axios 1.17.0 → 1.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/axios.js CHANGED
@@ -1,4 +1,4 @@
1
- /*! Axios v1.17.0 Copyright (c) 2026 Matt Zabriskie and contributors */
1
+ /*! Axios v1.18.1 Copyright (c) 2026 Matt Zabriskie and contributors */
2
2
  (function (global, factory) {
3
3
  typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :
4
4
  typeof define === 'function' && define.amd ? define(factory) :
@@ -463,55 +463,42 @@
463
463
  };
464
464
  }
465
465
  function AsyncGenerator(e) {
466
- var r, t;
467
- function resume(r, t) {
466
+ var t, n;
467
+ function resume(t, n) {
468
468
  try {
469
- var n = e[r](t),
470
- o = n.value,
469
+ var r = e[t](n),
470
+ o = r.value,
471
471
  u = o instanceof _OverloadYield;
472
- Promise.resolve(u ? o.v : o).then(function (t) {
472
+ Promise.resolve(u ? o.v : o).then(function (n) {
473
473
  if (u) {
474
- var i = "return" === r ? "return" : "next";
475
- if (!o.k || t.done) return resume(i, t);
476
- t = e[i](t).value;
474
+ var i = "return" === t && o.k ? t : "next";
475
+ if (!o.k || n.done) return resume(i, n);
476
+ n = e[i](n).value;
477
477
  }
478
- settle(n.done ? "return" : "normal", t);
478
+ settle(!!r.done, n);
479
479
  }, function (e) {
480
480
  resume("throw", e);
481
481
  });
482
482
  } catch (e) {
483
- settle("throw", e);
483
+ settle(2, e);
484
484
  }
485
485
  }
486
- function settle(e, n) {
487
- switch (e) {
488
- case "return":
489
- r.resolve({
490
- value: n,
491
- done: true
492
- });
493
- break;
494
- case "throw":
495
- r.reject(n);
496
- break;
497
- default:
498
- r.resolve({
499
- value: n,
500
- done: false
501
- });
502
- }
503
- (r = r.next) ? resume(r.key, r.arg) : t = null;
486
+ function settle(e, r) {
487
+ 2 === e ? t.reject(r) : t.resolve({
488
+ value: r,
489
+ done: e
490
+ }), (t = t.next) ? resume(t.key, t.arg) : n = null;
504
491
  }
505
- this._invoke = function (e, n) {
492
+ this._invoke = function (e, r) {
506
493
  return new Promise(function (o, u) {
507
494
  var i = {
508
495
  key: e,
509
- arg: n,
496
+ arg: r,
510
497
  resolve: o,
511
498
  reject: u,
512
499
  next: null
513
500
  };
514
- t ? t = t.next = i : (r = t = i, resume(e, n));
501
+ n ? n = n.next = i : (t = n = i, resume(e, r));
515
502
  });
516
503
  }, "function" != typeof e.return && (this.return = void 0);
517
504
  }
@@ -566,6 +553,57 @@
566
553
  var getPrototypeOf = Object.getPrototypeOf;
567
554
  var iterator = Symbol.iterator,
568
555
  toStringTag = Symbol.toStringTag;
556
+
557
+ /* Creating a function that will check if an object has a property. */
558
+ var hasOwnProperty = function (_ref) {
559
+ var hasOwnProperty = _ref.hasOwnProperty;
560
+ return function (obj, prop) {
561
+ return hasOwnProperty.call(obj, prop);
562
+ };
563
+ }(Object.prototype);
564
+
565
+ /**
566
+ * Walk the prototype chain (excluding the shared Object.prototype) looking for
567
+ * an own `prop`. This distinguishes genuine own/inherited members — including
568
+ * class accessors and template prototypes — from members injected via
569
+ * Object.prototype pollution (e.g. `Object.prototype.username = '...'`), which
570
+ * live on Object.prototype itself and are therefore never matched.
571
+ *
572
+ * @param {*} thing The value whose chain to inspect
573
+ * @param {string|symbol} prop The property key to look for
574
+ *
575
+ * @returns {boolean} True when `prop` is owned below Object.prototype
576
+ */
577
+ var hasOwnInPrototypeChain = function hasOwnInPrototypeChain(thing, prop) {
578
+ var obj = thing;
579
+ var seen = [];
580
+ while (obj != null && obj !== Object.prototype) {
581
+ if (seen.indexOf(obj) !== -1) {
582
+ return false;
583
+ }
584
+ seen.push(obj);
585
+ if (hasOwnProperty(obj, prop)) {
586
+ return true;
587
+ }
588
+ obj = getPrototypeOf(obj);
589
+ }
590
+ return false;
591
+ };
592
+
593
+ /**
594
+ * Read `obj[prop]` only when it is safe from Object.prototype pollution. Own
595
+ * properties and members inherited from a non-Object.prototype source (a class
596
+ * instance or template object) are honored; a value reachable only through a
597
+ * polluted Object.prototype is ignored and `undefined` is returned.
598
+ *
599
+ * @param {*} obj The source object
600
+ * @param {string|symbol} prop The property key to read
601
+ *
602
+ * @returns {*} The resolved value, or undefined when unsafe/absent
603
+ */
604
+ var getSafeProp = function getSafeProp(obj, prop) {
605
+ return obj != null && hasOwnInPrototypeChain(obj, prop) ? obj[prop] : undefined;
606
+ };
569
607
  var kindOf = function (cache) {
570
608
  return function (thing) {
571
609
  var str = toString.call(thing);
@@ -694,11 +732,15 @@
694
732
  * @returns {boolean} True if value is a plain Object, otherwise false
695
733
  */
696
734
  var isPlainObject = function isPlainObject(val) {
697
- if (kindOf(val) !== 'object') {
735
+ if (!isObject(val)) {
698
736
  return false;
699
737
  }
700
738
  var prototype = getPrototypeOf(val);
701
- return (prototype === null || prototype === Object.prototype || Object.getPrototypeOf(prototype) === null) && !(toStringTag in val) && !(iterator in val);
739
+ return (prototype === null || prototype === Object.prototype || getPrototypeOf(prototype) === null) &&
740
+ // Treat any genuine (non-Object.prototype-polluted) Symbol.toStringTag or
741
+ // Symbol.iterator as evidence the value is a tagged/iterable type rather
742
+ // than a plain object, while ignoring keys injected onto Object.prototype.
743
+ !hasOwnInPrototypeChain(val, toStringTag) && !hasOwnInPrototypeChain(val, iterator);
702
744
  };
703
745
 
