@carbon/ibmdotcom-services 2.50.1 → 2.51.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -848,6 +848,57 @@
848
848
  var getPrototypeOf$1 = Object.getPrototypeOf;
849
849
  var iterator = Symbol.iterator,
850
850
  toStringTag = Symbol.toStringTag;
851
+
852
+ /* Creating a function that will check if an object has a property. */
853
+ var hasOwnProperty = function (_ref) {
854
+ var hasOwnProperty = _ref.hasOwnProperty;
855
+ return function (obj, prop) {
856
+ return hasOwnProperty.call(obj, prop);
857
+ };
858
+ }(Object.prototype);
859
+
860
+ /**
861
+ * Walk the prototype chain (excluding the shared Object.prototype) looking for
862
+ * an own `prop`. This distinguishes genuine own/inherited members — including
863
+ * class accessors and template prototypes — from members injected via
864
+ * Object.prototype pollution (e.g. `Object.prototype.username = '...'`), which
865
+ * live on Object.prototype itself and are therefore never matched.
866
+ *
867
+ * @param {*} thing The value whose chain to inspect
868
+ * @param {string|symbol} prop The property key to look for
869
+ *
870
+ * @returns {boolean} True when `prop` is owned below Object.prototype
871
+ */
872
+ var hasOwnInPrototypeChain = function hasOwnInPrototypeChain(thing, prop) {
873
+ var obj = thing;
874
+ var seen = [];
875
+ while (obj != null && obj !== Object.prototype) {
876
+ if (seen.indexOf(obj) !== -1) {
877
+ return false;
878
+ }
879
+ seen.push(obj);
880
+ if (hasOwnProperty(obj, prop)) {
881
+ return true;
882
+ }
883
+ obj = getPrototypeOf$1(obj);
884
+ }
885
+ return false;
886
+ };
887
+
888
+ /**
889
+ * Read `obj[prop]` only when it is safe from Object.prototype pollution. Own
890
+ * properties and members inherited from a non-Object.prototype source (a class
891
+ * instance or template object) are honored; a value reachable only through a
892
+ * polluted Object.prototype is ignored and `undefined` is returned.
893
+ *
894
+ * @param {*} obj The source object
895
+ * @param {string|symbol} prop The property key to read
896
+ *
897
+ * @returns {*} The resolved value, or undefined when unsafe/absent
898
+ */
899
+ var getSafeProp = function getSafeProp(obj, prop) {
900
+ return obj != null && hasOwnInPrototypeChain(obj, prop) ? obj[prop] : undefined;
901
+ };
851
902
  var kindOf = function (cache) {
852
903
  return function (thing) {
853
904
  var str = toString.call(thing);
@@ -976,11 +1027,15 @@
976
1027
  * @returns {boolean} True if value is a plain Object, otherwise false
977
1028
  */
978
1029
  var isPlainObject = function isPlainObject(val) {
979
- if (kindOf(val) !== 'object') {
1030
+ if (!isObject(val)) {
980
1031
  return false;
981
1032
  }
982
1033
  var prototype = getPrototypeOf$1(val);
983
- return (prototype === null || prototype === Object.prototype || Object.getPrototypeOf(prototype) === null) && !(toStringTag in val) && !(iterator in val);
1034
+ return (prototype === null || prototype === Object.prototype || getPrototypeOf$1(prototype) === null) &&
1035
+ // Treat any genuine (non-Object.prototype-polluted) Symbol.toStringTag or
1036
+ // Symbol.iterator as evidence the value is a tagged/iterable type rather
1037
+ // than a plain object, while ignoring keys injected onto Object.prototype.
1038
+ !hasOwnInPrototypeChain(val, toStringTag) && !hasOwnInPrototypeChain(val, iterator);
984
1039
  };
985
1040
 
986
1041
  /**
@@ -1148,9 +1203,9 @@
1148
1203
  * @returns {any}
1149
1204
  */
1150
1205
  function forEach(obj, fn) {
1151
- var _ref = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {},
1152
- _ref$allOwnKeys = _ref.allOwnKeys,
1153
- allOwnKeys = _ref$allOwnKeys === void 0 ? false : _ref$allOwnKeys;
1206
+ var _ref2 = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {},
1207
+ _ref2$allOwnKeys = _ref2.allOwnKeys,
1208
+ allOwnKeys = _ref2$allOwnKeys === void 0 ? false : _ref2$allOwnKeys;
1154
1209
  // Don't bother if no value provided
1155
1210
  if (obj === null || typeof obj === 'undefined') {
1156
1211
  return;
@@ -1237,16 +1292,19 @@
1237
1292
  * @returns {Object} Result of all merge properties
1238
1293
  */
1239
1294
  function merge() {
1240
- var _ref2 = isContextDefined(this) && this || {},
1241
- caseless = _ref2.caseless,
1242
- skipUndefined = _ref2.skipUndefined;
1295
+ var _ref3 = isContextDefined(this) && this || {},
1296
+ caseless = _ref3.caseless,
1297
+ skipUndefined = _ref3.skipUndefined;
1243
1298
  var result = {};
1244
1299
  var assignValue = function assignValue(val, key) {
1245
1300
  // Skip dangerous property names to prevent prototype pollution
1246
1301
  if (key === '__proto__' || key === 'constructor' || key === 'prototype') {
1247
1302
  return;
1248
1303
  }
1249
- var targetKey = caseless && findKey(result, key) || key;
1304
+
1305
+ // findKey lowercases the key, so caseless lookup only applies to strings —
1306
+ // symbol keys are identity-matched.
1307
+ var targetKey = caseless && typeof key === 'string' && findKey(result, key) || key;
1250
1308
  // Read via own-prop only — a bare `result[targetKey]` walks the prototype
1251
1309
  // chain, so a polluted Object.prototype value could surface here and get
1252
1310
  // copied into the merged result.
@@ -1261,11 +1319,22 @@
1261
1319
  result[targetKey] = val;
1262
1320
  }
1263
1321
  };
1264
- for (var _len = arguments.length, objs = new Array(_len), _key2 = 0; _key2 < _len; _key2++) {
1265
- objs[_key2] = arguments[_key2];
1266
- }
1267
- for (var i = 0, l = objs.length; i < l; i++) {
1268
- objs[i] && forEach(objs[i], assignValue);
1322
+ for (var i = 0, l = arguments.length; i < l; i++) {
1323
+ var source = i < 0 || arguments.length <= i ? undefined : arguments[i];
1324
+ if (!source || isBuffer(source)) {
1325
+ continue;
1326
+ }
1327
+ forEach(source, assignValue);
1328
+ if (_typeof$1(source) !== 'object' || isArray(source)) {
1329
+ continue;
1330
+ }
1331
+ var symbols = Object.getOwnPropertySymbols(source);
1332
+ for (var j = 0; j < symbols.length; j++) {
1333
+ var symbol = symbols[j];
1334
+ if (propertyIsEnumerable.call(source, symbol)) {
1335
+ assignValue(source[symbol], symbol);
1336
+ }
1337
+ }
1269
1338
  }
1270
1339
  return result;
1271
1340
  }
@@ -1282,8 +1351,8 @@
1282
1351
  * @returns {Object} The resulting value of object a
1283
1352
  */
1284
1353
  var extend = function extend(a, b, thisArg) {
1285
- var _ref3 = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {},
1286
- allOwnKeys = _ref3.allOwnKeys;
1354
+ var _ref4 = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {},
1355
+ allOwnKeys = _ref4.allOwnKeys;
1287
1356
  forEach(b, function (val, key) {
1288
1357
  if (thisArg && isFunction$1(val)) {
1289
1358
  Object.defineProperty(a, key, {
@@ -1477,14 +1546,7 @@
1477
1546
  return p1.toUpperCase() + p2;
1478
1547
  });
1479
1548
  };
1480
-
1481
- /* Creating a function that will check if an object has a property. */
1482
- var hasOwnProperty = function (_ref4) {
1483
- var hasOwnProperty = _ref4.hasOwnProperty;
1484
- return function (obj, prop) {
1485
- return hasOwnProperty.call(obj, prop);
1486
- };
1487
- }(Object.prototype);
1549
+ var propertyIsEnumerable = Object.prototype.propertyIsEnumerable;
1488
1550
 
