span events for capturing detailed activity data. Span events now record complete activity JSON payloads and verification status, enabling richer observability and debugging capabilities without relying solely on span attributes (which only support primitive values). [#323]

  • Added activitypub.activity.received span event to the activitypub.inbox span, recording the full activity JSON, verification status (activity verified, HTTP signatures verified, Linked Data signatures verified), and actor information.
  • Added activitypub.activity.sent span event to the activitypub.send_activity span, recording the full activity JSON and target inbox URL.
  • Added activitypub.object.fetched span event to the activitypub.lookup_object span, recording the fetched object's type and complete JSON-LD representation.

• Added OpenTelemetry spans for previously uninstrumented operations: [#323]

  • Added activitypub.fetch_document span for document loader operations, tracking URL fetching, HTTP redirects, and final document URLs.
  • Added activitypub.verify_key_ownership span for cryptographic key ownership verification, recording actor ID, key ID, verification result, and the verification method used.

• Added optional list() method to the KvStore interface for enumerating entries by key prefix. This method takes an optional prefix parameter; when omitted or empty, it returns all entries. This enables efficient prefix scanning which is useful for implementing features like distributed trace storage, cache invalidation by prefix, and listing related entries. [#498, #500]

  • Added KvStoreListEntry interface.
  • Implemented in MemoryKvStore.

• Added FedifySpanExporter class that persists ActivityPub activity traces to a KvStore for distributed tracing support. This enables aggregating trace data across multiple nodes in a distributed deployment, making it possible to build debug dashboards that show complete request flows across web servers and background workers. [#497, #502]

  • Added @fedify/fedify/otel module.
  • Added FedifySpanExporter class implementing OpenTelemetry's SpanExporter interface.
  • Added TraceActivityRecord interface for stored activity data, including actorId and signatureDetails fields for debug dashboard support.
  • Added SignatureVerificationDetails interface for detailed signature verification information.
  • Added TraceSummary interface for trace listing.
  • Added FedifySpanExporterOptions interface.
  • Added GetRecentTracesOptions interface.
  • Added ActivityDirection type.

@​fedify/nestjs

• Allowed Express 5 in the express peer dependency range to support NestJS 11. [#492, #493 by Cho Hasang]

@​fedify/sqlite

• Implemented list() method in SqliteKvStore. [#498, #500]

@​fedify/postgres

• Implemented list() method in PostgresKvStore. [#498, #500]

@​fedify/redis

• Implemented list() method in RedisKvStore. [#498, #500]

@​fedify/denokv

... (truncated)

Changelog

Sourced from @​fedify/fedify's changelog.

Version 1.10.0

Released on December 24, 2025.

@​fedify/fedify

• Enhanced OpenTelemetry instrumentation with span events for capturing detailed activity data. Span events now record complete activity JSON payloads and verification status, enabling richer observability and debugging capabilities without relying solely on span attributes (which only support primitive values). [#323]

  • Added activitypub.activity.received span event to the activitypub.inbox span, recording the full activity JSON, verification status (activity verified, HTTP signatures verified, Linked Data signatures verified), and actor information.
  • Added activitypub.activity.sent span event to the activitypub.send_activity span, recording the full activity JSON and target inbox URL.
  • Added activitypub.object.fetched span event to the activitypub.lookup_object span, recording the fetched object's type and complete JSON-LD representation.

• Added OpenTelemetry spans for previously uninstrumented operations: [#323]

  • Added activitypub.fetch_document span for document loader operations, tracking URL fetching, HTTP redirects, and final document URLs.
  • Added activitypub.verify_key_ownership span for cryptographic key ownership verification, recording actor ID, key ID, verification result, and the verification method used.

• Added optional list() method to the KvStore interface for enumerating entries by key prefix. This method takes an optional prefix parameter; when omitted or empty, it returns all entries. This enables efficient prefix scanning which is useful for implementing features like distributed trace storage, cache invalidation by prefix, and listing related entries. [#498, #500]

  • Added KvStoreListEntry interface.
  • Implemented in MemoryKvStore.

• Added FedifySpanExporter class that persists ActivityPub activity traces to a KvStore for distributed tracing support. This enables aggregating trace data across multiple nodes in a distributed deployment, making it possible to build debug dashboards that show complete request flows across web servers and background workers. [#497, #502]

  • Added @fedify/fedify/otel module.

... (truncated)

Commits

• d16ce92 Add @​opentelemetry/sdk-trace-base to docs devDependencies
• 85d7c09 Extract test values into variables for better maintainability
• e2a1807 Use AggregateError for multiple export failures
• f921cca Fix misleading test description for shutdown()
• 56b46d4 Treat empty httpSignaturesKeyId as undefined
• eff3acc Use Promise.allSettled() in #exportAsync for robust error handling
• cb83e02 Remove unnecessary _summaries filter in getActivitiesByTraceId
• 0093973 Use immutable array operation in #storeWithCas
• 4bcfdf2 Extract #setWithCasRetry helper to reduce duplication
• 4e1e573 Fix misleading forceFlush() comment
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dahlia]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[dahlia]

@dependabot rebase

[dahlia]

@dependabot rebase

[dependabot]

Looks like @fedify/fedify is up-to-date now, so this is no longer needed.