npm - axios - Versions diffs - 0.32.0 → 0.33.0 - Mend

axios 0.32.0 → 0.33.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/CHANGELOG.md +143 -7
package/dist/axios.js +67 -14
package/dist/axios.js.map +1 -1
package/dist/axios.min.js +1 -1
package/dist/axios.min.js.map +1 -1
package/dist/esm/axios.js +67 -14
package/dist/esm/axios.js.map +1 -1
package/dist/esm/axios.min.js +1 -1
package/dist/esm/axios.min.js.map +1 -1
package/lib/adapters/http.js +10 -6
package/lib/adapters/xhr.js +10 -5
package/lib/core/Axios.js +4 -2
package/lib/env/data.js +1 -1
package/lib/helpers/buildURL.js +11 -3
package/lib/helpers/formDataToJSON.js +18 -1
package/lib/helpers/shouldBypassProxy.js +1 -1
package/lib/helpers/toFormData.js +24 -2
package/package.json +1 -1

package/dist/esm/axios.js CHANGED Viewed

@@ -1,4 +1,4 @@
-// axios v0.32.0 Copyright (c) 2026 Matt Zabriskie
+// axios v0.33.0 Copyright (c) 2026 Matt Zabriskie
 var bind = function bind(fn, thisArg) {
   return function wrap() {
     return fn.apply(thisArg, arguments);
@@ -834,6 +834,29 @@ function toFormData(obj, formData, options) {
     return value;
   }
+  var stack = [];
+  function assertValueDepth(value, depth) {
+    if (depth > maxDepth) {
+      throw new AxiosError_1(
+        'Maximum object depth of ' + maxDepth + ' exceeded (got ' + depth + ' levels)',
+        AxiosError_1.ERR_FORM_DATA_DEPTH_EXCEEDED
+      );
+    }
+    if (!utils.isObject(value) || stack.indexOf(value) !== -1) {
+      return;
+    }
+    stack.push(value);
+    utils.forEach(value, function each(el) {
+      assertValueDepth(el, depth + 1);
+    });
+    stack.pop();
+  }
   /**
    *
    * @param {*} value
@@ -849,6 +872,7 @@ function toFormData(obj, formData, options) {
       if (utils.endsWith(key, '{}')) {
         // eslint-disable-next-line no-param-reassign
         key = metaTokens ? key : key.slice(0, -2);
+        assertValueDepth(value, 1);
         // eslint-disable-next-line no-param-reassign
         value = JSON.stringify(value);
       } else if (
@@ -878,8 +902,6 @@ function toFormData(obj, formData, options) {
     return false;
   }
-  var stack = [];
   var exposedHelpers = Object.assign(predicates, {
     defaultVisitor: defaultVisitor,
     convertValue: convertValue,
@@ -1006,9 +1028,17 @@ var buildURL = function buildURL(url, params, options) {
     url = url.slice(0, hashmarkIndex);
   }
-  var _encode = options && options.encode || encode;
+  var _encode = encode;
+  var serializeFn;
-  var serializeFn = options && options.serialize;
+  if (options) {
+    if (utils.isFunction(options)) {
+      serializeFn = options;
+    } else {
+      _encode = utils.hasOwnProperty(options, 'encode') && options.encode || encode;
+      serializeFn = utils.hasOwnProperty(options, 'serialize') ? options.serialize : undefined;
+    }
+  }
   var serializedParams;
@@ -1131,6 +1161,19 @@ var toURLEncodedForm = function toURLEncodedForm(data, options) {
   }, options));
 };
+var MAX_FORM_DATA_TO_JSON_DEPTH = 100;
+function assertPathDepth(path) {
+  var depth = path.length - 1;
+  if (depth > MAX_FORM_DATA_TO_JSON_DEPTH) {
+    throw new AxiosError_1(
+      'Maximum object depth of ' + MAX_FORM_DATA_TO_JSON_DEPTH + ' exceeded (got ' + depth + ' levels)',
+      AxiosError_1.ERR_FORM_DATA_DEPTH_EXCEEDED
+    );
+  }
+}
 function parsePropPath(name) {
   // foo[x][y][z]
   // foo.x.y.z
@@ -1191,7 +1234,10 @@ function formDataToJSON(formData) {
     var obj = {};
     utils.forEachEntry(formData, function(name, value) {
-      buildPath(parsePropPath(name), value, obj, 0);
+      var path = parsePropPath(name);
+      assertPathDepth(path);
+      buildPath(path, value, obj, 0);
     });
     return obj;
@@ -1499,10 +1545,11 @@ var xhr = function xhrAdapter(config) {
     var request = new XMLHttpRequest();
     // HTTP basic authentication
-    if (config.auth) {
-      var username = config.auth.username || '';
-      var password = config.auth.password
-        ? unescape(encodeURIComponent(config.auth.password))
+    var configAuth = utils.hasOwnProperty(config, 'auth') ? config.auth : undefined;
+    if (configAuth) {
+      var username = utils.hasOwnProperty(configAuth, 'username') ? configAuth.username || '' : '';
+      var password = utils.hasOwnProperty(configAuth, 'password') && configAuth.password
+        ? unescape(encodeURIComponent(configAuth.password))
         : '';
       requestHeaders.Authorization = 'Basic ' + btoa(username + ':' + password);
     }
@@ -1515,7 +1562,11 @@ var xhr = function xhrAdapter(config) {
     request.open(
       config.method.toUpperCase(),
-      buildURL(fullPath, config.params, config.paramsSerializer),
+      buildURL(
+        fullPath,
+        config.params,
+        utils.hasOwnProperty(config, 'paramsSerializer') ? config.paramsSerializer : undefined
+      ),
       true
     );
@@ -2180,7 +2231,7 @@ var mergeConfig = function mergeConfig(config1, config2) {
 };
 var data = {
-  "version": "0.32.0"
+  "version": "0.33.0"
 };
 var VERSION = data.version;
@@ -2404,10 +2455,12 @@ Axios.prototype.getUri = function getUri(config) {
 utils.forEach(['delete', 'get', 'head', 'options'], function forEachMethodNoData(method) {
   /*eslint func-names:0*/
   Axios.prototype[method] = function(url, config) {
-    return this.request(mergeConfig(config || {}, {
+    var requestConfig = config || {};
+    return this.request(mergeConfig(requestConfig, {
       method: method,
       url: url,
-      data: (config || {}).data
+      data: utils.hasOwnProperty(requestConfig, 'data') ? requestConfig.data : undefined
     }));
   };
 });