704
746
  /**
@@ -866,9 +908,9 @@
866
908
  * @returns {any}
867
909
  */
868
910
  function forEach(obj, fn) {
869
- var _ref = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {},
870
- _ref$allOwnKeys = _ref.allOwnKeys,
871
- allOwnKeys = _ref$allOwnKeys === void 0 ? false : _ref$allOwnKeys;
911
+ var _ref2 = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {},
912
+ _ref2$allOwnKeys = _ref2.allOwnKeys,
913
+ allOwnKeys = _ref2$allOwnKeys === void 0 ? false : _ref2$allOwnKeys;
872
914
  // Don't bother if no value provided
873
915
  if (obj === null || typeof obj === 'undefined') {
874
916
  return;
@@ -955,9 +997,9 @@
955
997
  * @returns {Object} Result of all merge properties
956
998
  */
957
999
  function merge() {
958
- var _ref2 = isContextDefined(this) && this || {},
959
- caseless = _ref2.caseless,
960
- skipUndefined = _ref2.skipUndefined;
1000
+ var _ref3 = isContextDefined(this) && this || {},
1001
+ caseless = _ref3.caseless,
1002
+ skipUndefined = _ref3.skipUndefined;
961
1003
  var result = {};
962
1004
  var assignValue = function assignValue(val, key) {
963
1005
  // Skip dangerous property names to prevent prototype pollution
@@ -1014,8 +1056,8 @@
1014
1056
  * @returns {Object} The resulting value of object a
1015
1057
  */
1016
1058
  var extend = function extend(a, b, thisArg) {
1017
- var _ref3 = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {},
1018
- allOwnKeys = _ref3.allOwnKeys;
1059
+ var _ref4 = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {},
1060
+ allOwnKeys = _ref4.allOwnKeys;
1019
1061
  forEach(b, function (val, key) {
1020
1062
  if (thisArg && isFunction$1(val)) {
1021
1063
  Object.defineProperty(a, key, {
@@ -1209,14 +1251,6 @@
1209
1251
  return p1.toUpperCase() + p2;
1210
1252
  });
1211
1253
  };
1212
-
1213
- /* Creating a function that will check if an object has a property. */
1214
- var hasOwnProperty = function (_ref4) {
1215
- var hasOwnProperty = _ref4.hasOwnProperty;
1216
- return function (obj, prop) {
1217
- return hasOwnProperty.call(obj, prop);
1218
- };
1219
- }(Object.prototype);
1220
1254
  var propertyIsEnumerable = Object.prototype.propertyIsEnumerable;
1221
1255
 
1222
1256
  /**
@@ -1397,6 +1431,21 @@
1397
1431
  var isIterable = function isIterable(thing) {
1398
1432
  return thing != null && isFunction$1(thing[iterator]);
1399
1433
  };
1434
+
1435
+ /**
1436
+ * Determine if a value is iterable via an iterator that is NOT sourced solely
1437
+ * from a polluted Object.prototype. Use this instead of `isIterable` whenever
1438
+ * the iterable comes from untrusted input (e.g. user-supplied header sources),
1439
+ * so `Object.prototype[Symbol.iterator] = ...` cannot turn an ordinary object
1440
+ * into an attacker-controlled entries iterator.
1441
+ *
1442
+ * @param {*} thing The value to test
1443
+ *
1444
+ * @returns {boolean} True if value has a non-polluted iterator
1445
+ */
1446
+ var isSafeIterable = function isSafeIterable(thing) {
1447
+ return thing != null && hasOwnInPrototypeChain(thing, iterator) && isIterable(thing);
1448
+ };
1400
1449
  var utils$1 = {
1401
1450
  isArray: isArray,
1402
1451
  isArrayBuffer: isArrayBuffer,
@@ -1442,6 +1491,8 @@
1442
1491
  hasOwnProperty: hasOwnProperty,
1443
1492
  hasOwnProp: hasOwnProperty,
1444
1493
  // an alias to avoid ESLint no-prototype-builtins detection
1494
+ hasOwnInPrototypeChain: hasOwnInPrototypeChain,
1495
+ getSafeProp: getSafeProp,
1445
1496
  reduceDescriptors: reduceDescriptors,
1446
1497
  freezeMethods: freezeMethods,
1447
1498
  toObjectSet: toObjectSet,
@@ -1457,7 +1508,8 @@
1457
1508
  isThenable: isThenable,
1458
1509
  setImmediate: _setImmediate,
1459
1510
  asap: asap,
1460
- isIterable: isIterable
1511
+ isIterable: isIterable,
1512
+ isSafeIterable: isSafeIterable
1461
1513
  };
1462
1514
 
1463
1515
  // RawAxiosHeaders whose duplicates are ignored by node
@@ -1634,8 +1686,8 @@
1634
1686
  setHeaders(header, valueOrRewrite);
1635
1687
  } else if (utils$1.isString(header) && (header = header.trim()) && !isValidHeaderName(header)) {
1636
1688
  setHeaders(parseHeaders(header), valueOrRewrite);
1637
- } else if (utils$1.isObject(header) && utils$1.isIterable(header)) {
1638
- var obj = {},
1689
+ } else if (utils$1.isObject(header) && utils$1.isSafeIterable(header)) {
1690
+ var obj = Object.create(null),
1639
1691
  dest,
1640
1692
  key;
1641
1693
  var _iterator = _createForOfIteratorHelper(header),
@@ -1646,7 +1698,13 @@
1646
1698
  if (!utils$1.isArray(entry)) {
1647
1699
  throw new TypeError('Object iterator must return a key-value pair');
1648
1700
  }
1649
- obj[key = entry[0]] = (dest = obj[key]) ? utils$1.isArray(dest) ? [].concat(_toConsumableArray(dest), [entry[1]]) : [dest, entry[1]] : entry[1];
1701
+ key = entry[0];
1702
+ if (utils$1.hasOwnProp(obj, key)) {
1703
+ dest = obj[key];
1704
+ obj[key] = utils$1.isArray(dest) ? [].concat(_toConsumableArray(dest), [entry[1]]) : [dest, entry[1]];
1705
+ } else {
1706
+ obj[key] = entry[1];
1707
+ }
1650
1708
  }
1651
1709
  } catch (err) {
1652
1710
  _iterator.e(err);
@@ -1982,7 +2040,19 @@
1982
2040
  key: "from",
1983
2041
  value: function from(error, code, config, request, response, customProps) {
1984
2042
  var axiosError = new AxiosError(error.message, code || error.code, config, request, response);
1985
- axiosError.cause = error;
2043
+ // Match native `Error` `cause` semantics: non-enumerable. The wrapped
2044
+ // error often carries circular internals (sockets, requests, agents), so
2045
+ // an enumerable `cause` makes structured loggers (pino/winston) and any
2046
+ // own-property walk throw "Converting circular structure to JSON".
2047
+ // Regression from #6982; see #7205. `__proto__: null` mirrors the
2048
+ // `message` descriptor below (prototype-pollution-safe descriptor).
2049
+ Object.defineProperty(axiosError, 'cause', {
2050
+ __proto__: null,
2051
+ value: error,
2052
+ writable: true,
2053
+ enumerable: false,
2054
+ configurable: true
2055
+ });
1986
2056
  axiosError.name = error.name;
1987
2057
 
