axios 0.31.1 → 0.32.0

package/dist/axios.js

@@ -1,4 +1,4 @@
-// axios v0.31.1 Copyright (c) 2026 Matt Zabriskie
+// axios v0.32.0 Copyright (c) 2026 Matt Zabriskie
 (function (global, factory) {
   typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :
   typeof define === 'function' && define.amd ? define(factory) :
@@ -58,8 +58,14 @@
    * @returns {boolean} True if value is a Buffer, otherwise false
    */
   function isBuffer(val) {
-    return val !== null && !isUndefined(val) && val.constructor !== null && !isUndefined(val.constructor)
-      && typeof val.constructor.isBuffer === 'function' && val.constructor.isBuffer(val);
+    return (
+      val !== null &&
+      !isUndefined(val) &&
+      val.constructor !== null &&
+      !isUndefined(val.constructor) &&
+      typeof val.constructor.isBuffer === 'function' &&
+      val.constructor.isBuffer(val)
+    );
   }
 
   /**
@@ -71,7 +77,6 @@
    */
   var isArrayBuffer = kindOfTest('ArrayBuffer');
 
-
   /**
    * Determine if a value is a view on an ArrayBuffer
    *
@@ -80,10 +85,10 @@
    */
   function isArrayBufferView(val) {
     var result;
-    if ((typeof ArrayBuffer !== 'undefined') && (ArrayBuffer.isView)) {
+    if (typeof ArrayBuffer !== 'undefined' && ArrayBuffer.isView) {
       result = ArrayBuffer.isView(val);
     } else {
-      result = (val) && (val.buffer) && (isArrayBuffer(val.buffer));
+      result = val && val.buffer && isArrayBuffer(val.buffer);
     }
     return result;
   }
@@ -220,12 +225,14 @@
     // Reject non-objects (strings, numbers, booleans) up front — Object.getPrototypeOf
     // throws a TypeError on primitives in ES5 environments.
     if (!isObject(thing)) return false;
-    // Reject plain objects inheriting directly from Object.prototype so prototype-pollution gadgets can't spoof FormData (GHSA-6chq-wfr3-2hj9).
+    // Reject plain objects inheriting directly from Object.prototype so prototype-pollution gadgets can't spoof FormData.
     var proto = Object.getPrototypeOf(thing);
     if (!proto || proto === Object.prototype) return false;
     if (!isFunction(thing.append)) return false;
-    return toString.call(thing) === pattern ||
-      (isFunction(thing.toString) && thing.toString() === pattern);
+    return (
+      toString.call(thing) === pattern ||
+      (isFunction(thing.toString) && thing.toString() === pattern)
+    );
   }
 
   /**
@@ -243,7 +250,9 @@
    * @returns {String} The String freed of excess whitespace
    */
   function trim(str) {
-    return str.trim ? str.trim() : str.replace(/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g, '');
+    return str.trim
+      ? str.trim()
+      : str.replace(/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g, '');
   }
 
   /**
@@ -263,10 +272,11 @@
    */
   function isStandardBrowserEnv() {
     var product;
-    if (typeof navigator !== 'undefined' && (
-      (product = navigator.product) === 'ReactNative' ||
-      product === 'NativeScript' ||
-      product === 'NS')
+    if (
+      typeof navigator !== 'undefined' &&
+      ((product = navigator.product) === 'ReactNative' ||
+        product === 'NativeScript' ||
+        product === 'NS')
     ) {
       return false;
     }
@@ -331,14 +341,20 @@
    * @returns {Object} Result of all merge properties
    */
   function merge(/* obj1, obj2, obj3, ... */) {
-    var result = {};
+    var result = Object.create(null);
     function assignValue(val, key) {
+      var target;
+
       if (key === '__proto__' || key === 'constructor' || key === 'prototype') {
         return;
       }
 
