Upgrade Fedify to 1.8.15 to fix CVE-2025-68475

This upgrade addresses a critical security vulnerability (CVE-2025-68475,
CVSS 7.5) in Fedify's HTML parsing. The ReDoS vulnerability in the document
loader's regex could allow an attacker to block the Node.js event loop for
14+ seconds with a small malicious payload.

Co-Authored-By: Claude <[email protected]>

Author: dahlia

CHANGES.md

@@ -6,6 +6,12 @@ Version 0.3.1
 
 To be released.
 
+ -  Upgraded Fedify to 1.8.15, which includes a critical security
+    fix [CVE-2025-68475] that addresses a ReDoS (Regular Expression Denial
+    of Service) vulnerability in HTML parsing.  [[CVE-2025-68475]]
+
+[CVE-2025-68475]: https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93
+
 
 Version 0.3.0
 -------------

deno.json

@@ -8,7 +8,7 @@
     "temporal"
   ],
   "imports": {
-    "@fedify/fedify": "jsr:@fedify/fedify@^1.8.8",
+    "@fedify/fedify": "jsr:@fedify/fedify@^1.8.15",
     "@logtape/logtape": "jsr:@logtape/logtape@^1.0.4",
     "@std/fs": "jsr:@std/fs@^1.0.19",
     "@std/path": "jsr:@std/path@^1.1.1",

deno.lock

@@ -3,7 +3,7 @@ packages:
 - docs
 
 catalog:
-  "@fedify/fedify": ^1.8.8
+  "@fedify/fedify": ^1.8.15
   "@js-temporal/polyfill": ^0.5.1
   "@logtape/logtape": ^1.0.4
   hono: ^4.8.2