1988
2058
  // Preserve status from the original error if not already set from response
@@ -2012,6 +2082,10 @@
2012
2082
  // eslint-disable-next-line strict
2013
2083
  var httpAdapter = null;
2014
2084
 
2085
+ // Default nesting limit shared with the inverse transform (formDataToJSON) so
2086
+ // the FormData <-> JSON round-trip stays symmetric.
2087
+ var DEFAULT_FORM_DATA_MAX_DEPTH = 100;
2088
+
2015
2089
  /**
2016
2090
  * Determines if the given thing is a array or js object.
2017
2091
  *
@@ -2112,8 +2186,9 @@
2112
2186
  var dots = options.dots;
2113
2187
  var indexes = options.indexes;
2114
2188
  var _Blob = options.Blob || typeof Blob !== 'undefined' && Blob;
2115
- var maxDepth = options.maxDepth === undefined ? 100 : options.maxDepth;
2189
+ var maxDepth = options.maxDepth === undefined ? DEFAULT_FORM_DATA_MAX_DEPTH : options.maxDepth;
2116
2190
  var useBlob = _Blob && utils$1.isSpecCompliantForm(formData);
2191
+ var stack = [];
2117
2192
  if (!utils$1.isFunction(visitor)) {
2118
2193
  throw new TypeError('visitor must be a function');
2119
2194
  }
@@ -2129,10 +2204,38 @@
2129
2204
  throw new AxiosError('Blob is not supported. Use a Buffer instead.');
2130
2205
  }
2131
2206
  if (utils$1.isArrayBuffer(value) || utils$1.isTypedArray(value)) {
2132
- return useBlob && typeof Blob === 'function' ? new Blob([value]) : Buffer.from(value);
2207
+ if (useBlob && typeof _Blob === 'function') {
2208
+ return new _Blob([value]);
2209
+ }
2210
+ if (typeof Buffer !== 'undefined') {
2211
+ return Buffer.from(value);
2212
+ }
2213
+ throw new AxiosError('Blob is not supported. Use a Buffer instead.', AxiosError.ERR_NOT_SUPPORT);
2133
2214
  }
2134
2215
  return value;
2135
2216
  }
2217
+ function throwIfMaxDepthExceeded(depth) {
2218
+ if (depth > maxDepth) {
2219
+ throw new AxiosError('Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth, AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED);
2220
+ }
2221
+ }
2222
+ function stringifyWithDepthLimit(value, depth) {
2223
+ if (maxDepth === Infinity) {
2224
+ return JSON.stringify(value);
2225
+ }
2226
+ var ancestors = [];
2227
+ return JSON.stringify(value, function limitDepth(_key, currentValue) {
2228
+ if (!utils$1.isObject(currentValue)) {
2229
+ return currentValue;
2230
+ }
2231
+ while (ancestors.length && ancestors[ancestors.length - 1] !== this) {
2232
+ ancestors.pop();
2233
+ }
2234
+ ancestors.push(currentValue);
2235
+ throwIfMaxDepthExceeded(depth + ancestors.length - 1);
2236
+ return currentValue;
2237
+ });
2238
+ }
2136
2239
 
2137
2240
  /**
2138
2241
  * Default visitor.
@@ -2155,7 +2258,7 @@
2155
2258
  // eslint-disable-next-line no-param-reassign
2156
2259
  key = metaTokens ? key : key.slice(0, -2);
2157
2260
  // eslint-disable-next-line no-param-reassign
2158
- value = JSON.stringify(value);
2261
+ value = stringifyWithDepthLimit(value, 1);
2159
2262
  } else if (utils$1.isArray(value) && isFlatArray(value) || (utils$1.isFileList(value) || utils$1.endsWith(key, '[]')) && (arr = utils$1.toArray(value))) {
2160
2263
  // eslint-disable-next-line no-param-reassign
2161
2264
  key = removeBrackets(key);
@@ -2173,7 +2276,6 @@
2173
2276
  formData.append(renderKey(path, key, dots), convertValue(value));
2174
2277
  return false;
2175
2278
  }
2176
- var stack = [];
2177
2279
  var exposedHelpers = Object.assign(predicates, {
2178
2280
  defaultVisitor: defaultVisitor,
2179
2281
  convertValue: convertValue,
@@ -2182,9 +2284,7 @@
2182
2284
  function build(value, path) {
2183
2285
  var depth = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : 0;
2184
2286
  if (utils$1.isUndefined(value)) return;
2185
- if (depth > maxDepth) {
2186
- throw new AxiosError('Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth, AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED);
2187
- }
2287
+ throwIfMaxDepthExceeded(depth);
2188
2288
  if (stack.indexOf(value) !== -1) {
2189
2289
  throw new Error('Circular reference detected in ' + path.join('.'));
2190
2290
  }
@@ -2243,8 +2343,9 @@
2243
2343
  this._pairs.push([name, value]);
2244
2344
  };
2245
2345
  prototype.toString = function toString(encoder) {
2346
+ var _this = this;
2246
2347
  var _encode = encoder ? function (value) {
2247
- return encoder.call(this, value, encode$1);
2348
+ return encoder.call(_this, value, encode$1);
2248
2349
  } : encode$1;
2249
2350
  return this._pairs.map(function each(pair) {
2250
2351
  return _encode(pair[0]) + '=' + _encode(pair[1]);
@@ -2276,11 +2377,16 @@
2276
2377
  if (!params) {
2277
2378
  return url;
2278
2379
  }
2279
- var _encode = options && options.encode || encode;
2380
+ url = url || '';
2280
2381
  var _options = utils$1.isFunction(options) ? {
2281
2382
  serialize: options
2282
2383
  } : options;
2283
- var serializeFn = _options && _options.serialize;
2384
+
2385
+ // Read serializer options pollution-safely: own properties and methods on a
2386
+ // class/template prototype are honored, but values injected onto a polluted
2387
+ // Object.prototype are ignored.
2388
+ var _encode = utils$1.getSafeProp(_options, 'encode') || encode;
2389
+ var serializeFn = utils$1.getSafeProp(_options, 'serialize');
2284
2390
  var serializedParams;
2285
2391
  if (serializeFn) {
2286
2392
  serializedParams = serializeFn(params, _options);
@@ -2379,7 +2485,8 @@
2379
2485
  forcedJSONParsing: true,
2380
2486
  clarifyTimeoutError: false,
2381
2487
  legacyInterceptorReqResOrdering: true,
2382
- advertiseZstdAcceptEncoding: false
2488
+ advertiseZstdAcceptEncoding: false,
2489
+ validateStatusUndefinedResolves: true
2383
2490
  };
2384
2491
 
