@blockchyp/blockchyp-ts 2.30.5 → 2.30.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -35181,7 +35181,7 @@ exports.Address = Address;
35181
35181
  */
35182
35182
  class MerchantProfile {
35183
35183
  // Constructor with default values for optional fields
35184
- constructor(timeout = null, test = null, merchantId = null, bankMid = null, companyName = null, dbaName = null, invoiceName = null, contactName = null, contactNumber = null, locationName = null, storeNumber = null, partnerRef = null, timeZone = null, batchCloseTime = null, terminalUpdateTime = null, autoBatchClose = null, disableBatchEmails = null, pinEnabled = null, cashBackEnabled = null, storeAndForwardEnabled = null, partialAuthEnabled = null, splitBankAccountsEnabled = null, storeAndForwardFloorLimit = null, publicKey = null, status = null, cashDiscountEnabled = null, surveyTimeout = null, cooldownTimeout = null, tipEnabled = null, promptForTip = null, tipDefaults = null, cashbackPresets = null, ebtEnabled = null, freeRangeRefundsEnabled = null, pinBypassEnabled = null, giftCardsDisabled = null, tcDisabled = null, digitalSignaturesEnabled = null, digitalSignatureReversal = null, billingAddress = null, shippingAddress = null, visa = null, masterCard = null, amex = null, discover = null, jcb = null, unionPay = null, contactlessEmv = null, manualEntryEnabled = null, manualEntryPromptZip = null, manualEntryPromptStreetNumber = null, gatewayOnly = null, bankAccounts = null, passthroughSurchargeEnabled = null, cvvVerificationEnabled = null, cvvVerificationNEnabled = null, cvvVerificationPEnabled = null, cvvVerificationSEnabled = null, cvvVerificationUEnabled = null, followPartnerCvvSettings = null, avsRule = null, followPartnerAvsSettings = null, accountUpdaterEnrolled = null, bypassEnrollAuthEnabled = null) {
35184
+ constructor(timeout = null, test = null, merchantId = null, bankMid = null, companyName = null, dbaName = null, invoiceName = null, contactName = null, contactNumber = null, locationName = null, storeNumber = null, partnerRef = null, timeZone = null, batchCloseTime = null, terminalUpdateTime = null, autoBatchClose = null, disableBatchEmails = null, pinEnabled = null, cashBackEnabled = null, storeAndForwardEnabled = null, partialAuthEnabled = null, splitBankAccountsEnabled = null, storeAndForwardFloorLimit = null, publicKey = null, status = null, cashDiscountEnabled = null, surveyTimeout = null, cooldownTimeout = null, tipEnabled = null, promptForTip = null, tipDefaults = null, cashbackPresets = null, ebtEnabled = null, freeRangeRefundsEnabled = null, pinBypassEnabled = null, giftCardsDisabled = null, tcDisabled = null, digitalSignaturesEnabled = null, digitalSignatureReversal = null, billingAddress = null, shippingAddress = null, visa = null, masterCard = null, amex = null, discover = null, jcb = null, unionPay = null, contactlessEmv = null, manualEntryEnabled = null, manualEntryPromptZip = null, manualEntryPromptStreetNumber = null, gatewayOnly = null, bankAccounts = null, passthroughSurchargeEnabled = null, cvvVerificationEnabled = null, cvvVerificationNEnabled = null, cvvVerificationPEnabled = null, cvvVerificationSEnabled = null, cvvVerificationUEnabled = null, followPartnerCvvSettings = null, avsRule = null, followPartnerAvsSettings = null, accountUpdaterEnrolled = null, bypassEnrollAuthEnabled = null, followPartnerServiceFeeEnabled = null, serviceFeeEnabled = null) {
35185
35185
  /**
35186
35186
  * The request timeout in seconds.
35187
35187
  */
@@ -35447,6 +35447,14 @@ class MerchantProfile {
35447
35447
  * Whether the merchant should bypass an auth with TSYS on Enrollment.
35448
35448
  */
35449
35449
  this.bypassEnrollAuthEnabled = null;
35450
+ /**
35451
+ * That the merchant follows the partner's service fee settings.
35452
+ */
35453
+ this.followPartnerServiceFeeEnabled = null;
35454
+ /**
35455
+ * That the merchant is configured to apply a service fee.
35456
+ */
35457
+ this.serviceFeeEnabled = null;
35450
35458
  this.timeout = timeout;
35451
35459
  this.test = test;
35452
35460
  this.merchantId = merchantId;
@@ -35511,6 +35519,8 @@ class MerchantProfile {
35511
35519
  this.followPartnerAvsSettings = followPartnerAvsSettings;
35512
35520
  this.accountUpdaterEnrolled = accountUpdaterEnrolled;
35513
35521
  this.bypassEnrollAuthEnabled = bypassEnrollAuthEnabled;
35522
+ this.followPartnerServiceFeeEnabled = followPartnerServiceFeeEnabled;
35523
+ this.serviceFeeEnabled = serviceFeeEnabled;
35514
35524
  }
35515
35525
  }
35516
35526
  exports.MerchantProfile = MerchantProfile;
@@ -35519,7 +35529,7 @@ exports.MerchantProfile = MerchantProfile;
35519
35529
  */
35520
35530
  class MerchantProfileResponse {
35521
35531
  // Constructor with default values for optional fields
35522
- constructor(success = null, error = null, responseDescription = null, test = null, merchantId = null, bankMid = null, companyName = null, dbaName = null, invoiceName = null, contactName = null, contactNumber = null, locationName = null, storeNumber = null, partnerRef = null, timeZone = null, batchCloseTime = null, terminalUpdateTime = null, autoBatchClose = null, disableBatchEmails = null, pinEnabled = null, cashBackEnabled = null, storeAndForwardEnabled = null, partialAuthEnabled = null, splitBankAccountsEnabled = null, storeAndForwardFloorLimit = null, publicKey = null, status = null, cashDiscountEnabled = null, surveyTimeout = null, cooldownTimeout = null, tipEnabled = null, promptForTip = null, tipDefaults = null, cashbackPresets = null, ebtEnabled = null, freeRangeRefundsEnabled = null, pinBypassEnabled = null, giftCardsDisabled = null, tcDisabled = null, digitalSignaturesEnabled = null, digitalSignatureReversal = null, billingAddress = null, shippingAddress = null, visa = null, masterCard = null, amex = null, discover = null, jcb = null, unionPay = null, contactlessEmv = null, manualEntryEnabled = null, manualEntryPromptZip = null, manualEntryPromptStreetNumber = null, gatewayOnly = null, bankAccounts = null, passthroughSurchargeEnabled = null, cvvVerificationEnabled = null, cvvVerificationNEnabled = null, cvvVerificationPEnabled = null, cvvVerificationSEnabled = null, cvvVerificationUEnabled = null, followPartnerCvvSettings = null, avsRule = null, followPartnerAvsSettings = null, accountUpdaterEnrolled = null, bypassEnrollAuthEnabled = null) {
35532
+ constructor(success = null, error = null, responseDescription = null, test = null, merchantId = null, bankMid = null, companyName = null, dbaName = null, invoiceName = null, contactName = null, contactNumber = null, locationName = null, storeNumber = null, partnerRef = null, timeZone = null, batchCloseTime = null, terminalUpdateTime = null, autoBatchClose = null, disableBatchEmails = null, pinEnabled = null, cashBackEnabled = null, storeAndForwardEnabled = null, partialAuthEnabled = null, splitBankAccountsEnabled = null, storeAndForwardFloorLimit = null, publicKey = null, status = null, cashDiscountEnabled = null, surveyTimeout = null, cooldownTimeout = null, tipEnabled = null, promptForTip = null, tipDefaults = null, cashbackPresets = null, ebtEnabled = null, freeRangeRefundsEnabled = null, pinBypassEnabled = null, giftCardsDisabled = null, tcDisabled = null, digitalSignaturesEnabled = null, digitalSignatureReversal = null, billingAddress = null, shippingAddress = null, visa = null, masterCard = null, amex = null, discover = null, jcb = null, unionPay = null, contactlessEmv = null, manualEntryEnabled = null, manualEntryPromptZip = null, manualEntryPromptStreetNumber = null, gatewayOnly = null, bankAccounts = null, passthroughSurchargeEnabled = null, cvvVerificationEnabled = null, cvvVerificationNEnabled = null, cvvVerificationPEnabled = null, cvvVerificationSEnabled = null, cvvVerificationUEnabled = null, followPartnerCvvSettings = null, avsRule = null, followPartnerAvsSettings = null, accountUpdaterEnrolled = null, bypassEnrollAuthEnabled = null, followPartnerServiceFeeEnabled = null, serviceFeeEnabled = null) {
35523
35533
  /**
35524
35534
  * Whether or not the request succeeded.
35525
35535
  */
@@ -35793,6 +35803,14 @@ class MerchantProfileResponse {
35793
35803
  * Whether the merchant should bypass an auth with TSYS on Enrollment.
35794
35804
  */
35795
35805
  this.bypassEnrollAuthEnabled = null;
35806
+ /**
35807
+ * That the merchant follows the partner's service fee settings.
35808
+ */
35809
+ this.followPartnerServiceFeeEnabled = null;
35810
+ /**
35811
+ * That the merchant is configured to apply a service fee.
35812
+ */
35813
+ this.serviceFeeEnabled = null;
35796
35814
  this.success = success;
35797
35815
  this.error = error;
35798
35816
  this.responseDescription = responseDescription;
@@ -35859,6 +35877,8 @@ class MerchantProfileResponse {
35859
35877
  this.followPartnerAvsSettings = followPartnerAvsSettings;
35860
35878
  this.accountUpdaterEnrolled = accountUpdaterEnrolled;
35861
35879
  this.bypassEnrollAuthEnabled = bypassEnrollAuthEnabled;
35880
+ this.followPartnerServiceFeeEnabled = followPartnerServiceFeeEnabled;
35881
+ this.serviceFeeEnabled = serviceFeeEnabled;
35862
35882
  }
35863
35883
  }
35864
35884
  exports.MerchantProfileResponse = MerchantProfileResponse;
@@ -41309,7 +41329,7 @@ exports.CoreResponse = CoreResponse;
41309
41329
  /***/ ((module, __unused_webpack_exports, __webpack_require__) => {
41310
41330
 
