npm - axios - Versions diffs - 1.5.1 → 1.6.0 - Mend

axios 1.5.1 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of axios might be problematic. Click here for more details.

Files changed (20) hide show

package/CHANGELOG.md +162 -0
package/README.md +256 -1
package/dist/axios.js +4 -3
package/dist/axios.js.map +1 -1
package/dist/axios.min.js +1 -1
package/dist/axios.min.js.map +1 -1
package/dist/browser/axios.cjs +4 -4
package/dist/browser/axios.cjs.map +1 -1
package/dist/esm/axios.js +4 -4
package/dist/esm/axios.js.map +1 -1
package/dist/esm/axios.min.js +1 -1
package/dist/esm/axios.min.js.map +1 -1
package/dist/node/axios.cjs +27 -14
package/dist/node/axios.cjs.map +1 -1
package/index.d.cts +18 -7
package/index.d.ts +19 -8
package/lib/adapters/http.js +23 -10
package/lib/adapters/xhr.js +2 -2
package/lib/env/data.js +1 -1
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,27 @@
 # Changelog
+# [1.6.0](https://github.com/axios/axios/compare/v1.5.1...v1.6.0) (2023-10-26)
+### Bug Fixes
+* **CSRF:** fixed CSRF vulnerability CVE-2023-45857 ([#6028](https://github.com/axios/axios/issues/6028)) ([96ee232](https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0))
+* **dns:** fixed lookup function decorator to work properly in node v20; ([#6011](https://github.com/axios/axios/issues/6011)) ([5aaff53](https://github.com/axios/axios/commit/5aaff532a6b820bb9ab6a8cd0f77131b47e2adb8))
+* **types:** fix AxiosHeaders types; ([#5931](https://github.com/axios/axios/issues/5931)) ([a1c8ad0](https://github.com/axios/axios/commit/a1c8ad008b3c13d53e135bbd0862587fb9d3fc09))
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+### Contributors to this release
+- <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+449/-114 (#6032 #6021 #6011 #5932 #5931 )")
+- <img src="https://avatars.githubusercontent.com/u/63700910?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Valentin Panov](https://github.com/valentin-panov "+4/-4 (#6028 )")
+- <img src="https://avatars.githubusercontent.com/u/76877078?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Rinku Chaudhari](https://github.com/therealrinku "+1/-1 (#5889 )")
 ## [1.5.1](https://github.com/axios/axios/compare/v1.5.0...v1.5.1) (2023-09-26)
@@ -19,6 +41,13 @@
 - <img src="https://avatars.githubusercontent.com/u/132928043?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Przemyslaw Motacki](https://github.com/sfc-gh-pmotacki "+2/-1 (#5892 )")
 - <img src="https://avatars.githubusercontent.com/u/5492927?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Michael Di Prisco](https://github.com/Cadienvan "+1/-1 ()")
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 # [1.5.0](https://github.com/axios/axios/compare/v1.4.0...v1.5.0) (2023-08-26)
@@ -42,6 +71,13 @@
 - <img src="https://avatars.githubusercontent.com/u/65978976?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Jonathan Budiman](https://github.com/JBudiman00 "+30/-0 (#5788 )")
 - <img src="https://avatars.githubusercontent.com/u/5492927?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Michael Di Prisco](https://github.com/Cadienvan "+3/-5 (#5791 )")
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 # [1.4.0](https://github.com/axios/axios/compare/v1.3.6...v1.4.0) (2023-04-27)
@@ -67,6 +103,13 @@
 - <img src="https://avatars.githubusercontent.com/u/47537704?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Arthur Fiorette](https://github.com/arthurfiorette "+19/-19 (#5525 )")
 - <img src="https://avatars.githubusercontent.com/u/43876655?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [PIYUSH NEGI](https://github.com/npiyush97 "+2/-18 (#5670 )")
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.3.6](https://github.com/axios/axios/compare/v1.3.5...v1.3.6) (2023-04-19)
@@ -80,6 +123,13 @@
 - <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+48/-10 (#5665 #5661 #5663 )")
 - <img src="https://avatars.githubusercontent.com/u/5492927?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Michael Di Prisco](https://github.com/Cadienvan "+2/-0 (#5445 )")
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.3.5](https://github.com/axios/axios/compare/v1.3.4...v1.3.5) (2023-04-05)
@@ -92,6 +142,13 @@
 - <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+28/-10 (#5633 #5584 )")
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.3.4](https://github.com/axios/axios/compare/v1.3.3...v1.3.4) (2023-02-22)
@@ -106,6 +163,13 @@