2385
2492
  var URLSearchParams$1 = typeof URLSearchParams !== 'undefined' ? URLSearchParams : AxiosURLSearchParams;
@@ -2459,6 +2566,13 @@
2459
2566
  }, options));
2460
2567
  }
2461
2568
 
2569
+ var MAX_DEPTH = DEFAULT_FORM_DATA_MAX_DEPTH;
2570
+ function throwIfDepthExceeded(index) {
2571
+ if (index > MAX_DEPTH) {
2572
+ throw new AxiosError('FormData field is too deeply nested (' + index + ' levels). Max depth: ' + MAX_DEPTH, AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED);
2573
+ }
2574
+ }
2575
+
2462
2576
  /**
2463
2577
  * It takes a string like `foo[x][y][z]` and returns an array like `['foo', 'x', 'y', 'z']
2464
2578
  *
@@ -2471,9 +2585,14 @@
2471
2585
  // foo.x.y.z
2472
2586
  // foo-x-y-z
2473
2587
  // foo x y z
2474
- return utils$1.matchAll(/\w+|\[(\w*)]/g, name).map(function (match) {
2475
- return match[0] === '[]' ? '' : match[1] || match[0];
2476
- });
2588
+ var path = [];
2589
+ var pattern = /\w+|\[(\w*)]/g;
2590
+ var match;
2591
+ while ((match = pattern.exec(name)) !== null) {
2592
+ throwIfDepthExceeded(path.length);
2593
+ path.push(match[0] === '[]' ? '' : match[1] || match[0]);
2594
+ }
2595
+ return path;
2477
2596
  }
2478
2597
 
2479
2598
  /**
@@ -2505,6 +2624,7 @@
2505
2624
  */
2506
2625
  function formDataToJSON(formData) {
2507
2626
  function buildPath(path, value, target, index) {
2627
+ throwIfDepthExceeded(index);
2508
2628
  var name = path[index++];
2509
2629
  if (name === '__proto__') return true;
2510
2630
  var isNumericKey = Number.isFinite(+name);
@@ -2905,7 +3025,11 @@
2905
3025
  var cookie = cookies[i].replace(/^\s+/, '');
2906
3026
  var eq = cookie.indexOf('=');
2907
3027
  if (eq !== -1 && cookie.slice(0, eq) === name) {
2908
- return decodeURIComponent(cookie.slice(eq + 1));
3028
+ try {
3029
+ return decodeURIComponent(cookie.slice(eq + 1));
3030
+ } catch (e) {
3031
+ return cookie.slice(eq + 1);
3032
+ }
2909
3033
  }
2910
3034
  }
2911
3035
  return null;
@@ -2952,6 +3076,24 @@
2952
3076
  return relativeURL ? baseURL.replace(/\/?\/$/, '') + '/' + relativeURL.replace(/^\/+/, '') : baseURL;
2953
3077
  }
2954
3078
 
3079
+ var malformedHttpProtocol = /^https?:(?!\/\/)/i;
3080
+ var httpProtocolControlCharacters = /[\t\n\r]/g;
3081
+ function stripLeadingC0ControlOrSpace(url) {
3082
+ var i = 0;
3083
+ while (i < url.length && url.charCodeAt(i) <= 0x20) {
3084
+ i++;
3085
+ }
3086
+ return url.slice(i);
3087
+ }
3088
+ function normalizeURLForProtocolCheck(url) {
3089
+ return stripLeadingC0ControlOrSpace(url).replace(httpProtocolControlCharacters, '');
3090
+ }
3091
+ function assertValidHttpProtocolURL(url, config) {
3092
+ if (typeof url === 'string' && malformedHttpProtocol.test(normalizeURLForProtocolCheck(url))) {
3093
+ throw new AxiosError('Invalid URL: missing "//" after protocol', AxiosError.ERR_INVALID_URL, config);
3094
+ }
3095
+ }
3096
+
2955
3097
  /**
2956
3098
  * Creates a new URL by combining the baseURL with the requestedURL,
2957
3099
  * only when the requestedURL is not already an absolute URL.
@@ -2962,9 +3104,11 @@
2962
3104
  *
2963
3105
  * @returns {string} The combined full path
2964
3106
  */
2965
- function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls) {
3107
+ function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls, config) {
3108
+ assertValidHttpProtocolURL(requestedURL, config);
2966
3109
  var isRelativeUrl = !isAbsoluteURL(requestedURL);
2967
3110
  if (baseURL && (isRelativeUrl || allowAbsoluteUrls === false)) {
3111
+ assertValidHttpProtocolURL(baseURL, config);
2968
3112
  return combineURLs(baseURL, requestedURL);
2969
3113
  }
2970
3114
  return requestedURL;
@@ -2985,6 +3129,7 @@
2985
3129
  */
2986
3130
  function mergeConfig(config1, config2) {
2987
3131
  // eslint-disable-next-line no-param-reassign
3132
+ config1 = config1 || {};
2988
3133
  config2 = config2 || {};
2989
3134
 
2990
3135
  // Use a null-prototype object so that downstream reads such as `config.auth`
@@ -3036,6 +3181,23 @@
3036
3181
  return getMergedValue(undefined, a);
3037
3182
  }
3038
3183
  }
3184
+ function getMergedTransitionalOption(prop) {
3185
+ var transitional2 = utils$1.hasOwnProp(config2, 'transitional') ? config2.transitional : undefined;
3186
+ if (!utils$1.isUndefined(transitional2)) {
3187
+ if (utils$1.isPlainObject(transitional2)) {
3188
+ if (utils$1.hasOwnProp(transitional2, prop)) {
3189
+ return transitional2[prop];
3190
+ }
3191
+ } else {
3192
+ return undefined;
3193
+ }
3194
+ }
3195
+ var transitional1 = utils$1.hasOwnProp(config1, 'transitional') ? config1.transitional : undefined;
3196
+ if (utils$1.isPlainObject(transitional1) && utils$1.hasOwnProp(transitional1, prop)) {
3197
+ return transitional1[prop];
3198
+ }
3199
+ return undefined;
3200
+ }
3039
3201
 
