axios 0.21.1 → 0.22.0

package/CHANGELOG.md

@@ -1,18 +1,126 @@
 # Changelog
 
+### 0.22.0 (October 01, 2021)
+
+Fixes and Functionality:
+- Caseless header comparing in HTTP adapter ([#2880](https://github.com/axios/axios/pull/2880))
+- Avoid package.json import fixing issues and warnings related to this ([#4041](https://github.com/axios/axios/pull/4041)), ([#4065](https://github.com/axios/axios/pull/4065))
+- Fixed cancelToken leakage and added AbortController support ([#3305](https://github.com/axios/axios/pull/3305))
+- Updating CI to run on release branches
+- Bump follow redirects version
+- Fixed default transitional config for custom Axios instance; ([#4052](https://github.com/axios/axios/pull/4052))
+
+Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
+
+- [Jay](mailto:jasonsaayman@gmail.com)
+- [Matt R. Wilson](https://github.com/mastermatt)
+- [Xianming Zhong](https://github.com/chinesedfan)
+- [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS)
+
+### 0.21.4 (September 6, 2021)
+
+Fixes and Functionality:
+- Fixing JSON transform when data is stringified. Providing backward compatability and complying to the JSON RFC standard ([#4020](https://github.com/axios/axios/pull/4020))
+
+Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
+
+- [Jay](mailto:jasonsaayman@gmail.com)
+- [Guillaume Fortaine](https://github.com/gfortaine)
+- [Yusuke Kawasaki](https://github.com/kawanet)
+- [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS)
+
+### 0.21.3 (September 4, 2021)
+
+Fixes and Functionality:
+- Fixing response interceptor not being called when request interceptor is attached ([#4013](https://github.com/axios/axios/pull/4013))
+
+Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
+
+- [Jay](mailto:jasonsaayman@gmail.com)
+- [Julian Hollmann](https://github.com/nerdbeere)
+
+### 0.21.2 (September 4, 2021)
+
+Fixes and Functionality:
+
+- Updating axios requests to be delayed by pre-emptive promise creation ([#2702](https://github.com/axios/axios/pull/2702))
+- Adding "synchronous" and "runWhen" options to interceptors api ([#2702](https://github.com/axios/axios/pull/2702))
+- Updating of transformResponse ([#3377](https://github.com/axios/axios/pull/3377))
+- Adding ability to omit User-Agent header ([#3703](https://github.com/axios/axios/pull/3703))
+- Adding multiple JSON improvements ([#3688](https://github.com/axios/axios/pull/3688), [#3763](https://github.com/axios/axios/pull/3763))
+- Fixing quadratic runtime and extra memory usage when setting a maxContentLength ([#3738](https://github.com/axios/axios/pull/3738))
+- Adding parseInt to config.timeout ([#3781](https://github.com/axios/axios/pull/3781))
+- Adding custom return type support to interceptor ([#3783](https://github.com/axios/axios/pull/3783))
+- Adding security fix for ReDoS vulnerability ([#3980](https://github.com/axios/axios/pull/3980))
+
+Internal and Tests:
+
+- Updating build dev dependancies ([#3401](https://github.com/axios/axios/pull/3401))
+- Fixing builds running on Travis CI ([#3538](https://github.com/axios/axios/pull/3538))
+- Updating follow rediect version ([#3694](https://github.com/axios/axios/pull/3694), [#3771](https://github.com/axios/axios/pull/3771))
