contentful 11.12.5 → 11.12.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -156,55 +156,42 @@ function _wrapAsyncGenerator(e) {
156
156
  };
157
157
  }
158
158
  function AsyncGenerator(e) {
159
- var r, t;
160
- function resume(r, t) {
159
+ var t, n;
160
+ function resume(t, n) {
161
161
  try {
162
- var n = e[r](t),
163
- o = n.value,
162
+ var r = e[t](n),
163
+ o = r.value,
164
164
  u = o instanceof _OverloadYield;
165
- Promise.resolve(u ? o.v : o).then(function (t) {
165
+ Promise.resolve(u ? o.v : o).then(function (n) {
166
166
  if (u) {
167
- var i = "return" === r ? "return" : "next";
168
- if (!o.k || t.done) return resume(i, t);
169
- t = e[i](t).value;
167
+ var i = "return" === t && o.k ? t : "next";
168
+ if (!o.k || n.done) return resume(i, n);
169
+ n = e[i](n).value;
170
170
  }
171
- settle(n.done ? "return" : "normal", t);
171
+ settle(!!r.done, n);
172
172
  }, function (e) {
173
173
  resume("throw", e);
174
174
  });
175
175
  } catch (e) {
176
- settle("throw", e);
176
+ settle(2, e);
177
177
  }
178
178
  }
179
- function settle(e, n) {
180
- switch (e) {
181
- case "return":
182
- r.resolve({
183
- value: n,
184
- done: true
185
- });
186
- break;
187
- case "throw":
188
- r.reject(n);
189
- break;
190
- default:
191
- r.resolve({
192
- value: n,
193
- done: false
194
- });
195
- }
196
- (r = r.next) ? resume(r.key, r.arg) : t = null;
179
+ function settle(e, r) {
180
+ 2 === e ? t.reject(r) : t.resolve({
181
+ value: r,
182
+ done: e
183
+ }), (t = t.next) ? resume(t.key, t.arg) : n = null;
197
184
  }
198
- this._invoke = function (e, n) {
185
+ this._invoke = function (e, r) {
199
186
  return new Promise(function (o, u) {
200
187
  var i = {
201
188
  key: e,
202
- arg: n,
189
+ arg: r,
203
190
  resolve: o,
204
191
  reject: u,
205
192
  next: null
206
193
  };
207
- t ? t = t.next = i : (r = t = i, resume(e, n));
194
+ n ? n = n.next = i : (t = n = i, resume(e, r));
208
195
  });
209
196
  }, "function" != typeof e.return && (this.return = void 0);
210
197
  }
@@ -11245,7 +11232,7 @@ var mimeDb = require$$0;
11245
11232
  * Copyright(c) 2015 Douglas Christopher Wilson
11246
11233
  * MIT Licensed
11247
11234
  */
11248
- (function (exports$1) {
11235
+ (function (exports) {
11249
11236
 
11250
11237
  /**
11251
11238
  * Module dependencies.
@@ -11267,18 +11254,18 @@ var mimeDb = require$$0;
11267
11254
  * @public
11268
11255
  */
11269
11256
 
11270
- exports$1.charset = charset;
11271
- exports$1.charsets = {
11257
+ exports.charset = charset;
11258
+ exports.charsets = {
11272
11259
  lookup: charset
11273
11260
  };
11274
- exports$1.contentType = contentType;
11275
- exports$1.extension = extension;
11276
- exports$1.extensions = Object.create(null);
11277
- exports$1.lookup = lookup;
11278
- exports$1.types = Object.create(null);
11261
+ exports.contentType = contentType;
11262
+ exports.extension = extension;
11263
+ exports.extensions = Object.create(null);
11264
+ exports.lookup = lookup;
11265
+ exports.types = Object.create(null);
11279
11266
 
11280
11267
  // Populate the extensions/types maps
11281
- populateMaps(exports$1.extensions, exports$1.types);
11268
+ populateMaps(exports.extensions, exports.types);
11282
11269
 
11283
11270
  /**
11284
11271
  * Get the default charset for a MIME type.
@@ -11318,14 +11305,14 @@ var mimeDb = require$$0;
11318
11305
  if (!str || typeof str !== 'string') {
11319
11306
  return false;
11320
11307
  }
11321
- var mime = str.indexOf('/') === -1 ? exports$1.lookup(str) : str;
11308
+ var mime = str.indexOf('/') === -1 ? exports.lookup(str) : str;
11322
11309
  if (!mime) {
11323
11310
  return false;
11324
11311
  }
11325
11312
 
11326
11313
  // TODO: use content-type or other module
11327
11314
  if (mime.indexOf('charset') === -1) {
11328
- var charset = exports$1.charset(mime);
11315
+ var charset = exports.charset(mime);
11329
11316
  if (charset) mime += '; charset=' + charset.toLowerCase();
11330
11317
  }
11331
11318
  return mime;
@@ -11347,7 +11334,7 @@ var mimeDb = require$$0;
11347
11334
  var match = EXTRACT_TYPE_REGEXP.exec(type);
11348
11335
 
11349
11336
  // get extensions
11350
- var exts = match && exports$1.extensions[match[1].toLowerCase()];
11337
+ var exts = match && exports.extensions[match[1].toLowerCase()];
11351
11338
  if (!exts || !exts.length) {
11352
11339
  return false;
11353
11340
  }
@@ -11371,7 +11358,7 @@ var mimeDb = require$$0;
11371
11358
  if (!extension) {
11372
11359
  return false;
11373
11360
  }
11374
- return exports$1.types[extension] || false;
11361
+ return exports.types[extension] || false;
11375
11362
  }
11376
11363
 
11377
11364
  /**
@@ -12548,6 +12535,18 @@ var setToStringTag = esSetTostringtag;
12548
12535
  var hasOwn$1 = hasown;
12549
12536
  var populate = populate$1;
12550
12537
 
12538
+ /**
12539
+ * Escape CR, LF, and `"` in a multipart `name`/`filename` parameter, so a field
12540
+ * name or filename can not break out of its header line to inject headers or
12541
+ * smuggle additional parts. Matches the WHATWG HTML multipart/form-data encoding.
12542
+ *
12543
+ * @param {string} str - the parameter value to escape
12544
+ * @returns {string} the escaped value
12545
+ */
12546
+ function escapeHeaderParam(str) {
12547
+ return String(str).replace(/\r/g, '%0D').replace(/\n/g, '%0A').replace(/"/g, '%22');
12548
+ }
12549
+
12551
12550
  /**
12552
12551
  * Create readable "multipart/form-data" streams.
12553
12552
  * Can be used to submit forms
@@ -12702,7 +12701,7 @@ FormData$2.prototype._multiPartHeader = function (field, value, options) {
12702
12701
  var contents = '';
12703
12702
  var headers = {
12704
12703
  // add custom disposition as third element or keep it two elements if not
12705
- 'Content-Disposition': ['form-data', 'name="' + field + '"'].concat(contentDisposition || []),
12704
+ 'Content-Disposition': ['form-data', 'name="' + escapeHeaderParam(field) + '"'].concat(contentDisposition || []),
12706
12705
  // if no content type. allow it to be empty array
12707
12706
  'Content-Type': [].concat(contentType || [])
12708
12707
  };
@@ -12753,7 +12752,7 @@ FormData$2.prototype._getContentDisposition = function (value, options) {
12753
12752
  filename = path$1.basename(value.client._httpMessage.path || '');
12754
12753
  }
12755
12754
  if (filename) {
12756
- return 'filename="' + filename + '"';
12755
+ return 'filename="' + escapeHeaderParam(filename) + '"';
12757
12756
  }
12758
12757
  };
12759
12758
  FormData$2.prototype._getContentType = function (value, options) {
@@ -13430,17 +13429,17 @@ var hasRequiredBrowser;
13430
13429
  function requireBrowser() {
13431
13430
  if (hasRequiredBrowser) return browser.exports;
13432
13431
  hasRequiredBrowser = 1;
13433
- (function (module, exports$1) {
13432
+ (function (module, exports) {
13434
13433
  /**
13435
13434
  * This is the web browser implementation of `debug()`.
13436
13435
  */
13437
13436
 
13438
- exports$1.formatArgs = formatArgs;
13439
- exports$1.save = save;
13440
- exports$1.load = load;
13441
- exports$1.useColors = useColors;
13442
- exports$1.storage = localstorage();
13443
- exports$1.destroy = (() => {
13437
+ exports.formatArgs = formatArgs;
13438
+ exports.save = save;
13439
+ exports.load = load;
13440
+ exports.useColors = useColors;
13441
+ exports.storage = localstorage();
13442
+ exports.destroy = (() => {
13444
13443
  let warned = false;
13445
13444
  return () => {
13446
13445
  if (!warned) {
@@ -13454,7 +13453,7 @@ function requireBrowser() {
13454
13453
  * Colors.
13455
13454
  */
13456
13455
 
