npm - axios - Versions diffs - 0.28.1 → 0.29.0 - Mend

axios 0.28.1 → 0.29.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/CHANGELOG.md +50 -37
package/dist/axios.js +19 -12
package/dist/axios.js.map +1 -1
package/dist/axios.min.js +1 -1
package/dist/axios.min.js.map +1 -1
package/dist/esm/axios.js +19 -12
package/dist/esm/axios.js.map +1 -1
package/dist/esm/axios.min.js +1 -1
package/dist/esm/axios.min.js.map +1 -1
package/lib/core/Axios.js +11 -7
package/lib/env/data.js +1 -1
package/lib/helpers/combineURLs.js +1 -1
package/lib/helpers/formDataToJSON.js +3 -0
package/lib/helpers/toFormData.js +2 -2
package/package.json +3 -3

package/CHANGELOG.md CHANGED Viewed

@@ -1,53 +1,66 @@
 # Changelog
+## [0.29.0](https://github.com/axios/axios/compare/v0.28.1...v0.29.0) (2024-11-21)
+## Release notes:
+### Bug Fixes
+- fix(backport): backport security fixes in commits #6167 and #6163 (#6402)
+- fix: omit nulls in params (#6394)
+- fix(backport): fix paramsSerializer function validation (#6361)
+- fix: regular expression denial of service (ReDoS) (#6708)
 ## [0.28.1](https://github.com/axios/axios/compare/v0.28.0...v0.28.1) (2024-03-24)
 ## Release notes:
 ### Bug Fixes
-* fix(backport): custom params serializer support (#6263)
-* fix(backport): uncaught ReferenceError `req` is not defined (#6307)
+- fix(backport): custom params serializer support (#6263)
+- fix(backport): uncaught ReferenceError `req` is not defined (#6307)
 ## [0.28.0](https://github.com/axios/axios/compare/v0.27.2...v0.28.0) (2024-02-12)
 ## Release notes:
 ### Bug Fixes
-* fix(security): fixed CVE-2023-45857 by backporting `withXSRFToken` option to v0.x (#6091)
+- fix(security): fixed CVE-2023-45857 by backporting `withXSRFToken` option to v0.x (#6091)
 ### Backports from v1.x:
-* Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
-* Fixing content-type header repeated #4745
-* Fixed timeout error message for HTTP 4738
-* Added `axios.formToJSON` method (#4735)
-* URL params serializer (#4734)
-* Fixed toFormData Blob issue on node>v17 #4728
-* Adding types for progress event callbacks #4675
-* Fixed max body length defaults #4731
-* Added data URL support for node.js (#4725)
-* Added isCancel type assert (#4293)
-* Added the ability for the `url-encoded-form` serializer to respect the `formSerializer` config (#4721)
-* Add `string[]` to `AxiosRequestHeaders` type (#4322)
-* Allow type definition for axios instance methods (#4224)
-* Fixed `AxiosError` stack capturing; (#4718)
-* Fixed `AxiosError` status code type; (#4717)
-* Adding Canceler parameters config and request (#4711)
-* fix(types): allow to specify partial default headers for instance creation (#4185)
-* Added `blob` to the list of protocols supported by the browser (#4678)
-* Fixing Z_BUF_ERROR when no content (#4701)
-* Fixed race condition on immediate requests cancellation (#4261)
-* Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance https://github.com/axios/axios/pull/4248
-* Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
-* Fix TS definition for AxiosRequestTransformer (#4201)
-* Use type alias instead of interface for AxiosPromise (#4505)
-* Include request and config when creating a CanceledError instance (#4659)
-* Added generic TS types for the exposed toFormData helper (#4668)
-* Optimized the code that checks cancellation (#4587)
-* Replaced webpack with rollup (#4596)
-* Added stack trace to AxiosError (#4624)
-* Updated AxiosError.config to be optional in the type definition (#4665)
-* Removed incorrect argument for NetworkError constructor (#4656)
+- Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
+- Fixing content-type header repeated #4745
+- Fixed timeout error message for HTTP 4738
+- Added `axios.formToJSON` method (#4735)
+- URL params serializer (#4734)
+- Fixed toFormData Blob issue on node>v17 #4728
+- Adding types for progress event callbacks #4675
+- Fixed max body length defaults #4731
+- Added data URL support for node.js (#4725)
+- Added isCancel type assert (#4293)
+- Added the ability for the `url-encoded-form` serializer to respect the `formSerializer` config (#4721)
+- Add `string[]` to `AxiosRequestHeaders` type (#4322)
+- Allow type definition for axios instance methods (#4224)
+- Fixed `AxiosError` stack capturing; (#4718)
+- Fixed `AxiosError` status code type; (#4717)
+- Adding Canceler parameters config and request (#4711)
+- fix(types): allow to specify partial default headers for instance creation (#4185)
+- Added `blob` to the list of protocols supported by the browser (#4678)
+- Fixing Z_BUF_ERROR when no content (#4701)
+- Fixed race condition on immediate requests cancellation (#4261)
+- Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance https://github.com/axios/axios/pull/4248
+- Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
+- Fix TS definition for AxiosRequestTransformer (#4201)
+- Use type alias instead of interface for AxiosPromise (#4505)
+- Include request and config when creating a CanceledError instance (#4659)
+- Added generic TS types for the exposed toFormData helper (#4668)
+- Optimized the code that checks cancellation (#4587)
+- Replaced webpack with rollup (#4596)
+- Added stack trace to AxiosError (#4624)
+- Updated AxiosError.config to be optional in the type definition (#4665)
+- Removed incorrect argument for NetworkError constructor (#4656)
 ## 0.27.2 (April 27, 2022)
@@ -70,9 +83,9 @@ Breaking changes:
 - New toFormData helper function that allows the implementor to pass an object and allow axios to convert it to FormData ([#3757](https://github.com/axios/axios/pull/3757))
 - Removed functionality that removed the the `Content-Type` request header when passing FormData ([#3785](https://github.com/axios/axios/pull/3785))
-- **(*)** Refactored error handling implementing AxiosError as a constructor, this is a large change to error handling on the whole ([#3645](https://github.com/axios/axios/pull/3645))
+- **(\*)** Refactored error handling implementing AxiosError as a constructor, this is a large change to error handling on the whole ([#3645](https://github.com/axios/axios/pull/3645))
 - Separated responsibility for FormData instantiation between `transformRequest` and `toFormData` ([#4470](https://github.com/axios/axios/pull/4470))
-- **(*)** Improved and fixed multiple issues with FormData support ([#4448](https://github.com/axios/axios/pull/4448))
+- **(\*)** Improved and fixed multiple issues with FormData support ([#4448](https://github.com/axios/axios/pull/4448))
 QOL and DevX improvements:
@@ -93,7 +106,7 @@ Documentation:
 Notes:
-- **(*)** Please read these pull requests before updating, these changes are very impactful and far reaching.
+- **(\*)** Please read these pull requests before updating, these changes are very impactful and far reaching.
 ## 0.26.1 (March 9, 2022)