1489
1551
  /**
1490
1552
  * Determine if a value is a RegExp object
@@ -1664,6 +1726,21 @@
1664
1726
  var isIterable = function isIterable(thing) {
1665
1727
  return thing != null && isFunction$1(thing[iterator]);
1666
1728
  };
1729
+
1730
+ /**
1731
+ * Determine if a value is iterable via an iterator that is NOT sourced solely
1732
+ * from a polluted Object.prototype. Use this instead of `isIterable` whenever
1733
+ * the iterable comes from untrusted input (e.g. user-supplied header sources),
1734
+ * so `Object.prototype[Symbol.iterator] = ...` cannot turn an ordinary object
1735
+ * into an attacker-controlled entries iterator.
1736
+ *
1737
+ * @param {*} thing The value to test
1738
+ *
1739
+ * @returns {boolean} True if value has a non-polluted iterator
1740
+ */
1741
+ var isSafeIterable = function isSafeIterable(thing) {
1742
+ return thing != null && hasOwnInPrototypeChain(thing, iterator) && isIterable(thing);
1743
+ };
1667
1744
  var utils$1 = {
1668
1745
  isArray: isArray,
1669
1746
  isArrayBuffer: isArrayBuffer,
@@ -1709,6 +1786,8 @@
1709
1786
  hasOwnProperty: hasOwnProperty,
1710
1787
  hasOwnProp: hasOwnProperty,
1711
1788
  // an alias to avoid ESLint no-prototype-builtins detection
1789
+ hasOwnInPrototypeChain: hasOwnInPrototypeChain,
1790
+ getSafeProp: getSafeProp,
1712
1791
  reduceDescriptors: reduceDescriptors,
1713
1792
  freezeMethods: freezeMethods,
1714
1793
  toObjectSet: toObjectSet,
@@ -1724,7 +1803,8 @@
1724
1803
  isThenable: isThenable,
1725
1804
  setImmediate: _setImmediate,
1726
1805
  asap: asap,
1727
- isIterable: isIterable
1806
+ isIterable: isIterable,
1807
+ isSafeIterable: isSafeIterable
1728
1808
  };
1729
1809
 
1730
1810
  var possibleConstructorReturn = {exports: {}};
@@ -2072,7 +2152,7 @@
2072
2152
  function setHeader(_value, _header, _rewrite) {
2073
2153
  var lHeader = normalizeHeader(_header);
2074
2154
  if (!lHeader) {
2075
- throw new Error('header name must be a non-empty string');
2155
+ return;
2076
2156
  }
2077
2157
  var key = utils$1.findKey(self, lHeader);
2078
2158
  if (!key || self[key] === undefined || _rewrite === true || _rewrite === undefined && self[key] !== false) {
@@ -2088,8 +2168,8 @@
2088
2168
  setHeaders(header, valueOrRewrite);
2089
2169
  } else if (utils$1.isString(header) && (header = header.trim()) && !isValidHeaderName(header)) {
2090
2170
  setHeaders(parseHeaders(header), valueOrRewrite);
2091
- } else if (utils$1.isObject(header) && utils$1.isIterable(header)) {
2092
- var obj = {},
2171
+ } else if (utils$1.isObject(header) && utils$1.isSafeIterable(header)) {
2172
+ var obj = Object.create(null),
2093
2173
  dest,
2094
2174
  key;
2095
2175
  var _iterator = _createForOfIteratorHelper(header),
@@ -2098,9 +2178,15 @@
2098
2178
  for (_iterator.s(); !(_step = _iterator.n()).done;) {
2099
2179
  var entry = _step.value;
2100
2180
  if (!utils$1.isArray(entry)) {
2101
- throw TypeError('Object iterator must return a key-value pair');
2181
+ throw new TypeError('Object iterator must return a key-value pair');
2182
+ }
2183
+ key = entry[0];
2184
+ if (utils$1.hasOwnProp(obj, key)) {
2185
+ dest = obj[key];
2186
+ obj[key] = utils$1.isArray(dest) ? [].concat(_toConsumableArray(dest), [entry[1]]) : [dest, entry[1]];
2187
+ } else {
2188
+ obj[key] = entry[1];
2102
2189
  }
2103
- obj[key = entry[0]] = (dest = obj[key]) ? utils$1.isArray(dest) ? [].concat(_toConsumableArray(dest), [entry[1]]) : [dest, entry[1]] : entry[1];
2104
2190
  }
2105
2191
  } catch (err) {
2106
2192
  _iterator.e(err);
@@ -2470,6 +2556,10 @@
2470
2556
  // eslint-disable-next-line strict
2471
2557
  var httpAdapter = null;
2472
2558
 