41311
41331
  "use strict";
41312
- /*! Axios v1.16.1 Copyright (c) 2026 Matt Zabriskie and contributors */
41332
+ /*! Axios v1.18.0 Copyright (c) 2026 Matt Zabriskie and contributors */
41313
41333
 
41314
41334
 
41315
41335
  /**
@@ -41331,6 +41351,57 @@ const { toString } = Object.prototype;
41331
41351
  const { getPrototypeOf } = Object;
41332
41352
  const { iterator, toStringTag } = Symbol;
41333
41353
 
41354
+ /* Creating a function that will check if an object has a property. */
41355
+ const hasOwnProperty = (
41356
+ ({ hasOwnProperty }) =>
41357
+ (obj, prop) =>
41358
+ hasOwnProperty.call(obj, prop)
41359
+ )(Object.prototype);
41360
+
41361
+ /**
41362
+ * Walk the prototype chain (excluding the shared Object.prototype) looking for
41363
+ * an own `prop`. This distinguishes genuine own/inherited members — including
41364
+ * class accessors and template prototypes — from members injected via
41365
+ * Object.prototype pollution (e.g. `Object.prototype.username = '...'`), which
41366
+ * live on Object.prototype itself and are therefore never matched.
41367
+ *
41368
+ * @param {*} thing The value whose chain to inspect
41369
+ * @param {string|symbol} prop The property key to look for
41370
+ *
41371
+ * @returns {boolean} True when `prop` is owned below Object.prototype
41372
+ */
41373
+ const hasOwnInPrototypeChain = (thing, prop) => {
41374
+ let obj = thing;
41375
+ const seen = [];
41376
+
41377
+ while (obj != null && obj !== Object.prototype) {
41378
+ if (seen.indexOf(obj) !== -1) {
41379
+ return false;
41380
+ }
41381
+ seen.push(obj);
41382
+
41383
+ if (hasOwnProperty(obj, prop)) {
41384
+ return true;
41385
+ }
41386
+ obj = getPrototypeOf(obj);
41387
+ }
41388
+ return false;
41389
+ };
41390
+
41391
+ /**
41392
+ * Read `obj[prop]` only when it is safe from Object.prototype pollution. Own
41393
+ * properties and members inherited from a non-Object.prototype source (a class
41394
+ * instance or template object) are honored; a value reachable only through a
41395
+ * polluted Object.prototype is ignored and `undefined` is returned.
41396
+ *
41397
+ * @param {*} obj The source object
41398
+ * @param {string|symbol} prop The property key to read
41399
+ *
41400
+ * @returns {*} The resolved value, or undefined when unsafe/absent
41401
+ */
41402
+ const getSafeProp = (obj, prop) =>
41403
+ obj != null && hasOwnInPrototypeChain(obj, prop) ? obj[prop] : undefined;
41404
+
41334
41405
  const kindOf = ((cache) => (thing) => {
41335
41406
  const str = toString.call(thing);
41336
41407
  return cache[str] || (cache[str] = str.slice(8, -1).toLowerCase());
@@ -41456,7 +41527,7 @@ const isBoolean = (thing) => thing === true || thing === false;
41456
41527
  * @returns {boolean} True if value is a plain Object, otherwise false
41457
41528
  */
41458
41529
  const isPlainObject = (val) => {
41459
- if (kindOf(val) !== 'object') {
41530
+ if (!isObject(val)) {
41460
41531
  return false;
41461
41532
  }
41462
41533
 
