<p>I've been considering what to add in the next version of <a href="https://botkit.fedify.dev/" rel="nofollow">BotKit</a> (v0.2.0) and wanted to share my current plans. After reviewing feedback and examining the <a href="/tags/activitypub/" rel="tag">#ActivityPub</a> ecosystem, I've identified three key features that would significantly enhance the framework's capabilities:</p><p><p>Custom emoji support. This would allow bots to use server-defined custom emojis in their messages, making communication more expressive and allowing better integration with instance culture.</p><br><p>Emoji reactions. I plan to implement both sending and receiving emoji reactions to messages. This provides a lightweight interaction model that many users prefer for simple acknowledgments or responses. This would manifest as new event handlers (like Bot.onReaction) and methods (like Message.react()).</p><br><p>Quote posts. The ability to reference other posts with commentary is an important discourse feature in the fediverse. Supporting both sending quotes and detecting when bot posts have been quoted would enable more sophisticated conversational patterns.</p></p><p>These additions should make <a href="/tags/botkit/" rel="tag">#BotKit</a> more capable while maintaining its simple, developer-friendly API. I expect implementation to involve extending the <a href="https://botkit.fedify.dev/concepts/message" rel="nofollow">Message</a> class and adding new <a href="https://botkit.fedify.dev/concepts/text" rel="nofollow">Text</a> processing capabilities, all while keeping backward compatibility with existing bots. Having built both <a href="https://docs.hollo.social/" rel="nofollow">Hollo</a> and <a href="https://hackers.pub/" rel="nofollow">Hackers' Pub</a>, I already have deep familiarity with how various ActivityPub implementations handle these features across the fediverse. I welcome any community feedback on priorities or implementation details before I begin coding.</p><p><a href="/tags/fedidev/" rel="tag">#fedidev</a></p>
botkit
<p>We're excited to introduce <a href="https://botkit.fedify.dev/concepts/message#reacting-to-a-message-with-an-emoji" rel="nofollow">emoji reactions</a> in the upcoming <a href="/tags/botkit/" rel="tag">#BotKit</a> 0.2.0 release!</p><p>With the new <a href="https://jsr.io/@fedify/[email protected]+c997c6a6/doc/message/~/Message.react" rel="nofollow">Message.react()</a> method, your bot can now react to messages using standard Unicode <a href="/tags/emojis/" rel="tag">#emojis</a>:</p><p>await message.react(emoji`👍`);</p><p><a href="/tags/custom_emoji/" rel="tag">#Custom_emoji</a> support is also included, allowing your bot to react with server-specific emojis:</p><p>const emojis = bot.addCustomEmojis({ // Use a remote image URL: yesBlob: { url: "<a href="https://cdn3.emoji.gg/emojis/68238-yesblob.png" rel="nofollow" class="ellipsis" title="cdn3.emoji.gg/emojis/68238-yesblob.png"><span class="invisible">https://</span><span class="ellipsis">cdn3.emoji.gg/emojis/68238-yes</span><span class="invisible">blob.png</span></a>", mediaType: "image/png", }, // Use a local image file: noBlob: { file: `${import.meta.dirname}/emojis/no_blob.png`, mediaType: "image/webp", },});await message.react(emojis.yesBlob);</p><p>Reactions can be removed using the <a href="https://jsr.io/@fedify/[email protected]+c997c6a6/doc/reaction/~/AuthorizedReaction.unreact" rel="nofollow">AuthorizedReaction.unreact()</a> method:</p><p>const reaction = await message.react(emoji`❤️`);await reaction.unreact();</p><p>Want to try these features now? You can install the development version from <a href="https://jsr.io/@fedify/[email protected]+c997c6a6" rel="nofollow">JSR</a> today:</p><p>deno add jsr:@fedify/[email protected]+c997c6a6</p><p>We're looking forward to seeing how your bots express themselves with this new feature!</p><p><a href="/tags/emoji_reaction/" rel="tag">#emoji_reaction</a> <a href="/tags/fedidev/" rel="tag">#fedidev</a> <a href="/tags/activitypub/" rel="tag">#ActivityPub</a></p>
<p>🔒 Security Update for BotKit Users</p><p>We've released <a href="/tags/security/" rel="tag">#security</a> patch versions <a href="https://github.com/fedify-dev/botkit/releases/tag/0.1.2" rel="nofollow">BotKit 0.1.2</a> and <a href="https://github.com/fedify-dev/botkit/releases/tag/0.2.2" rel="nofollow">0.2.2</a> to address <a href="https://github.com/fedify-dev/fedify/security/advisories/GHSA-6jcc-xgcr-q3h4" rel="nofollow">CVE-2025-54888</a>, a security <a href="/tags/vulnerability/" rel="tag">#vulnerability</a> discovered in <a href="/tags/fedify/" rel="tag">#Fedify</a>. These updates incorporate the latest patched version of Fedify to ensure your bots remain secure.</p><p>We strongly recommend all <a href="/tags/botkit/" rel="tag">#BotKit</a> users update to the latest patch version immediately. Thank you for keeping the <a href="/tags/fediverse/" rel="tag">#fediverse</a> safe! 🛡️</p><p><a href="/tags/fedidev/" rel="tag">#fedidev</a></p>
<p>🔒 Security Release: BotKit 0.3.1</p><p>We've released BotKit 0.3.1 with an important security fix.</p><p>This update addresses CVE-2025-68475 (High severity, CVSS 7.5), a ReDoS vulnerability in Fedify's HTML parsing that could cause denial of service.</p><p>If you're using BotKit 0.3.x, please upgrade to 0.3.1 as soon as possible.</p><p>📦 <a href="https://github.com/fedify-dev/botkit/releases/tag/0.3.1" rel="nofollow">Release notes</a><br>🔐 <a href="https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93" rel="nofollow">Security advisory</a></p><p><a href="/tags/botkit/" rel="tag">#BotKit</a> <a href="/tags/fedify/" rel="tag">#Fedify</a> <a href="/tags/activitypub/" rel="tag">#ActivityPub</a> <a href="/tags/fediverse/" rel="tag">#fediverse</a> <a href="/tags/security/" rel="tag">#security</a></p>