13457
- exports$1.colors = ['#0000CC', '#0000FF', '#0033CC', '#0033FF', '#0066CC', '#0066FF', '#0099CC', '#0099FF', '#00CC00', '#00CC33', '#00CC66', '#00CC99', '#00CCCC', '#00CCFF', '#3300CC', '#3300FF', '#3333CC', '#3333FF', '#3366CC', '#3366FF', '#3399CC', '#3399FF', '#33CC00', '#33CC33', '#33CC66', '#33CC99', '#33CCCC', '#33CCFF', '#6600CC', '#6600FF', '#6633CC', '#6633FF', '#66CC00', '#66CC33', '#9900CC', '#9900FF', '#9933CC', '#9933FF', '#99CC00', '#99CC33', '#CC0000', '#CC0033', '#CC0066', '#CC0099', '#CC00CC', '#CC00FF', '#CC3300', '#CC3333', '#CC3366', '#CC3399', '#CC33CC', '#CC33FF', '#CC6600', '#CC6633', '#CC9900', '#CC9933', '#CCCC00', '#CCCC33', '#FF0000', '#FF0033', '#FF0066', '#FF0099', '#FF00CC', '#FF00FF', '#FF3300', '#FF3333', '#FF3366', '#FF3399', '#FF33CC', '#FF33FF', '#FF6600', '#FF6633', '#FF9900', '#FF9933', '#FFCC00', '#FFCC33'];
13456
+ exports.colors = ['#0000CC', '#0000FF', '#0033CC', '#0033FF', '#0066CC', '#0066FF', '#0099CC', '#0099FF', '#00CC00', '#00CC33', '#00CC66', '#00CC99', '#00CCCC', '#00CCFF', '#3300CC', '#3300FF', '#3333CC', '#3333FF', '#3366CC', '#3366FF', '#3399CC', '#3399FF', '#33CC00', '#33CC33', '#33CC66', '#33CC99', '#33CCCC', '#33CCFF', '#6600CC', '#6600FF', '#6633CC', '#6633FF', '#66CC00', '#66CC33', '#9900CC', '#9900FF', '#9933CC', '#9933FF', '#99CC00', '#99CC33', '#CC0000', '#CC0033', '#CC0066', '#CC0099', '#CC00CC', '#CC00FF', '#CC3300', '#CC3333', '#CC3366', '#CC3399', '#CC33CC', '#CC33FF', '#CC6600', '#CC6633', '#CC9900', '#CC9933', '#CCCC00', '#CCCC33', '#FF0000', '#FF0033', '#FF0066', '#FF0099', '#FF00CC', '#FF00FF', '#FF3300', '#FF3333', '#FF3366', '#FF3399', '#FF33CC', '#FF33FF', '#FF6600', '#FF6633', '#FF9900', '#FF9933', '#FFCC00', '#FFCC33'];
13458
13457
 
13459
13458
  /**
13460
13459
  * Currently only WebKit-based Web Inspectors, Firefox >= v31,
@@ -13533,7 +13532,7 @@ function requireBrowser() {
13533
13532
  *
13534
13533
  * @api public
13535
13534
  */
13536
- exports$1.log = console.debug || console.log || (() => {});
13535
+ exports.log = console.debug || console.log || (() => {});
13537
13536
 
13538
13537
  /**
13539
13538
  * Save `namespaces`.
@@ -13544,9 +13543,9 @@ function requireBrowser() {
13544
13543
  function save(namespaces) {
13545
13544
  try {
13546
13545
  if (namespaces) {
13547
- exports$1.storage.setItem('debug', namespaces);
13546
+ exports.storage.setItem('debug', namespaces);
13548
13547
  } else {
13549
- exports$1.storage.removeItem('debug');
13548
+ exports.storage.removeItem('debug');
13550
13549
  }
13551
13550
  } catch (error) {
13552
13551
  // Swallow
@@ -13563,7 +13562,7 @@ function requireBrowser() {
13563
13562
  function load() {
13564
13563
  let r;
13565
13564
  try {
13566
- r = exports$1.storage.getItem('debug') || exports$1.storage.getItem('DEBUG');
13565
+ r = exports.storage.getItem('debug') || exports.storage.getItem('DEBUG');
13567
13566
  } catch (error) {
13568
13567
  // Swallow
13569
13568
  // XXX (@Qix-) should we be logging these?
@@ -13597,7 +13596,7 @@ function requireBrowser() {
13597
13596
  // XXX (@Qix-) should we be logging these?
13598
13597
  }
13599
13598
  }
13600
- module.exports = requireCommon()(exports$1);
13599
+ module.exports = requireCommon()(exports);
13601
13600
  const {
13602
13601
  formatters
13603
13602
  } = module.exports;
@@ -13744,7 +13743,7 @@ var hasRequiredNode;
13744
13743
  function requireNode() {
13745
13744
  if (hasRequiredNode) return node.exports;
13746
13745
  hasRequiredNode = 1;
13747
- (function (module, exports$1) {
13746
+ (function (module, exports) {
13748
13747
  const tty = require$$0$3;
13749
13748
  const util = require$$1;
13750
13749
 
@@ -13752,25 +13751,25 @@ function requireNode() {
13752
13751
  * This is the Node.js implementation of `debug()`.
13753
13752
  */
13754
13753
 
13755
- exports$1.init = init;
13756
- exports$1.log = log;
13757
- exports$1.formatArgs = formatArgs;
13758
- exports$1.save = save;
13759
- exports$1.load = load;
13760
- exports$1.useColors = useColors;
13761
- exports$1.destroy = util.deprecate(() => {}, 'Instance method `debug.destroy()` is deprecated and no longer does anything. It will be removed in the next major version of `debug`.');
13754
+ exports.init = init;
13755
+ exports.log = log;
13756
+ exports.formatArgs = formatArgs;
13757
+ exports.save = save;
13758
+ exports.load = load;
13759
+ exports.useColors = useColors;
13760
+ exports.destroy = util.deprecate(() => {}, 'Instance method `debug.destroy()` is deprecated and no longer does anything. It will be removed in the next major version of `debug`.');
13762
13761
 
13763
13762
  /**
13764
13763
  * Colors.
13765
13764
  */
13766
13765
 
13767
- exports$1.colors = [6, 2, 3, 4, 5, 1];
13766
+ exports.colors = [6, 2, 3, 4, 5, 1];
13768
13767
  try {
13769
13768
  // Optional dependency (as in, doesn't need to be installed, NOT like optionalDependencies in package.json)
13770
13769
  // eslint-disable-next-line import/no-extraneous-dependencies
13771
13770
  const supportsColor = requireSupportsColor();
13772
13771
  if (supportsColor && (supportsColor.stderr || supportsColor).level >= 2) {
13773
- exports$1.colors = [20, 21, 26, 27, 32, 33, 38, 39, 40, 41, 42, 43, 44, 45, 56, 57, 62, 63, 68, 69, 74, 75, 76, 77, 78, 79, 80, 81, 92, 93, 98, 99, 112, 113, 128, 129, 134, 135, 148, 149, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 178, 179, 184, 185, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 214, 215, 220, 221];
13772
+ exports.colors = [20, 21, 26, 27, 32, 33, 38, 39, 40, 41, 42, 43, 44, 45, 56, 57, 62, 63, 68, 69, 74, 75, 76, 77, 78, 79, 80, 81, 92, 93, 98, 99, 112, 113, 128, 129, 134, 135, 148, 149, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 178, 179, 184, 185, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 214, 215, 220, 221];
13774
13773
  }
13775
13774
  } catch (error) {
13776
13775
  // Swallow - we only care if `supports-color` is available; it doesn't have to be.
@@ -13782,7 +13781,7 @@ function requireNode() {
13782
13781
  * $ DEBUG_COLORS=no DEBUG_DEPTH=10 DEBUG_SHOW_HIDDEN=enabled node script.js
13783
13782
  */
13784
13783
 
13785
- exports$1.inspectOpts = Object.keys(process.env).filter(key => {
13784
+ exports.inspectOpts = Object.keys(process.env).filter(key => {
13786
13785
  return /^debug_/i.test(key);
13787
13786
  }).reduce((obj, key) => {
13788
13787
  // Camel-case
@@ -13810,7 +13809,7 @@ function requireNode() {
13810
13809
  */
13811
13810
 
13812
13811
  function useColors() {
13813
- return 'colors' in exports$1.inspectOpts ? Boolean(exports$1.inspectOpts.colors) : tty.isatty(process.stderr.fd);
13812
+ return 'colors' in exports.inspectOpts ? Boolean(exports.inspectOpts.colors) : tty.isatty(process.stderr.fd);
13814
13813
  }
13815
13814
 
13816
13815
  /**
@@ -13835,7 +13834,7 @@ function requireNode() {
13835
13834
  }
13836
13835
  }
13837
13836
  function getDate() {
13838
- if (exports$1.inspectOpts.hideDate) {
13837
+ if (exports.inspectOpts.hideDate) {
13839
13838
  return '';
13840
13839
  }
13841
13840
  return new Date().toISOString() + ' ';
@@ -13846,7 +13845,7 @@ function requireNode() {
13846
13845
  */
13847
13846
 
13848
13847
  function log(...args) {
13849
- return process.stderr.write(util.formatWithOptions(exports$1.inspectOpts, ...args) + '\n');
13848
+ return process.stderr.write(util.formatWithOptions(exports.inspectOpts, ...args) + '\n');
13850
13849
  }
13851
13850
 