3040
3202
  // eslint-disable-next-line consistent-return
3041
3203
  function mergeDirectKeys(a, b, prop) {
@@ -3087,6 +3249,13 @@
3087
3249
  var configValue = merge(a, b, prop);
3088
3250
  utils$1.isUndefined(configValue) && merge !== mergeDirectKeys || (config[prop] = configValue);
3089
3251
  });
3252
+ if (utils$1.hasOwnProp(config2, 'validateStatus') && utils$1.isUndefined(config2.validateStatus) && getMergedTransitionalOption('validateStatusUndefinedResolves') === false) {
3253
+ if (utils$1.hasOwnProp(config1, 'validateStatus')) {
3254
+ config.validateStatus = getMergedValue(undefined, config1.validateStatus);
3255
+ } else {
3256
+ delete config.validateStatus;
3257
+ }
3258
+ }
3090
3259
  return config;
3091
3260
  }
3092
3261
 
@@ -3096,7 +3265,7 @@
3096
3265
  headers.set(formHeaders);
3097
3266
  return;
3098
3267
  }
3099
- Object.entries(formHeaders).forEach(function (_ref) {
3268
+ Object.entries(formHeaders || {}).forEach(function (_ref) {
3100
3269
  var _ref2 = _slicedToArray(_ref, 2),
3101
3270
  key = _ref2[0],
3102
3271
  val = _ref2[1];
@@ -3137,11 +3306,17 @@
3137
3306
  var allowAbsoluteUrls = own('allowAbsoluteUrls');
3138
3307
  var url = own('url');
3139
3308
  newConfig.headers = headers = AxiosHeaders.from(headers);
3140
- newConfig.url = buildURL(buildFullPath(baseURL, url, allowAbsoluteUrls), own('params'), own('paramsSerializer'));
3309
+ newConfig.url = buildURL(buildFullPath(baseURL, url, allowAbsoluteUrls, newConfig), own('params'), own('paramsSerializer'));
3141
3310
 
3142
3311
  // HTTP basic authentication
3143
3312
  if (auth) {
3144
- headers.set('Authorization', 'Basic ' + btoa((auth.username || '') + ':' + (auth.password ? encodeUTF8$1(auth.password) : '')));
3313
+ var username = utils$1.getSafeProp(auth, 'username') || '';
3314
+ var password = utils$1.getSafeProp(auth, 'password') || '';
3315
+ try {
3316
+ headers.set('Authorization', 'Basic ' + btoa(username + ':' + (password ? encodeUTF8$1(password) : '')));
3317
+ } catch (e) {
3318
+ throw AxiosError.from(e, AxiosError.ERR_BAD_OPTION_VALUE, config);
3319
+ }
3145
3320
  }
3146
3321
  if (utils$1.isFormData(data)) {
3147
3322
  if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv || utils$1.isReactNative(data)) {
@@ -3346,6 +3521,7 @@
3346
3521
  var protocol = parseProtocol(_config.url);
3347
3522
  if (protocol && !platform.protocols.includes(protocol)) {
3348
3523
  reject(new AxiosError('Unsupported protocol ' + protocol + ':', AxiosError.ERR_BAD_REQUEST, config));
3524
+ done();
3349
3525
  return;
3350
3526
  }
3351
3527
 
@@ -3385,7 +3561,9 @@
3385
3561
  signals = null;
3386
3562
  };
3387
3563
  signals.forEach(function (signal) {
3388
- return signal.addEventListener('abort', onabort);
3564
+ return signal.addEventListener('abort', onabort, {
3565
+ once: true
3566
+ });
3389
3567
  });
3390
3568
  var signal = controller.signal;
3391
3569
  signal.unsubscribe = function () {
@@ -3601,11 +3779,17 @@
3601
3779
  * Estimate decoded byte length of a data:// URL *without* allocating large buffers.
3602
3780
  * - For base64: compute exact decoded size using length and padding;
3603
3781
  * handle %XX at the character-count level (no string allocation).
3604
- * - For non-base64: use UTF-8 byteLength of the encoded body as a safe upper bound.
3782
+ * - For non-base64: compute the exact percent-decoded UTF-8 byte length.
3605
3783
  *
3606
3784
  * @param {string} url
3607
3785
  * @returns {number}
3608
3786
  */
3787
+ var isHexDigit = function isHexDigit(charCode) {
3788
+ return charCode >= 48 && charCode <= 57 || charCode >= 65 && charCode <= 70 || charCode >= 97 && charCode <= 102;
3789
+ };
3790
+ var isPercentEncodedByte = function isPercentEncodedByte(str, i, len) {
3791
+ return i + 2 < len && isHexDigit(str.charCodeAt(i + 1)) && isHexDigit(str.charCodeAt(i + 2));
3792
+ };
3609
3793
  function estimateDataURLDecodedBytes(url) {
3610
3794
  if (!url || typeof url !== 'string') return 0;
3611
3795
  if (!url.startsWith('data:')) return 0;
@@ -3622,7 +3806,7 @@
3622
3806
  if (body.charCodeAt(i) === 37 /* '%' */ && i + 2 < len) {
3623
3807
  var a = body.charCodeAt(i + 1);
3624
3808
  var b = body.charCodeAt(i + 2);
3625
- var isHex = (a >= 48 && a <= 57 || a >= 65 && a <= 70 || a >= 97 && a <= 102) && (b >= 48 && b <= 57 || b >= 65 && b <= 70 || b >= 97 && b <= 102);
3809
+ var isHex = isHexDigit(a) && isHexDigit(b);
3626
3810
  if (isHex) {
3627
3811
  effectiveLen -= 2;
3628
3812
  i += 2;
@@ -3659,18 +3843,18 @@
3659
3843
  var _bytes = groups * 3 - (pad || 0);
3660
3844
  return _bytes > 0 ? _bytes : 0;
3661
3845
  }
3662
- if (typeof Buffer !== 'undefined' && typeof Buffer.byteLength === 'function') {
3663
- return Buffer.byteLength(body, 'utf8');
3664
- }
3665
3846
 
3666
3847
  // Compute UTF-8 byte length directly from UTF-16 code units without allocating
3667
3848
  // a byte buffer (TextEncoder.encode would defeat the DoS guard on large bodies).
3668
- // Using body.length here would undercount non-ASCII (e.g. '€' is 1 code unit
3669
- // but 3 UTF-8 bytes).
3849
+ // Valid %XX triplets count as one decoded byte; this matches the bytes that
3850
+ // decodeURIComponent(body) would produce before Buffer re-encodes the string.
3670
3851
  var bytes = 0;
3671
3852
  for (var _i = 0, _len = body.length; _i < _len; _i++) {
3672
3853
  var c = body.charCodeAt(_i);
3673
- if (c < 0x80) {
3854
+ if (c === 37 /* '%' */ && isPercentEncodedByte(body, _i, _len)) {
3855
+ bytes += 1;
3856
+ _i += 2;
3857
+ } else if (c < 0x80) {
3674
3858
  bytes += 1;
3675
3859
  } else if (c < 0x800) {
3676
3860
  bytes += 2;
@@ -3689,7 +3873,7 @@
3689
3873
  return bytes;
3690
3874
  }
3691
3875
 