2559
+ // Default nesting limit shared with the inverse transform (formDataToJSON) so
2560
+ // the FormData <-> JSON round-trip stays symmetric.
2561
+ var DEFAULT_FORM_DATA_MAX_DEPTH = 100;
2562
+
2473
2563
  /**
2474
2564
  * Determines if the given thing is a array or js object.
2475
2565
  *
@@ -2570,8 +2660,9 @@
2570
2660
  var dots = options.dots;
2571
2661
  var indexes = options.indexes;
2572
2662
  var _Blob = options.Blob || typeof Blob !== 'undefined' && Blob;
2573
- var maxDepth = options.maxDepth === undefined ? 100 : options.maxDepth;
2663
+ var maxDepth = options.maxDepth === undefined ? DEFAULT_FORM_DATA_MAX_DEPTH : options.maxDepth;
2574
2664
  var useBlob = _Blob && utils$1.isSpecCompliantForm(formData);
2665
+ var stack = [];
2575
2666
  if (!utils$1.isFunction(visitor)) {
2576
2667
  throw new TypeError('visitor must be a function');
2577
2668
  }
@@ -2591,6 +2682,28 @@
2591
2682
  }
2592
2683
  return value;
2593
2684
  }
2685
+ function throwIfMaxDepthExceeded(depth) {
2686
+ if (depth > maxDepth) {
2687
+ throw new AxiosError$1('Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth, AxiosError$1.ERR_FORM_DATA_DEPTH_EXCEEDED);
2688
+ }
2689
+ }
2690
+ function stringifyWithDepthLimit(value, depth) {
2691
+ if (maxDepth === Infinity) {
2692
+ return JSON.stringify(value);
2693
+ }
2694
+ var ancestors = [];
2695
+ return JSON.stringify(value, function limitDepth(_key, currentValue) {
2696
+ if (!utils$1.isObject(currentValue)) {
2697
+ return currentValue;
2698
+ }
2699
+ while (ancestors.length && ancestors[ancestors.length - 1] !== this) {
2700
+ ancestors.pop();
2701
+ }
2702
+ ancestors.push(currentValue);
2703
+ throwIfMaxDepthExceeded(depth + ancestors.length - 1);
2704
+ return currentValue;
2705
+ });
2706
+ }
2594
2707
 
2595
2708
  /**
2596
2709
  * Default visitor.
@@ -2613,7 +2726,7 @@
2613
2726
  // eslint-disable-next-line no-param-reassign
2614
2727
  key = metaTokens ? key : key.slice(0, -2);
2615
2728
  // eslint-disable-next-line no-param-reassign
2616
- value = JSON.stringify(value);
2729
+ value = stringifyWithDepthLimit(value, 1);
2617
2730
  } else if (utils$1.isArray(value) && isFlatArray(value) || (utils$1.isFileList(value) || utils$1.endsWith(key, '[]')) && (arr = utils$1.toArray(value))) {
2618
2731
  // eslint-disable-next-line no-param-reassign
2619
2732
  key = removeBrackets(key);
@@ -2631,7 +2744,6 @@
2631
2744
  formData.append(renderKey(path, key, dots), convertValue(value));
2632
2745
  return false;
2633
2746
  }
2634
- var stack = [];
2635
2747
  var exposedHelpers = Object.assign(predicates, {
2636
2748
  defaultVisitor: defaultVisitor,
2637
2749
  convertValue: convertValue,
@@ -2640,11 +2752,9 @@
2640
2752
  function build(value, path) {
2641
2753
  var depth = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : 0;
2642
2754
  if (utils$1.isUndefined(value)) return;
2643
- if (depth > maxDepth) {
2644
- throw new AxiosError$1('Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth, AxiosError$1.ERR_FORM_DATA_DEPTH_EXCEEDED);
2645
- }
2755
+ throwIfMaxDepthExceeded(depth);
2646
2756
  if (stack.indexOf(value) !== -1) {
2647
- throw Error('Circular reference detected in ' + path.join('.'));
2757
+ throw new Error('Circular reference detected in ' + path.join('.'));
2648
2758
  }
2649
2759
  stack.push(value);
2650
2760
  utils$1.forEach(value, function each(el, key) {
@@ -2734,11 +2844,15 @@
2734
2844
  if (!params) {
2735
2845
  return url;
2736
2846
  }
2737
- var _encode = options && options.encode || encode;
2738
2847
  var _options = utils$1.isFunction(options) ? {
2739
2848
  serialize: options
2740
2849
  } : options;
2741
- var serializeFn = _options && _options.serialize;
2850
+
2851
+ // Read serializer options pollution-safely: own properties and methods on a
2852
+ // class/template prototype are honored, but values injected onto a polluted
2853
+ // Object.prototype are ignored.
2854
+ var _encode = utils$1.getSafeProp(_options, 'encode') || encode;
2855
+ var serializeFn = utils$1.getSafeProp(_options, 'serialize');
2742
2856
  var serializedParams;
2743
2857
  if (serializeFn) {
2744
2858
  serializedParams = serializeFn(params, _options);
@@ -2837,7 +2951,9 @@
2837
2951
  silentJSONParsing: true,
2838
2952
  forcedJSONParsing: true,
2839
2953
  clarifyTimeoutError: false,
2840
- legacyInterceptorReqResOrdering: true
2954
+ legacyInterceptorReqResOrdering: true,
2955
+ advertiseZstdAcceptEncoding: false,
2956
+ validateStatusUndefinedResolves: true
2841
2957
  };
2842
2958
 
2843
2959
  var defineProperty = {exports: {}};
@@ -2937,6 +3053,13 @@
2937
3053
  }, options));
2938
3054
  }
2939
3055
 
3056
+ var MAX_DEPTH = DEFAULT_FORM_DATA_MAX_DEPTH;
3057
+ function throwIfDepthExceeded(index) {
3058
+ if (index > MAX_DEPTH) {
3059
+ throw new AxiosError$1('FormData field is too deeply nested (' + index + ' levels). Max depth: ' + MAX_DEPTH, AxiosError$1.ERR_FORM_DATA_DEPTH_EXCEEDED);
3060
+ }
3061
+ }
3062
+
2940
3063
  /**
2941
3064
  * It takes a string like `foo[x][y][z]` and returns an array like `['foo', 'x', 'y', 'z']
2942
3065
  *
@@ -2949,9 +3072,14 @@
2949
3072
  // foo.x.y.z
2950
3073
  // foo-x-y-z
2951
3074
  // foo x y z
2952
- return utils$1.matchAll(/\w+|\[(\w*)]/g, name).map(function (match) {
2953
- return match[0] === '[]' ? '' : match[1] || match[0];
2954
- });
3075
+ var path = [];
3076
+ var pattern = /\w+|\[(\w*)]/g;
3077
+ var match;
3078
+ while ((match = pattern.exec(name)) !== null) {
3079
+ throwIfDepthExceeded(path.length);
3080
+ path.push(match[0] === '[]' ? '' : match[1] || match[0]);
3081
+ }
3082
+ return path;
2955
3083
  }
2956
3084
 
2957
3085
  /**
@@ -2983,6 +3111,7 @@
2983
3111
  */
2984
3112
  function formDataToJSON(formData) {
2985
3113
  function buildPath(path, value, target, index) {
3114
+ throwIfDepthExceeded(index);
2986
3115
  var name = path[index++];
2987
3116
  if (name === '__proto__') return true;
2988
3117
  var isNumericKey = Number.isFinite(+name);
@@ -3434,6 +3563,24 @@
3434
3563
  return relativeURL ? baseURL.replace(/\/?\/$/, '') + '/' + relativeURL.replace(/^\/+/, '') : baseURL;
3435
3564
  }
3436
3565
 