-      if (isPlainObject(result[key]) && isPlainObject(val)) {
-        result[key] = merge(result[key], val);
+      target = Object.prototype.hasOwnProperty.call(result, key)
+        ? result[key]
+        : undefined;
+
+      if (isPlainObject(target) && isPlainObject(val)) {
+        result[key] = merge(target, val);
       } else if (isPlainObject(val)) {
         result[key] = merge({}, val);
       } else if (isArray(val)) {
@@ -380,7 +396,7 @@
    * @return {string} content value without BOM
    */
   function stripBOM(content) {
-    if (content.charCodeAt(0) === 0xFEFF) {
+    if (content.charCodeAt(0) === 0xfeff) {
       content = content.slice(1);
     }
     return content;
@@ -395,7 +411,10 @@
    */
 
   function inherits(constructor, superConstructor, props, descriptors) {
-    constructor.prototype = Object.create(superConstructor.prototype, descriptors);
+    constructor.prototype = Object.create(
+      superConstructor.prototype,
+      descriptors
+    );
     constructor.prototype.constructor = constructor;
     props && Object.assign(constructor.prototype, props);
   }
@@ -424,13 +443,20 @@
       i = props.length;
       while (i-- > 0) {
         prop = props[i];
-        if ((!propFilter || propFilter(prop, sourceObj, destObj)) && !merged[prop]) {
+        if (
+          (!propFilter || propFilter(prop, sourceObj, destObj)) &&
+          !merged[prop]
+        ) {
           destObj[prop] = sourceObj[prop];
           merged[prop] = true;
         }
       }
       sourceObj = filter !== false && Object.getPrototypeOf(sourceObj);
-    } while (sourceObj && (!filter || filter(sourceObj, destObj)) && sourceObj !== Object.prototype);
+    } while (
+      sourceObj &&
+      (!filter || filter(sourceObj, destObj)) &&
+      sourceObj !== Object.prototype
+    );
 
     return destObj;
   }
@@ -452,7 +478,6 @@
     return lastIndex !== -1 && lastIndex === position;
   }
 
-
   /**
    * Returns new array from array like object or null if failed
    * @param {*} [thing]
@@ -548,6 +573,82 @@
     hasOwnProperty: hasOwnProperty
   };
 
+  var defaultRedactKeys = ['authorization', 'proxy-authorization', 'cookie', 'set-cookie', 'x-api-key', 'password'];
+
+  var REDACTED_VALUE = '[REDACTED ****]';
+
+  function makeValueDescriptor(value) {
+    var descriptor = Object.create(null);
+    descriptor.value = value;
+    return descriptor;
+  }
+
+  function getRedactKeys(config) {
+    // An empty array is treated as "no override" so an upstream `redact: []` cannot
+    // silently disable redaction. To opt out, pass non-string values or unset keys.
+    var override = config && utils.isArray(config.redact) && config.redact.length ? config.redact : null;
+    var redact = override || defaultRedactKeys;
+    var keys = {};
+
+    utils.forEach(redact, function eachRedactKey(key) {
+      if (typeof key === 'string') {
+        keys[key.toLowerCase()] = true;
+      }
+    });
+
+    return keys;
+  }
+
+  function shouldRedact(key, keys) {
+    return typeof key === 'string' && keys[key.toLowerCase()];
+  }
+
+  var CIRCULAR_VALUE = '[Circular]';
+
+  function serializeConfigValue(value, keys, key, seen) {
+    var result;
+
+    if (shouldRedact(key, keys)) {
+      return REDACTED_VALUE;
+    }
+
+    if (utils.isArray(value)) {
+      if (seen.indexOf(value) !== -1) {
+        return CIRCULAR_VALUE;
+      }
+      seen.push(value);
+      result = [];
+      utils.forEach(value, function eachArrayValue(item, index) {
+        result[index] = serializeConfigValue(item, keys, index, seen);
+      });
+      seen.pop();
+      return result;
+    }
+
+    if (utils.isPlainObject(value)) {
+      if (seen.indexOf(value) !== -1) {
+        return CIRCULAR_VALUE;
+      }
+      seen.push(value);
+      result = {};
+      utils.forEach(value, function eachObjectValue(item, itemKey) {
+        result[itemKey] = serializeConfigValue(item, keys, itemKey, seen);
+      });
+      seen.pop();
+      return result;
+    }
+
+    return value;
+  }
+
+  function serializeConfig(config) {
+    if (!config) {
+      return config;
+    }
+
+    return serializeConfigValue(config, getRedactKeys(config), undefined, []);
+  }
+
   /**
    * Create an Error with the specified message, config, error code, request and response.
    *
@@ -590,7 +691,7 @@
         columnNumber: this.columnNumber,
         stack: this.stack,
         // Axios
-        config: this.config,
+        config: serializeConfig(this.config),
         code: this.code,
         status: this.response && this.response.status ? this.response.status : null
       };
@@ -598,7 +699,7 @@
   });
 
   var prototype$1 = AxiosError.prototype;
-  var descriptors = {};
+  var descriptors = Object.create(null);
 