+- Updating karma sauce launcher to fix failing sauce tests ([#3712](https://github.com/axios/axios/pull/3712), [#3717](https://github.com/axios/axios/pull/3717))
+- Updating content-type header for application/json to not contain charset field, according do RFC 8259 ([#2154](https://github.com/axios/axios/pull/2154))
+- Fixing tests by bumping karma-sauce-launcher version ([#3813](https://github.com/axios/axios/pull/3813))
+- Changing testing process from Travis CI to GitHub Actions ([#3938](https://github.com/axios/axios/pull/3938))
+
+Documentation:
+
+- Updating documentation around the use of `AUTH_TOKEN` with multiple domain endpoints ([#3539](https://github.com/axios/axios/pull/3539))
+- Remove duplication of item in changelog ([#3523](https://github.com/axios/axios/pull/3523))
+- Fixing gramatical errors ([#2642](https://github.com/axios/axios/pull/2642))
+- Fixing spelling error ([#3567](https://github.com/axios/axios/pull/3567))
+- Moving gitpod metion ([#2637](https://github.com/axios/axios/pull/2637))
+- Adding new axios documentation website link ([#3681](https://github.com/axios/axios/pull/3681), [#3707](https://github.com/axios/axios/pull/3707))
+- Updating documentation around dispatching requests ([#3772](https://github.com/axios/axios/pull/3772))
+- Adding documentation for the type guard isAxiosError ([#3767](https://github.com/axios/axios/pull/3767))
+- Adding explanation of cancel token ([#3803](https://github.com/axios/axios/pull/3803))
+- Updating CI status badge ([#3953](https://github.com/axios/axios/pull/3953))
+- Fixing errors with JSON documentation ([#3936](https://github.com/axios/axios/pull/3936))
+- Fixing README typo under Request Config ([#3825](https://github.com/axios/axios/pull/3825))
+- Adding axios-multi-api to the ecosystem file ([#3817](https://github.com/axios/axios/pull/3817))
+- Adding SECURITY.md to properly disclose security vulnerabilities ([#3981](https://github.com/axios/axios/pull/3981))
+
+Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
+
+- [Jay](mailto:jasonsaayman@gmail.com)
+- [Sasha Korotkov](https://github.com/SashaKoro)
+- [Daniel Lopretto](https://github.com/timemachine3030)
+- [Mike Bishop](https://github.com/MikeBishop)
+- [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS)
+- [Mark](https://github.com/bimbiltu)
+- [Philipe Gouveia Paixão](https://github.com/piiih)
+- [hippo](https://github.com/hippo2cat)
+- [ready-research](https://github.com/ready-research)
+- [Xianming Zhong](https://github.com/chinesedfan)
+- [Christopher Chrapka](https://github.com/OJezu)
+- [Brian Anglin](https://github.com/anglinb)
+- [Kohta Ito](https://github.com/koh110)
+- [Ali Clark](https://github.com/aliclark)
+- [caikan](https://github.com/caikan)
+- [Elina Gorshkova](https://github.com/elinagorshkova)
+- [Ryota Ikezawa](https://github.com/paveg)
+- [Nisar Hassan Naqvi](https://github.com/nisarhassan12)
+- [Jake](https://github.com/codemaster138)
+- [TagawaHirotaka](https://github.com/wafuwafu13)
+- [Johannes Jarbratt](https://github.com/johachi)
+- [Mo Sattler](https://github.com/MoSattler)
+- [Sam Carlton](https://github.com/ThatGuySam)
+- [Matt Czapliński](https://github.com/MattCCC)
+- [Ziding Zhang](https://github.com/zidingz)
+
 ### 0.21.1 (December 21, 2020)
 