3566
+ var malformedHttpProtocol = /^https?:(?!\/\/)/i;
3567
+ var httpProtocolControlCharacters = /[\t\n\r]/g;
3568
+ function stripLeadingC0ControlOrSpace(url) {
3569
+ var i = 0;
3570
+ while (i < url.length && url.charCodeAt(i) <= 0x20) {
3571
+ i++;
3572
+ }
3573
+ return url.slice(i);
3574
+ }
3575
+ function normalizeURLForProtocolCheck(url) {
3576
+ return stripLeadingC0ControlOrSpace(url).replace(httpProtocolControlCharacters, '');
3577
+ }
3578
+ function assertValidHttpProtocolURL(url, config) {
3579
+ if (typeof url === 'string' && malformedHttpProtocol.test(normalizeURLForProtocolCheck(url))) {
3580
+ throw new AxiosError$1('Invalid URL: missing "//" after protocol', AxiosError$1.ERR_INVALID_URL, config);
3581
+ }
3582
+ }
3583
+
3437
3584
  /**
3438
3585
  * Creates a new URL by combining the baseURL with the requestedURL,
3439
3586
  * only when the requestedURL is not already an absolute URL.
@@ -3444,9 +3591,11 @@
3444
3591
  *
3445
3592
  * @returns {string} The combined full path
3446
3593
  */
3447
- function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls) {
3594
+ function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls, config) {
3595
+ assertValidHttpProtocolURL(requestedURL, config);
3448
3596
  var isRelativeUrl = !isAbsoluteURL(requestedURL);
3449
3597
  if (baseURL && (isRelativeUrl || allowAbsoluteUrls === false)) {
3598
+ assertValidHttpProtocolURL(baseURL, config);
3450
3599
  return combineURLs(baseURL, requestedURL);
3451
3600
  }
3452
3601
  return requestedURL;
@@ -3520,6 +3669,23 @@
3520
3669
  return getMergedValue(undefined, a);
3521
3670
  }
3522
3671
  }
3672
+ function getMergedTransitionalOption(prop) {
3673
+ var transitional2 = utils$1.hasOwnProp(config2, 'transitional') ? config2.transitional : undefined;
3674
+ if (!utils$1.isUndefined(transitional2)) {
3675
+ if (utils$1.isPlainObject(transitional2)) {
3676
+ if (utils$1.hasOwnProp(transitional2, prop)) {
3677
+ return transitional2[prop];
3678
+ }
3679
+ } else {
3680
+ return undefined;
3681
+ }
3682
+ }
3683
+ var transitional1 = utils$1.hasOwnProp(config1, 'transitional') ? config1.transitional : undefined;
3684
+ if (utils$1.isPlainObject(transitional1) && utils$1.hasOwnProp(transitional1, prop)) {
3685
+ return transitional1[prop];
3686
+ }
3687
+ return undefined;
3688
+ }
3523
3689
 
3524
3690
  // eslint-disable-next-line consistent-return
3525
3691
  function mergeDirectKeys(a, b, prop) {
@@ -3571,6 +3737,13 @@
3571
3737
  var configValue = merge(a, b, prop);
3572
3738
  utils$1.isUndefined(configValue) && merge !== mergeDirectKeys || (config[prop] = configValue);
3573
3739
  });
3740
+ if (utils$1.hasOwnProp(config2, 'validateStatus') && utils$1.isUndefined(config2.validateStatus) && getMergedTransitionalOption('validateStatusUndefinedResolves') === false) {
3741
+ if (utils$1.hasOwnProp(config1, 'validateStatus')) {
3742
+ config.validateStatus = getMergedValue(undefined, config1.validateStatus);
3743
+ } else {
3744
+ delete config.validateStatus;
3745
+ }
3746
+ }
3574
3747
  return config;
3575
3748
  }
3576
3749
 
@@ -3598,12 +3771,12 @@
3598
3771
  *
3599
3772
  * @returns {string} UTF-8 bytes as a Latin-1 string
3600
3773
  */
3601
- var encodeUTF8 = function encodeUTF8(str) {
3774
+ var encodeUTF8$1 = function encodeUTF8(str) {
3602
3775
  return encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, function (_, hex) {
3603
3776
  return String.fromCharCode(parseInt(hex, 16));
3604
3777
  });
3605
3778
  };
3606
- var resolveConfig = (function (config) {
3779
+ function resolveConfig(config) {
3607
3780
  var newConfig = mergeConfig({}, config);
3608
3781
 
3609
3782
  // Read only own properties to prevent prototype pollution gadgets
@@ -3621,15 +3794,17 @@
3621
3794
  var allowAbsoluteUrls = own('allowAbsoluteUrls');
3622
3795
  var url = own('url');
3623
3796
  newConfig.headers = headers = AxiosHeaders$1.from(headers);
3624
- newConfig.url = buildURL(buildFullPath(baseURL, url, allowAbsoluteUrls), config.params, config.paramsSerializer);
3797
+ newConfig.url = buildURL(buildFullPath(baseURL, url, allowAbsoluteUrls, newConfig), own('params'), own('paramsSerializer'));
3625
3798
 
3626
3799
  // HTTP basic authentication
3627
3800
  if (auth) {
3628
- headers.set('Authorization', 'Basic ' + btoa((auth.username || '') + ':' + (auth.password ? encodeUTF8(auth.password) : '')));
3801
+ var username = utils$1.getSafeProp(auth, 'username') || '';
3802
+ var password = utils$1.getSafeProp(auth, 'password') || '';
3803
+ headers.set('Authorization', 'Basic ' + btoa(username + ':' + (password ? encodeUTF8$1(password) : '')));
3629
3804
  }
3630
3805
  if (utils$1.isFormData(data)) {
3631
- if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv) {
3632
- headers.setContentType(undefined); // browser handles it
3806
+ if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv || utils$1.isReactNative(data)) {
3807
+ headers.setContentType(undefined); // browser/web worker/RN handles it
3633
3808
  } else if (utils$1.isFunction(data.getHeaders)) {
3634
3809
  // Node.js FormData (like form-data package)
3635
3810
  setFormDataHeaders(headers, data.getHeaders(), own('formDataHeaderPolicy'));
@@ -3657,7 +3832,7 @@
3657
3832
  }
3658
3833
  }
3659
3834
  return newConfig;
3660
- });
3835
+ }
3661
3836
 