 - <img src="https://avatars.githubusercontent.com/u/19550000?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [lcysgsg](https://github.com/lcysgsg "+4/-0 (#5548 )")
 - <img src="https://avatars.githubusercontent.com/u/5492927?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Michael Di Prisco](https://github.com/Cadienvan "+3/-0 (#5444 )")
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.3.3](https://github.com/axios/axios/compare/v1.3.2...v1.3.3) (2023-02-13)
@@ -120,6 +184,13 @@
 - <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+11/-7 (#5545 #5535 #5542 )")
 - <img src="https://avatars.githubusercontent.com/u/19842213?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [陈若枫](https://github.com/ruofee "+2/-2 (#5467 )")
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.3.2](https://github.com/axios/axios/compare/v1.3.1...v1.3.2) (2023-02-03)
@@ -132,6 +203,13 @@
 - <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+2/-1 (#5530 #5528 )")
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.3.1](https://github.com/axios/axios/compare/v1.3.0...v1.3.1) (2023-02-01)
@@ -144,6 +222,13 @@
 - <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+27/-8 (#5521 #5518 )")
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 # [1.3.0](https://github.com/axios/axios/compare/v1.2.6...v1.3.0) (2023-01-31)
@@ -162,6 +247,13 @@
 - <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+352/-67 (#5514 #5512 #5510 #5509 #5508 #5316 #5507 )")
 - <img src="https://avatars.githubusercontent.com/u/35015993?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [ItsNotGoodName](https://github.com/ItsNotGoodName "+43/-2 (#5497 )")
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.2.6](https://github.com/axios/axios/compare/v1.2.5...v1.2.6) (2023-01-28)
@@ -174,6 +266,13 @@
 - ![avatar](https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;16) [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+24/-9 (#5503 #5502 )")
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.2.5](https://github.com/axios/axios/compare/v1.2.4...v1.2.5) (2023-01-26)
@@ -186,6 +285,13 @@
 - ![avatar](https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;16) [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+82/-54 (#5499 )")
 - ![avatar](https://avatars.githubusercontent.com/u/20516159?v&#x3D;4&amp;s&#x3D;16) [Elliot Ford](https://github.com/EFord36 "+1/-1 (#5462 )")
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.2.4](https://github.com/axios/axios/compare/v1.2.3...v1.2.4) (2023-01-22)
@@ -199,6 +305,13 @@
 - ![avatar](https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;16) [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+242/-108 (#5486 #5482 )")
 - ![avatar](https://avatars.githubusercontent.com/u/9430821?v&#x3D;4&amp;s&#x3D;16) [Daniel Hillmann](https://github.com/hilleer "+1/-1 (#5478 )")
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.2.3](https://github.com/axios/axios/compare/1.2.2...1.2.3) (2023-01-10)
@@ -210,6 +323,13 @@
 - ![avatar](https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;16) [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+938/-442 (#5456 #5455 #5453 #5451 #5449 #5447 #5446 #5443 #5442 #5439 #5420 )")
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.2.2] - 2022-12-29
 ### Fixed
@@ -264,6 +384,13 @@
 - [Ivan Barsukov](https://github.com/ovarn)
 - [Arthur Fiorette](https://github.com/arthurfiorette)
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.2.0] - 2022-11-10
 ### Changed
@@ -330,6 +457,13 @@
 - [AZM](https://github.com/aziyatali)
 - [relbns](https://github.com/relbns)
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.1.3] - 2022-10-15
 ### Added
@@ -364,6 +498,13 @@
 - [littledian](https://github.com/littledian)
 - [ChronosMasterOfAllTime](https://github.com/ChronosMasterOfAllTime)
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.1.2] - 2022-10-07
 ### Fixed
@@ -374,6 +515,13 @@
 - [Jason Saayman](https://github.com/jasonsaayman)
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.1.1] - 2022-10-07
 ### Fixed
@@ -384,6 +532,13 @@
 - [Jason Saayman](https://github.com/jasonsaayman)
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.1.0] - 2022-10-06
 ### Fixed
@@ -403,6 +558,13 @@
 - [Ivan Pepelko](https://github.com/ivanpepelko)
 - [Richard Kořínek](https://github.com/risa)
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
 ## [1.0.0] - 2022-10-04
 ### Added

