fix(backend): skip inbox activities without an actor instead of throwing TypeError#17558
Merged
syuilo merged 3 commits intoJun 19, 2026
Merged
Conversation
…ing TypeError - guard getApId() against null/undefined (and fix the 'detemine' typo) - skip actor-less inbox activities early with Bull.UnrecoverableError Fixes misskey-dev#17557
dosubot
Bot
added
the
size:S
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #17558 +/- ##
===========================================
- Coverage 24.95% 24.92% -0.03%
===========================================
Files 1161 1161
Lines 39633 39637 +4
Branches 11047 11048 +1
===========================================
- Hits 9889 9880 -9
- Misses 23831 23841 +10
- Partials 5913 5916 +3 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Contributor
|
このPRによるapi.jsonの差分 |
Contributor
Backend memory usage comparisonBefore GC
After GC
After Request
|
sasagar
added a commit
to ikaskey/misskey
that referenced
this pull request
Jun 9, 2026
…ing TypeError Backport of misskey-dev#17558 to the ikaskey fork. - guard getApId() against null/undefined - skip actor-less inbox activities early with Bull.UnrecoverableError Release v2026.5.4-ikaskey-c
Member
|
IActivity.actor 自体はnonNullに定義されていますが、これは型定義を修正すべきでしょうか? |
Member
|
もしくは不正な形式のジョブデータをそもそもジョブキューに積むべきではないかもしれません |
Contributor
Author
|
ありがとうございます。2点ともおっしゃる通りで、根本は inbox エンドポイントの request.body as IActivity(ActivityPubServerService)という未検証キャストだと思います。信頼できない入力を検証せず IActivity と見なしてキュー投入しているため、actor 欠落のような構造的に不正なボディがそのまま流れていました。 その観点では、enqueue 時点で検証し不正なジョブはキューに積まないのが一番良さそうです:
ただ inbox は意図的に軽量で、重い検証(署名・actor 解決)は processor 側に寄せていると理解しています。なので enqueue 時の検証は構造的・低コストなチェックに留めるのが良いかと思います getApId の null ガードは、getOneApId が空配列で getApId(undefined) を踏むケースもあるため、独立した汎用防御として残す想定です。 この方針で PR を更新してよければ対応しようかと思います。processor 側の早期ガードは defense-in-depth として残すか、enqueue 検証に一本化するかは判断をお願いできたらと...。 |
Member
|
それで良さそうです。 |
Contributor
Author
|
@syuilo |
Per review feedback (misskey-dev#17558), move the actor presence check to the inbox HTTP handler and drop the processor-side guard. - ActivityPubServerService.inbox(): validate the request body from the loose (unknown) type and return 400 for structurally invalid activities (non-object / missing actor) instead of enqueueing a job that can never be authenticated. Avoids useless retries and TypeError noise. - InboxProcessorService.process(): remove the actor null guard; IActivity.actor is non-null, so the check is unnecessary once enqueue is validated. - getApId(): widen the parameter to include undefined so the existing null guard is type-honest (getOneApId can pass value[0] of an empty array). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Contributor
Author
|
ご指摘の方針で対応しました。
ご確認よろしくお願いします。 |
Member
|
🙏🏻 |
anatawa12
added a commit
to anatawa12/misskey
that referenced
this pull request
Jun 22, 2026
* [skip ci] Update CHANGELOG.md (prepend template) * Remove empty Server section from CHANGELOG (misskey-dev#17464) * fix(backend): 削除対象ノート検索処理の一部クエリを簡略化 (misskey-dev#17422) * fix: update related tests * fix CHANGELOG.md * Update CHANGELOG.md Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> --------- Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> * fix(frontend): ドラッグハンドルがあるのに設定されていないドラッグUIを修正 (misskey-dev#17472) * fix(frontend): ドライブのフォルダ一覧の「もっと見る」ボタンのスタイル調整 (misskey-dev#17473) * fix(frontend): ドライブのフォルダ一覧の「もっと見る」ボタンのスタイル調整 * ✌️ * deps: update dependencies (misskey-dev#17461) * deps: update dependencies * update deps * update typeorm * deps(backend): update typeorm to v1 (misskey-dev#17476) * deps(backend): update typeorm to v1 * fix * fix * attempt to fix test (to be reverted)) * Revert "attempt to fix test (to be reverted))" This reverts commit 8adf2a1. * attempt to fix test * Revert "attempt to fix test" This reverts commit 4cf0f5e. * attempt to fix test * fix * fix * feat: 管理画面のジョブキューページにresume/pauseボタンを用意 (misskey-dev#17436) * feat: 管理画面のジョブキューページにresume/pauseボタンを用意 * fix review * fix(frontend): 一部の実績が正しく表示されない問題を修正 (misskey-dev#17482) * fix(frontend): 一部の実績が正しく表示されない問題を修正 * Update Changelog * fix(backend/build): bundle 外に @tensorflow/tfjs-node を出す (misskey-dev#17501) `@tensorflow/tfjs-node` はネイティブバイナリを含むパッケージで、rolldown bundle に取り込まれると、bundle 後の `__dirname` 解決により `@mapbox/node-pre-gyp` の `find()` がパッケージ root の `package.json` を見失い、たまたまヒットする `packages/backend/package.json` を validate しようとして `is not node-pre-gyp ready` Error を永続的に吐く問題があった。 `sharp` / `re2` / `@napi-rs/*` 等の同性質のネイティブモジュールは既に `externalModules` に登録されているため、同じ扱いで `@tensorflow/tfjs-node` も external 化することで、ランタイムでは通常通り node_modules から解決され、 node-pre-gyp の path 解決も正しく動作する。 再現条件: NSFW 判定機能(`sensitiveMediaDetection !== 'none'`)を有効にした インスタンスで、起動後の画像処理ごとに `AiService.detectSensitive` → `await import('@tensorflow/tfjs-node')` が走るたびに発生。 機能影響: なし(NSFW 判定機能は維持)。エラーログのノイズが解消される。 Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(frontend): アクセストークン発行時のダイアログの文言を修正 (misskey-dev#17495) * fix(frontend): アクセストークン発行時のダイアログの文言を修正 * Update Changelog * feat: アンテナから特定のノートを手動で除去できるように (misskey-dev#17463) * feat: アンテナから特定のノートを手動で除去できるように * fix review * regenerate * fix(frontend): URLプレイヤーウィンドウでiframeが読み込まれるまでの間にinvalid urlと表示される問題を修正 (misskey-dev#17417) * fix(frontend): URLプレイヤーウィンドウでiframeが読み込まれるまでの間にinvalid urlと表示される問題を修正 * Update Changelog * fix * fix lint * Update Changelog --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com> * enhance(backend/oauth2): oauth2orizeを削除 (misskey-dev#17415) * wip * fix * fix tests * fix: missing spec implementation * fix test * attempt to fix test * fix * Revert "fix: missing spec implementation" This reverts commit ca5dc65. * update * fix(backend): follow-up of misskey-dev#17415 (misskey-dev#17505) * fix(backend): follow-up of misskey-dev#17415 * fix * feat(backend): add indexes for noteId in note_favorite and user_note_pining tables (misskey-dev#17511) * feat(backend): add indexes for noteId in note_favorite and user_note_pining tables * reformat * feat: 投稿日時の範囲を条件に加えてノート検索出来るようにする (misskey-dev#16119) * feat: 投稿日時の範囲を条件に加えてノート検索出来るようにする * simplify * fix ui * fix CHANGELOG.md * fix * fix * add test --------- Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com> * fix: フォロワー投稿をダイレクトで引用したときにダイレクトにする (misskey-dev#15961) Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com> * fix CHANGELOG.md (misskey-dev#17517) * fix(frontend): CSS `light-dark()` が適用されない問題を修正 (misskey-dev#17523) * fix(frontend): lightningcssのlight-darkのTranspilationを無効に (MisskeyIO#1243) * fix deps * Update Changelog --------- Co-authored-by: まっちゃてぃー。 <56515516+mattyatea@users.noreply.github.com> * fix: 「D」キーでモードを切り替えるときに`syncDeviceDarkMode`のチェックを行うようにする (misskey-dev#17526) * fix(frontend): Dキーショートカットでダークモード切り替え時にsyncDeviceDarkModeのチェックを行うように修正 設定ページのトグルではsyncDeviceDarkModeが有効な場合に確認ダイアログを表示し、 同意後にsyncDeviceDarkModeを無効化してからダークモードを切り替える挙動だったが、 Dキーショートカットではこのチェックがバイパスされていた。 ショートカットキー経由でも同じロジックを適用するように修正。 * fix(frontend): CHANGELOGにDキーのsyncDeviceDarkModeバイパス修正を追記 * fix(backend): NSFW検出モデルが `file://` で読み込めない問題を修正 (misskey-dev#17528) fix(backend): NSFW検出モデルがfile://スキームで読み込めない問題を修正 misskey-dev#17501 で `@tensorflow/tfjs-node` を bundle 外に出した結果、bundle 内の `nsfwjs` が抱える `@tensorflow/tfjs-core` と external な tfjs-node が使う tfjs-core が別インスタンスに分裂し、tfjs-node が登録する `file://` IOHandler を nsfwjs 側が共有できなくなった。