3662
3837
  var isXHRAdapterSupported = typeof XMLHttpRequest !== 'undefined';
3663
3838
  var xhrAdapter = isXHRAdapterSupported && function (config) {
@@ -4217,11 +4392,17 @@
4217
4392
  * Estimate decoded byte length of a data:// URL *without* allocating large buffers.
4218
4393
  * - For base64: compute exact decoded size using length and padding;
4219
4394
  * handle %XX at the character-count level (no string allocation).
4220
- * - For non-base64: use UTF-8 byteLength of the encoded body as a safe upper bound.
4395
+ * - For non-base64: compute the exact percent-decoded UTF-8 byte length.
4221
4396
  *
4222
4397
  * @param {string} url
4223
4398
  * @returns {number}
4224
4399
  */
4400
+ var isHexDigit = function isHexDigit(charCode) {
4401
+ return charCode >= 48 && charCode <= 57 || charCode >= 65 && charCode <= 70 || charCode >= 97 && charCode <= 102;
4402
+ };
4403
+ var isPercentEncodedByte = function isPercentEncodedByte(str, i, len) {
4404
+ return i + 2 < len && isHexDigit(str.charCodeAt(i + 1)) && isHexDigit(str.charCodeAt(i + 2));
4405
+ };
4225
4406
  function estimateDataURLDecodedBytes(url) {
4226
4407
  if (!url || typeof url !== 'string') return 0;
4227
4408
  if (!url.startsWith('data:')) return 0;
@@ -4238,7 +4419,7 @@
4238
4419
  if (body.charCodeAt(i) === 37 /* '%' */ && i + 2 < len) {
4239
4420
  var a = body.charCodeAt(i + 1);
4240
4421
  var b = body.charCodeAt(i + 2);
4241
- var isHex = (a >= 48 && a <= 57 || a >= 65 && a <= 70 || a >= 97 && a <= 102) && (b >= 48 && b <= 57 || b >= 65 && b <= 70 || b >= 97 && b <= 102);
4422
+ var isHex = isHexDigit(a) && isHexDigit(b);
4242
4423
  if (isHex) {
4243
4424
  effectiveLen -= 2;
4244
4425
  i += 2;
@@ -4275,18 +4456,18 @@
4275
4456
  var _bytes = groups * 3 - (pad || 0);
4276
4457
  return _bytes > 0 ? _bytes : 0;
4277
4458
  }
4278
- if (typeof Buffer !== 'undefined' && typeof Buffer.byteLength === 'function') {
4279
- return Buffer.byteLength(body, 'utf8');
4280
- }
4281
4459
 
4282
4460
  // Compute UTF-8 byte length directly from UTF-16 code units without allocating
4283
4461
  // a byte buffer (TextEncoder.encode would defeat the DoS guard on large bodies).
4284
- // Using body.length here would undercount non-ASCII (e.g. '€' is 1 code unit
4285
- // but 3 UTF-8 bytes).
4462
+ // Valid %XX triplets count as one decoded byte; this matches the bytes that
4463
+ // decodeURIComponent(body) would produce before Buffer re-encodes the string.
4286
4464
  var bytes = 0;
4287
4465
  for (var _i = 0, _len = body.length; _i < _len; _i++) {
4288
4466
  var c = body.charCodeAt(_i);
4289
- if (c < 0x80) {
4467
+ if (c === 37 /* '%' */ && isPercentEncodedByte(body, _i, _len)) {
4468
+ bytes += 1;
4469
+ _i += 2;
4470
+ } else if (c < 0x80) {
4290
4471
  bytes += 1;
4291
4472
  } else if (c < 0x800) {
4292
4473
  bytes += 2;
@@ -4305,12 +4486,41 @@
4305
4486
  return bytes;
4306
4487
  }
4307
4488
 