package/README.md CHANGED Viewed

@@ -66,6 +66,7 @@
   - [HTML Form Posting](#-html-form-posting-browser)
   - [🆕 Progress capturing](#-progress-capturing)
   - [🆕 Rate limiting](#-progress-capturing)
+  - [🆕 AxiosHeaders](#-axiosheaders)
   - [Semver](#semver)
   - [Promises](#promises)
   - [TypeScript](#typescript)
@@ -1270,7 +1271,7 @@ const {data} = await axios.post(SERVER_URL, readableStream, {
 ````
 > **Note:**
-> Capturing FormData upload progress is currently not currently supported in node.js environments.
+> Capturing FormData upload progress is not currently supported in node.js environments.
 > **⚠️ Warning**
 > It is recommended to disable redirects by setting maxRedirects: 0 to upload the stream in the **node.js** environment,
@@ -1291,6 +1292,260 @@ const {data} = await axios.post(LOCAL_SERVER_URL, myBuffer, {
 });
 ```
+## 🆕 AxiosHeaders
+Axios has its own `AxiosHeaders` class to manipulate headers using a Map-like API that guarantees caseless work.
+Although HTTP is case-insensitive in headers, Axios will retain the case of the original header for stylistic reasons
+and for a workaround when servers mistakenly consider the header's case.
+The old approach of directly manipulating headers object is still available, but deprecated and not recommended for future usage.
+### Working with headers
+An AxiosHeaders object instance can contain different types of internal values. that control setting and merging logic.
+The final headers object with string values is obtained by Axios by calling the `toJSON` method.
+> Note: By JSON here we mean an object consisting only of string values intended to be sent over the network.
+The header value can be one of the following types:
+- `string` - normal string value that will be sent to the server
+- `null` - skip header when rendering to JSON
+- `false` - skip header when rendering to JSON, additionally indicates that `set` method must be called with `rewrite` option set to `true`
+  to overwrite this value (Axios uses this internally to allow users to opt out of installing certain headers like `User-Agent` or `Content-Type`)
+- `undefined` - value is not set
+> Note: The header value is considered set if it is not equal to undefined.
+The headers object is always initialized inside interceptors and transformers:
+```ts
+  axios.interceptors.request.use((request: InternalAxiosRequestConfig) => {
+      request.headers.set('My-header', 'value');
+      request.headers.set({
+        "My-set-header1": "my-set-value1",
+        "My-set-header2": "my-set-value2"
+      });
+      request.headers.set('User-Agent', false); // disable subsequent setting the header by Axios
+      request.headers.setContentType('text/plain');
+      request.headers['My-set-header2'] = 'newValue' // direct access is deprecated
+      return request;
+    }
+  );
+````
+You can iterate over an `AxiosHeaders` instance using a `for...of` statement:
+````js
+const headers = new AxiosHeaders({
+  foo: '1',
+  bar: '2',
+  baz: '3'
+});
+for(const [header, value] of headers) {
+  console.log(header, value);
+}
+// foo 1
+// bar 2
+// baz 3
+````
+### new AxiosHeaders(headers?)
+Constructs a new `AxiosHeaders` instance.
+```
+constructor(headers?: RawAxiosHeaders | AxiosHeaders | string);
+```
+If the headers object is a string, it will be parsed as RAW HTTP headers.
+````js
+const headers = new AxiosHeaders(`
+Host: www.bing.com
+User-Agent: curl/7.54.0
+Accept: */*`);
+console.log(headers);
+// Object [AxiosHeaders] {
+//   host: 'www.bing.com',
+//   'user-agent': 'curl/7.54.0',
+//   accept: '*/*'
+// }
+````
+### AxiosHeaders#set
+```ts
+set(headerName, value: Axios, rewrite?: boolean);
+set(headerName, value, rewrite?: (this: AxiosHeaders, value: string, name: string, headers: RawAxiosHeaders) => boolean);
+set(headers?: RawAxiosHeaders | AxiosHeaders | string, rewrite?: boolean);
+```
+The `rewrite` argument controls the overwriting behavior:
+- `false` - do not overwrite if header's value is set (is not `undefined`)
+- `undefined` (default) - overwrite the header unless its value is set to `false`
+- `true` - rewrite anyway
+The option can also accept a user-defined function that determines whether the value should be overwritten or not.
+Returns `this`.
+### AxiosHeaders#get(header)
+```
+  get(headerName: string, matcher?: true | AxiosHeaderMatcher): AxiosHeaderValue;
+  get(headerName: string, parser: RegExp): RegExpExecArray | null;
+````
+Returns the internal value of the header. It can take an extra argument to parse the header's value with `RegExp.exec`,
+matcher function or internal key-value parser.
+```ts
+const headers = new AxiosHeaders({
+  'Content-Type': 'multipart/form-data; boundary=Asrf456BGe4h'
+});
+console.log(headers.get('Content-Type'));
+// multipart/form-data; boundary=Asrf456BGe4h
+console.log(headers.get('Content-Type', true)); // parse key-value pairs from a string separated with \s,;= delimiters:
+// [Object: null prototype] {
+//   'multipart/form-data': undefined,
+//    boundary: 'Asrf456BGe4h'
+// }
+console.log(headers.get('Content-Type', (value, name, headers) => {
+  return String(value).replace(/a/g, 'ZZZ');
+}));
+// multipZZZrt/form-dZZZtZZZ; boundZZZry=Asrf456BGe4h
+console.log(headers.get('Content-Type', /boundary=(\w+)/)?.[0]);
+// boundary=Asrf456BGe4h
+```
+Returns the value of the header.
+### AxiosHeaders#has(header, matcher?)
+```
+has(header: string, matcher?: AxiosHeaderMatcher): boolean;
+```
+Returns `true` if the header is set (has no `undefined` value).
+### AxiosHeaders#delete(header, matcher?)
+```
+delete(header: string | string[], matcher?: AxiosHeaderMatcher): boolean;
+```
+Returns `true` if at least one header has been removed.
+### AxiosHeaders#clear(matcher?)
+```
+clear(matcher?: AxiosHeaderMatcher): boolean;
+```
+Removes all headers.
+Unlike the `delete` method matcher, this optional matcher will be used to match against the header name rather than the value.
+```ts
+const headers = new AxiosHeaders({
+  'foo': '1',
+  'x-foo': '2',
+  'x-bar': '3',
+});
+console.log(headers.clear(/^x-/)); // true
+console.log(headers.toJSON()); // [Object: null prototype] { foo: '1' }
+```
+Returns `true` if at least one header has been cleared.
+### AxiosHeaders#normalize(format);
+If the headers object was changed directly, it can have duplicates with the same name but in different cases.
+This method normalizes the headers object by combining duplicate keys into one.
+Axios uses this method internally after calling each interceptor.
+Set `format` to true for converting headers name to lowercase and capitalize the initial letters (`cOntEnt-type` => `Content-Type`)
+```js
+const headers = new AxiosHeaders({
+  'foo': '1',
+});
+headers.Foo = '2';
+headers.FOO = '3';
+console.log(headers.toJSON()); // [Object: null prototype] { foo: '1', Foo: '2', FOO: '3' }
+console.log(headers.normalize().toJSON()); // [Object: null prototype] { foo: '3' }
+console.log(headers.normalize(true).toJSON()); // [Object: null prototype] { Foo: '3' }
+```
+Returns `this`.
+### AxiosHeaders#concat(...targets)
+```
+concat(...targets: Array<AxiosHeaders | RawAxiosHeaders | string | undefined | null>): AxiosHeaders;
+```
+Merges the instance with targets into a new `AxiosHeaders` instance. If the target is a string, it will be parsed as RAW HTTP headers.
+Returns a new `AxiosHeaders` instance.
+### AxiosHeaders#toJSON(asStrings?)
+````
+toJSON(asStrings?: boolean): RawAxiosHeaders;
+````
+Resolve all internal headers values into a new null prototype object.
+Set `asStrings` to true to resolve arrays as a string containing all elements, separated by commas.
+### AxiosHeaders.from(thing?)
+````
+from(thing?: AxiosHeaders | RawAxiosHeaders | string): AxiosHeaders;
+````
+Returns a new `AxiosHeaders` instance created from the raw headers passed in,
+or simply returns the given headers object if it's an `AxiosHeaders` instance.
+### AxiosHeaders.concat(...targets)
+````
+concat(...targets: Array<AxiosHeaders | RawAxiosHeaders | string | undefined | null>): AxiosHeaders;
+````
+Returns a new `AxiosHeaders` instance created by merging the target objects.
+### Shortcuts
+The following shortcuts are available:
+- `setContentType`, `getContentType`, `hasContentType`
+- `setContentLength`, `getContentLength`, `hasContentLength`
+- `setAccept`, `getAccept`, `hasAccept`
+- `setUserAgent`, `getUserAgent`, `hasUserAgent`
+- `setContentEncoding`, `getContentEncoding`, `hasContentEncoding`
 ## Semver
 Until axios reaches a `1.0` release, breaking changes will be released with a new minor version. For example `0.5.1`, and `0.5.4` will have the same API, but `0.6.0` will have breaking changes.

package/dist/axios.js CHANGED Viewed

@@ -1,4 +1,4 @@
-// Axios v1.5.1 Copyright (c) 2023 Matt Zabriskie and contributors
+// Axios v1.6.0 Copyright (c) 2023 Matt Zabriskie and contributors
 (function (global, factory) {
   typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :
   typeof define === 'function' && define.amd ? define(factory) :
@@ -2187,7 +2187,8 @@
       // Specifically not if we're in a web worker, or react-native.
       if (platform.isStandardBrowserEnv) {
         // Add xsrf header
-        var xsrfValue = (config.withCredentials || isURLSameOrigin(fullPath)) && config.xsrfCookieName && cookies.read(config.xsrfCookieName);
+        // regarding CVE-2023-45857 config.withCredentials condition was removed temporarily
+        var xsrfValue = isURLSameOrigin(fullPath) && config.xsrfCookieName && cookies.read(config.xsrfCookieName);
         if (xsrfValue) {
           requestHeaders.set(config.xsrfHeaderName, xsrfValue);
         }
@@ -2468,7 +2469,7 @@
     return config;
   }
-  var VERSION = "1.5.1";
+  var VERSION = "1.6.0";
   var validators$1 = {};