このため nsfwjs のモデル読み込みが HTTP handler (node-fetch) にフォールバックし `URL scheme "file" is not supported` で失敗する。 `nsfwjs` と `@tensorflow/*` も external 化し、単一の tfjs-core インスタンスに 統一することで file:// IOHandler を共有させる。 Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * Update CHANGELOG.md * chore(llm/docs): .claude配下の再構成 (misskey-dev#17514) * chore(docs): .claude配下の再構成 * fix AGENTS.md * fix AGENTS.md * fix review * 行番号参照の除去 * docs: fix storybook note in vue reviewer agent * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * fix local review * fix --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * fix: コンパネからパスワードリセットした時に発生したエラーをダイアログで出す (misskey-dev#17513) Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com> * enhance(frontend): scroll position restoration in the drive page and "Files" tab on the user page (misskey-dev#17497) * fix: ユーザーページのFilesタブでスクロール位置が正しく復元されない問題を修正 * fix: ドライブページでスクロール位置が保持されない問題を修正 * fix: 変更履歴の文言を調整 * fix: 同じファイルを複数ノートに添付した場合にスクロール位置が先頭要素へ戻る問題を修正 * fix: viewPosition の計算誤りと KeepAlive によるスクロール位置消失を修正 * fix: スクロール位置復元が下端要素の見切れを引き起こす問題を修正 * fix: スクロール位置復元がコンテナ高さ変化時にオーバーシュートする問題を修正 * Update CHANGELOG.md Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> * fix: 最下部スクロール時にスクロール位置のキャプチャが失敗する問題を修正 min-height による空白領域にビューポート中央が入るケースで anchorId が更新 されず、復元が古い位置に飛んでしまう問題を修正した。 アンカー選択条件を「中央を跨ぐ要素のみ」から「上端が中央以下の最も下の要素」 に変更することで、空白領域スクロール時も最後のアイテムを正しくキャプチャできる。 * Update CHANGELOG.md * fix: MkNoteMediaGrid のスクロールアンカーをノートIDとファイルIDの複合キーに変更 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * refactor: anchorIndex による重複アンカー対応を削除 * refactor: unused になった onUnmounted の import を削除 * refactor: querySelectorAll/querySelector にジェネリクスを渡し型キャストを削除 --------- Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: サーバー全体のアップロードサイズ上限とロールポリシーのアップロードサイズ上限に関する修正 (misskey-dev#17389) * fix(backend): ロールポリシーのファイルサイズ制限の上限値をサーバー全体のファイルサイズ制限にする * fix(frontend): サーバー全体のファイルサイズ制限に関する説明を追加 * fix: ベースロールしか与えられていないときにaggregateが走らない問題を修正 今までは問題なかったけど、maxFIleSizeMbで上限capするようになったため * fix(frontend): deepEqualの片方がnull/undefinedな場合の判定が正しくないのを修正 * fix(chart): PerUserDriveChart.update で userId が null のシステム所有ファイルをスキップ (misskey-dev#17499) fix(chart): PerUserDriveChart.update で userId が null のシステム所有ファイルをスキップ (misskey-dev#17498) Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com> * Update .gitignore * enhance(frontend): 絵文字メニューから直接絵文字パレットに追加できるように (misskey-dev#17420) * enhance(frontend): 絵文字メニューから直接絵文字パレットに追加できるように * Update Changelog * fix lint * Update Changelog * enhance: 追加し直す挙動に変更 * ✌️ * fix * fix(frontend): メンションのサジェスト時に表示されるアイコン表示が画像サイズ次第で崩れる問題を修正 (misskey-dev#17542) * fix(frontend): メンションのサジェスト時に表示されるアイコン表示が画像サイズ次第で崩れる (misskey-dev#17504) * fix(frontend): メンションのサジェスト時に表示されるアイコン表示が画像サイズ次第で崩れる (misskey-dev#17504) * fix(frontend): パスキー登録完了時の認証ダイアログの入力値が使われていない問題を修正 (misskey-dev#17539) Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> * fix(frontend): locale inliner is not working (misskey-dev#17543) * feat: support facade module * refactor: migrate typings to ESTree from rolldown/utils * fix: name conflict from function parameter are not detected correctly * refactor: migrate typings to ESTree from rolldown/utils * fix: name conflict from function parameter are not detected correctly * fix: template literal in member expression not supported * fix: improve identifier conflict * feat: add error when no localization