13852
13851
  /**
@@ -13885,12 +13884,12 @@ function requireNode() {
13885
13884
 
13886
13885
  function init(debug) {
13887
13886
  debug.inspectOpts = {};
13888
- const keys = Object.keys(exports$1.inspectOpts);
13887
+ const keys = Object.keys(exports.inspectOpts);
13889
13888
  for (let i = 0; i < keys.length; i++) {
13890
- debug.inspectOpts[keys[i]] = exports$1.inspectOpts[keys[i]];
13889
+ debug.inspectOpts[keys[i]] = exports.inspectOpts[keys[i]];
13891
13890
  }
13892
13891
  }
13893
- module.exports = requireCommon()(exports$1);
13892
+ module.exports = requireCommon()(exports);
13894
13893
  const {
13895
13894
  formatters
13896
13895
  } = module.exports;
@@ -14926,7 +14925,7 @@ RedirectableRequest.prototype._processResponse = function (response) {
14926
14925
  // Wraps the key/value object of protocols with redirect functionality
14927
14926
  function wrap(protocols) {
14928
14927
  // Default settings
14929
- var exports$1 = {
14928
+ var exports = {
14930
14929
  maxRedirects: 21,
14931
14930
  maxBodyLength: 10 * 1024 * 1024
14932
14931
  };
@@ -14936,7 +14935,7 @@ function wrap(protocols) {
14936
14935
  Object.keys(protocols).forEach(function (scheme) {
14937
14936
  var protocol = scheme + ":";
14938
14937
  var nativeProtocol = nativeProtocols[protocol] = protocols[scheme];
14939
- var wrappedProtocol = exports$1[scheme] = Object.create(nativeProtocol);
14938
+ var wrappedProtocol = exports[scheme] = Object.create(nativeProtocol);
14940
14939
 
14941
14940
  // Executes a request, following redirects
14942
14941
  function request(input, options, callback) {
@@ -14959,8 +14958,8 @@ function wrap(protocols) {
14959
14958
 
14960
14959
  // Set defaults
14961
14960
  options = Object.assign({
14962
- maxRedirects: exports$1.maxRedirects,
14963
- maxBodyLength: exports$1.maxBodyLength
14961
+ maxRedirects: exports.maxRedirects,
14962
+ maxBodyLength: exports.maxBodyLength
14964
14963
  }, input, options);
14965
14964
  options.nativeProtocols = nativeProtocols;
14966
14965
  if (!isString$4(options.host) && !isString$4(options.hostname)) {
@@ -14994,7 +14993,7 @@ function wrap(protocols) {
14994
14993
  }
14995
14994
  });
14996
14995
  });
14997
- return exports$1;
14996
+ return exports;
14998
14997
  }
14999
14998
  function noop$2() {/* empty */}
15000
14999
  function parseUrl$1(input) {
@@ -15162,6 +15161,52 @@ const {
15162
15161
  iterator,
15163
15162
  toStringTag: toStringTag$1
15164
15163
  } = Symbol;
15164
+
15165
+ /* Creating a function that will check if an object has a property. */
15166
+ const hasOwnProperty$3 = (({
15167
+ hasOwnProperty
15168
+ }) => (obj, prop) => hasOwnProperty.call(obj, prop))(Object.prototype);
15169
+
15170
+ /**
15171
+ * Walk the prototype chain (excluding the shared Object.prototype) looking for
15172
+ * an own `prop`. This distinguishes genuine own/inherited members — including
15173
+ * class accessors and template prototypes — from members injected via
15174
+ * Object.prototype pollution (e.g. `Object.prototype.username = '...'`), which
15175
+ * live on Object.prototype itself and are therefore never matched.
15176
+ *
15177
+ * @param {*} thing The value whose chain to inspect
15178
+ * @param {string|symbol} prop The property key to look for
15179
+ *
15180
+ * @returns {boolean} True when `prop` is owned below Object.prototype
15181
+ */
15182
+ const hasOwnInPrototypeChain = (thing, prop) => {
15183
+ let obj = thing;
15184
+ const seen = [];
15185
+ while (obj != null && obj !== Object.prototype) {
15186
+ if (seen.indexOf(obj) !== -1) {
15187
+ return false;
15188
+ }
15189
+ seen.push(obj);
15190
+ if (hasOwnProperty$3(obj, prop)) {
15191
+ return true;
15192
+ }
15193
+ obj = getPrototypeOf$1(obj);
15194
+ }
15195
+ return false;
15196
+ };
15197
+
15198
+ /**
15199
+ * Read `obj[prop]` only when it is safe from Object.prototype pollution. Own
15200
+ * properties and members inherited from a non-Object.prototype source (a class
15201
+ * instance or template object) are honored; a value reachable only through a
15202
+ * polluted Object.prototype is ignored and `undefined` is returned.
15203
+ *
15204
+ * @param {*} obj The source object
15205
+ * @param {string|symbol} prop The property key to read
15206
+ *
15207
+ * @returns {*} The resolved value, or undefined when unsafe/absent
15208
+ */
15209
+ const getSafeProp = (obj, prop) => obj != null && hasOwnInPrototypeChain(obj, prop) ? obj[prop] : undefined;
15165
15210
  const kindOf = (cache => thing => {
15166
15211
  const str = toString.call(thing);
15167
15212
  return cache[str] || (cache[str] = str.slice(8, -1).toLowerCase());
@@ -15280,11 +15325,15 @@ const isBoolean$1 = thing => thing === true || thing === false;
15280
15325
  * @returns {boolean} True if value is a plain Object, otherwise false
15281
15326
  */
15282
15327
  const isPlainObject$2 = val => {
15283
- if (kindOf(val) !== 'object') {
15328
+ if (!isObject(val)) {
15284
15329
  return false;
15285
15330
  }
15286
15331
  const prototype = getPrototypeOf$1(val);
15287
- return (prototype === null || prototype === Object.prototype || Object.getPrototypeOf(prototype) === null) && !(toStringTag$1 in val) && !(iterator in val);
15332
+ return (prototype === null || prototype === Object.prototype || getPrototypeOf$1(prototype) === null) &&
15333
+ // Treat any genuine (non-Object.prototype-polluted) Symbol.toStringTag or
15334
+ // Symbol.iterator as evidence the value is a tagged/iterable type rather
15335
+ // than a plain object, while ignoring keys injected onto Object.prototype.
15336
+ !hasOwnInPrototypeChain(val, toStringTag$1) && !hasOwnInPrototypeChain(val, iterator);
15288
15337
  };
15289
15338
 
15290
15339
  /**
@@ -15539,7 +15588,10 @@ function merge$1(...objs) {
15539
15588
  if (key === '__proto__' || key === 'constructor' || key === 'prototype') {
15540
15589
  return;
15541
15590
  }
15542
- const targetKey = caseless && findKey(result, key) || key;
15591
+
15592
+ // findKey lowercases the key, so caseless lookup only applies to strings —
15593
+ // symbol keys are identity-matched.
15594
+ const targetKey = caseless && typeof key === 'string' && findKey(result, key) || key;
15543
15595
  // Read via own-prop only — a bare `result[targetKey]` walks the prototype
15544
15596
  // chain, so a polluted Object.prototype value could surface here and get
15545
15597
  // copied into the merged result.
@@ -15555,7 +15607,21 @@ function merge$1(...objs) {
15555
15607
  }
15556
15608
  };
15557
15609
  for (let i = 0, l = objs.length; i < l; i++) {
15558
- objs[i] && forEach(objs[i], assignValue);
15610
+ const source = objs[i];
15611
+ if (!source || isBuffer$1(source)) {
15612
+ continue;
15613
+ }
15614
+ forEach(source, assignValue);
15615
+ if (typeof source !== 'object' || isArray$7(source)) {
15616
+ continue;
15617
+ }
15618
+ const symbols = Object.getOwnPropertySymbols(source);
15619
+ for (let j = 0; j < symbols.length; j++) {
15620
+ const symbol = symbols[j];
15621
+ if (propertyIsEnumerable$1.call(source, symbol)) {
15622
+ assignValue(source[symbol], symbol);
15623
+ }
15624
+ }
15559
15625
  }
15560
15626
  return result;
15561
15627
  }
@@ -15767,11 +15833,9 @@ const toCamelCase = str => {
15767
15833
  return p1.toUpperCase() + p2;
15768
15834
  });
15769
15835
  };
15770
-
15771
- /* Creating a function that will check if an object has a property. */
15772
- const hasOwnProperty$3 = (({
15773
- hasOwnProperty
15774
- }) => (obj, prop) => hasOwnProperty.call(obj, prop))(Object.prototype);
15836
+ const {
15837
+ propertyIsEnumerable: propertyIsEnumerable$1
15838
+ } = Object.prototype;
15775
15839
 
15776
15840
  /**
15777
15841
  * Determine if a value is a RegExp object
@@ -15946,6 +16010,19 @@ const asap = typeof queueMicrotask !== 'undefined' ? queueMicrotask.bind(_global
15946
16010
  // *********************
15947
16011
 