package/dist/axios.js CHANGED Viewed

@@ -1,4 +1,4 @@
-// axios v0.28.1 Copyright (c) 2024 Matt Zabriskie
+// axios v0.29.0 Copyright (c) 2024 Matt Zabriskie
 (function (global, factory) {
   typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :
   typeof define === 'function' && define.amd ? define(factory) :
@@ -744,7 +744,7 @@
           key = removeBrackets(key);
           arr.forEach(function each(el, index) {
-            !utils.isUndefined(el) && formData.append(
+            !(utils.isUndefined(el) || el === null) && formData.append(
               // eslint-disable-next-line no-nested-ternary
               indexes === true ? renderKey([key], index, dots) : (indexes === null ? key : key + '[]'),
               convertValue(el)
@@ -781,7 +781,7 @@
       stack.push(value);
       utils.forEach(value, function each(el, key) {
-        var result = !utils.isUndefined(el) && visitor.call(
+        var result = !(utils.isUndefined(el) || el === null) && visitor.call(
           formData, el, utils.isString(key) ? key.trim() : key, path, exposedHelpers
         );
@@ -1024,6 +1024,9 @@
   function formDataToJSON(formData) {
     function buildPath(path, value, target, index) {
       var name = path[index++];
+      if (name === '__proto__') return true;
       var isNumericKey = Number.isFinite(+name);
       var isLast = index >= path.length;
       name = !name && utils.isArray(target) ? target.length : name;
@@ -1160,7 +1163,7 @@
    */
   var combineURLs = function combineURLs(baseURL, relativeURL) {
     return relativeURL
-      ? baseURL.replace(/\/+$/, '') + '/' + relativeURL.replace(/^\/+/, '')
+      ? baseURL.replace(/\/?\/$/, '') + '/' + relativeURL.replace(/^\/+/, '')
       : baseURL;
   };
@@ -1907,7 +1910,7 @@
   };
   var data = {
-    "version": "0.28.1"
+    "version": "0.29.0"
   };
   var VERSION = data.version;
@@ -2048,15 +2051,19 @@
     var paramsSerializer = config.paramsSerializer;
-    if (paramsSerializer !== undefined) {
-      validator.assertOptions(paramsSerializer, {
-        encode: validators.function,
-        serialize: validators.function
-      }, true);
+    if (paramsSerializer != null) {
+      if (utils.isFunction(paramsSerializer)) {
+        config.paramsSerializer = {
+          serialize: paramsSerializer
+        };
+      } else {
+        validator.assertOptions(paramsSerializer, {
+          encode: validators.function,
+          serialize: validators.function
+        }, true);
+      }
     }
-    utils.isFunction(paramsSerializer) && (config.paramsSerializer = {serialize: paramsSerializer});
     // filter out skipped interceptors
     var requestInterceptorChain = [];
     var synchronousRequestInterceptors = true;