are applied by locale inliner * lint: fix lints * fix: let rolldown to not hoist i18n modules with other modules * chore: make error if there is unexpected specifiers * fix license header * fix: we cannot look up user profile url with self hostname (misskey-dev#16488) * Bump version to 2026.6.0-alpha.0 * fix(frontend): add antenna handling in antenna-column component (misskey-dev#17553) fix: add antenna handling in antenna-column component * deps: update dependencies (misskey-dev#17477) * deps: update dependencies * fix archiver types not updated * spdx * update archiver types * update deps * fix test * New Crowdin updates (misskey-dev#17377) * New translations ja-jp.yml (Spanish) [ci skip] * New translations ja-jp.yml (Spanish) [ci skip] * New translations ja-jp.yml (English) [ci skip] * New translations ja-jp.yml (Thai) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Romanian) [ci skip] * New translations ja-jp.yml (French) [ci skip] * New translations ja-jp.yml (Arabic) [ci skip] * New translations ja-jp.yml (Catalan) [ci skip] * New translations ja-jp.yml (Czech) [ci skip] * New translations ja-jp.yml (German) [ci skip] * New translations ja-jp.yml (Italian) [ci skip] * New translations ja-jp.yml (Korean) [ci skip] * New translations ja-jp.yml (Dutch) [ci skip] * New translations ja-jp.yml (Polish) [ci skip] * New translations ja-jp.yml (Portuguese) [ci skip] * New translations ja-jp.yml (Russian) [ci skip] * New translations ja-jp.yml (Slovak) [ci skip] * New translations ja-jp.yml (Swedish) [ci skip] * New translations ja-jp.yml (Turkish) [ci skip] * New translations ja-jp.yml (Ukrainian) [ci skip] * New translations ja-jp.yml (Chinese Traditional) [ci skip] * New translations ja-jp.yml (Vietnamese) [ci skip] * New translations ja-jp.yml (Indonesian) [ci skip] * New translations ja-jp.yml (Japanese, Kansai) [ci skip] * New translations ja-jp.yml (Korean) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Italian) [ci skip] * New translations ja-jp.yml (Spanish) [ci skip] * New translations ja-jp.yml (Catalan) [ci skip] * New translations ja-jp.yml (Catalan) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Spanish) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Korean) [ci skip] * New translations ja-jp.yml (Catalan) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Indonesian) [ci skip] * New translations ja-jp.yml (Chinese Traditional) [ci skip] * New translations ja-jp.yml (Indonesian) [ci skip] * New translations ja-jp.yml (Chinese Traditional) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Spanish) [ci skip] * New translations ja-jp.yml (Ukrainian) [ci skip] * New translations ja-jp.yml (Ukrainian) [ci skip] * New translations ja-jp.yml (Ukrainian) [ci skip] * New translations ja-jp.yml (Ukrainian) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Ukrainian) [ci skip] * New translations ja-jp.yml (Catalan) [ci skip] * New translations ja-jp.yml (Ukrainian) [ci skip] * New translations ja-jp.yml (Italian) [ci skip] * New translations ja-jp.yml (Korean) [ci skip] * New translations ja-jp.yml (Chinese Traditional) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Catalan) [ci skip] * New translations ja-jp.yml (Italian) [ci skip] * New translations ja-jp.yml (Spanish) [ci skip] * New translations ja-jp.yml (Korean) [ci skip] * New translations ja-jp.yml (Chinese Traditional) [ci skip] * New translations ja-jp.yml (Chinese Traditional) [ci skip] * New translations ja-jp.yml (Catalan) [ci skip] * New translations ja-jp.yml (Korean) [ci skip] * New