3692
- var VERSION = "1.17.0";
3876
+ var VERSION = "1.18.1";
3693
3877
 
3694
3878
  var DEFAULT_CHUNK_SIZE = 64 * 1024;
3695
3879
  var isFunction = utils$1.isFunction;
@@ -3893,7 +4077,7 @@
3893
4077
  }();
3894
4078
  return /*#__PURE__*/function () {
3895
4079
  var _ref4 = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee4(config) {
3896
- var _resolveConfig, url, method, data, signal, cancelToken, timeout, onDownloadProgress, onUploadProgress, responseType, headers, _resolveConfig$withCr, withCredentials, fetchOptions, maxContentLength, maxBodyLength, hasMaxContentLength, hasMaxBodyLength, own, _fetch, composedSignal, request, unsubscribe, requestContentLength, auth, configAuth, username, password, parsedURL, urlUsername, urlPassword, estimated, outboundLength, _request, contentTypeHeader, _progressEventDecorat, _progressEventDecorat2, onProgress, flush, isCredentialsSupported, contentType, resolvedOptions, response, declaredLength, isStreamResponse, options, responseContentLength, _ref5, _ref6, _onProgress, _flush, bytesRead, onChunkProgress, responseData, materializedSize, canceledError, _t3, _t4, _t5;
4080
+ var _resolveConfig, url, method, data, signal, cancelToken, timeout, onDownloadProgress, onUploadProgress, responseType, headers, _resolveConfig$withCr, withCredentials, fetchOptions, maxContentLength, maxBodyLength, hasMaxContentLength, hasMaxBodyLength, own, _fetch, composedSignal, request, unsubscribe, requestContentLength, pendingBodyError, maxBodyLengthError, auth, configAuth, username, password, parsedURL, urlUsername, urlPassword, estimated, outboundLength, mustEnforceStreamBody, trackRequestStream, _request, contentTypeHeader, _ref5, _ref6, onProgress, flush, isCredentialsSupported, contentType, resolvedOptions, response, responseHeaders, declaredLength, isStreamResponse, options, responseContentLength, _ref7, _ref8, _onProgress, _flush, bytesRead, onChunkProgress, responseData, materializedSize, canceledError, networkError, _t3, _t4;
3897
4081
  return _regenerator().w(function (_context4) {
3898
4082
  while (1) switch (_context4.p = _context4.n) {
3899
4083
  case 0:
@@ -3910,13 +4094,21 @@
3910
4094
  unsubscribe = composedSignal && composedSignal.unsubscribe && function () {
3911
4095
  composedSignal.unsubscribe();
3912
4096
  };
4097
+ // AxiosError we raise while the request body is being streamed. Captured
4098
+ // by identity so the catch block can surface it directly, regardless of
4099
+ // how the runtime wraps the resulting fetch rejection (undici exposes it
4100
+ // as `err.cause`; some browsers drop the original error entirely).
4101
+ pendingBodyError = null;
4102
+ maxBodyLengthError = function maxBodyLengthError() {
4103
+ return new AxiosError('Request body larger than maxBodyLength limit', AxiosError.ERR_BAD_REQUEST, config, request);
4104
+ };
3913
4105
  _context4.p = 1;
3914
4106
  // HTTP basic authentication
3915
4107
  auth = undefined;
3916
4108
  configAuth = own('auth');
3917
4109
  if (configAuth) {
3918
- username = configAuth.username || '';
3919
- password = configAuth.password || '';
4110
+ username = utils$1.getSafeProp(configAuth, 'username') || '';
4111
+ password = utils$1.getSafeProp(configAuth, 'password') || '';
3920
4112
  auth = {
3921
4113
  username: username,
3922
4114
  password: password
@@ -3962,43 +4154,82 @@
3962
4154
  break;
3963
4155
  }
3964
4156
  _context4.n = 3;
3965
- return resolveBodyLength(headers, data);
4157
+ return getBodyLength(data);
3966
4158
  case 3:
3967
4159
  outboundLength = _context4.v;
3968
- if (!(typeof outboundLength === 'number' && isFinite(outboundLength) && outboundLength > maxBodyLength)) {
4160
+ if (!(typeof outboundLength === 'number' && isFinite(outboundLength))) {
4161
+ _context4.n = 4;
4162
+ break;
4163
+ }
4164
+ requestContentLength = outboundLength;
4165
+ if (!(outboundLength > maxBodyLength)) {
3969
4166
  _context4.n = 4;
3970
4167
  break;
3971
4168
  }
3972
- throw new AxiosError('Request body larger than maxBodyLength limit', AxiosError.ERR_BAD_REQUEST, config, request);
4169
+ throw maxBodyLengthError();
3973
4170
  case 4:
3974
- _t3 = onUploadProgress && supportsRequestStream && method !== 'get' && method !== 'head';
3975
- if (!_t3) {
4171
+ // A streamed body under maxBodyLength must be counted as fetch consumes
4172
+ // it; its size is never trusted from a caller-declared Content-Length.
4173
+ mustEnforceStreamBody = hasMaxBodyLength && (utils$1.isReadableStream(data) || utils$1.isStream(data));
4174
+ trackRequestStream = function trackRequestStream(stream, onProgress, flush) {
4175
+ return trackStream(stream, DEFAULT_CHUNK_SIZE, function (loadedBytes) {
4176
+ if (hasMaxBodyLength && loadedBytes > maxBodyLength) {
4177
+ throw pendingBodyError = maxBodyLengthError();
4178
+ }
4179
+ onProgress && onProgress(loadedBytes);
4180
+ }, flush);
4181
+ };
4182
+ if (!(supportsRequestStream && method !== 'get' && method !== 'head' && (onUploadProgress || mustEnforceStreamBody))) {
4183
+ _context4.n = 8;
4184
+ break;
4185
+ }
4186
+ if (!(requestContentLength == null)) {
3976
4187
  _context4.n = 6;
3977
4188
  break;
3978
4189
  }
3979
4190
  _context4.n = 5;
3980
4191
  return resolveBodyLength(headers, data);
3981
4192
  case 5:
3982
- _t4 = requestContentLength = _context4.v;
3983
- _t3 = _t4 !== 0;
4193
+ _t3 = _context4.v;
4194
+ _context4.n = 7;
4195
+ break;
3984
4196
  case 6:
3985
- if (!_t3) {
3986
- _context4.n = 7;
3987
- break;
4197
+ _t3 = requestContentLength;
4198
+ case 7:
4199
+ requestContentLength = _t3;
4200
+ // A declared length of 0 is only trusted to skip the wrap when we are
4201
+ // not enforcing a stream limit (which must not rely on that header).
4202
+ if (requestContentLength !== 0 || mustEnforceStreamBody) {
4203
+ _request = new Request(url, {
4204
+ method: 'POST',
4205
+ body: data,
4206
+ duplex: 'half'
4207
+ });
4208
