diff --git a/.github/workflows/generated-pr.yml b/.github/workflows/generated-pr.yml
new file mode 100644
index 00000000..b8c5cc63
--- /dev/null
+++ b/.github/workflows/generated-pr.yml
@@ -0,0 +1,14 @@
+name: Close Generated PRs
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  stale:
+    uses: ipdxco/unified-github-workflows/.github/workflows/reusable-generated-pr.yml@v1
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 16d65d72..7c955c41 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -1,8 +1,9 @@
-name: Close and mark stale issue
+name: Close Stale Issues
 
 on:
   schedule:
     - cron: '0 0 * * *'
+  workflow_dispatch:
 
 permissions:
   issues: write
@@ -10,4 +11,4 @@ permissions:
 
 jobs:
   stale:
-    uses: pl-strflt/.github/.github/workflows/reusable-stale-issue.yml@v0.3
+    uses: ipdxco/unified-github-workflows/.github/workflows/reusable-stale-issue.yml@v1
diff --git a/packages/ipfs-unixfs-exporter/CHANGELOG.md b/packages/ipfs-unixfs-exporter/CHANGELOG.md
index 70479eea..3d046c17 100644
--- a/packages/ipfs-unixfs-exporter/CHANGELOG.md
+++ b/packages/ipfs-unixfs-exporter/CHANGELOG.md
@@ -1,3 +1,15 @@
+## [ipfs-unixfs-exporter-v13.6.3](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-exporter-13.6.2...ipfs-unixfs-exporter-13.6.3) (2025-06-16)
+
+### Dependencies
+
+* **dev:** bump sinon from 19.0.5 to 21.0.0 ([#432](https://github.com/ipfs/js-ipfs-unixfs/issues/432)) ([14d7e1c](https://github.com/ipfs/js-ipfs-unixfs/commit/14d7e1cacfa61fad6df86c0875ad52ce6b203457))
+
+## [ipfs-unixfs-exporter-v13.6.2](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-exporter-13.6.1...ipfs-unixfs-exporter-13.6.2) (2025-03-06)
+
+### Dependencies
+
+* **dev:** bump aegir from 44.1.4 to 45.0.8 ([#420](https://github.com/ipfs/js-ipfs-unixfs/issues/420)) ([6eb1064](https://github.com/ipfs/js-ipfs-unixfs/commit/6eb1064ceaf3bbbdadc639e9641f3d9fad8ab23b))
+
 ## [ipfs-unixfs-exporter-v13.6.1](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-exporter-13.6.0...ipfs-unixfs-exporter-13.6.1) (2024-09-13)
 
 ### Dependencies
diff --git a/packages/ipfs-unixfs-exporter/package.json b/packages/ipfs-unixfs-exporter/package.json
index e74101e4..3c2141d3 100644
--- a/packages/ipfs-unixfs-exporter/package.json
+++ b/packages/ipfs-unixfs-exporter/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ipfs-unixfs-exporter",
-  "version": "13.6.1",
+  "version": "13.6.3",
   "description": "JavaScript implementation of the UnixFs exporter used by IPFS",
   "license": "Apache-2.0 OR MIT",
   "homepage": "https://github.com/ipfs/js-ipfs-unixfs/tree/main/packages/ipfs-unixfs-exporter#readme",
@@ -168,7 +168,7 @@
     "it-to-buffer": "^4.0.7",
     "merge-options": "^3.0.4",
     "readable-stream": "^4.5.2",
-    "sinon": "^19.0.2",
+    "sinon": "^21.0.0",
     "uint8arrays": "^5.1.0",
     "wherearewe": "^2.0.1"
   },
diff --git a/packages/ipfs-unixfs-importer/CHANGELOG.md b/packages/ipfs-unixfs-importer/CHANGELOG.md
index bad5711d..8033da38 100644
--- a/packages/ipfs-unixfs-importer/CHANGELOG.md
+++ b/packages/ipfs-unixfs-importer/CHANGELOG.md
@@ -1,3 +1,9 @@
+## [ipfs-unixfs-importer-v15.3.2](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-importer-15.3.1...ipfs-unixfs-importer-15.3.2) (2025-03-06)
+
+### Dependencies
+
+* **dev:** bump aegir from 44.1.4 to 45.0.8 ([#420](https://github.com/ipfs/js-ipfs-unixfs/issues/420)) ([6eb1064](https://github.com/ipfs/js-ipfs-unixfs/commit/6eb1064ceaf3bbbdadc639e9641f3d9fad8ab23b))
+
 ## [ipfs-unixfs-importer-v15.3.1](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-importer-15.3.0...ipfs-unixfs-importer-15.3.1) (2024-09-13)
 