@@ -41464,9 +41535,12 @@ const isPlainObject = (val) => {
41464
41535
  return (
41465
41536
  (prototype === null ||
41466
41537
  prototype === Object.prototype ||
41467
- Object.getPrototypeOf(prototype) === null) &&
41468
- !(toStringTag in val) &&
41469
- !(iterator in val)
41538
+ getPrototypeOf(prototype) === null) &&
41539
+ // Treat any genuine (non-Object.prototype-polluted) Symbol.toStringTag or
41540
+ // Symbol.iterator as evidence the value is a tagged/iterable type rather
41541
+ // than a plain object, while ignoring keys injected onto Object.prototype.
41542
+ !hasOwnInPrototypeChain(val, toStringTag) &&
41543
+ !hasOwnInPrototypeChain(val, iterator)
41470
41544
  );
41471
41545
  };
41472
41546
 
@@ -41735,7 +41809,9 @@ function merge(...objs) {
41735
41809
  return;
41736
41810
  }
41737
41811
 
41738
- const targetKey = (caseless && findKey(result, key)) || key;
41812
+ // findKey lowercases the key, so caseless lookup only applies to strings —
41813
+ // symbol keys are identity-matched.
41814
+ const targetKey = (caseless && typeof key === 'string' && findKey(result, key)) || key;
41739
41815
  // Read via own-prop only — a bare `result[targetKey]` walks the prototype
41740
41816
  // chain, so a polluted Object.prototype value could surface here and get
41741
41817
  // copied into the merged result.
@@ -41752,7 +41828,24 @@ function merge(...objs) {
41752
41828
  };
41753
41829
 
41754
41830
  for (let i = 0, l = objs.length; i < l; i++) {
41755
- objs[i] && forEach(objs[i], assignValue);
41831
+ const source = objs[i];
41832
+ if (!source || isBuffer(source)) {
41833
+ continue;
41834
+ }
41835
+
41836
+ forEach(source, assignValue);
41837
+
41838
+ if (typeof source !== 'object' || isArray(source)) {
41839
+ continue;
41840
+ }
41841
+
41842
+ const symbols = Object.getOwnPropertySymbols(source);
41843
+ for (let j = 0; j < symbols.length; j++) {
41844
+ const symbol = symbols[j];
41845
+ if (propertyIsEnumerable.call(source, symbol)) {
41846
+ assignValue(source[symbol], symbol);
41847
+ }
41848
+ }
41756
41849
  }
41757
41850
  return result;
41758
41851
  }
@@ -41974,12 +42067,7 @@ const toCamelCase = (str) => {
41974
42067
  });
41975
42068
  };
41976
42069
 
41977
- /* Creating a function that will check if an object has a property. */
41978
- const hasOwnProperty = (
41979
- ({ hasOwnProperty }) =>
41980
- (obj, prop) =>
41981
- hasOwnProperty.call(obj, prop)
41982
- )(Object.prototype);
42070
+ const { propertyIsEnumerable } = Object.prototype;
41983
42071
 
41984
42072
  /**
41985
42073
  * Determine if a value is a RegExp object
@@ -42192,6 +42280,20 @@ const asap =
42192
42280
 
42193
42281
  const isIterable = (thing) => thing != null && isFunction$1(thing[iterator]);
42194
42282
 
42283
+ /**
42284
+ * Determine if a value is iterable via an iterator that is NOT sourced solely
42285
+ * from a polluted Object.prototype. Use this instead of `isIterable` whenever
42286
+ * the iterable comes from untrusted input (e.g. user-supplied header sources),
42287
+ * so `Object.prototype[Symbol.iterator] = ...` cannot turn an ordinary object
42288
+ * into an attacker-controlled entries iterator.
42289
+ *
42290
+ * @param {*} thing The value to test
42291
+ *
42292
+ * @returns {boolean} True if value has a non-polluted iterator
42293
+ */
42294
+ const isSafeIterable = (thing) =>
42295
+ thing != null && hasOwnInPrototypeChain(thing, iterator) && isIterable(thing);
42296
+
42195
42297
  var utils$1 = {
42196
42298
  isArray,
42197
42299
  isArrayBuffer,
@@ -42236,6 +42338,8 @@ var utils$1 = {
42236
42338
  isHTMLForm,
42237
42339
  hasOwnProperty,
42238
42340
  hasOwnProp: hasOwnProperty, // an alias to avoid ESLint no-prototype-builtins detection
42341
+ hasOwnInPrototypeChain,
42342
+ getSafeProp,
42239
42343
  reduceDescriptors,
42240
42344
  freezeMethods,
42241
42345
  toObjectSet,
@@ -42252,6 +42356,7 @@ var utils$1 = {
42252
42356
  setImmediate: _setImmediate,
42253
42357
  asap,
42254
42358
  isIterable,
42359
+ isSafeIterable,
42255
42360
  };
42256
42361
 
42257
42362
  // RawAxiosHeaders whose duplicates are ignored by node
@@ -42462,7 +42567,7 @@ class AxiosHeaders {
42462
42567
  const lHeader = normalizeHeader(_header);
42463
42568
 
42464
42569
  if (!lHeader) {
42465
- throw new Error('header name must be a non-empty string');
42570
+ return;
42466
42571
  }
42467
42572
 
42468
42573
  const key = utils$1.findKey(self, lHeader);
@@ -42484,20 +42589,23 @@ class AxiosHeaders {
42484
42589
  setHeaders(header, valueOrRewrite);
42485
42590
  } else if (utils$1.isString(header) && (header = header.trim()) && !isValidHeaderName(header)) {
42486
42591
  setHeaders(parseHeaders(header), valueOrRewrite);
42487
- } else if (utils$1.isObject(header) && utils$1.isIterable(header)) {
42488
- let obj = {},
42592
+ } else if (utils$1.isObject(header) && utils$1.isSafeIterable(header)) {
42593
+ let obj = Object.create(null),
42489
42594
  dest,
42490
42595
  key;
42491
42596
  for (const entry of header) {
42492
42597
  if (!utils$1.isArray(entry)) {
42493
- throw TypeError('Object iterator must return a key-value pair');
42598
+ throw new TypeError('Object iterator must return a key-value pair');
42494
42599
  }
42495
42600
 
42496
- obj[(key = entry[0])] = (dest = obj[key])
42497
- ? utils$1.isArray(dest)
42498
- ? [...dest, entry[1]]
42499
- : [dest, entry[1]]
42500
- : entry[1];
42601
+ key = entry[0];
42602
+
42603
+ if (utils$1.hasOwnProp(obj, key)) {
42604
+ dest = obj[key];
42605
+ obj[key] = utils$1.isArray(dest) ? [...dest, entry[1]] : [dest, entry[1]];
42606
+ } else {
42607
+ obj[key] = entry[1];
42608
+ }
42501
42609
  }
42502
42610
 