translations ja-jp.yml (Italian) [ci skip] * New translations ja-jp.yml (Spanish) [ci skip] * New translations ja-jp.yml (English) [ci skip] * New translations ja-jp.yml (Catalan) [ci skip] * New translations ja-jp.yml (Korean) [ci skip] * New translations ja-jp.yml (Italian) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Chinese Traditional) [ci skip] * New translations ja-jp.yml (Chinese Simplified) [ci skip] * New translations ja-jp.yml (Catalan) [ci skip] * New translations ja-jp.yml (Korean) [ci skip] * New translations ja-jp.yml (Spanish) [ci skip] * New translations ja-jp.yml (English) [ci skip] * New translations ja-jp.yml (Indonesian) [ci skip] * New translations ja-jp.yml (Indonesian) [ci skip] * enhance: estree-walkerをoxc-walkerに変更 (misskey-dev#17556) * enhance: estree-walkerをoxc-walkerに変更 * fix lint [ci skip] * fix(backend): MemoryKVCacheのキャッシュGC処理においてキャッシュが期限切れにならないことがある問題を修正 (misskey-dev#17512) * fix(backend): MemoryKVCacheのキャッシュGC処理においてキャッシュが期限切れにならないことがある問題を修正 * おためし * fix --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com> * Enhance ActivityPub image attachments with width/height metadata (misskey-dev#17563) * Initial plan * enhance(backend): include image dimensions in AP attachments * fix(backend): guard AP attachment dimension properties * fix(changelog): move AP dimensions note to 2026.6.0 * Update CHANGELOG.md --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com> * Bump version to 2026.6.0-alpha.1 * Update CHANGELOG.md * fix(deps): update dependency esbuild to v0.28.1 [security] [ci skip] (misskey-dev#17566) * fix(deps): update dependency esbuild to v0.28.1 [security] * update --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: kakkokari-gtyih <67428053+kakkokari-gtyih@users.noreply.github.com> * fix(backend): route fastify listen/ready/close errors through logger instead of unhandled rejection (misskey-dev#17401) * fix(backend): route fastify listen/ready/close errors through logger instead of unhandled rejection * Update CHANGELOG.md --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com> * Bump version to 2026.6.0-alpha.2 * fix(frontend): 画像アップロード時、フレームのキャプション付与が正しく行われないことがある問題を修正 Fix misskey-dev#17518 * deps: update dependencies (misskey-dev#17575) * deps: update security dependencies * deps: update dependencies * deps(backend): update juice * Bump version to 2026.6.0-beta.0 * fix(frontend): ノートの下書きをリセットする際、未アップロードのファイルについては添付予定が解除されない問題を修正 (misskey-dev#17568) * fix(frontend): ノートの下書きをリセットする際、未アップロードのファイルについては添付予定が解除されない問題を修正(misskey-dev#17486) * fix(frontend): useUploader側にresetメソッドを追加し、そちらを呼び出す形に修正 * 現在のdisposeをresetにリネームして`items.value = [];`を追加する形に修正 * tweak --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com> * feat(migration): add RecoverNotePinFavoriteIndexes migration for index management (misskey-dev#17577) * fix(backend/oauth2): Token Grantエンドポイントのバリデーションを修正 (misskey-dev#17580) * New Crowdin updates (misskey-dev#17555) * New translations ja-jp.yml (Italian) [ci skip] * New translations ja-jp.yml (Indonesian) [ci skip] * New translations ja-jp.yml (Indonesian) [ci skip] * New translations ja-jp.yml (Indonesian) [ci skip] * New translations ja-jp.yml (Chinese Traditional) [ci skip] * New translations ja-jp.yml (Spanish) [ci skip] * New translations ja-jp.yml (Spanish) [ci skip] * docs(agents): エージェント向けのドキュメントを拡充 (misskey-dev#17582) * docs(agents): エージェント向けのドキュメントを拡充 * Udpate * update * Update * update * fix(backend): リモートのノートのメンション数制限が実際に解決できたユーザー数になっている問題を修正 (misskey-dev#17576) * fix(backend): リモートのノートのメンション数制限が実際に解決できたユーザー数になっている問題を修正 * Update Changelog * fix(backend): consolidate index creation logic and remove redundant migration (misskey-dev#17581) * docs(agents): Follow-up of misskey-dev#17582 [ci skip] * fix(backend): skip inbox activities without an actor instead of throwing TypeError (misskey-dev#17558) * fix(backend): skip inbox activities without an actor instead of throwing TypeError - guard getApId() against null/undefined (and fix the 'detemine' typo) - skip actor-less inbox activities early with Bull.UnrecoverableError Fixes misskey-dev#17557 * fix(backend): reject actor-less inbox activities at enqueue time Per review feedback (misskey-dev#17558), move the actor presence check to the inbox HTTP handler and drop the processor-side guard. - ActivityPubServerService.inbox(): validate the request body from the loose (unknown) type and return 400 for structurally invalid activities (non-object / missing actor) instead of enqueueing a job that can never be authenticated. Avoids useless retries and TypeError noise. - InboxProcessorService.process(): remove the actor null guard; IActivity.actor is non-null, so the check is unnecessary once enqueue is validated. - getApId(): widen the parameter to include undefined so the existing null guard is type-honest (getOneApId can pass value[0] of an empty array). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * Bump version to 2026.6.0-beta.1 * fix: the script contains locale json is prefetched (misskey-dev#17585) This commit upgrades rolldown used by vite to 1.1.0 and set includeDependenciesRecursively instead of maxSize for i18n code splitting group. We unexpectedly prefetched the script file includes locale JSON before this fix because locale inliner did not remove prefetch for transitive dependency of i18n global variable. Current locale inliner assumes the file contains i18n global variable and the file contains i18n global variable are same file and only removes prefetch for the file for i18n global variable and leaves dependency files of the file. However, in the previous fix for rolldown migration regression, we set `maxSize: 1` for manual chunk of i18n. This makes the chunk for i18n global variable (@/i18n.js) and the chunk includes locale JSON (@@/js/locale.js) distinct chunks. As a result, only prefetch for i18n global is removed and local JSON remain in the prefetch file name dictionary (__vite__mapDeps). There is two ways to fix this problem: 1) make rolldown to bundle i18n related files into one but leave unrelated files separated module or 2) update locale inliner to remove transitive dependency of i18n of __vite__mapDeps. 2nd way is prune to rolldown changes, and it's possible by parsing each .js file to (re)create module graph in inliner, it's complex. Therefore, this commit fixes this with 1st way with includeDependenciesRecursively option on `codeSplitting.groups` newly added in rolldown 1.1.0. Since latest vite as of writing (8.0.16) strictly depends on rolldown 1.0.3, we cannot use it normally. We use overrides to work around this problem. As far as I checked the vite repository, upgrading rolldown to 1.1.x includes no code changes except for package.json, so I hope this upgrade is safe. * feat(dev): フロントエンドのバンドルサイズ比較のAction (misskey-dev#17586) Create frontend-js-size.yml * fix(dev): follow up of 0956da4 * fix(dev): follow up of 0956da4 * fix(dev): follow up of 0956da4 * enhance(dev/frontend-js-size): diffが大きい順にソートした上位10チャンクの表を追加 * Update frontend-js-size.yml * Update frontend-js-size.yml * Update