4308
- var VERSION = "1.16.1";
4489
+ var VERSION = "1.18.0";
4309
4490
 
4310
4491
  function ownKeys$1(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
4311
4492
  function _objectSpread$1(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$1(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$1(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
4312
4493
  var DEFAULT_CHUNK_SIZE = 64 * 1024;
4313
4494
  var isFunction = utils$1.isFunction;
4495
+
4496
+ /**
4497
+ * Encode a UTF-8 string to a Latin-1 byte string for use with btoa().
4498
+ * This is a modern replacement for the deprecated unescape(encodeURIComponent(str)) pattern.
4499
+ *
4500
+ * @param {string} str The string to encode
4501
+ *
4502
+ * @returns {string} UTF-8 bytes as a Latin-1 string
4503
+ */
4504
+ var encodeUTF8 = function encodeUTF8(str) {
4505
+ return encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, function (_, hex) {
4506
+ return String.fromCharCode(parseInt(hex, 16));
4507
+ });
4508
+ };
4509
+
4510
+ // Node's WHATWG URL parser returns `username` and `password` percent-encoded.
4511
+ // Decode before composing the `auth` option so credentials such as
4512
+ // `my%40email.com:pass` are sent as `my@email.com:pass`. Falls back to the
4513
+ // original value for malformed input so a bad encoding never throws.
4514
+ var decodeURIComponentSafe = function decodeURIComponentSafe(value) {
4515
+ if (!utils$1.isString(value)) {
4516
+ return value;
4517
+ }
4518
+ try {
4519
+ return decodeURIComponent(value);
4520
+ } catch (error) {
4521
+ return value;
4522
+ }
4523
+ };
4314
4524
  var test = function test(fn) {
4315
4525
  try {
4316
4526
  for (var _len = arguments.length, args = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) {
@@ -4321,6 +4531,14 @@
4321
4531
  return false;
4322
4532
  }
4323
4533
  };
4534
+ var maybeWithAuthCredentials = function maybeWithAuthCredentials(url) {
4535
+ var protocolIndex = url.indexOf('://');
4536
+ var urlToCheck = url;
4537
+ if (protocolIndex !== -1) {
4538
+ urlToCheck = urlToCheck.slice(protocolIndex + 3);
4539
+ }
4540
+ return urlToCheck.includes('@') || urlToCheck.includes(':');
4541
+ };
4324
4542
  var factory = function factory(env) {
4325
4543
  var globalObject = utils$1.global !== undefined && utils$1.global !== null ? utils$1.global : globalThis;
4326
4544
  var ReadableStream = globalObject.ReadableStream,
@@ -4481,13 +4699,16 @@
4481
4699
  }();
4482
4700
  return /*#__PURE__*/function () {
4483
4701
  var _ref4 = _asyncToGenerator(/*#__PURE__*/regenerator.mark(function _callee4(config) {
4484
- var _resolveConfig, url, method, data, signal, cancelToken, timeout, onDownloadProgress, onUploadProgress, responseType, headers, _resolveConfig$withCr, withCredentials, fetchOptions, maxContentLength, maxBodyLength, hasMaxContentLength, hasMaxBodyLength, _fetch, composedSignal, request, unsubscribe, requestContentLength, estimated, outboundLength, _request, contentTypeHeader, _progressEventDecorat, _progressEventDecorat2, onProgress, flush, isCredentialsSupported, contentType, resolvedOptions, response, declaredLength, isStreamResponse, options, responseContentLength, _ref5, _ref6, _onProgress, _flush, bytesRead, onChunkProgress, responseData, materializedSize, canceledError, _t3, _t4, _t5;
4702
+ var _resolveConfig, url, method, data, signal, cancelToken, timeout, onDownloadProgress, onUploadProgress, responseType, headers, _resolveConfig$withCr, withCredentials, fetchOptions, maxContentLength, maxBodyLength, hasMaxContentLength, hasMaxBodyLength, own, _fetch, composedSignal, request, unsubscribe, requestContentLength, pendingBodyError, maxBodyLengthError, auth, configAuth, username, password, parsedURL, urlUsername, urlPassword, estimated, outboundLength, mustEnforceStreamBody, trackRequestStream, _request, contentTypeHeader, _ref5, _ref6, onProgress, flush, isCredentialsSupported, contentType, resolvedOptions, response, responseHeaders, declaredLength, isStreamResponse, options, responseContentLength, _ref7, _ref8, _onProgress, _flush, bytesRead, onChunkProgress, responseData, materializedSize, canceledError, _t3, _t4;
4485
4703
  return regenerator.wrap(function (_context4) {
4486
4704
  while (1) switch (_context4.prev = _context4.next) {
4487
4705
  case 0:
4488
4706
  _resolveConfig = resolveConfig(config), url = _resolveConfig.url, method = _resolveConfig.method, data = _resolveConfig.data, signal = _resolveConfig.signal, cancelToken = _resolveConfig.cancelToken, timeout = _resolveConfig.timeout, onDownloadProgress = _resolveConfig.onDownloadProgress, onUploadProgress = _resolveConfig.onUploadProgress, responseType = _resolveConfig.responseType, headers = _resolveConfig.headers, _resolveConfig$withCr = _resolveConfig.withCredentials, withCredentials = _resolveConfig$withCr === void 0 ? 'same-origin' : _resolveConfig$withCr, fetchOptions = _resolveConfig.fetchOptions, maxContentLength = _resolveConfig.maxContentLength, maxBodyLength = _resolveConfig.maxBodyLength;
4489
4707
  hasMaxContentLength = utils$1.isNumber(maxContentLength) && maxContentLength > -1;
4490
4708
  hasMaxBodyLength = utils$1.isNumber(maxBodyLength) && maxBodyLength > -1;
4709
+ own = function own(key) {
4710
+ return utils$1.hasOwnProp(config, key) ? config[key] : undefined;
4711
+ };
4491
4712
  _fetch = envFetch || fetch;
4492
4713
  responseType = responseType ? (responseType + '').toLowerCase() : 'text';
4493
4714
  composedSignal = composeSignals$1([signal, cancelToken && cancelToken.toAbortSignal()], timeout);
@@ -4495,7 +4716,50 @@
4495
4716
  unsubscribe = composedSignal && composedSignal.unsubscribe && function () {
4496
4717
  composedSignal.unsubscribe();
4497
4718
  };
4719
+ // AxiosError we raise while the request body is being streamed. Captured
4720
+ // by identity so the catch block can surface it directly, regardless of
4721
+ // how the runtime wraps the resulting fetch rejection (undici exposes it
4722
+ // as `err.cause`; some browsers drop the original error entirely).
4723
+ pendingBodyError = null;
4724
+ maxBodyLengthError = function maxBodyLengthError() {
4725
+ return new AxiosError$1('Request body larger than maxBodyLength limit', AxiosError$1.ERR_BAD_REQUEST, config, request);
4726
+ };
4498
4727
  _context4.prev = 1;
4728
+ // HTTP basic authentication
4729
+ auth = undefined;
4730
+ configAuth = own('auth');
4731
+ if (configAuth) {
4732
+ username = utils$1.getSafeProp(configAuth, 'username') || '';
4733
+ password = utils$1.getSafeProp(configAuth, 'password') || '';
4734
+ auth = {
4735
+ username: username,
4736
+ password: password
4737
+ };
4738
+ }
4739
+ if (maybeWithAuthCredentials(url)) {
4740
+ parsedURL = new URL(url, platform.origin);
4741
+ if (!auth && (parsedURL.username || parsedURL.password)) {
4742
+ urlUsername = decodeURIComponentSafe(parsedURL.username);
4743
+ urlPassword = decodeURIComponentSafe(parsedURL.password);
4744
+ auth = {
4745
+ username: urlUsername,
4746
+ password: urlPassword
4747
+ };
4748
+ }
4749
+ if (parsedURL.username || parsedURL.password) {
4750
+ parsedURL.username = '';
4751
+ parsedURL.password = '';
4752
+ url = parsedURL.href;
4753
+ }
4754
+ }
4755
+ if (auth) {
4756
+ headers.delete('authorization');
4757
+ headers.set('Authorization', 'Basic ' + btoa(encodeUTF8((auth.username || '') + ':' + (auth.password || ''))));
4758
+ }
4759
+
4760
+ // Enforce maxContentLength for data: URLs up-front so we never materialize
4761
+ // an oversized payload. The HTTP adapter applies the same check (see http.js
4762
+ // "if (protocol === 'data:')" branch).
4499
4763
  if (!(hasMaxContentLength && typeof url === 'string' && url.startsWith('data:'))) {
4500
4764
  _context4.next = 2;
4501
4765
  break;
@@ -4512,43 +4776,82 @@
4512
4776
  break;
4513
4777
  }
4514
4778
  _context4.next = 3;
4515
- return resolveBodyLength(headers, data);
4779
+ return getBodyLength(data);
4516
4780
  case 3:
4517
4781
  outboundLength = _context4.sent;
4518
- if (!(typeof outboundLength === 'number' && isFinite(outboundLength) && outboundLength > maxBodyLength)) {
4782
+ if (!(typeof outboundLength === 'number' && isFinite(outboundLength))) {
4783
+ _context4.next = 4;
4784
+ break;
4785