42503
42611
  setHeaders(obj, valueOrRewrite);
@@ -42891,6 +42999,10 @@ AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED = 'ERR_FORM_DATA_DEPTH_EXCEEDED';
42891
42999
  // eslint-disable-next-line strict
42892
43000
  var httpAdapter = null;
42893
43001
 
43002
+ // Default nesting limit shared with the inverse transform (formDataToJSON) so
43003
+ // the FormData <-> JSON round-trip stays symmetric.
43004
+ const DEFAULT_FORM_DATA_MAX_DEPTH = 100;
43005
+
42894
43006
  /**
42895
43007
  * Determines if the given thing is a array or js object.
42896
43008
  *
@@ -43001,8 +43113,9 @@ function toFormData(obj, formData, options) {
43001
43113
  const dots = options.dots;
43002
43114
  const indexes = options.indexes;
43003
43115
  const _Blob = options.Blob || (typeof Blob !== 'undefined' && Blob);
43004
- const maxDepth = options.maxDepth === undefined ? 100 : options.maxDepth;
43116
+ const maxDepth = options.maxDepth === undefined ? DEFAULT_FORM_DATA_MAX_DEPTH : options.maxDepth;
43005
43117
  const useBlob = _Blob && utils$1.isSpecCompliantForm(formData);
43118
+ const stack = [];
43006
43119
 
43007
43120
  if (!utils$1.isFunction(visitor)) {
43008
43121
  throw new TypeError('visitor must be a function');
@@ -43030,6 +43143,38 @@ function toFormData(obj, formData, options) {
43030
43143
  return value;
43031
43144
  }
43032
43145
 
43146
+ function throwIfMaxDepthExceeded(depth) {
43147
+ if (depth > maxDepth) {
43148
+ throw new AxiosError(
43149
+ 'Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth,
43150
+ AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED
43151
+ );
43152
+ }
43153
+ }
43154
+
43155
+ function stringifyWithDepthLimit(value, depth) {
43156
+ if (maxDepth === Infinity) {
43157
+ return JSON.stringify(value);
43158
+ }
43159
+
43160
+ const ancestors = [];
43161
+
43162
+ return JSON.stringify(value, function limitDepth(_key, currentValue) {
43163
+ if (!utils$1.isObject(currentValue)) {
43164
+ return currentValue;
43165
+ }
43166
+
43167
+ while (ancestors.length && ancestors[ancestors.length - 1] !== this) {
43168
+ ancestors.pop();
43169
+ }
43170
+
43171
+ ancestors.push(currentValue);
43172
+ throwIfMaxDepthExceeded(depth + ancestors.length - 1);
43173
+
43174
+ return currentValue;
43175
+ });
43176
+ }
43177
+
43033
43178
  /**
43034
43179
  * Default visitor.
43035
43180
  *
@@ -43053,7 +43198,7 @@ function toFormData(obj, formData, options) {
43053
43198
  // eslint-disable-next-line no-param-reassign
43054
43199
  key = metaTokens ? key : key.slice(0, -2);
43055
43200
  // eslint-disable-next-line no-param-reassign
43056
- value = JSON.stringify(value);
43201
+ value = stringifyWithDepthLimit(value, 1);
43057
43202
  } else if (
43058
43203
  (utils$1.isArray(value) && isFlatArray(value)) ||
43059
43204
  ((utils$1.isFileList(value) || utils$1.endsWith(key, '[]')) && (arr = utils$1.toArray(value)))
@@ -43086,8 +43231,6 @@ function toFormData(obj, formData, options) {
43086
43231
  return false;
43087
43232
  }
43088
43233
 
43089
- const stack = [];
43090
-
43091
43234
  const exposedHelpers = Object.assign(predicates, {
43092
43235
  defaultVisitor,
43093
43236
  convertValue,
@@ -43097,15 +43240,10 @@ function toFormData(obj, formData, options) {
43097
43240
  function build(value, path, depth = 0) {
43098
43241
  if (utils$1.isUndefined(value)) return;
43099
43242
 
43100
- if (depth > maxDepth) {
43101
- throw new AxiosError(
43102
- 'Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth,
43103
- AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED
43104
- );
43105
- }
43243
+ throwIfMaxDepthExceeded(depth);
43106
43244
 
43107
43245
  if (stack.indexOf(value) !== -1) {
43108
- throw Error('Circular reference detected in ' + path.join('.'));
43246
+ throw new Error('Circular reference detected in ' + path.join('.'));
43109
43247
  }
43110
43248
 
43111
43249
  stack.push(value);
@@ -43218,15 +43356,17 @@ function buildURL(url, params, options) {
43218
43356
  return url;
43219
43357
  }
43220
43358
 
43221
- const _encode = (options && options.encode) || encode;
43222
-
43223
43359
  const _options = utils$1.isFunction(options)
43224
43360
  ? {
43225
43361
  serialize: options,
43226
43362
  }
43227
43363
  : options;
43228
43364
 
43229
- const serializeFn = _options && _options.serialize;
43365
+ // Read serializer options pollution-safely: own properties and methods on a
43366
+ // class/template prototype are honored, but values injected onto a polluted
43367
+ // Object.prototype are ignored.
43368
+ const _encode = utils$1.getSafeProp(_options, 'encode') || encode;
43369
+ const serializeFn = utils$1.getSafeProp(_options, 'serialize');
43230
43370
 
43231
43371
  let serializedParams;
43232
43372
 
@@ -43322,6 +43462,8 @@ var transitionalDefaults = {
43322
43462
  forcedJSONParsing: true,
43323
43463
  clarifyTimeoutError: false,
43324
43464
  legacyInterceptorReqResOrdering: true,
43465
+ advertiseZstdAcceptEncoding: false,
43466
+ validateStatusUndefinedResolves: true,
43325
43467
  };
43326
43468
 
43327
43469
  var URLSearchParams$1 = typeof URLSearchParams !== 'undefined' ? URLSearchParams : AxiosURLSearchParams;
@@ -43413,6 +43555,17 @@ function toURLEncodedForm(data, options) {
43413
43555
  });
43414
43556
  }
43415
43557
 