frontend-js-size.yml * Update frontend-js-size.yml * Update frontend-js-size.yml * Update frontend-js-size.yml * Update frontend-js-size.yml * Update frontend-js-size.yml * Update frontend-js-size.yml * enhance(backend): SummalyのUser Agentを改善 (misskey-dev#17589) * enhance(backend): SummalyのUser Agentを改善 * Update Changelog * update summaly * fix(backend): summalyのバージョンを埋め込んでビルドするようにし、同一チャンクに巻き込まれないように (misskey-dev#17595) * fix(backend): summalyのバージョンを埋め込んでビルドするようにし、同一チャンクに巻き込まれないように * fix * Merge commit from fork * fix(backend): Prevent the reuse of used TOTP tokens * fix * fix * tighten totp window * Merge commit from fork * enhance(dev): improve frontend bundle report (misskey-dev#17600) * wip * Update package.json * wip * Update pnpm-lock.yaml * wip * Update frontend-bundle-visualizer-report.mjs * Update frontend-bundle-visualizer-report.mjs * Update frontend-bundle-visualizer-report.mjs * Update frontend-bundle-visualizer-report.mjs * Update frontend-bundle-visualizer-report.mjs * Update frontend-bundle-visualizer-report.mjs * Update frontend-bundle-visualizer-report.mjs * Update frontend-bundle-visualizer-report.mjs * refactor * Update frontend-js-size.yml * refactor * Update package.json * Update CHANGELOG.md * fix(backend): fix tests (misskey-dev#17606) * fix(backend): fix tests * attempt to fix test * Revert "attempt to fix test" This reverts commit ebe92c9. * fix * fix * test: fix test failure --------- Co-authored-by: anatawa12 <anatawa12@icloud.com> * Release: 2026.6.0 * fix(dev): tweak frontend-bundle-report --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com> Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> Co-authored-by: SASAPIYO (SASAGAWA Kiyoshi) <sasagawa@kent-and-co.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com> Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com> Co-authored-by: Kisaragi <48310258+KisaragiEffective@users.noreply.github.com> Co-authored-by: まっちゃてぃー。 <56515516+mattyatea@users.noreply.github.com> Co-authored-by: Kissa Ruokanen <nekochanfood@gmail.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: Tatsuya_yd <dmitian873@gmail.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Caleb Gates <calebcgates@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Inbox activities delivered without an
actorproperty crash the inbox queue job with an opaque error instead of being skipped:This PR:
getApId()againstnull/undefined, so it throws the intendedError('cannot determine id')instead of a rawTypeError(also fixes thedetemine→determinetypo).InboxProcessorService.process()withBull.UnrecoverableError, so they are skipped cleanly like other invalid inputs (and are not retried 128×).Fixes #17557. Related: #12720.
Why
InboxProcessorService.process()callsgetApId(activity.actor)in several places before any validation (theisDeleteshort-circuitgetApId(activity.actor) === getApId(activity.object), andgetAuthUserFromApId(getApId(activity.actor))). Whenactivity.actoris missing,getApId(undefined)evaluatesundefined.idand throws.On a small federated instance this produces on the order of ~100 failed jobs/day from malformed / actor-less deliveries, flooding error tracking and masking real problems.
Additional info
actor(it is used immediately for HTTP-Signature / authorship checks), so an activity without one was always going to fail — this just fails it cleanly and early instead of with a confusingTypeError.InboxProcessorServicehas no unit test suite (cf. fix: change bare activity.actor to getApId(activity.actor) in InboxPr… #17340).Checklist