15948
16012
  const isIterable = thing => thing != null && isFunction$1(thing[iterator]);
16013
+
16014
+ /**
16015
+ * Determine if a value is iterable via an iterator that is NOT sourced solely
16016
+ * from a polluted Object.prototype. Use this instead of `isIterable` whenever
16017
+ * the iterable comes from untrusted input (e.g. user-supplied header sources),
16018
+ * so `Object.prototype[Symbol.iterator] = ...` cannot turn an ordinary object
16019
+ * into an attacker-controlled entries iterator.
16020
+ *
16021
+ * @param {*} thing The value to test
16022
+ *
16023
+ * @returns {boolean} True if value has a non-polluted iterator
16024
+ */
16025
+ const isSafeIterable = thing => thing != null && hasOwnInPrototypeChain(thing, iterator) && isIterable(thing);
15949
16026
  var utils$1$1 = {
15950
16027
  isArray: isArray$7,
15951
16028
  isArrayBuffer,
@@ -15991,6 +16068,8 @@ var utils$1$1 = {
15991
16068
  hasOwnProperty: hasOwnProperty$3,
15992
16069
  hasOwnProp: hasOwnProperty$3,
15993
16070
  // an alias to avoid ESLint no-prototype-builtins detection
16071
+ hasOwnInPrototypeChain,
16072
+ getSafeProp,
15994
16073
  reduceDescriptors,
15995
16074
  freezeMethods,
15996
16075
  toObjectSet,
@@ -16006,7 +16085,8 @@ var utils$1$1 = {
16006
16085
  isThenable,
16007
16086
  setImmediate: _setImmediate,
16008
16087
  asap,
16009
- isIterable
16088
+ isIterable,
16089
+ isSafeIterable
16010
16090
  };
16011
16091
 
16012
16092
  // RawAxiosHeaders whose duplicates are ignored by node
@@ -16154,7 +16234,7 @@ class AxiosHeaders {
16154
16234
  function setHeader(_value, _header, _rewrite) {
16155
16235
  const lHeader = normalizeHeader(_header);
16156
16236
  if (!lHeader) {
16157
- throw new Error('header name must be a non-empty string');
16237
+ return;
16158
16238
  }
16159
16239
  const key = utils$1$1.findKey(self, lHeader);
16160
16240
  if (!key || self[key] === undefined || _rewrite === true || _rewrite === undefined && self[key] !== false) {
@@ -16166,15 +16246,21 @@ class AxiosHeaders {
16166
16246
  setHeaders(header, valueOrRewrite);
16167
16247
  } else if (utils$1$1.isString(header) && (header = header.trim()) && !isValidHeaderName(header)) {
16168
16248
  setHeaders(parseHeaders(header), valueOrRewrite);
16169
- } else if (utils$1$1.isObject(header) && utils$1$1.isIterable(header)) {
16170
- let obj = {},
16249
+ } else if (utils$1$1.isObject(header) && utils$1$1.isSafeIterable(header)) {
16250
+ let obj = Object.create(null),
16171
16251
  dest,
16172
16252
  key;
16173
16253
  for (const entry of header) {
16174
16254
  if (!utils$1$1.isArray(entry)) {
16175
- throw TypeError('Object iterator must return a key-value pair');
16255
+ throw new TypeError('Object iterator must return a key-value pair');
16256
+ }
16257
+ key = entry[0];
16258
+ if (utils$1$1.hasOwnProp(obj, key)) {
16259
+ dest = obj[key];
16260
+ obj[key] = utils$1$1.isArray(dest) ? [...dest, entry[1]] : [dest, entry[1]];
16261
+ } else {
16262
+ obj[key] = entry[1];
16176
16263
  }
16177
- obj[key = entry[0]] = (dest = obj[key]) ? utils$1$1.isArray(dest) ? [...dest, entry[1]] : [dest, entry[1]] : entry[1];
16178
16264
  }
16179
16265
  setHeaders(obj, valueOrRewrite);
16180
16266
  } else {
@@ -16385,7 +16471,19 @@ function redactConfig(config, redactKeys) {
16385
16471
  class AxiosError extends Error {
16386
16472
  static from(error, code, config, request, response, customProps) {
16387
16473
  const axiosError = new AxiosError(error.message, code || error.code, config, request, response);
16388
- axiosError.cause = error;
16474
+ // Match native `Error` `cause` semantics: non-enumerable. The wrapped
16475
+ // error often carries circular internals (sockets, requests, agents), so
16476
+ // an enumerable `cause` makes structured loggers (pino/winston) and any
16477
+ // own-property walk throw "Converting circular structure to JSON".
16478
+ // Regression from #6982; see #7205. `__proto__: null` mirrors the
16479
+ // `message` descriptor below (prototype-pollution-safe descriptor).
16480
+ Object.defineProperty(axiosError, 'cause', {
16481
+ __proto__: null,
16482
+ value: error,
16483
+ writable: true,
16484
+ enumerable: false,
16485
+ configurable: true
16486
+ });
16389
16487
  axiosError.name = error.name;
16390
16488
 
16391
16489
  // Preserve status from the original error if not already set from response
@@ -16476,6 +16574,10 @@ AxiosError.ERR_NOT_SUPPORT = 'ERR_NOT_SUPPORT';
16476
16574
  AxiosError.ERR_INVALID_URL = 'ERR_INVALID_URL';
16477
16575
  AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED = 'ERR_FORM_DATA_DEPTH_EXCEEDED';
16478
16576
 
16577
+ // Default nesting limit shared with the inverse transform (formDataToJSON) so
16578
+ // the FormData <-> JSON round-trip stays symmetric.
16579
+ const DEFAULT_FORM_DATA_MAX_DEPTH = 100;
16580
+
16479
16581
  /**
16480
16582
  * Determines if the given thing is a array or js object.
16481
16583
  *
@@ -16576,8 +16678,9 @@ function toFormData(obj, formData, options) {
16576
16678
  const dots = options.dots;
16577
16679
  const indexes = options.indexes;
16578
16680
  const _Blob = options.Blob || typeof Blob !== 'undefined' && Blob;
16579
- const maxDepth = options.maxDepth === undefined ? 100 : options.maxDepth;
16681
+ const maxDepth = options.maxDepth === undefined ? DEFAULT_FORM_DATA_MAX_DEPTH : options.maxDepth;
16580
16682
  const useBlob = _Blob && utils$1$1.isSpecCompliantForm(formData);
16683
+ const stack = [];
16581
16684
  if (!utils$1$1.isFunction(visitor)) {
16582
16685
  throw new TypeError('visitor must be a function');
16583
16686
  }
@@ -16593,10 +16696,38 @@ function toFormData(obj, formData, options) {
16593
16696
  throw new AxiosError('Blob is not supported. Use a Buffer instead.');
16594
16697
  }
16595
16698
  if (utils$1$1.isArrayBuffer(value) || utils$1$1.isTypedArray(value)) {
16596
- return useBlob && typeof Blob === 'function' ? new Blob([value]) : Buffer.from(value);
16699
+ if (useBlob && typeof _Blob === 'function') {
16700
+ return new _Blob([value]);
16701
+ }
16702
+ if (typeof Buffer !== 'undefined') {
16703
+ return Buffer.from(value);
16704
+ }
16705
+ throw new AxiosError('Blob is not supported. Use a Buffer instead.', AxiosError.ERR_NOT_SUPPORT);
16597
16706
  }
16598
16707
  return value;
16599
16708
  }
16709
+ function throwIfMaxDepthExceeded(depth) {
16710
+ if (depth > maxDepth) {
16711
+ throw new AxiosError('Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth, AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED);
16712
+ }
16713
+ }
16714
+ function stringifyWithDepthLimit(value, depth) {
16715
+ if (maxDepth === Infinity) {
16716
+ return JSON.stringify(value);
16717
+ }
16718
+ const ancestors = [];
16719
+ return JSON.stringify(value, function limitDepth(_key, currentValue) {
16720
+ if (!utils$1$1.isObject(currentValue)) {
16721
+ return currentValue;
16722
+ }
16723
+ while (ancestors.length && ancestors[ancestors.length - 1] !== this) {
16724
+ ancestors.pop();
16725
+ }
16726
+ ancestors.push(currentValue);
16727
+ throwIfMaxDepthExceeded(depth + ancestors.length - 1);
16728
+ return currentValue;
16729
+ });
16730
+ }
16600
16731
 