43558
+ const MAX_DEPTH = DEFAULT_FORM_DATA_MAX_DEPTH;
43559
+
43560
+ function throwIfDepthExceeded(index) {
43561
+ if (index > MAX_DEPTH) {
43562
+ throw new AxiosError(
43563
+ 'FormData field is too deeply nested (' + index + ' levels). Max depth: ' + MAX_DEPTH,
43564
+ AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED
43565
+ );
43566
+ }
43567
+ }
43568
+
43416
43569
  /**
43417
43570
  * It takes a string like `foo[x][y][z]` and returns an array like `['foo', 'x', 'y', 'z']
43418
43571
  *
@@ -43425,9 +43578,16 @@ function parsePropPath(name) {
43425
43578
  // foo.x.y.z
43426
43579
  // foo-x-y-z
43427
43580
  // foo x y z
43428
- return utils$1.matchAll(/\w+|\[(\w*)]/g, name).map((match) => {
43429
- return match[0] === '[]' ? '' : match[1] || match[0];
43430
- });
43581
+ const path = [];
43582
+ const pattern = /\w+|\[(\w*)]/g;
43583
+ let match;
43584
+
43585
+ while ((match = pattern.exec(name)) !== null) {
43586
+ throwIfDepthExceeded(path.length);
43587
+ path.push(match[0] === '[]' ? '' : match[1] || match[0]);
43588
+ }
43589
+
43590
+ return path;
43431
43591
  }
43432
43592
 
43433
43593
  /**
@@ -43459,6 +43619,8 @@ function arrayToObject(arr) {
43459
43619
  */
43460
43620
  function formDataToJSON(formData) {
43461
43621
  function buildPath(path, value, target, index) {
43622
+ throwIfDepthExceeded(index);
43623
+
43462
43624
  let name = path[index++];
43463
43625
 
43464
43626
  if (name === '__proto__') return true;
@@ -43995,6 +44157,31 @@ function combineURLs(baseURL, relativeURL) {
43995
44157
  : baseURL;
43996
44158
  }
43997
44159
 
44160
+ const malformedHttpProtocol = /^https?:(?!\/\/)/i;
44161
+ const httpProtocolControlCharacters = /[\t\n\r]/g;
44162
+
44163
+ function stripLeadingC0ControlOrSpace(url) {
44164
+ let i = 0;
44165
+ while (i < url.length && url.charCodeAt(i) <= 0x20) {
44166
+ i++;
44167
+ }
44168
+ return url.slice(i);
44169
+ }
44170
+
44171
+ function normalizeURLForProtocolCheck(url) {
44172
+ return stripLeadingC0ControlOrSpace(url).replace(httpProtocolControlCharacters, '');
44173
+ }
44174
+
44175
+ function assertValidHttpProtocolURL(url, config) {
44176
+ if (typeof url === 'string' && malformedHttpProtocol.test(normalizeURLForProtocolCheck(url))) {
44177
+ throw new AxiosError(
44178
+ 'Invalid URL: missing "//" after protocol',
44179
+ AxiosError.ERR_INVALID_URL,
44180
+ config
44181
+ );
44182
+ }
44183
+ }
44184
+
43998
44185
  /**
43999
44186
  * Creates a new URL by combining the baseURL with the requestedURL,
44000
44187
  * only when the requestedURL is not already an absolute URL.
@@ -44005,9 +44192,11 @@ function combineURLs(baseURL, relativeURL) {
44005
44192
  *
44006
44193
  * @returns {string} The combined full path
44007
44194
  */
44008
- function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls) {
44195
+ function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls, config) {
44196
+ assertValidHttpProtocolURL(requestedURL, config);
44009
44197
  let isRelativeUrl = !isAbsoluteURL(requestedURL);
44010
44198
  if (baseURL && (isRelativeUrl || allowAbsoluteUrls === false)) {
44199
+ assertValidHttpProtocolURL(baseURL, config);
44011
44200
  return combineURLs(baseURL, requestedURL);
44012
44201
  }
44013
44202
  return requestedURL;
@@ -44078,6 +44267,28 @@ function mergeConfig(config1, config2) {
44078
44267
  }
44079
44268
  }
44080
44269
 
44270
+ function getMergedTransitionalOption(prop) {
44271
+ const transitional2 = utils$1.hasOwnProp(config2, 'transitional') ? config2.transitional : undefined;
44272
+
44273
+ if (!utils$1.isUndefined(transitional2)) {
44274
+ if (utils$1.isPlainObject(transitional2)) {
44275
+ if (utils$1.hasOwnProp(transitional2, prop)) {
44276
+ return transitional2[prop];
44277
+ }
44278
+ } else {
44279
+ return undefined;
44280
+ }
44281
+ }
44282
+
44283
+ const transitional1 = utils$1.hasOwnProp(config1, 'transitional') ? config1.transitional : undefined;
44284
+
44285
+ if (utils$1.isPlainObject(transitional1) && utils$1.hasOwnProp(transitional1, prop)) {
44286
+ return transitional1[prop];
44287
+ }
44288
+
44289
+ return undefined;
44290
+ }
44291
+
44081
44292
  // eslint-disable-next-line consistent-return
44082
44293
  function mergeDirectKeys(a, b, prop) {
44083
44294
  if (utils$1.hasOwnProp(config2, prop)) {
@@ -44130,6 +44341,18 @@ function mergeConfig(config1, config2) {
44130
44341
  (utils$1.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
44131
44342
  });
44132
44343
 
44344
+ if (
44345
+ utils$1.hasOwnProp(config2, 'validateStatus') &&
44346
+ utils$1.isUndefined(config2.validateStatus) &&
44347
+ getMergedTransitionalOption('validateStatusUndefinedResolves') === false
44348
+ ) {
44349
+ if (utils$1.hasOwnProp(config1, 'validateStatus')) {
44350
+ config.validateStatus = getMergedValue(undefined, config1.validateStatus);
44351
+ } else {
44352
+ delete config.validateStatus;
44353
+ }
44354
+ }
44355
+
44133
44356
  return config;
44134
44357
  }
44135
44358
 
@@ -44156,12 +44379,12 @@ function setFormDataHeaders(headers, formHeaders, policy) {
44156
44379
  *
44157
44380
  * @returns {string} UTF-8 bytes as a Latin-1 string
44158
44381
  */
44159
- const encodeUTF8 = (str) =>
44382
+ const encodeUTF8$1 = (str) =>
44160
44383
  encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) =>
44161
44384
  String.fromCharCode(parseInt(hex, 16))
44162
44385
  );
44163
44386
 
44164
- var resolveConfig = (config) => {
44387
+ function resolveConfig(config) {
44165
44388
  const newConfig = mergeConfig({}, config);
44166
44389
 
44167
44390
  // Read only own properties to prevent prototype pollution gadgets
@@ -44181,23 +44404,29 @@ var resolveConfig = (config) => {
44181
44404
  newConfig.headers = headers = AxiosHeaders.from(headers);
44182
44405
 
44183
44406
  newConfig.url = buildURL(
44184
- buildFullPath(baseURL, url, allowAbsoluteUrls),
44185
- config.params,
44186
- config.paramsSerializer
44407
+ buildFullPath(baseURL, url, allowAbsoluteUrls, newConfig),
44408
+ own('params'),
44409
+ own('paramsSerializer')
44187
44410
  );
44188
44411
 