+ if (utils$1.isFormData(data) && (contentTypeHeader = _request.headers.get('content-type'))) {
4209
+ headers.setContentType(contentTypeHeader);
4210
+ }
4211
+ if (_request.body) {
4212
+ _ref5 = onUploadProgress && progressEventDecorator(requestContentLength, progressEventReducer(asyncDecorator(onUploadProgress))) || [], _ref6 = _slicedToArray(_ref5, 2), onProgress = _ref6[0], flush = _ref6[1];
4213
+ data = trackRequestStream(_request.body, onProgress, flush);
4214
+ }
3988
4215
  }
3989
- _request = new Request(url, {
3990
- method: 'POST',
3991
- body: data,
3992
- duplex: 'half'
3993
- });
3994
- if (utils$1.isFormData(data) && (contentTypeHeader = _request.headers.get('content-type'))) {
3995
- headers.setContentType(contentTypeHeader);
4216
+ _context4.n = 10;
4217
+ break;
4218
+ case 8:
4219
+ if (!(mustEnforceStreamBody && !isRequestSupported && isReadableStreamSupported && method !== 'get' && method !== 'head')) {
4220
+ _context4.n = 9;
4221
+ break;
3996
4222
  }
3997
- if (_request.body) {
3998
- _progressEventDecorat = progressEventDecorator(requestContentLength, progressEventReducer(asyncDecorator(onUploadProgress))), _progressEventDecorat2 = _slicedToArray(_progressEventDecorat, 2), onProgress = _progressEventDecorat2[0], flush = _progressEventDecorat2[1];
3999
- data = trackStream(_request.body, DEFAULT_CHUNK_SIZE, onProgress, flush);
4223
+ data = trackRequestStream(data);
4224
+ _context4.n = 10;
4225
+ break;
4226
+ case 9:
4227
+ if (!(mustEnforceStreamBody && isRequestSupported && !supportsRequestStream && method !== 'get' && method !== 'head')) {
4228
+ _context4.n = 10;
4229
+ break;
4000
4230
  }
4001
- case 7:
4231
+ throw new AxiosError('Stream request bodies are not supported by the current fetch implementation', AxiosError.ERR_NOT_SUPPORT, config, request);
4232
+ case 10:
4002
4233
  if (!utils$1.isString(withCredentials)) {
4003
4234
  withCredentials = withCredentials ? 'include' : 'omit';
4004
4235
  }
@@ -4025,29 +4256,31 @@
4025
4256
  credentials: isCredentialsSupported ? withCredentials : undefined
4026
4257
  });
4027
4258
  request = isRequestSupported && new Request(url, resolvedOptions);
4028
- _context4.n = 8;
4259
+ _context4.n = 11;
4029
4260
  return isRequestSupported ? _fetch(request, fetchOptions) : _fetch(url, resolvedOptions);
4030
- case 8:
4261
+ case 11:
4031
4262
  response = _context4.v;
4263
+ responseHeaders = AxiosHeaders.from(response.headers); // Cheap pre-check: if the server honestly declares a content-length that
4264
+ // already exceeds the cap, reject before we start streaming.
4032
4265
  if (!hasMaxContentLength) {
4033
- _context4.n = 9;
4266
+ _context4.n = 12;
4034
4267
  break;
4035
4268
  }
4036
- declaredLength = utils$1.toFiniteNumber(response.headers.get('content-length'));
4269
+ declaredLength = utils$1.toFiniteNumber(responseHeaders.getContentLength());
4037
4270
  if (!(declaredLength != null && declaredLength > maxContentLength)) {
4038
- _context4.n = 9;
4271
+ _context4.n = 12;
4039
4272
  break;
4040
4273
  }
4041
4274
  throw new AxiosError('maxContentLength size of ' + maxContentLength + ' exceeded', AxiosError.ERR_BAD_RESPONSE, config, request);
4042
- case 9:
4275
+ case 12:
4043
4276
  isStreamResponse = supportsResponseStream && (responseType === 'stream' || responseType === 'response');
4044
4277
  if (supportsResponseStream && response.body && (onDownloadProgress || hasMaxContentLength || isStreamResponse && unsubscribe)) {
4045
4278
  options = {};
4046
4279
  ['status', 'statusText', 'headers'].forEach(function (prop) {
4047
4280
  options[prop] = response[prop];
4048
4281
  });
4049
- responseContentLength = utils$1.toFiniteNumber(response.headers.get('content-length'));
4050
- _ref5 = onDownloadProgress && progressEventDecorator(responseContentLength, progressEventReducer(asyncDecorator(onDownloadProgress), true)) || [], _ref6 = _slicedToArray(_ref5, 2), _onProgress = _ref6[0], _flush = _ref6[1];
4282
+ responseContentLength = utils$1.toFiniteNumber(responseHeaders.getContentLength());
4283
+ _ref7 = onDownloadProgress && progressEventDecorator(responseContentLength, progressEventReducer(asyncDecorator(onDownloadProgress), true)) || [], _ref8 = _slicedToArray(_ref7, 2), _onProgress = _ref8[0], _flush = _ref8[1];
4051
4284
  bytesRead = 0;
4052
4285
  onChunkProgress = function onChunkProgress(loadedBytes) {
4053
4286
  if (hasMaxContentLength) {
@@ -4064,12 +4297,12 @@
4064
4297
  }), options);
4065
4298
  }
4066
4299
  responseType = responseType || 'text';
4067
- _context4.n = 10;
4300
+ _context4.n = 13;
4068
4301
  return resolvers[utils$1.findKey(resolvers, responseType) || 'text'](response, config);
4069
- case 10:
4302
+ case 13:
4070
4303
  responseData = _context4.v;
4071
4304
  if (!(hasMaxContentLength && !supportsResponseStream && !isStreamResponse)) {
4072
- _context4.n = 11;
4305
+ _context4.n = 14;
4073
4306
  break;
4074
4307
  }
4075
4308
  if (responseData != null) {
@@ -4082,13 +4315,13 @@
4082
4315
  }
4083
4316
  }
4084
4317
  if (!(typeof materializedSize === 'number' && materializedSize > maxContentLength)) {
4085
- _context4.n = 11;
4318
+ _context4.n = 14;
4086
4319
  break;
4087
4320
  }
4088
4321
  throw new AxiosError('maxContentLength size of ' + maxContentLength + ' exceeded', AxiosError.ERR_BAD_RESPONSE, config, request);
4089
- case 11:
4322
+ case 14:
4090
4323
  !isStreamResponse && unsubscribe && unsubscribe();
4091
- _context4.n = 12;
4324
+ _context4.n = 15;
4092
4325
  return new Promise(function (resolve, reject) {
4093
4326
  settle(resolve, reject, {
4094
4327
  data: responseData,
@@ -4099,39 +4332,70 @@
4099
4332
  request: request
4100
4333
  });
4101
4334
  });
4102
- case 12:
4335
+ case 15:
4103
4336
  return _context4.a(2, _context4.v);
4104
- case 13:
4105
- _context4.p = 13;
4106
- _t5 = _context4.v;
4337
+ case 16:
4338
+ _context4.p = 16;
4339
+ _t4 = _context4.v;
4107
4340
  unsubscribe && unsubscribe();
4108
4341
 