16601
16732
  /**
16602
16733
  * Default visitor.
@@ -16619,7 +16750,7 @@ function toFormData(obj, formData, options) {
16619
16750
  // eslint-disable-next-line no-param-reassign
16620
16751
  key = metaTokens ? key : key.slice(0, -2);
16621
16752
  // eslint-disable-next-line no-param-reassign
16622
- value = JSON.stringify(value);
16753
+ value = stringifyWithDepthLimit(value, 1);
16623
16754
  } else if (utils$1$1.isArray(value) && isFlatArray(value) || (utils$1$1.isFileList(value) || utils$1$1.endsWith(key, '[]')) && (arr = utils$1$1.toArray(value))) {
16624
16755
  // eslint-disable-next-line no-param-reassign
16625
16756
  key = removeBrackets(key);
@@ -16637,7 +16768,6 @@ function toFormData(obj, formData, options) {
16637
16768
  formData.append(renderKey(path, key, dots), convertValue(value));
16638
16769
  return false;
16639
16770
  }
16640
- const stack = [];
16641
16771
  const exposedHelpers = Object.assign(predicates, {
16642
16772
  defaultVisitor,
16643
16773
  convertValue,
@@ -16645,11 +16775,9 @@ function toFormData(obj, formData, options) {
16645
16775
  });
16646
16776
  function build(value, path, depth = 0) {
16647
16777
  if (utils$1$1.isUndefined(value)) return;
16648
- if (depth > maxDepth) {
16649
- throw new AxiosError('Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth, AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED);
16650
- }
16778
+ throwIfMaxDepthExceeded(depth);
16651
16779
  if (stack.indexOf(value) !== -1) {
16652
- throw Error('Circular reference detected in ' + path.join('.'));
16780
+ throw new Error('Circular reference detected in ' + path.join('.'));
16653
16781
  }
16654
16782
  stack.push(value);
16655
16783
  utils$1$1.forEach(value, function each(el, key) {
@@ -16706,9 +16834,7 @@ prototype.append = function append(name, value) {
16706
16834
  this._pairs.push([name, value]);
16707
16835
  };
16708
16836
  prototype.toString = function toString(encoder) {
16709
- const _encode = encoder ? function (value) {
16710
- return encoder.call(this, value, encode$1);
16711
- } : encode$1;
16837
+ const _encode = encoder ? value => encoder.call(this, value, encode$1) : encode$1;
16712
16838
  return this._pairs.map(function each(pair) {
16713
16839
  return _encode(pair[0]) + '=' + _encode(pair[1]);
16714
16840
  }, '').join('&');
@@ -16739,11 +16865,16 @@ function buildURL(url, params, options) {
16739
16865
  if (!params) {
16740
16866
  return url;
16741
16867
  }
16742
- const _encode = options && options.encode || encode$2;
16868
+ url = url || '';
16743
16869
  const _options = utils$1$1.isFunction(options) ? {
16744
16870
  serialize: options
16745
16871
  } : options;
16746
- const serializeFn = _options && _options.serialize;
16872
+
16873
+ // Read serializer options pollution-safely: own properties and methods on a
16874
+ // class/template prototype are honored, but values injected onto a polluted
16875
+ // Object.prototype are ignored.
16876
+ const _encode = utils$1$1.getSafeProp(_options, 'encode') || encode$2;
16877
+ const serializeFn = utils$1$1.getSafeProp(_options, 'serialize');
16747
16878
  let serializedParams;
16748
16879
  if (serializeFn) {
16749
16880
  serializedParams = serializeFn(params, _options);
@@ -16829,7 +16960,9 @@ var transitionalDefaults = {
16829
16960
  silentJSONParsing: true,
16830
16961
  forcedJSONParsing: true,
16831
16962
  clarifyTimeoutError: false,
16832
- legacyInterceptorReqResOrdering: true
16963
+ legacyInterceptorReqResOrdering: true,
16964
+ advertiseZstdAcceptEncoding: false,
16965
+ validateStatusUndefinedResolves: true
16833
16966
  };
16834
16967
  var URLSearchParams$1 = url.URLSearchParams;
16835
16968
  const ALPHA = 'abcdefghijklmnopqrstuvwxyz';
@@ -16919,6 +17052,12 @@ function toURLEncodedForm(data, options) {
16919
17052
  }
16920
17053
  }, options));
16921
17054
  }
17055
+ const MAX_DEPTH = DEFAULT_FORM_DATA_MAX_DEPTH;
17056
+ function throwIfDepthExceeded(index) {
17057
+ if (index > MAX_DEPTH) {
17058
+ throw new AxiosError('FormData field is too deeply nested (' + index + ' levels). Max depth: ' + MAX_DEPTH, AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED);
17059
+ }
17060
+ }
16922
17061
 
16923
17062
  /**
16924
17063
  * It takes a string like `foo[x][y][z]` and returns an array like `['foo', 'x', 'y', 'z']
@@ -16932,9 +17071,14 @@ function parsePropPath(name) {
16932
17071
  // foo.x.y.z
16933
17072
  // foo-x-y-z
16934
17073
  // foo x y z
16935
- return utils$1$1.matchAll(/\w+|\[(\w*)]/g, name).map(match => {
16936
- return match[0] === '[]' ? '' : match[1] || match[0];
16937
- });
17074
+ const path = [];
17075
+ const pattern = /\w+|\[(\w*)]/g;
17076
+ let match;
17077
+ while ((match = pattern.exec(name)) !== null) {
17078
+ throwIfDepthExceeded(path.length);
17079
+ path.push(match[0] === '[]' ? '' : match[1] || match[0]);
17080
+ }
17081
+ return path;
16938
17082
  }
16939
17083
 
16940
17084
  /**
@@ -16966,6 +17110,7 @@ function arrayToObject$1(arr) {
16966
17110
  */
16967
17111
  function formDataToJSON(formData) {
16968
17112
  function buildPath(path, value, target, index) {
17113
+ throwIfDepthExceeded(index);
16969
17114
  let name = path[index++];
16970
17115
  if (name === '__proto__') return true;
16971
17116
  const isNumericKey = Number.isFinite(+name);
@@ -17202,6 +17347,23 @@ function isAbsoluteURL(url) {
17202
17347
  function combineURLs(baseURL, relativeURL) {
17203
17348
  return relativeURL ? baseURL.replace(/\/?\/$/, '') + '/' + relativeURL.replace(/^\/+/, '') : baseURL;
17204
17349
  }
17350
+ const malformedHttpProtocol = /^https?:(?!\/\/)/i;
17351
+ const httpProtocolControlCharacters = /[\t\n\r]/g;
17352
+ function stripLeadingC0ControlOrSpace(url) {
17353
+ let i = 0;
17354
+ while (i < url.length && url.charCodeAt(i) <= 0x20) {
17355
+ i++;
17356
+ }
17357
+ return url.slice(i);
17358
+ }
17359
+ function normalizeURLForProtocolCheck(url) {
17360
+ return stripLeadingC0ControlOrSpace(url).replace(httpProtocolControlCharacters, '');
17361
+ }
17362
+ function assertValidHttpProtocolURL(url, config) {
17363
+ if (typeof url === 'string' && malformedHttpProtocol.test(normalizeURLForProtocolCheck(url))) {
17364
+ throw new AxiosError('Invalid URL: missing "//" after protocol', AxiosError.ERR_INVALID_URL, config);
17365
+ }
17366
+ }
17205
17367
 
17206
17368
  /**
17207
17369
  * Creates a new URL by combining the baseURL with the requestedURL,
@@ -17213,9 +17375,11 @@ function combineURLs(baseURL, relativeURL) {
17213
17375
  *
17214
17376
  * @returns {string} The combined full path
17215
17377
  */
17216
- function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls) {
17378
+ function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls, config) {
17379
+ assertValidHttpProtocolURL(requestedURL, config);
17217
17380
  let isRelativeUrl = !isAbsoluteURL(requestedURL);
17218
17381
  if (baseURL && (isRelativeUrl || allowAbsoluteUrls === false)) {
17382
+ assertValidHttpProtocolURL(baseURL, config);
17219
17383
  return combineURLs(baseURL, requestedURL);
17220
17384
  }
17221
17385
  return requestedURL;
@@ -17315,7 +17479,7 @@ function shouldProxy(hostname, port) {
17315
17479
  function getEnv(key) {
17316
17480
  return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || '';
17317
17481
  }
17318
- const VERSION = "1.16.1";
17482
+ const VERSION = "1.18.1";
17319
17483
  function parseProtocol(url) {
17320
17484
  const match = /^([-+\w]{1,25}):(?:\/\/)?/.exec(url);
17321
17485
  return match && match[1] || '';
@@ -17354,13 +17518,13 @@ function fromDataURI(uri, asBlob, options) {
17354
17518
 