44189
44412
  // HTTP basic authentication
44190
44413
  if (auth) {
44414
+ const username = utils$1.getSafeProp(auth, 'username') || '';
44415
+ const password = utils$1.getSafeProp(auth, 'password') || '';
44416
+
44191
44417
  headers.set(
44192
44418
  'Authorization',
44193
- 'Basic ' +
44194
- btoa((auth.username || '') + ':' + (auth.password ? encodeUTF8(auth.password) : ''))
44419
+ 'Basic ' + btoa(username + ':' + (password ? encodeUTF8$1(password) : ''))
44195
44420
  );
44196
44421
  }
44197
44422
 
44198
44423
  if (utils$1.isFormData(data)) {
44199
- if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv) {
44200
- headers.setContentType(undefined); // browser handles it
44424
+ if (
44425
+ platform.hasStandardBrowserEnv ||
44426
+ platform.hasStandardBrowserWebWorkerEnv ||
44427
+ utils$1.isReactNative(data)
44428
+ ) {
44429
+ headers.setContentType(undefined); // browser/web worker/RN handles it
44201
44430
  } else if (utils$1.isFunction(data.getHeaders)) {
44202
44431
  // Node.js FormData (like form-data package)
44203
44432
  setFormDataHeaders(headers, data.getHeaders(), own('formDataHeaderPolicy'));
@@ -44229,7 +44458,7 @@ var resolveConfig = (config) => {
44229
44458
  }
44230
44459
 
44231
44460
  return newConfig;
44232
- };
44461
+ }
44233
44462
 
44234
44463
  const isXHRAdapterSupported = typeof XMLHttpRequest !== 'undefined';
44235
44464
 
@@ -44593,11 +44822,19 @@ const trackStream = (stream, chunkSize, onProgress, onFinish) => {
44593
44822
  * Estimate decoded byte length of a data:// URL *without* allocating large buffers.
44594
44823
  * - For base64: compute exact decoded size using length and padding;
44595
44824
  * handle %XX at the character-count level (no string allocation).
44596
- * - For non-base64: use UTF-8 byteLength of the encoded body as a safe upper bound.
44825
+ * - For non-base64: compute the exact percent-decoded UTF-8 byte length.
44597
44826
  *
44598
44827
  * @param {string} url
44599
44828
  * @returns {number}
44600
44829
  */
44830
+ const isHexDigit = (charCode) =>
44831
+ (charCode >= 48 && charCode <= 57) ||
44832
+ (charCode >= 65 && charCode <= 70) ||
44833
+ (charCode >= 97 && charCode <= 102);
44834
+
44835
+ const isPercentEncodedByte = (str, i, len) =>
44836
+ i + 2 < len && isHexDigit(str.charCodeAt(i + 1)) && isHexDigit(str.charCodeAt(i + 2));
44837
+
44601
44838
  function estimateDataURLDecodedBytes(url) {
44602
44839
  if (!url || typeof url !== 'string') return 0;
44603
44840
  if (!url.startsWith('data:')) return 0;
@@ -44617,9 +44854,7 @@ function estimateDataURLDecodedBytes(url) {
44617
44854
  if (body.charCodeAt(i) === 37 /* '%' */ && i + 2 < len) {
44618
44855
  const a = body.charCodeAt(i + 1);
44619
44856
  const b = body.charCodeAt(i + 2);
44620
- const isHex =
44621
- ((a >= 48 && a <= 57) || (a >= 65 && a <= 70) || (a >= 97 && a <= 102)) &&
44622
- ((b >= 48 && b <= 57) || (b >= 65 && b <= 70) || (b >= 97 && b <= 102));
44857
+ const isHex = isHexDigit(a) && isHexDigit(b);
44623
44858
 
44624
44859
  if (isHex) {
44625
44860
  effectiveLen -= 2;
@@ -44660,18 +44895,17 @@ function estimateDataURLDecodedBytes(url) {
44660
44895
  return bytes > 0 ? bytes : 0;
44661
44896
  }
44662
44897
 
44663
- if (typeof Buffer !== 'undefined' && typeof Buffer.byteLength === 'function') {
44664
- return Buffer.byteLength(body, 'utf8');
44665
- }
44666
-
44667
44898
  // Compute UTF-8 byte length directly from UTF-16 code units without allocating
44668
44899
  // a byte buffer (TextEncoder.encode would defeat the DoS guard on large bodies).
44669
- // Using body.length here would undercount non-ASCII (e.g. '€' is 1 code unit
44670
- // but 3 UTF-8 bytes).
44900
+ // Valid %XX triplets count as one decoded byte; this matches the bytes that
44901
+ // decodeURIComponent(body) would produce before Buffer re-encodes the string.
44671
44902
  let bytes = 0;
44672
44903
  for (let i = 0, len = body.length; i < len; i++) {
44673
44904
  const c = body.charCodeAt(i);
44674
- if (c < 0x80) {
44905
+ if (c === 37 /* '%' */ && isPercentEncodedByte(body, i, len)) {
44906
+ bytes += 1;
44907
+ i += 2;
44908
+ } else if (c < 0x80) {
44675
44909
  bytes += 1;
44676
44910
  } else if (c < 0x800) {
44677
44911
  bytes += 2;
@@ -44690,12 +44924,41 @@ function estimateDataURLDecodedBytes(url) {
44690
44924
  return bytes;
44691
44925
  }
44692
44926
 
44693
- const VERSION = "1.16.1";
44927
+ const VERSION = "1.18.0";
44694
44928
 
44695
44929
  const DEFAULT_CHUNK_SIZE = 64 * 1024;
44696
44930
 
44697
44931
  const { isFunction } = utils$1;
44698
44932
 
44933
+ /**
44934
+ * Encode a UTF-8 string to a Latin-1 byte string for use with btoa().
44935
+ * This is a modern replacement for the deprecated unescape(encodeURIComponent(str)) pattern.
44936
+ *
44937
+ * @param {string} str The string to encode
44938
+ *
44939
+ * @returns {string} UTF-8 bytes as a Latin-1 string
44940
+ */
44941
+ const encodeUTF8 = (str) =>
44942
+ encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) =>
44943
+ String.fromCharCode(parseInt(hex, 16))
44944
+ );
44945
+
44946
+ // Node's WHATWG URL parser returns `username` and `password` percent-encoded.
44947
+ // Decode before composing the `auth` option so credentials such as
44948
+ // `my%40email.com:pass` are sent as `my@email.com:pass`. Falls back to the
44949
+ // original value for malformed input so a bad encoding never throws.
44950
+ const decodeURIComponentSafe = (value) => {
44951
+ if (!utils$1.isString(value)) {
44952
+ return value;
44953
+ }
44954
+
44955
+ try {
44956
+ return decodeURIComponent(value);
44957
+ } catch (error) {
44958
+ return value;
44959
+ }
44960
+ };
44961
+
44699
44962
  const test = (fn, ...args) => {
44700
44963
  try {
44701
44964
  return !!fn(...args);
@@ -44704,6 +44967,15 @@ const test = (fn, ...args) => {
44704
44967
  }
44705
44968
  };
44706
44969
 