+ }
4786
+ requestContentLength = outboundLength;
4787
+ if (!(outboundLength > maxBodyLength)) {
4519
4788
  _context4.next = 4;
4520
4789
  break;
4521
4790
  }
4522
- throw new AxiosError$1('Request body larger than maxBodyLength limit', AxiosError$1.ERR_BAD_REQUEST, config, request);
4791
+ throw maxBodyLengthError();
4523
4792
  case 4:
4524
- _t3 = onUploadProgress && supportsRequestStream && method !== 'get' && method !== 'head';
4525
- if (!_t3) {
4793
+ // A streamed body under maxBodyLength must be counted as fetch consumes
4794
+ // it; its size is never trusted from a caller-declared Content-Length.
4795
+ mustEnforceStreamBody = hasMaxBodyLength && (utils$1.isReadableStream(data) || utils$1.isStream(data));
4796
+ trackRequestStream = function trackRequestStream(stream, onProgress, flush) {
4797
+ return trackStream(stream, DEFAULT_CHUNK_SIZE, function (loadedBytes) {
4798
+ if (hasMaxBodyLength && loadedBytes > maxBodyLength) {
4799
+ throw pendingBodyError = maxBodyLengthError();
4800
+ }
4801
+ onProgress && onProgress(loadedBytes);
4802
+ }, flush);
4803
+ };
4804
+ if (!(supportsRequestStream && method !== 'get' && method !== 'head' && (onUploadProgress || mustEnforceStreamBody))) {
4805
+ _context4.next = 8;
4806
+ break;
4807
+ }
4808
+ if (!(requestContentLength == null)) {
4526
4809
  _context4.next = 6;
4527
4810
  break;
4528
4811
  }
4529
4812
  _context4.next = 5;
4530
4813
  return resolveBodyLength(headers, data);
4531
4814
  case 5:
4532
- _t4 = requestContentLength = _context4.sent;
4533
- _t3 = _t4 !== 0;
4815
+ _t3 = _context4.sent;
4816
+ _context4.next = 7;
4817
+ break;
4534
4818
  case 6:
4535
- if (!_t3) {
4536
- _context4.next = 7;
4537
- break;
4819
+ _t3 = requestContentLength;
4820
+ case 7:
4821
+ requestContentLength = _t3;
4822
+ // A declared length of 0 is only trusted to skip the wrap when we are
4823
+ // not enforcing a stream limit (which must not rely on that header).
4824
+ if (requestContentLength !== 0 || mustEnforceStreamBody) {
4825
+ _request = new Request(url, {
4826
+ method: 'POST',
4827
+ body: data,
4828
+ duplex: 'half'
4829
+ });
4830
+ if (utils$1.isFormData(data) && (contentTypeHeader = _request.headers.get('content-type'))) {
4831
+ headers.setContentType(contentTypeHeader);
4832
+ }
4833
+ if (_request.body) {
4834
+ _ref5 = onUploadProgress && progressEventDecorator(requestContentLength, progressEventReducer(asyncDecorator(onUploadProgress))) || [], _ref6 = _slicedToArray(_ref5, 2), onProgress = _ref6[0], flush = _ref6[1];
4835
+ data = trackRequestStream(_request.body, onProgress, flush);
4836
+ }
4538
4837
  }
4539
- _request = new Request(url, {
4540
- method: 'POST',
4541
- body: data,
4542
- duplex: 'half'
4543
- });
4544
- if (utils$1.isFormData(data) && (contentTypeHeader = _request.headers.get('content-type'))) {
4545
- headers.setContentType(contentTypeHeader);
4838
+ _context4.next = 10;
4839
+ break;
4840
+ case 8:
4841
+ if (!(mustEnforceStreamBody && !isRequestSupported && isReadableStreamSupported && method !== 'get' && method !== 'head')) {
4842
+ _context4.next = 9;
4843
+ break;
4546
4844
  }
4547
- if (_request.body) {
4548
- _progressEventDecorat = progressEventDecorator(requestContentLength, progressEventReducer(asyncDecorator(onUploadProgress))), _progressEventDecorat2 = _slicedToArray(_progressEventDecorat, 2), onProgress = _progressEventDecorat2[0], flush = _progressEventDecorat2[1];
4549
- data = trackStream(_request.body, DEFAULT_CHUNK_SIZE, onProgress, flush);
4845
+ data = trackRequestStream(data);
4846
+ _context4.next = 10;
4847
+ break;
4848
+ case 9:
4849
+ if (!(mustEnforceStreamBody && isRequestSupported && !supportsRequestStream && method !== 'get' && method !== 'head')) {
4850
+ _context4.next = 10;
4851
+ break;
4550
4852
  }
4551
- case 7:
4853
+ throw new AxiosError$1('Stream request bodies are not supported by the current fetch implementation', AxiosError$1.ERR_NOT_SUPPORT, config, request);
4854
+ case 10:
4552
4855
  if (!utils$1.isString(withCredentials)) {
4553
4856
  withCredentials = withCredentials ? 'include' : 'omit';
4554
4857
  }
@@ -4575,29 +4878,31 @@
4575
4878
  credentials: isCredentialsSupported ? withCredentials : undefined
4576
4879
  });
4577
4880
  request = isRequestSupported && new Request(url, resolvedOptions);
4578
- _context4.next = 8;
4881
+ _context4.next = 11;
4579
4882
  return isRequestSupported ? _fetch(request, fetchOptions) : _fetch(url, resolvedOptions);
4580
- case 8:
4883
+ case 11:
4581
4884
  response = _context4.sent;
4885
+ responseHeaders = AxiosHeaders$1.from(response.headers); // Cheap pre-check: if the server honestly declares a content-length that
4886
+ // already exceeds the cap, reject before we start streaming.
4582
4887
  if (!hasMaxContentLength) {
4583
- _context4.next = 9;
4888
+ _context4.next = 12;
4584
4889
  break;
4585
4890
  }
4586
- declaredLength = utils$1.toFiniteNumber(response.headers.get('content-length'));
4891
+ declaredLength = utils$1.toFiniteNumber(responseHeaders.getContentLength());
4587
4892
  if (!(declaredLength != null && declaredLength > maxContentLength)) {
4588
- _context4.next = 9;
4893
+ _context4.next = 12;
4589
4894
  break;
4590
4895
  }
4591
4896
  throw new AxiosError$1('maxContentLength size of ' + maxContentLength + ' exceeded', AxiosError$1.ERR_BAD_RESPONSE, config, request);
4592
- case 9:
4897
+ case 12:
4593
4898
  isStreamResponse = supportsResponseStream && (responseType === 'stream' || responseType === 'response');
4594
4899
  if (supportsResponseStream && response.body && (onDownloadProgress || hasMaxContentLength || isStreamResponse && unsubscribe)) {
4595
4900
  options = {};
4596
4901
  ['status', 'statusText', 'headers'].forEach(function (prop) {
4597
4902
  options[prop] = response[prop];
4598
4903
  });
4599
- responseContentLength = utils$1.toFiniteNumber(response.headers.get('content-length'));
4600
- _ref5 = onDownloadProgress && progressEventDecorator(responseContentLength, progressEventReducer(asyncDecorator(onDownloadProgress), true)) || [], _ref6 = _slicedToArray(_ref5, 2), _onProgress = _ref6[0], _flush = _ref6[1];
4904
+ responseContentLength = utils$1.toFiniteNumber(responseHeaders.getContentLength());
4905
+ _ref7 = onDownloadProgress && progressEventDecorator(responseContentLength, progressEventReducer(asyncDecorator(onDownloadProgress), true)) || [], _ref8 = _slicedToArray(_ref7, 2), _onProgress = _ref8[0], _flush = _ref8[1];
4601
4906
  bytesRead = 0;
4602
4907
  onChunkProgress = function onChunkProgress(loadedBytes) {
4603
4908
  if (hasMaxContentLength) {
@@ -4614,12 +4919,12 @@
4614
4919
  }), options);
4615
4920
  }
4616
4921
  responseType = responseType || 'text';
4617
- _context4.next = 10;
4922
+ _context4.next = 13;
4618
4923
  return resolvers[utils$1.findKey(resolvers, responseType) || 'text'](response, config);
4619
- case 10:
4924
+ case 13:
4620
4925
  responseData = _context4.sent;
4621
4926
  if (!(hasMaxContentLength && !supportsResponseStream && !isStreamResponse)) {
4622
- _context4.next = 11;
4927
+ _context4.next = 14;
4623
4928
  break;
4624
4929
  }
4625
4930
  if (responseData != null) {
@@ -4632,13 +4937,13 @@
4632
4937
  }
4633
4938
  }
4634
4939
  if (!(typeof materializedSize === 'number' && materializedSize > maxContentLength)) {
4635
- _context4.next = 11;
4940
+ _context4.next = 14;
4636
4941
  break;
4637
4942
  }
4638
4943
  throw new AxiosError$1('maxContentLength size of ' + maxContentLength + ' exceeded', AxiosError$1.ERR_BAD_RESPONSE, config, request);
4639
- case 11:
4944
+ case 14:
4640
4945
  !isStreamResponse && unsubscribe && unsubscribe();
4641
- _context4.next = 12;
4946
+ _context4.next = 15;
4642
4947
  return new Promise(function (resolve, reject) {
4643
4948
  settle(resolve, reject, {
4644
4949
  data: responseData,
@@ -4649,40 +4954,54 @@
4649
4954
  request: request
4650
4955
  });
4651
4956
  });
4652
- case 12:
4957
+ case 15:
4653
4958
  return _context4.abrupt("return", _context4.sent);
4654
- case 13:
4655
- _context4.prev = 13;
4656
- _t5 = _context4["catch"](1);
4959
+ case 16:
4960
+ _context4.prev = 16;
4961
+ _t4 = _context4["catch"](1);
4657
4962
  unsubscribe && unsubscribe();
4658
4963
 