 ### Dependencies
diff --git a/packages/ipfs-unixfs-importer/package.json b/packages/ipfs-unixfs-importer/package.json
index 6593f7e6..63abf473 100644
--- a/packages/ipfs-unixfs-importer/package.json
+++ b/packages/ipfs-unixfs-importer/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ipfs-unixfs-importer",
-  "version": "15.3.1",
+  "version": "15.3.2",
   "description": "JavaScript implementation of the UnixFs importer used by IPFS",
   "license": "Apache-2.0 OR MIT",
   "homepage": "https://github.com/ipfs/js-ipfs-unixfs/tree/main/packages/ipfs-unixfs-importer#readme",
diff --git a/packages/ipfs-unixfs/CHANGELOG.md b/packages/ipfs-unixfs/CHANGELOG.md
index 572e8660..956b1de1 100644
--- a/packages/ipfs-unixfs/CHANGELOG.md
+++ b/packages/ipfs-unixfs/CHANGELOG.md
@@ -1,3 +1,9 @@
+## [ipfs-unixfs-v11.2.2](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-11.2.1...ipfs-unixfs-11.2.2) (2025-06-16)
+
+### Bug Fixes
+
+* limit incoming hamt width ([#433](https://github.com/ipfs/js-ipfs-unixfs/issues/433)) ([8ca0144](https://github.com/ipfs/js-ipfs-unixfs/commit/8ca014420094be90b8bb765bb3f703a9ce7260b1))
+
 ## [ipfs-unixfs-v11.2.1](https://github.com/ipfs/js-ipfs-unixfs/compare/ipfs-unixfs-11.2.0...ipfs-unixfs-11.2.1) (2025-03-06)
 
 ### Dependencies
diff --git a/packages/ipfs-unixfs/package.json b/packages/ipfs-unixfs/package.json
index f445a04c..ef24b7c4 100644
--- a/packages/ipfs-unixfs/package.json
+++ b/packages/ipfs-unixfs/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ipfs-unixfs",
-  "version": "11.2.1",
+  "version": "11.2.2",
   "description": "JavaScript implementation of IPFS' unixfs (a Unix FileSystem representation on top of a MerkleDAG)",
   "license": "Apache-2.0 OR MIT",
   "homepage": "https://github.com/ipfs/js-ipfs-unixfs/tree/main/packages/ipfs-unixfs#readme",
diff --git a/packages/ipfs-unixfs/src/errors.ts b/packages/ipfs-unixfs/src/errors.ts
index 949caf24..6ac59fed 100644
--- a/packages/ipfs-unixfs/src/errors.ts
+++ b/packages/ipfs-unixfs/src/errors.ts
@@ -8,3 +8,14 @@ export class InvalidTypeError extends Error {
     super(message)
   }
 }
+
+export class InvalidUnixFSMessageError extends Error {
+  static name = 'InvalidUnixFSMessageError'
+  static code = 'ERR_INVALID_MESSAGE'
+  name = InvalidUnixFSMessageError.name
+  code = InvalidUnixFSMessageError.code
+
+  constructor (message = 'Invalid message') {
+    super(message)
+  }
+}
diff --git a/packages/ipfs-unixfs/src/index.ts b/packages/ipfs-unixfs/src/index.ts
index 8cc1ad72..82f76823 100644
--- a/packages/ipfs-unixfs/src/index.ts
+++ b/packages/ipfs-unixfs/src/index.ts
@@ -90,7 +90,7 @@
  * ```
  */
 
-import { InvalidTypeError } from './errors.js'
+import { InvalidTypeError, InvalidUnixFSMessageError } from './errors.js'
 import { Data as PBData } from './unixfs.js'
 
 export interface Mtime {
@@ -117,6 +117,9 @@ const dirTypes = [
 const DEFAULT_FILE_MODE = parseInt('0644', 8)
 const DEFAULT_DIRECTORY_MODE = parseInt('0755', 8)
 
+// https://github.com/ipfs/boxo/blob/364c5040ec91ec8e2a61446e9921e9225704c34d/ipld/unixfs/hamt/hamt.go#L778
+const MAX_FANOUT = BigInt(1 << 10)
+
 export interface UnixFSOptions {
   type?: string
   data?: Uint8Array
@@ -134,6 +137,10 @@ class UnixFS {
   static unmarshal (marshaled: Uint8Array): UnixFS {
     const message = PBData.decode(marshaled)
 
+    if (message.fanout != null && message.fanout > MAX_FANOUT) {
+      throw new InvalidUnixFSMessageError(`Fanout size was too large - ${message.fanout} > ${MAX_FANOUT}`)
+    }
+
     const data = new UnixFS({
       type: types[message.Type != null ? message.Type.toString() : 'File'],
       data: message.Data,
diff --git a/packages/ipfs-unixfs/test/unixfs-format.spec.ts b/packages/ipfs-unixfs/test/unixfs-format.spec.ts
index a15d0f2e..12dae55b 100644
--- a/packages/ipfs-unixfs/test/unixfs-format.spec.ts
+++ b/packages/ipfs-unixfs/test/unixfs-format.spec.ts
@@ -431,4 +431,17 @@ describe('unixfs-format', () => {
 
     expect(marshaled).to.deep.equal(Uint8Array.from([0x08, 0x02, 0x18, 0x00]))
   })
+
+  it('should limit maximum fanout size', () => {
+    const data = new UnixFS({
+      type: 'hamt-sharded-directory',
+      fanout: 1025n
+    })
+    const marshaled = data.marshal()
+
+    expect(() => {
+      UnixFS.unmarshal(marshaled)
+    }).to.throw()
+      .with.property('name', 'InvalidUnixFSMessageError')
+  })
 })