44970
+ const maybeWithAuthCredentials = (url) => {
44971
+ const protocolIndex = url.indexOf('://');
44972
+ let urlToCheck = url;
44973
+ if (protocolIndex !== -1) {
44974
+ urlToCheck = urlToCheck.slice(protocolIndex + 3);
44975
+ }
44976
+ return urlToCheck.includes('@') || urlToCheck.includes(':');
44977
+ };
44978
+
44707
44979
  const factory = (env) => {
44708
44980
  const globalObject =
44709
44981
  utils$1.global !== undefined && utils$1.global !== null
@@ -44851,6 +45123,7 @@ const factory = (env) => {
44851
45123
 
44852
45124
  const hasMaxContentLength = utils$1.isNumber(maxContentLength) && maxContentLength > -1;
44853
45125
  const hasMaxBodyLength = utils$1.isNumber(maxBodyLength) && maxBodyLength > -1;
45126
+ const own = (key) => (utils$1.hasOwnProp(config, key) ? config[key] : undefined);
44854
45127
 
44855
45128
  let _fetch = envFetch || fetch;
44856
45129
 
@@ -44872,7 +45145,61 @@ const factory = (env) => {
44872
45145
 
44873
45146
  let requestContentLength;
44874
45147
 
45148
+ // AxiosError we raise while the request body is being streamed. Captured
45149
+ // by identity so the catch block can surface it directly, regardless of
45150
+ // how the runtime wraps the resulting fetch rejection (undici exposes it
45151
+ // as `err.cause`; some browsers drop the original error entirely).
45152
+ let pendingBodyError = null;
45153
+
45154
+ const maxBodyLengthError = () =>
45155
+ new AxiosError(
45156
+ 'Request body larger than maxBodyLength limit',
45157
+ AxiosError.ERR_BAD_REQUEST,
45158
+ config,
45159
+ request
45160
+ );
45161
+
44875
45162
  try {
45163
+ // HTTP basic authentication
45164
+ let auth = undefined;
45165
+ const configAuth = own('auth');
45166
+
45167
+ if (configAuth) {
45168
+ const username = utils$1.getSafeProp(configAuth, 'username') || '';
45169
+ const password = utils$1.getSafeProp(configAuth, 'password') || '';
45170
+ auth = {
45171
+ username,
45172
+ password
45173
+ };
45174
+ }
45175
+
45176
+ if (maybeWithAuthCredentials(url)) {
45177
+ const parsedURL = new URL(url, platform.origin);
45178
+
45179
+ if (!auth && (parsedURL.username || parsedURL.password)) {
45180
+ const urlUsername = decodeURIComponentSafe(parsedURL.username);
45181
+ const urlPassword = decodeURIComponentSafe(parsedURL.password);
45182
+ auth = {
45183
+ username: urlUsername,
45184
+ password: urlPassword
45185
+ };
45186
+ }
45187
+
45188
+ if (parsedURL.username || parsedURL.password) {
45189
+ parsedURL.username = '';
45190
+ parsedURL.password = '';
45191
+ url = parsedURL.href;
45192
+ }
45193
+ }
45194
+
45195
+ if (auth) {
45196
+ headers.delete('authorization');
45197
+ headers.set(
45198
+ 'Authorization',
45199
+ 'Basic ' + btoa(encodeUTF8((auth.username || '') + ':' + (auth.password || '')))
45200
+ );
45201
+ }
45202
+
44876
45203
  // Enforce maxContentLength for data: URLs up-front so we never materialize
44877
45204
  // an oversized payload. The HTTP adapter applies the same check (see http.js
44878
45205
  // "if (protocol === 'data:')" branch).
@@ -44888,53 +45215,96 @@ const factory = (env) => {
44888
45215
  }
44889
45216
  }
44890
45217
 
44891
- // Enforce maxBodyLength against the outbound request body before dispatch.
44892
- // Mirrors http.js behavior (ERR_BAD_REQUEST / 'Request body larger than
44893
- // maxBodyLength limit'). Skip when the body length cannot be determined
44894
- // (e.g. a live ReadableStream supplied by the caller).
45218
+ // Enforce maxBodyLength against known-size bodies before dispatch using
45219
+ // the body's *actual* size never a caller-declared Content-Length,
45220
+ // which could under-report to slip an oversized body past the check.
45221
+ // Unknown-size streams return undefined here and are counted per-chunk
45222
+ // below as fetch consumes them.
44895
45223
  if (hasMaxBodyLength && method !== 'get' && method !== 'head') {
44896
- const outboundLength = await resolveBodyLength(headers, data);
44897
- if (
44898
- typeof outboundLength === 'number' &&
44899
- isFinite(outboundLength) &&
44900
- outboundLength > maxBodyLength
44901
- ) {
44902
- throw new AxiosError(
44903
- 'Request body larger than maxBodyLength limit',
44904
- AxiosError.ERR_BAD_REQUEST,
44905
- config,
44906
- request
44907
- );
45224
+ const outboundLength = await getBodyLength(data);
45225
+ if (typeof outboundLength === 'number' && isFinite(outboundLength)) {
45226
+ requestContentLength = outboundLength;
45227
+ if (outboundLength > maxBodyLength) {
45228
+ throw maxBodyLengthError();
45229
+ }
44908
45230
  }
44909
45231
  }
44910
45232
 
45233
+ // A streamed body under maxBodyLength must be counted as fetch consumes
45234
+ // it; its size is never trusted from a caller-declared Content-Length.
45235
+ const mustEnforceStreamBody =
45236
+ hasMaxBodyLength && (utils$1.isReadableStream(data) || utils$1.isStream(data));
45237
+
45238
+ const trackRequestStream = (stream, onProgress, flush) =>
45239
+ trackStream(
45240
+ stream,
45241
+ DEFAULT_CHUNK_SIZE,
45242
+ (loadedBytes) => {
45243
+ if (hasMaxBodyLength && loadedBytes > maxBodyLength) {
45244
+ throw (pendingBodyError = maxBodyLengthError());
45245
+ }
45246
+ onProgress && onProgress(loadedBytes);
45247
+ },
45248
+ flush
45249
+ );
45250
+
44911
45251
  if (
44912
- onUploadProgress &&
44913
45252
  supportsRequestStream &&
44914
45253
  method !== 'get' &&
44915
45254
  method !== 'head' &&
44916
- (requestContentLength = await resolveBodyLength(headers, data)) !== 0
45255
+ (onUploadProgress || mustEnforceStreamBody)
44917
45256
  ) {
44918
- let _request = new Request(url, {
44919
- method: 'POST',
44920
- body: data,
44921
- duplex: 'half',
44922
- });
45257
+ requestContentLength =
45258
+ requestContentLength == null ? await resolveBodyLength(headers, data) : requestContentLength;
45259
+
45260
+ // A declared length of 0 is only trusted to skip the wrap when we are
45261
+ // not enforcing a stream limit (which must not rely on that header).
45262
+ if (requestContentLength !== 0 || mustEnforceStreamBody) {
45263
+ let _request = new Request(url, {
45264
+ method: 'POST',
45265
+ body: data,
45266
+ duplex: 'half',
45267
+ });
44923
45268
 