4109
4342
  // Safari can surface fetch aborts as a DOMException-like object whose
4110
4343
  // branded getters throw. Prefer our composed signal reason before reading
4111
4344
  // the caught error, preserving timeout vs cancellation semantics.
4112
4345
  if (!(composedSignal && composedSignal.aborted && composedSignal.reason instanceof AxiosError)) {
4113
- _context4.n = 14;
4346
+ _context4.n = 17;
4114
4347
  break;
4115
4348
  }
4116
4349
  canceledError = composedSignal.reason;
4117
4350
  canceledError.config = config;
4118
4351
  request && (canceledError.request = request);
4119
- _t5 !== canceledError && (canceledError.cause = _t5);
4352
+ if (_t4 !== canceledError) {
4353
+ // Non-enumerable to match native Error `cause` semantics so loggers
4354
+ // don't recurse into circular fetch internals (see #7205).
4355
+ Object.defineProperty(canceledError, 'cause', {
4356
+ __proto__: null,
4357
+ value: _t4,
4358
+ writable: true,
4359
+ enumerable: false,
4360
+ configurable: true
4361
+ });
4362
+ }
4120
4363
  throw canceledError;
4121
- case 14:
4122
- if (!(_t5 && _t5.name === 'TypeError' && /Load failed|fetch/i.test(_t5.message))) {
4123
- _context4.n = 15;
4364
+ case 17:
4365
+ if (!pendingBodyError) {
4366
+ _context4.n = 18;
4367
+ break;
4368
+ }
4369
+ request && !pendingBodyError.request && (pendingBodyError.request = request);
4370
+ throw pendingBodyError;
4371
+ case 18:
4372
+ if (!(_t4 instanceof AxiosError)) {
4373
+ _context4.n = 19;
4124
4374
  break;
4125
4375
  }
4126
- throw Object.assign(new AxiosError('Network Error', AxiosError.ERR_NETWORK, config, request, _t5 && _t5.response), {
4127
- cause: _t5.cause || _t5
4376
+ request && !_t4.request && (_t4.request = request);
4377
+ throw _t4;
4378
+ case 19:
4379
+ if (!(_t4 && _t4.name === 'TypeError' && /Load failed|fetch/i.test(_t4.message))) {
4380
+ _context4.n = 20;
4381
+ break;
4382
+ }
4383
+ networkError = new AxiosError('Network Error', AxiosError.ERR_NETWORK, config, request, _t4 && _t4.response); // Non-enumerable to match native Error `cause` semantics so loggers
4384
+ // don't recurse into circular fetch internals (see #7205).
4385
+ Object.defineProperty(networkError, 'cause', {
4386
+ __proto__: null,
4387
+ value: _t4.cause || _t4,
4388
+ writable: true,
4389
+ enumerable: false,
4390
+ configurable: true
4128
4391
  });
4129
- case 15:
4130
- throw AxiosError.from(_t5, _t5 && _t5.code, config, request, _t5 && _t5.response);
4131
- case 16:
4392
+ throw networkError;
4393
+ case 20:
4394
+ throw AxiosError.from(_t4, _t4 && _t4.code, config, request, _t4 && _t4.response);
4395
+ case 21:
4132
4396
  return _context4.a(2);
4133
4397
  }
4134
- }, _callee4, null, [[1, 13]]);
4398
+ }, _callee4, null, [[1, 16]]);
4135
4399
  }));
4136
4400
  return function (_x5) {
4137
4401
  return _ref4.apply(this, arguments);
@@ -4257,7 +4521,7 @@
4257
4521
  return "adapter ".concat(id, " ") + (state === false ? 'is not supported by the environment' : 'is not available in the build');
4258
4522
  });
4259
4523
  var s = length ? reasons.length > 1 ? 'since :\n' + reasons.map(renderReason).join('\n') : ' ' + renderReason(reasons[0]) : 'as no adapter specified';
4260
- throw new AxiosError("There is no suitable adapter to dispatch the request " + s, 'ERR_NOT_SUPPORT');
4524
+ throw new AxiosError("There is no suitable adapter to dispatch the request " + s, AxiosError.ERR_NOT_SUPPORT);
4261
4525
  }
4262
4526
  return adapter;
4263
4527
  }
@@ -4400,7 +4664,7 @@
4400
4664
  */
4401
4665
 
4402
4666
  function assertOptions(options, schema, allowUnknown) {
4403
- if (_typeof(options) !== 'object') {
4667
+ if (_typeof(options) !== 'object' || options === null) {
4404
4668
  throw new AxiosError('options must be an object', AxiosError.ERR_BAD_OPTION_VALUE);
4405
4669
  }
4406
4670
  var keys = Object.keys(options);
@@ -4532,7 +4796,8 @@
4532
4796
  forcedJSONParsing: validators.transitional(validators["boolean"]),
4533
4797
  clarifyTimeoutError: validators.transitional(validators["boolean"]),
4534
4798
  legacyInterceptorReqResOrdering: validators.transitional(validators["boolean"]),
4535
- advertiseZstdAcceptEncoding: validators.transitional(validators["boolean"])
4799
+ advertiseZstdAcceptEncoding: validators.transitional(validators["boolean"]),
4800
+ validateStatusUndefinedResolves: validators.transitional(validators["boolean"])
4536
4801
  }, false);
4537
4802
  }
4538
4803
  if (paramsSerializer != null) {
@@ -4631,7 +4896,7 @@
4631
4896
  key: "getUri",
4632
4897
  value: function getUri(config) {
4633
4898
  config = mergeConfig(this.defaults, config);
4634
- var fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls);
4899
+ var fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls, config);
4635
4900
  return buildURL(fullPath, config.params, config.paramsSerializer);
4636
4901
  }
4637
4902
  }]);
@@ -4642,7 +4907,7 @@
4642
4907
  return this.request(mergeConfig(config || {}, {
4643
4908
  method: method,
4644
4909
  url: url,
4645
- data: (config || {}).data
4910
+ data: config && utils$1.hasOwnProp(config, 'data') ? config.data : undefined
4646
4911
  }));
4647
4912
  };
4648
4913
  });