   [
     'ERR_BAD_OPTION_VALUE',
@@ -616,11 +717,11 @@
     'ERR_FORM_DATA_DEPTH_EXCEEDED'
   // eslint-disable-next-line func-names
   ].forEach(function(code) {
-    descriptors[code] = {value: code};
+    descriptors[code] = makeValueDescriptor(code);
   });
 
   Object.defineProperties(AxiosError, descriptors);
-  Object.defineProperty(prototype$1, 'isAxiosError', {value: true});
+  Object.defineProperty(prototype$1, 'isAxiosError', makeValueDescriptor(true));
 
   // eslint-disable-next-line func-names
   AxiosError.from = function(error, code, config, request, response, customProps) {
@@ -835,7 +936,7 @@
   var toFormData_1 = toFormData;
 
   function encode$1(str) {
-    // Do not map `%00` back to a raw null byte (GHSA-xhjh-pmcv-23jw): that reversed
+    // Do not map `%00` back to a raw null byte: that reversed
     // the safe percent-encoding from encodeURIComponent and enabled null byte injection.
     var charMap = {
       '!': '%21',
@@ -845,9 +946,12 @@
       '~': '%7E',
       '%20': '+'
     };
-    return encodeURIComponent(str).replace(/[!'\(\)~]|%20/g, function replacer(match) {
-      return charMap[match];
-    });
+    return encodeURIComponent(str).replace(
+      /[!'\(\)~]|%20/g,
+      function replacer(match) {
+        return charMap[match];
+      }
+    );
   }
 
   function AxiosURLSearchParams(params, options) {
@@ -863,13 +967,17 @@
   };
 
   prototype.toString = function toString(encoder) {
-    var _encode = encoder ? function(value) {
-      return encoder.call(this, value, encode$1);
-    } : encode$1;
+    var _encode = encoder
+      ? function(value) {
+        return encoder.call(this, value, encode$1);
+      }
+      : encode$1;
 
-    return this._pairs.map(function each(pair) {
-      return _encode(pair[0]) + '=' + _encode(pair[1]);
-    }, '').join('&');
+    return this._pairs
+      .map(function each(pair) {
+        return _encode(pair[0]) + '=' + _encode(pair[1]);
+      }, '')
+      .join('&');
   };
 
   var AxiosURLSearchParams_1 = AxiosURLSearchParams;
@@ -1152,8 +1260,21 @@
           },
 
           read: function read(name) {
-            var match = document.cookie.match(new RegExp('(^|;\\s*)(' + name + ')=([^;]*)'));
-            return (match ? decodeURIComponent(match[3]) : null);
+            var nameEQ = name + '=';
+            var cookies = document.cookie.split(';');
+            var cookie;
+
+            for (var i = 0; i < cookies.length; i++) {
+              cookie = cookies[i];
+              while (cookie.charAt(0) === ' ') {
+                cookie = cookie.substring(1);
+              }
+              if (cookie.indexOf(nameEQ) === 0) {
+                return decodeURIComponent(cookie.substring(nameEQ.length));
+              }
+            }
+
+            return null;
           },
 
           remove: function remove(name) {
@@ -1362,8 +1483,10 @@
       var requestData = config.data;
       var requestHeaders = config.headers;
       var responseType = config.responseType;
-      // Guard against prototype pollution (GHSA-xx6v-rp6x-q39c): only honor own properties.
-      var withXSRFToken = utils.hasOwnProperty(config, 'withXSRFToken') ? config.withXSRFToken : undefined;
+      // Guard against prototype pollution: only honor own properties.
+      var withXSRFToken = utils.hasOwnProperty(config, 'withXSRFToken')
+        ? config.withXSRFToken
+        : undefined;
       var onCanceled;
       function done() {
         if (config.cancelToken) {
@@ -1384,13 +1507,23 @@
       // HTTP basic authentication
       if (config.auth) {
         var username = config.auth.username || '';
-        var password = config.auth.password ? unescape(encodeURIComponent(config.auth.password)) : '';
+        var password = config.auth.password
+          ? unescape(encodeURIComponent(config.auth.password))
+          : '';
         requestHeaders.Authorization = 'Basic ' + btoa(username + ':' + password);
       }
 