 Fixes and Functionality:
 
-- Hotfix: Prevent SSRF (#3410)
-- Protocol not parsed when setting proxy config from env vars (#3070)
-- Updating axios in types to be lower case (#2797)
-- Adding a type guard for `AxiosError` (#2949)
+- Hotfix: Prevent SSRF ([#3410](https://github.com/axios/axios/pull/3410))
+- Protocol not parsed when setting proxy config from env vars ([#3070](https://github.com/axios/axios/pull/3070))
+- Updating axios in types to be lower case ([#2797](https://github.com/axios/axios/pull/2797))
+- Adding a type guard for `AxiosError` ([#2949](https://github.com/axios/axios/pull/2949))
 
 Internal and Tests:
 
-- Remove the skipping of the `socket` http test (#3364)
-- Use different socket for Win32 test (#3375)
+- Remove the skipping of the `socket` http test ([#3364](https://github.com/axios/axios/pull/3364))
+- Use different socket for Win32 test ([#3375](https://github.com/axios/axios/pull/3375))
 
 Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
 
@@ -93,7 +201,7 @@ Fixes and Functionality:
   - Adding test to check if password with non-Latin1 characters pass
 - Fixing 'Network Error' in react native android ([#1487](https://github.com/axios/axios/pull/1487))
   There is a bug in react native Android platform when using get method. It will trigger a 'Network Error' when passing the requestData which is an empty string to request.send function. So if the requestData is an empty string we can set it to null as well to fix the bug.
-- Fixing Cookie Helper with Asyc Components ([#1105](https://github.com/axios/axios/pull/1105)) ([#1107](https://github.com/axios/axios/pull/1107))
+- Fixing Cookie Helper with Async Components ([#1105](https://github.com/axios/axios/pull/1105)) ([#1107](https://github.com/axios/axios/pull/1107))
 - Fixing 'progressEvent' type ([#2851](https://github.com/axios/axios/pull/2851))
   - Fix 'progressEvent' type
   - Update axios.ts
@@ -305,7 +413,6 @@ Fixes and Functionality:
 - Fixing set `config.method` after mergeConfig for Axios.prototype.request ([#2383](https://github.com/axios/axios/pull/2383))
 - Axios create url bug ([#2290](https://github.com/axios/axios/pull/2290))
 - Do not modify config.url when using a relative baseURL (resolves [#1628](https://github.com/axios/axios/issues/1098)) ([#2391](https://github.com/axios/axios/pull/2391))
-- Add typescript HTTP method definition for LINK and UNLINK ([#2444](https://github.com/axios/axios/pull/2444))
 
 Internal:
 

package/README.md

@@ -2,7 +2,8 @@
 
 [![npm version](https://img.shields.io/npm/v/axios.svg?style=flat-square)](https://www.npmjs.org/package/axios)
 [![CDNJS](https://img.shields.io/cdnjs/v/axios.svg?style=flat-square)](https://cdnjs.com/libraries/axios)
-[![build status](https://img.shields.io/travis/axios/axios/master.svg?style=flat-square)](https://travis-ci.org/axios/axios)
+![Build status](https://github.com/axios/axios/actions/workflows/ci.yml/badge.svg)
+[![Gitpod Ready-to-Code](https://img.shields.io/badge/Gitpod-Ready--to--Code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/axios/axios) 
 [![code coverage](https://img.shields.io/coveralls/mzabriskie/axios.svg?style=flat-square)](https://coveralls.io/r/mzabriskie/axios)
 [![install size](https://packagephobia.now.sh/badge?p=axios)](https://packagephobia.now.sh/result?p=axios)
 [![npm downloads](https://img.shields.io/npm/dm/axios.svg?style=flat-square)](http://npm-stat.com/charts.html?package=axios)
@@ -10,6 +11,9 @@
 [![code helpers](https://www.codetriage.com/axios/axios/badges/users.svg)](https://www.codetriage.com/axios/axios)
 
 Promise based HTTP client for the browser and node.js
+
+> New axios docs website: [click here](https://axios-http.com/)
+
 ## Table of Contents
 
   - [Features](#features)
@@ -448,12 +452,36 @@ These are the available config options for making requests. Only the `url` is re
   cancelToken: new CancelToken(function (cancel) {
   }),
 
+  // an alternative way to cancel Axios requests using AbortController
+  signal: new AbortController().signal,
+
   // `decompress` indicates whether or not the response body should be decompressed 
   // automatically. If set to `true` will also remove the 'content-encoding' header 
   // from the responses objects of all decompressed responses
   // - Node only (XHR cannot turn off decompression)
   decompress: true // default
 
+  // `insecureHTTPParser` boolean.
+  // Indicates where to use an insecure HTTP parser that accepts invalid HTTP headers.
+  // This may allow interoperability with non-conformant HTTP implementations.
+  // Using the insecure parser should be avoided.
+  // see options https://nodejs.org/dist/latest-v12.x/docs/api/http.html#http_http_request_url_options_callback
+  // see also https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/#strict-http-header-parsing-none
+  insecureHTTPParser: undefined // default
+
+  // transitional options for backward compatibility that may be removed in the newer versions
+  transitional: {
+    // silent JSON parsing mode
+    // `true`  - ignore JSON parsing errors and set response.data to null if parsing failed (old behaviour)
+    // `false` - throw SyntaxError if JSON parsing failed (Note: responseType must be set to 'json')
+    silentJSONParsing: true, // default value for the current Axios version
+
+    // try to parse the response string as JSON even if `responseType` is not 'json'
+    forcedJSONParsing: true,
+    
+    // throw ETIMEDOUT error instead of generic ECONNABORTED on request timeouts
+    clarifyTimeoutError: false,
+  }
 }
 ```
 
@@ -510,7 +538,11 @@ You can specify config defaults that will be applied to every request.
 