44924
- let contentTypeHeader;
45269
+ let contentTypeHeader;
44925
45270
 
44926
- if (utils$1.isFormData(data) && (contentTypeHeader = _request.headers.get('content-type'))) {
44927
- headers.setContentType(contentTypeHeader);
44928
- }
45271
+ if (utils$1.isFormData(data) && (contentTypeHeader = _request.headers.get('content-type'))) {
45272
+ headers.setContentType(contentTypeHeader);
45273
+ }
44929
45274
 
44930
- if (_request.body) {
44931
- const [onProgress, flush] = progressEventDecorator(
44932
- requestContentLength,
44933
- progressEventReducer(asyncDecorator(onUploadProgress))
44934
- );
45275
+ if (_request.body) {
45276
+ const [onProgress, flush] =
45277
+ (onUploadProgress &&
45278
+ progressEventDecorator(
45279
+ requestContentLength,
45280
+ progressEventReducer(asyncDecorator(onUploadProgress))
45281
+ )) ||
45282
+ [];
44935
45283
 
44936
- data = trackStream(_request.body, DEFAULT_CHUNK_SIZE, onProgress, flush);
45284
+ data = trackRequestStream(_request.body, onProgress, flush);
45285
+ }
44937
45286
  }
45287
+ } else if (
45288
+ mustEnforceStreamBody &&
45289
+ !isRequestSupported &&
45290
+ isReadableStreamSupported &&
45291
+ method !== 'get' &&
45292
+ method !== 'head'
45293
+ ) {
45294
+ data = trackRequestStream(data);
45295
+ } else if (
45296
+ mustEnforceStreamBody &&
45297
+ isRequestSupported &&
45298
+ !supportsRequestStream &&
45299
+ method !== 'get' &&
45300
+ method !== 'head'
45301
+ ) {
45302
+ throw new AxiosError(
45303
+ 'Stream request bodies are not supported by the current fetch implementation',
45304
+ AxiosError.ERR_NOT_SUPPORT,
45305
+ config,
45306
+ request
45307
+ );
44938
45308
  }
44939
45309
 
44940
45310
  if (!utils$1.isString(withCredentials)) {
@@ -44977,10 +45347,12 @@ const factory = (env) => {
44977
45347
  ? _fetch(request, fetchOptions)
44978
45348
  : _fetch(url, resolvedOptions));
44979
45349
 
45350
+ const responseHeaders = AxiosHeaders.from(response.headers);
45351
+
44980
45352
  // Cheap pre-check: if the server honestly declares a content-length that
44981
45353
  // already exceeds the cap, reject before we start streaming.
44982
45354
  if (hasMaxContentLength) {
44983
- const declaredLength = utils$1.toFiniteNumber(response.headers.get('content-length'));
45355
+ const declaredLength = utils$1.toFiniteNumber(responseHeaders.getContentLength());
44984
45356
  if (declaredLength != null && declaredLength > maxContentLength) {
44985
45357
  throw new AxiosError(
44986
45358
  'maxContentLength size of ' + maxContentLength + ' exceeded',
@@ -45005,7 +45377,7 @@ const factory = (env) => {
45005
45377
  options[prop] = response[prop];
45006
45378
  });
45007
45379
 
45008
- const responseContentLength = utils$1.toFiniteNumber(response.headers.get('content-length'));
45380
+ const responseContentLength = utils$1.toFiniteNumber(responseHeaders.getContentLength());
45009
45381
 
45010
45382
  const [onProgress, flush] =
45011
45383
  (onDownloadProgress &&
@@ -45100,6 +45472,23 @@ const factory = (env) => {
45100
45472
  throw canceledError;
45101
45473
  }
45102
45474
 
45475
+ // Surface a maxBodyLength violation we raised while the request body was
45476
+ // being streamed. Matching by identity (rather than reading
45477
+ // `err.cause.isAxiosError`) keeps the error deterministic across runtimes
45478
+ // and avoids both prototype-pollution reads and mis-attributing a foreign
45479
+ // AxiosError that merely happened to land in `err.cause`.
45480
+ if (pendingBodyError) {
45481
+ request && !pendingBodyError.request && (pendingBodyError.request = request);
45482
+ throw pendingBodyError;
45483
+ }
45484
+
45485
+ // Re-throw AxiosErrors we raised synchronously (data: URL / content-length
45486
+ // pre-checks, response size enforcement) without re-wrapping them.
45487
+ if (err instanceof AxiosError) {
45488
+ request && !err.request && (err.request = request);
45489
+ throw err;
45490
+ }
45491
+
45103
45492
  if (err && err.name === 'TypeError' && /Load failed|fetch/i.test(err.message)) {
45104
45493
  throw Object.assign(
45105
45494
  new AxiosError(
@@ -45554,6 +45943,8 @@ class Axios {
45554
45943
  forcedJSONParsing: validators.transitional(validators.boolean),
45555
45944
  clarifyTimeoutError: validators.transitional(validators.boolean),
45556
45945
  legacyInterceptorReqResOrdering: validators.transitional(validators.boolean),
45946
+ advertiseZstdAcceptEncoding: validators.transitional(validators.boolean),
45947
+ validateStatusUndefinedResolves: validators.transitional(validators.boolean),
45557
45948
  },
45558
45949
  false
45559
45950
  );
@@ -45683,7 +46074,7 @@ class Axios {
45683
46074
 
45684
46075
  getUri(config) {
45685
46076
  config = mergeConfig(this.defaults, config);
45686
- const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls);
46077
+ const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls, config);
45687
46078
  return buildURL(fullPath, config.params, config.paramsSerializer);
45688
46079
  }
45689
46080
  }
@@ -45696,7 +46087,7 @@ utils$1.forEach(['delete', 'get', 'head', 'options'], function forEachMethodNoDa
45696
46087
  mergeConfig(config || {}, {
45697
46088
  method,
45698
46089
  url,
45699
- data: (config || {}).data,
46090
+ data: config && utils$1.hasOwnProp(config, 'data') ? config.data : undefined,
45700
46091
  })
45701
46092
  );
45702
46093
  };