17355
17519
  // RFC 2397 section 3: default mediatype is text/plain;charset=US-ASCII
17356
17520
  // Bare `data:,` leaves mime undefined; Blob normalises that to "" per spec.
17357
- let mime;
17521
+ let mime = '';
17358
17522
  if (type) {
17359
17523
  mime = params ? type + params : type;
17360
17524
  } else if (params) {
17361
17525
  mime = 'text/plain' + params;
17362
17526
  }
17363
- const buffer = Buffer.from(decodeURIComponent(body), encoding);
17527
+ const buffer = encoding === 'base64' ? Buffer.from(body, 'base64') : Buffer.from(decodeURIComponent(body), encoding);
17364
17528
  if (asBlob) {
17365
17529
  if (!_Blob) {
17366
17530
  throw new AxiosError('Blob is not supported', AxiosError.ERR_NOT_SUPPORT);
@@ -17558,10 +17722,10 @@ const formDataToStream = (form, headersHandler, options) => {
17558
17722
  boundary = tag + '-' + platform.generateString(size, BOUNDARY_ALPHABET)
17559
17723
  } = options || {};
17560
17724
  if (!utils$1$1.isFormData(form)) {
17561
- throw TypeError('FormData instance required');
17725
+ throw new TypeError('FormData instance required');
17562
17726
  }
17563
17727
  if (boundary.length < 1 || boundary.length > 70) {
17564
- throw Error('boundary must be 1-70 characters long');
17728
+ throw new Error('boundary must be 1-70 characters long');
17565
17729
  }
17566
17730
  const boundaryBytes = textEncoder.encode('--' + boundary + CRLF);
17567
17731
  const footerBytes = textEncoder.encode('--' + boundary + '--' + CRLF);
@@ -17609,6 +17773,83 @@ class ZlibHeaderTransformStream extends stream.Transform {
17609
17773
  this.__transform(chunk, encoding, callback);
17610
17774
  }
17611
17775
  }
17776
+ class Http2Sessions {
17777
+ constructor() {
17778
+ this.sessions = Object.create(null);
17779
+ }
17780
+ getSession(authority, options) {
17781
+ options = Object.assign({
17782
+ sessionTimeout: 1000
17783
+ }, options);
17784
+ let authoritySessions = this.sessions[authority];
17785
+ if (authoritySessions) {
17786
+ let len = authoritySessions.length;
17787
+ for (let i = 0; i < len; i++) {
17788
+ const [sessionHandle, sessionOptions] = authoritySessions[i];
17789
+ if (!sessionHandle.destroyed && !sessionHandle.closed && util.isDeepStrictEqual(sessionOptions, options)) {
17790
+ return sessionHandle;
17791
+ }
17792
+ }
17793
+ }
17794
+ const session = http2.connect(authority, options);
17795
+ let removed;
17796
+ let timer;
17797
+ const removeSession = () => {
17798
+ if (removed) {
17799
+ return;
17800
+ }
17801
+ removed = true;
17802
+ if (timer) {
17803
+ clearTimeout(timer);
17804
+ timer = null;
17805
+ }
17806
+ let entries = authoritySessions,
17807
+ len = entries.length,
17808
+ i = len;
17809
+ while (i--) {
17810
+ if (entries[i][0] === session) {
17811
+ if (len === 1) {
17812
+ delete this.sessions[authority];
17813
+ } else {
17814
+ entries.splice(i, 1);
17815
+ }
17816
+ if (!session.closed) {
17817
+ session.close();
17818
+ }
17819
+ return;
17820
+ }
17821
+ }
17822
+ };
17823
+ const originalRequestFn = session.request;
17824
+ const {
17825
+ sessionTimeout
17826
+ } = options;
17827
+ if (sessionTimeout != null) {
17828
+ let streamsCount = 0;
17829
+ session.request = function () {
17830
+ const stream = originalRequestFn.apply(this, arguments);
17831
+ streamsCount++;
17832
+ if (timer) {
17833
+ clearTimeout(timer);
17834
+ timer = null;
17835
+ }
17836
+ stream.once('close', () => {
17837
+ if (! --streamsCount) {
17838
+ timer = setTimeout(() => {
17839
+ timer = null;
17840
+ removeSession();
17841
+ }, sessionTimeout);
17842
+ }
17843
+ });
17844
+ return stream;
17845
+ };
17846
+ }
17847
+ session.once('close', removeSession);
17848
+ let entry = [session, options];
17849
+ authoritySessions ? authoritySessions.push(entry) : authoritySessions = this.sessions[authority] = [entry];
17850
+ return session;
17851
+ }
17852
+ }
17612
17853
  const callbackify = (fn, reducer) => {
17613
17854
  return utils$1$1.isAsyncFn(fn) ? function (...args) {
17614
17855
  const cb = args.pop();
@@ -17621,13 +17862,34 @@ const callbackify = (fn, reducer) => {
17621
17862
  }, cb);
17622
17863
  } : fn;
17623
17864
  };
17624
- const LOOPBACK_HOSTNAMES = new Set(['localhost']);
17865
+ const LOOPBACK_HOSTNAMES = new Set(['localhost', '0.0.0.0']);
17625
17866
  const isIPv4Loopback = host => {
17626
17867
  const parts = host.split('.');
17627
17868
  if (parts.length !== 4) return false;
17628
17869
  if (parts[0] !== '127') return false;
17629
17870
  return parts.every(p => /^\d+$/.test(p) && Number(p) >= 0 && Number(p) <= 255);
17630
17871
  };
17872
+ const isIPv6ZeroGroup = group => /^0{1,4}$/.test(group);
17873
+
17874
+ // The unspecified address (IPv4 0.0.0.0 / IPv6 ::) resolves to the local host
17875
+ // for outbound connections, so treat it as loopback-equivalent for NO_PROXY
17876
+ // matching. 0.0.0.0 is covered by LOOPBACK_HOSTNAMES; this handles compressed
17877
+ // and full IPv6 all-zero forms so both families bypass symmetrically.
17878
+ const isIPv6Unspecified = host => {
17879
+ if (host === '::') return true;
17880
+ const compressionIndex = host.indexOf('::');
17881
+ if (compressionIndex !== -1) {
17882
+ if (compressionIndex !== host.lastIndexOf('::')) return false;
17883
+ const left = host.slice(0, compressionIndex);
17884
+ const right = host.slice(compressionIndex + 2);
17885
+ const leftGroups = left ? left.split(':') : [];
17886
+ const rightGroups = right ? right.split(':') : [];
17887
+ const explicitGroups = leftGroups.length + rightGroups.length;
17888
+ return explicitGroups < 8 && leftGroups.every(isIPv6ZeroGroup) && rightGroups.every(isIPv6ZeroGroup);
17889
+ }
17890
+ const groups = host.split(':');
17891
+ return groups.length === 8 && groups.every(isIPv6ZeroGroup);
17892
+ };
17631
17893
  const isIPv6Loopback = host => {
17632
17894
  // Collapse all-zero groups: any form of ::1 / 0:0:...:0:1
17633
17895
  // First, strip any leading "::" by normalising with Set lookup of common forms,
@@ -17660,6 +17922,7 @@ const isLoopback = host => {
17660
17922
  if (!host) return false;
17661
17923
  if (LOOPBACK_HOSTNAMES.has(host)) return true;
17662
17924
  if (isIPv4Loopback(host)) return true;
17925
+ if (isIPv6Unspecified(host)) return true;
17663
17926
  return isIPv6Loopback(host);
17664
17927
  };
17665
17928
  const DEFAULT_PORTS = {
@@ -17878,11 +18141,13 @@ const asyncDecorator = fn => (...args) => utils$1$1.asap(() => fn(...args));
17878
18141
  * Estimate decoded byte length of a data:// URL *without* allocating large buffers.
17879
18142
  * - For base64: compute exact decoded size using length and padding;
17880
18143
  * handle %XX at the character-count level (no string allocation).
17881
- * - For non-base64: use UTF-8 byteLength of the encoded body as a safe upper bound.
18144
+ * - For non-base64: compute the exact percent-decoded UTF-8 byte length.
17882
18145
  *
17883
18146
  * @param {string} url
17884
18147
  * @returns {number}
17885
18148
  */
18149
+ const isHexDigit = charCode => charCode >= 48 && charCode <= 57 || charCode >= 65 && charCode <= 70 || charCode >= 97 && charCode <= 102;
18150
+ const isPercentEncodedByte = (str, i, len) => i + 2 < len && isHexDigit(str.charCodeAt(i + 1)) && isHexDigit(str.charCodeAt(i + 2));
17886
18151
  function estimateDataURLDecodedBytes(url) {
17887
18152
  if (!url || typeof url !== 'string') return 0;
17888
18153
  if (!url.startsWith('data:')) return 0;
@@ -17899,7 +18164,7 @@ function estimateDataURLDecodedBytes(url) {
17899
18164
  if (body.charCodeAt(i) === 37 /* '%' */ && i + 2 < len) {
17900
18165
  const a = body.charCodeAt(i + 1);
17901
18166
  const b = body.charCodeAt(i + 2);
17902
- const isHex = (a >= 48 && a <= 57 || a >= 65 && a <= 70 || a >= 97 && a <= 102) && (b >= 48 && b <= 57 || b >= 65 && b <= 70 || b >= 97 && b <= 102);
18167
+ const isHex = isHexDigit(a) && isHexDigit(b);
17903
18168
  if (isHex) {
17904
18169
  effectiveLen -= 2;
17905
18170
  i += 2;
@@ -17934,18 +18199,18 @@ function estimateDataURLDecodedBytes(url) {
17934
18199
  const bytes = groups * 3 - (pad || 0);
17935
18200
  return bytes > 0 ? bytes : 0;
17936
18201
  }
17937
- if (typeof Buffer !== 'undefined' && typeof Buffer.byteLength === 'function') {
17938
- return Buffer.byteLength(body, 'utf8');
17939
- }
17940
18202
 