 ```js
 axios.defaults.baseURL = 'https://api.example.com';
+
+// Important: If axios is used with multiple domains, the AUTH_TOKEN will be sent to all of them.
+// See below for an example using Custom instance defaults instead.
 axios.defaults.headers.common['Authorization'] = AUTH_TOKEN;
+
 axios.defaults.headers.post['Content-Type'] = 'application/x-www-form-urlencoded';
 ```
 
@@ -585,6 +617,34 @@ const instance = axios.create();
 instance.interceptors.request.use(function () {/*...*/});
 ```
 
+When you add request interceptors, they are presumed to be asynchronous by default. This can cause a delay
+in the execution of your axios request when the main thread is blocked (a promise is created under the hood for 
+the interceptor and your request gets put on the bottom of the call stack). If your request interceptors are synchronous you can add a flag
+to the options object that will tell axios to run the code synchronously and avoid any delays in request execution.
+
+```js
+axios.interceptors.request.use(function (config) {
+  config.headers.test = 'I am only a header!';
+  return config;
+}, null, { synchronous: true });
+```
+
+If you want to execute a particular interceptor based on a runtime check, 
+you can add a `runWhen` function to the options object. The interceptor will not be executed **if and only if** the return
+of `runWhen` is `false`. The function will be called with the config
+object (don't forget that you can bind your own arguments to it as well.) This can be handy when you have an
+asynchronous request interceptor that only needs to run at certain times.
+
+```js
+function onGetCall(config) {
+  return config.method === 'get';
+}
+axios.interceptors.request.use(function (config) {
+  config.headers.test = 'special get headers';
+  return config;
+}, null, { runWhen: onGetCall });
+```
+
 ## Handling Errors
 
 ```js
@@ -677,7 +737,21 @@ axios.get('/user/12345', {
 cancel();
 ```
 
-> Note: you can cancel several requests with the same cancel token.
+Axios supports AbortController to abort requests in [`fetch API`](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API#aborting_a_fetch) way:
+```js
+const controller = new AbortController();
+
+axios.get('/foo/bar', {
+   signal: controller.signal
+}).then(function(response) {
+   //...
+});
+// cancel the request
+controller.abort()
+```
+
+> Note: you can cancel several requests with the same cancel token/abort controller.
+> If a cancellation token is already cancelled at the moment of starting an Axios request, then the request is cancelled immediately, without any attempts to make real request.
 
 ## Using application/x-www-form-urlencoded format
 
@@ -777,12 +851,30 @@ axios depends on a native ES6 Promise implementation to be [supported](http://ca
 If your environment doesn't support ES6 Promises, you can [polyfill](https://github.com/jakearchibald/es6-promise).
 
 ## TypeScript
-axios includes [TypeScript](http://typescriptlang.org) definitions.
+
+axios includes [TypeScript](http://typescriptlang.org) definitions and a type guard for axios errors.
+
 ```typescript
-import axios from 'axios';
-axios.get('/user?ID=12345');
+let user: User = null;
+try {
+  const { data } = await axios.get('/user?ID=12345');
+  user = data.userDetails;
+} catch (error) {
+  if (axios.isAxiosError(error)) {
+    handleAxiosError(error);
+  } else {
+    handleUnexpectedError(error);
+  }
+}
 ```
 
+## Online one-click setup
+
+You can use Gitpod an online IDE(which is free for Open Source) for contributing or running the examples online.
+
+[![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/axios/axios/blob/master/examples/server.js)
+
+
 ## Resources
 
 * [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md)

package/SECURITY.md

@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report security issues to jasonsaayman@gmail.com