-      var fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls);
+      var fullPath = buildFullPath(
+        config.baseURL,
+        config.url,
+        config.allowAbsoluteUrls
+      );
 
-      request.open(config.method.toUpperCase(), buildURL(fullPath, config.params, config.paramsSerializer), true);
+      request.open(
+        config.method.toUpperCase(),
+        buildURL(fullPath, config.params, config.paramsSerializer),
+        true
+      );
 
       // Set the request timeout in MS
       request.timeout = config.timeout;
@@ -1400,9 +1533,14 @@
           return;
         }
         // Prepare the response
-        var responseHeaders = 'getAllResponseHeaders' in request ? parseHeaders(request.getAllResponseHeaders()) : null;
-        var responseData = !responseType || responseType === 'text' ||  responseType === 'json' ?
-          request.responseText : request.response;
+        var responseHeaders =
+          'getAllResponseHeaders' in request
+            ? parseHeaders(request.getAllResponseHeaders())
+            : null;
+        var responseData =
+          !responseType || responseType === 'text' || responseType === 'json'
+            ? request.responseText
+            : request.response;
         var response = {
           data: responseData,
           status: request.status,
@@ -1412,13 +1550,17 @@
           request: request
         };
 
-        settle(function _resolve(value) {
-          resolve(value);
-          done();
-        }, function _reject(err) {
-          reject(err);
-          done();
-        }, response);
+        settle(
+          function _resolve(value) {
+            resolve(value);
+            done();
+          },
+          function _reject(err) {
+            reject(err);
+            done();
+          },
+          response
+        );
 
         // Clean up request
         request = null;
@@ -1438,7 +1580,10 @@
           // handled by onerror instead
           // With one exception: request that using file: protocol, most browsers
           // will return status as 0 even though it's a successful request
-          if (request.status === 0 && !(request.responseURL && request.responseURL.indexOf('file:') === 0)) {
+          if (
+            request.status === 0 &&
+            !(request.responseURL && request.responseURL.indexOf('file:') === 0)
+          ) {
             return;
           }
           // readystate handler is calling before onerror or ontimeout handlers,
@@ -1453,7 +1598,14 @@
           return;
         }
 
-        reject(new AxiosError_1('Request aborted', AxiosError_1.ECONNABORTED, config, request));
+        reject(
+          new AxiosError_1(
+            'Request aborted',
+            AxiosError_1.ECONNABORTED,
+            config,
+            request
+          )
+        );
 
         // Clean up request
         request = null;
@@ -1463,7 +1615,14 @@
       request.onerror = function handleError() {
         // Real errors are hidden from us by the browser
         // onerror should only fire if it's a network error
-        reject(new AxiosError_1('Network Error', AxiosError_1.ERR_NETWORK, config, request));
+        reject(
+          new AxiosError_1(
+            'Network Error',
+            AxiosError_1.ERR_NETWORK,
+            config,
+            request
+          )
+        );
 
         // Clean up request
         request = null;
@@ -1471,16 +1630,23 @@
 
       // Handle timeout
       request.ontimeout = function handleTimeout() {
-        var timeoutErrorMessage = config.timeout ? 'timeout of ' + config.timeout + 'ms exceeded' : 'timeout exceeded';
+        var timeoutErrorMessage = config.timeout
+          ? 'timeout of ' + config.timeout + 'ms exceeded'
+          : 'timeout exceeded';
         var transitional$1 = config.transitional || transitional;
         if (config.timeoutErrorMessage) {
           timeoutErrorMessage = config.timeoutErrorMessage;
         }
-        reject(new AxiosError_1(
-          timeoutErrorMessage,
-          transitional$1.clarifyTimeoutError ? AxiosError_1.ETIMEDOUT : AxiosError_1.ECONNABORTED,
-          config,
-          request));
+        reject(
+          new AxiosError_1(
+            timeoutErrorMessage,
+            transitional$1.clarifyTimeoutError
+              ? AxiosError_1.ETIMEDOUT
+              : AxiosError_1.ECONNABORTED,
+            config,
+            request
+          )
+        );
 