17941
18203
  // Compute UTF-8 byte length directly from UTF-16 code units without allocating
17942
18204
  // a byte buffer (TextEncoder.encode would defeat the DoS guard on large bodies).
17943
- // Using body.length here would undercount non-ASCII (e.g. '€' is 1 code unit
17944
- // but 3 UTF-8 bytes).
18205
+ // Valid %XX triplets count as one decoded byte; this matches the bytes that
18206
+ // decodeURIComponent(body) would produce before Buffer re-encodes the string.
17945
18207
  let bytes = 0;
17946
18208
  for (let i = 0, len = body.length; i < len; i++) {
17947
18209
  const c = body.charCodeAt(i);
17948
- if (c < 0x80) {
18210
+ if (c === 37 /* '%' */ && isPercentEncodedByte(body, i, len)) {
18211
+ bytes += 1;
18212
+ i += 2;
18213
+ } else if (c < 0x80) {
17949
18214
  bytes += 1;
17950
18215
  } else if (c < 0x800) {
17951
18216
  bytes += 2;
@@ -17971,7 +18236,14 @@ const brotliOptions = {
17971
18236
  flush: zlib.constants.BROTLI_OPERATION_FLUSH,
17972
18237
  finishFlush: zlib.constants.BROTLI_OPERATION_FLUSH
17973
18238
  };
18239
+ const zstdOptions = {
18240
+ flush: zlib.constants.ZSTD_e_flush,
18241
+ finishFlush: zlib.constants.ZSTD_e_flush
18242
+ };
17974
18243
  const isBrotliSupported = utils$1$1.isFunction(zlib.createBrotliDecompress);
18244
+ const isZstdSupported = utils$1$1.isFunction(zlib.createZstdDecompress);
18245
+ const ACCEPT_ENCODING = 'gzip, compress, deflate' + (isBrotliSupported ? ', br' : '');
18246
+ const ACCEPT_ENCODING_WITH_ZSTD = ACCEPT_ENCODING + (isZstdSupported ? ', zstd' : '');
17975
18247
  const {
17976
18248
  http: httpFollow,
17977
18249
  https: httpsFollow
@@ -18006,6 +18278,36 @@ const kAxiosInstalledTunnel = Symbol('axios.http.installedTunnel');
18006
18278
  // so unbounded growth is not a concern in practice.
18007
18279
  const tunnelingAgentCache = new Map();
18008
18280
  const tunnelingAgentCacheUser = new WeakMap();
18281
+ // Minimum minor versions where Node's HTTP Agent supports native proxyEnv
18282
+ // handling. Checking the selected agent below also covers startup modes such
18283
+ // as NODE_OPTIONS=--use-env-proxy and --no-use-env-proxy precedence.
18284
+ const NODE_NATIVE_ENV_PROXY_SUPPORT = {
18285
+ 22: 21,
18286
+ 24: 5
18287
+ };
18288
+ function isNodeNativeEnvProxySupported(nodeVersion = process.versions && process.versions.node) {
18289
+ if (!nodeVersion) {
18290
+ return false;
18291
+ }
18292
+ const [major, minor] = nodeVersion.split('.').map(part => Number(part));
18293
+ if (!Number.isInteger(major) || !Number.isInteger(minor)) {
18294
+ return false;
18295
+ }
18296
+ if (major > 24) {
18297
+ return true;
18298
+ }
18299
+ return NODE_NATIVE_ENV_PROXY_SUPPORT[major] != null && minor >= NODE_NATIVE_ENV_PROXY_SUPPORT[major];
18300
+ }
18301
+ function isNodeEnvProxyEnabled(agent, nodeVersion = process.versions && process.versions.node) {
18302
+ if (!isNodeNativeEnvProxySupported(nodeVersion)) {
18303
+ return false;
18304
+ }
18305
+ const agentOptions = agent && agent.options;
18306
+ return Boolean(agentOptions && utils$1$1.hasOwnProp(agentOptions, 'proxyEnv') && agentOptions.proxyEnv != null);
18307
+ }
18308
+ function getProxyEnvAgent(options, configHttpAgent, configHttpsAgent) {
18309
+ return isHttps.test(options.protocol) ? configHttpsAgent || https.globalAgent : configHttpAgent || http.globalAgent;
18310
+ }
18009
18311
  function getTunnelingAgent(agentOptions, userHttpsAgent) {
18010
18312
  const key = agentOptions.protocol + '//' + agentOptions.hostname + ':' + (agentOptions.port || '') + '#' + (agentOptions.auth || '');
18011
18313
  const cache = userHttpsAgent ? tunnelingAgentCacheUser.get(userHttpsAgent) || tunnelingAgentCacheUser.set(userHttpsAgent, new Map()).get(userHttpsAgent) : tunnelingAgentCache;
@@ -18016,6 +18318,14 @@ function getTunnelingAgent(agentOptions, userHttpsAgent) {
18016
18318
  // performed after CONNECT. Our proxy fields take precedence on conflict.
18017
18319
  const merged = userHttpsAgent && userHttpsAgent.options ? _objectSpread2(_objectSpread2({}, userHttpsAgent.options), agentOptions) : agentOptions;
18018
18320
  agent = new HttpsProxyAgent(merged);
18321
+ if (userHttpsAgent && userHttpsAgent.options) {
18322
+ const originTLSOptions = _objectSpread2({}, userHttpsAgent.options);
18323
+ const callback = agent.callback;
18324
+ agent.callback = function axiosTunnelingAgentCallback(req, opts) {
18325
+ // HttpsProxyAgent v5 reads callback opts for the post-CONNECT origin TLS upgrade.
18326
+ return callback.call(this, req, _objectSpread2(_objectSpread2({}, originTLSOptions), opts));
18327
+ };
18328
+ }
18019
18329
  agent[kAxiosInstalledTunnel] = true;
18020
18330
  cache.set(key, agent);
18021
18331
  return agent;
@@ -18028,7 +18338,7 @@ const supportedProtocols = platform.protocols.map(protocol => {
18028
18338
  // Decode before composing the `auth` option so credentials such as
18029
18339
  // `my%40email.com:pass` are sent as `my@email.com:pass`. Falls back to the
18030
18340
  // original value for malformed input so a bad encoding never throws.
18031
- const decodeURIComponentSafe = value => {
18341
+ const decodeURIComponentSafe$1 = value => {
18032
18342
  if (!utils$1$1.isString(value)) {
18033
18343
  return value;
18034
18344
  }
@@ -18042,84 +18352,11 @@ const flushOnFinish = (stream, [throttled, flush]) => {
18042
18352
  stream.on('end', flush).on('error', flush);
18043
18353
  return throttled;
18044
18354
  };
18045
- class Http2Sessions {
18046
- constructor() {
18047
- this.sessions = Object.create(null);
18048
- }
18049
- getSession(authority, options) {
18050
- options = Object.assign({
18051
- sessionTimeout: 1000
18052
- }, options);
18053
- let authoritySessions = this.sessions[authority];
18054
- if (authoritySessions) {
18055
- let len = authoritySessions.length;
18056
- for (let i = 0; i < len; i++) {
18057
- const [sessionHandle, sessionOptions] = authoritySessions[i];
18058
- if (!sessionHandle.destroyed && !sessionHandle.closed && util.isDeepStrictEqual(sessionOptions, options)) {
18059
- return sessionHandle;
18060
- }
18061
- }
18062
- }
18063
- const session = http2.connect(authority, options);
18064
- let removed;
18065
- const removeSession = () => {
18066
- if (removed) {
18067
- return;
18068
- }
18069
- removed = true;
18070
- let entries = authoritySessions,
18071
- len = entries.length,
18072
- i = len;
18073
- while (i--) {
18074
- if (entries[i][0] === session) {
18075
- if (len === 1) {
18076
- delete this.sessions[authority];
18077
- } else {
18078
- entries.splice(i, 1);
18079
- }
18080
- if (!session.closed) {
18081
- session.close();
18082
- }
18083
- return;
18084
- }
18085
- }
18086
- };
18087
- const originalRequestFn = session.request;
18088
- const {
18089
- sessionTimeout
18090
- } = options;
18091
- if (sessionTimeout != null) {
18092
- let timer;
18093
- let streamsCount = 0;
18094
- session.request = function () {
18095
- const stream = originalRequestFn.apply(this, arguments);
18096
- streamsCount++;
18097
- if (timer) {
18098
- clearTimeout(timer);
18099
- timer = null;
18100
- }
18101
- stream.once('close', () => {
18102
- if (! --streamsCount) {
18103
- timer = setTimeout(() => {
18104
- timer = null;
18105
- removeSession();
18106
- }, sessionTimeout);
18107
- }
18108
- });
18109
- return stream;
18110
- };
18111
- }
18112
- session.once('close', removeSession);
18113
- let entry = [session, options];
18114
- authoritySessions ? authoritySessions.push(entry) : authoritySessions = this.sessions[authority] = [entry];
18115
- return session;
18116
- }
18117
- }
18118
18355
  const http2Sessions = new Http2Sessions();
18119
18356
 
18120
18357
  /**
18121
- * If the proxy or config beforeRedirects functions are defined, call them with the options
18122
- * object.
18358
+ * If the proxy, auth, sensitive header, or config beforeRedirects functions are defined,
18359
+ * call them with the options object.
18123
18360
  *
18124
18361
  * @param {Object<string, any>} options - The options object that was passed to the request.
18125
18362
  *
@@ -18129,10 +18366,37 @@ function dispatchBeforeRedirect(options, responseDetails, requestDetails) {
18129
18366
  if (options.beforeRedirects.proxy) {
18130
18367
  options.beforeRedirects.proxy(options);
18131
18368
  }
18369
+ if (options.beforeRedirects.auth) {
18370
+ options.beforeRedirects.auth(options);
18371
+ }
18372
+ if (options.beforeRedirects.sensitiveHeaders) {
18373
+ options.beforeRedirects.sensitiveHeaders(options, requestDetails);
18374
+ }
18132
18375
  if (options.beforeRedirects.config) {
18133
18376
  options.beforeRedirects.config(options, responseDetails, requestDetails);
18134
18377
  }
18135
18378
  }
18379
+ function stripMatchingHeaders(headers, sensitiveSet) {
18380
+ if (!headers) {
18381
+ return;
18382
+ }
18383
+ Object.keys(headers).forEach(header => {
18384
+ if (sensitiveSet.has(header.toLowerCase())) {
18385
+ delete headers[header];
18386
+ }
18387
+ });
18388
+ }
18389
+ function isSameOriginRedirect(redirectOptions, requestDetails) {
18390
+ if (!requestDetails) {
18391
+ return false;
18392
+ }
18393
+ try {
18394
+ return new URL(requestDetails.url).origin === new URL(redirectOptions.href).origin;
18395
+ } catch (e) {
18396
+ // If origin comparison fails, treat the redirect as unsafe.
18397
+ return false;
18398
+ }
18399
+ }
18136
18400
 