4659
4964
  // Safari can surface fetch aborts as a DOMException-like object whose
4660
4965
  // branded getters throw. Prefer our composed signal reason before reading
4661
4966
  // the caught error, preserving timeout vs cancellation semantics.
4662
4967
  if (!(composedSignal && composedSignal.aborted && composedSignal.reason instanceof AxiosError$1)) {
4663
- _context4.next = 14;
4968
+ _context4.next = 17;
4664
4969
  break;
4665
4970
  }
4666
4971
  canceledError = composedSignal.reason;
4667
4972
  canceledError.config = config;
4668
4973
  request && (canceledError.request = request);
4669
- _t5 !== canceledError && (canceledError.cause = _t5);
4974
+ _t4 !== canceledError && (canceledError.cause = _t4);
4670
4975
  throw canceledError;
4671
- case 14:
4672
- if (!(_t5 && _t5.name === 'TypeError' && /Load failed|fetch/i.test(_t5.message))) {
4673
- _context4.next = 15;
4976
+ case 17:
4977
+ if (!pendingBodyError) {
4978
+ _context4.next = 18;
4674
4979
  break;
4675
4980
  }
4676
- throw Object.assign(new AxiosError$1('Network Error', AxiosError$1.ERR_NETWORK, config, request, _t5 && _t5.response), {
4677
- cause: _t5.cause || _t5
4981
+ request && !pendingBodyError.request && (pendingBodyError.request = request);
4982
+ throw pendingBodyError;
4983
+ case 18:
4984
+ if (!(_t4 instanceof AxiosError$1)) {
4985
+ _context4.next = 19;
4986
+ break;
4987
+ }
4988
+ request && !_t4.request && (_t4.request = request);
4989
+ throw _t4;
4990
+ case 19:
4991
+ if (!(_t4 && _t4.name === 'TypeError' && /Load failed|fetch/i.test(_t4.message))) {
4992
+ _context4.next = 20;
4993
+ break;
4994
+ }
4995
+ throw Object.assign(new AxiosError$1('Network Error', AxiosError$1.ERR_NETWORK, config, request, _t4 && _t4.response), {
4996
+ cause: _t4.cause || _t4
4678
4997
  });
4679
- case 15:
4680
- throw AxiosError$1.from(_t5, _t5 && _t5.code, config, request, _t5 && _t5.response);
4681
- case 16:
4998
+ case 20:
4999
+ throw AxiosError$1.from(_t4, _t4 && _t4.code, config, request, _t4 && _t4.response);
5000
+ case 21:
4682
5001
  case "end":
4683
5002
  return _context4.stop();
4684
5003
  }
4685
- }, _callee4, null, [[1, 13]]);
5004
+ }, _callee4, null, [[1, 16]]);
4686
5005
  }));
4687
5006
  return function (_x5) {
4688
5007
  return _ref4.apply(this, arguments);
@@ -5083,7 +5402,9 @@
5083
5402
  silentJSONParsing: validators.transitional(validators.boolean),
5084
5403
  forcedJSONParsing: validators.transitional(validators.boolean),
5085
5404
  clarifyTimeoutError: validators.transitional(validators.boolean),
5086
- legacyInterceptorReqResOrdering: validators.transitional(validators.boolean)
5405
+ legacyInterceptorReqResOrdering: validators.transitional(validators.boolean),
5406
+ advertiseZstdAcceptEncoding: validators.transitional(validators.boolean),
5407
+ validateStatusUndefinedResolves: validators.transitional(validators.boolean)
5087
5408
  }, false);
5088
5409
  }
5089
5410
  if (paramsSerializer != null) {
@@ -5182,7 +5503,7 @@
5182
5503
  key: "getUri",
5183
5504
  value: function getUri(config) {
5184
5505
  config = mergeConfig(this.defaults, config);
5185
- var fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls);
5506
+ var fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls, config);
5186
5507
  return buildURL(fullPath, config.params, config.paramsSerializer);
5187
5508
  }
5188
5509
  }]);
@@ -5193,7 +5514,7 @@
5193
5514
  return this.request(mergeConfig(config || {}, {
5194
5515
  method: method,
5195
5516
  url: url,
5196
- data: (config || {}).data
5517
+ data: config && utils$1.hasOwnProp(config, 'data') ? config.data : undefined
5197
5518
  }));
5198
5519
  };
5199
5520
  });