         // Clean up request
         request = null;
@@ -1494,10 +1660,16 @@
         if (utils.isFunction(withXSRFToken)) {
           withXSRFToken = withXSRFToken(config);
         }
-        // Strict boolean check (GHSA-xx6v-rp6x-q39c): only `true` short-circuits the same-origin guard.
-        if (withXSRFToken === true || (withXSRFToken !== false && isURLSameOrigin(fullPath))) {
+        // Strict boolean check: only `true` short-circuits the same-origin guard.
+        if (
+          withXSRFToken === true ||
+          (withXSRFToken !== false && isURLSameOrigin(fullPath))
+        ) {
           // Add xsrf header
-          var xsrfValue = config.xsrfHeaderName && config.xsrfCookieName && cookies.read(config.xsrfCookieName);
+          var xsrfValue =
+            config.xsrfHeaderName &&
+            config.xsrfCookieName &&
+            cookies.read(config.xsrfCookieName);
           if (xsrfValue) {
             requestHeaders[config.xsrfHeaderName] = xsrfValue;
           }
@@ -1507,7 +1679,10 @@
       // Add headers to the request
       if ('setRequestHeader' in request) {
         utils.forEach(requestHeaders, function setRequestHeader(val, key) {
-          if (typeof requestData === 'undefined' && key.toLowerCase() === 'content-type') {
+          if (
+            typeof requestData === 'undefined' &&
+            key.toLowerCase() === 'content-type'
+          ) {
             // Remove Content-Type if data is undefined
             delete requestHeaders[key];
           } else {
@@ -1544,30 +1719,46 @@
           if (!request) {
             return;
           }
-          reject(!cancel || cancel.type ? new CanceledError_1(null, config, request) : cancel);
+          reject(
+            !cancel || cancel.type
+              ? new CanceledError_1(null, config, request)
+              : cancel
+          );
           request.abort();
           request = null;
         };
 
         config.cancelToken && config.cancelToken.subscribe(onCanceled);
         if (config.signal) {
-          config.signal.aborted ? onCanceled() : config.signal.addEventListener('abort', onCanceled);
+          config.signal.aborted
+            ? onCanceled()
+            : config.signal.addEventListener('abort', onCanceled);
         }
       }
 
       // false, 0 (zero number), and '' (empty string) are valid JSON values
-      if (!requestData && requestData !== false && requestData !== 0 && requestData !== '') {
+      if (
+        !requestData &&
+        requestData !== false &&
+        requestData !== 0 &&
+        requestData !== ''
+      ) {
         requestData = null;
       }
 
       var protocol = parseProtocol(fullPath);
 
       if (protocol && platform.protocols.indexOf(protocol) === -1) {
-        reject(new AxiosError_1('Unsupported protocol ' + protocol + ':', AxiosError_1.ERR_BAD_REQUEST, config));
+        reject(
+          new AxiosError_1(
+            'Unsupported protocol ' + protocol + ':',
+            AxiosError_1.ERR_BAD_REQUEST,
+            config
+          )
+        );
         return;
       }
 
-
       // Send the request
       request.send(requestData);
     });
@@ -1715,6 +1906,8 @@
     maxContentLength: -1,
     maxBodyLength: -1,
 
+    redact: defaultRedactKeys.slice(),
+
     env: {
       FormData: platform.classes.FormData,
       Blob: platform.classes.Blob
@@ -1821,11 +2014,16 @@
     normalizeHeaderName(config.headers, 'Content-Type');
 
     // Flatten headers
-    config.headers = utils.merge(
-      config.headers.common || {},
-      config.headers[config.method] || {},
-      config.headers
-    );
+    var commonHeaders = utils.hasOwnProperty(config.headers, 'common') && config.headers.common
+      ? config.headers.common
+      : {};
+    var methodHeaders = config.method &&
+      utils.hasOwnProperty(config.headers, config.method) &&
+      config.headers[config.method]
+      ? config.headers[config.method]
+      : {};
+
+    config.headers = utils.merge(commonHeaders, methodHeaders, config.headers);
 
     utils.forEach(
       ['delete', 'get', 'head', 'post', 'put', 'patch', 'common'],
@@ -1970,6 +2168,7 @@
       'httpsAgent': defaultToConfig2,
       'cancelToken': defaultToConfig2,
       'socketPath': defaultToConfig2,
+      'allowedSocketPaths': defaultToConfig2,
       'responseEncoding': defaultToConfig2,
       'validateStatus': mergeDirectKeys
     };
@@ -1987,7 +2186,7 @@
   };
 
   var data = {
-    "version": "0.31.1"
+    "version": "0.32.0"
   };
 
   var VERSION = data.version;