18137
18401
  /**
18138
18402
  * If the proxy or config afterRedirects functions are defined, call them with the options
@@ -18143,9 +18407,10 @@ function dispatchBeforeRedirect(options, responseDetails, requestDetails) {
18143
18407
  *
18144
18408
  * @returns {http.ClientRequestArgs}
18145
18409
  */
18146
- function setProxy(options, configProxy, location, isRedirect, configHttpsAgent) {
18410
+ function setProxy(options, configProxy, location, isRedirect, configHttpsAgent, configHttpAgent) {
18147
18411
  let proxy = configProxy;
18148
- if (!proxy && proxy !== false) {
18412
+ const proxyEnvAgent = getProxyEnvAgent(options, configHttpAgent, configHttpsAgent);
18413
+ if (!proxy && proxy !== false && !isNodeEnvProxyEnabled(proxyEnvAgent)) {
18149
18414
  const proxyUrl = getProxyForUrl(location);
18150
18415
  if (proxyUrl) {
18151
18416
  if (!shouldBypassProxy(location)) {
@@ -18236,7 +18501,7 @@ function setProxy(options, configProxy, location, isRedirect, configHttpsAgent)
18236
18501
  }
18237
18502
  const tunnelingAgent = getTunnelingAgent(agentOptions, configHttpsAgent);
18238
18503
  // Set both: `options.agent` is consumed by the native https.request path
18239
- // (config.maxRedirects === 0); `options.agents.https` is consumed by
18504
+ // (maxRedirects === 0); `options.agents.https` is consumed by
18240
18505
  // follow-redirects, which ignores `options.agent` when `options.agents`
18241
18506
  // is present.
18242
18507
  options.agent = tunnelingAgent;
@@ -18280,7 +18545,7 @@ function setProxy(options, configProxy, location, isRedirect, configHttpsAgent)
18280
18545
  options.beforeRedirects.proxy = function beforeRedirect(redirectOptions) {
18281
18546
  // Configure proxy for redirected request, passing the original config proxy to apply
18282
18547
  // the exact same logic as if the redirected request was performed by axios directly.
18283
- setProxy(redirectOptions, configProxy, redirectOptions.href, true, configHttpsAgent);
18548
+ setProxy(redirectOptions, configProxy, redirectOptions.href, true, configHttpsAgent, configHttpAgent);
18284
18549
  };
18285
18550
  }
18286
18551
  const isHttpAdapterSupported = typeof process !== 'undefined' && utils$1$1.kindOf(process) === 'process';
@@ -18363,16 +18628,30 @@ const http2Transport = {
18363
18628
  /*eslint consistent-return:0*/
18364
18629
  var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18365
18630
  return wrapAsync(async function dispatchHttpRequest(resolve, reject, onDone) {
18366
- const own = key => utils$1$1.hasOwnProp(config, key) ? config[key] : undefined;
18631
+ // Read config pollution-safely: own properties and members inherited from
18632
+ // a non-Object.prototype source (e.g. an Object.create(defaults) template)
18633
+ // are honored, but values injected onto a polluted Object.prototype are
18634
+ // ignored. All behavior-affecting reads in this adapter go through own()
18635
+ // so the protection boundary stays consistent.
18636
+ const own = key => utils$1$1.getSafeProp(config, key);
18637
+ const transitional = own('transitional') || transitionalDefaults;
18367
18638
  let data = own('data');
18368
18639
  let lookup = own('lookup');
18369
18640
  let family = own('family');
18370
18641
  let httpVersion = own('httpVersion');
18371
18642
  if (httpVersion === undefined) httpVersion = 1;
18372
18643
  let http2Options = own('http2Options');
18644
+ const httpAgent = own('httpAgent');
18645
+ const httpsAgent = own('httpsAgent');
18646
+ const configProxy = own('proxy');
18373
18647
  const responseType = own('responseType');
18374
18648
  const responseEncoding = own('responseEncoding');
18375
- const method = config.method.toUpperCase();
18649
+ const socketPath = own('socketPath');
18650
+ const method = own('method').toUpperCase();
18651
+ const maxRedirects = own('maxRedirects');
18652
+ const maxBodyLength = own('maxBodyLength');
18653
+ const maxContentLength = own('maxContentLength');
18654
+ const decompress = own('decompress');
18376
18655
  let isDone;
18377
18656
  let rejected = false;
18378
18657
  let req;
@@ -18403,7 +18682,7 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18403
18682
  try {
18404
18683
  abortEmitter.emit('abort', !reason || reason.type ? new CanceledError(null, config, req) : reason);
18405
18684
  } catch (err) {
18406
- console.warn('emit error', err);
18685
+ // ignore emit errors
18407
18686
  }
18408
18687
  }
18409
18688
  function clearConnectPhaseTimer() {
@@ -18413,10 +18692,11 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18413
18692
  }
18414
18693
  }
18415
18694
  function createTimeoutError() {
18416
- let timeoutErrorMessage = config.timeout ? 'timeout of ' + config.timeout + 'ms exceeded' : 'timeout exceeded';
18417
- const transitional = config.transitional || transitionalDefaults;
18418
- if (config.timeoutErrorMessage) {
18419
- timeoutErrorMessage = config.timeoutErrorMessage;
18695
+ const configTimeout = own('timeout');
18696
+ let timeoutErrorMessage = configTimeout ? 'timeout of ' + configTimeout + 'ms exceeded' : 'timeout exceeded';
18697
+ const configTimeoutErrorMessage = own('timeoutErrorMessage');
18698
+ if (configTimeoutErrorMessage) {
18699
+ timeoutErrorMessage = configTimeoutErrorMessage;
18420
18700
  }
18421
18701
  return new AxiosError(timeoutErrorMessage, transitional.clarifyTimeoutError ? AxiosError.ETIMEDOUT : AxiosError.ECONNABORTED, config, req);
18422
18702
  }
@@ -18459,17 +18739,22 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18459
18739
  });
18460
18740
 
18461
18741
  // Parse url
18462
- const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls);
18463
- const parsed = new URL(fullPath, platform.hasBrowserEnv ? platform.origin : undefined);
18742
+ const fullPath = buildFullPath(own('baseURL'), own('url'), own('allowAbsoluteUrls'), config);
18743
+ // Unix-socket requests (own socketPath) commonly pass a path-only url
18744
+ // like '/foo'; supply a synthetic base so new URL() can still parse it.
18745
+ // Use the own-property value (not config.socketPath) so a polluted
18746
+ // prototype cannot influence URL base selection.
18747
+ const urlBase = socketPath ? 'http://localhost' : platform.hasBrowserEnv ? platform.origin : undefined;
18748
+ const parsed = new URL(fullPath, urlBase);
18464
18749
  const protocol = parsed.protocol || supportedProtocols[0];
18465
18750
  if (protocol === 'data:') {
18466
18751
  // Apply the same semantics as HTTP: only enforce if a finite, non-negative cap is set.
18467
- if (config.maxContentLength > -1) {
18468
- // Use the exact string passed to fromDataURI (config.url); fall back to fullPath if needed.
18469
- const dataUrl = String(config.url || fullPath || '');
18752
+ if (maxContentLength > -1) {
18753
+ // Use the exact string passed to fromDataURI (the configured url); fall back to fullPath if needed.
18754
+ const dataUrl = String(own('url') || fullPath || '');
18470
18755
  const estimated = estimateDataURLDecodedBytes(dataUrl);
18471
- if (estimated > config.maxContentLength) {
18472
- return reject(new AxiosError('maxContentLength size of ' + config.maxContentLength + ' exceeded', AxiosError.ERR_BAD_RESPONSE, config));
18756
+ if (estimated > maxContentLength) {
18757
+ return reject(new AxiosError('maxContentLength size of ' + maxContentLength + ' exceeded', AxiosError.ERR_BAD_RESPONSE, config));
18473
18758
  }
18474
18759
  }
18475
18760
  let convertedData;
@@ -18482,7 +18767,7 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18482
18767
  });
18483
18768
  }
18484
18769
  try {
18485
- convertedData = fromDataURI(config.url, responseType === 'blob', {
18770
+ convertedData = fromDataURI(own('url'), responseType === 'blob', {
18486
18771
  Blob: config.env && config.env.Blob
18487
18772
  });
18488
18773
  } catch (err) {
@@ -18556,7 +18841,7 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18556
18841
 
18557
18842
  // Add Content-Length header if data exists
18558
18843
  headers.setContentLength(data.length, false);
18559
- if (config.maxBodyLength > -1 && data.length > config.maxBodyLength) {
18844
+ if (maxBodyLength > -1 && data.length > maxBodyLength) {
18560
18845
  return reject(new AxiosError('Request body larger than maxBodyLength limit', AxiosError.ERR_BAD_REQUEST, config));
18561
18846
  }
18562
18847
  }
@@ -18583,27 +18868,26 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18583
18868
  let auth = undefined;
18584
18869
  const configAuth = own('auth');
18585
18870
  if (configAuth) {
18586
- const username = configAuth.username || '';
18587
- const password = configAuth.password || '';
18871
+ const username = utils$1$1.getSafeProp(configAuth, 'username') || '';
18872
+ const password = utils$1$1.getSafeProp(configAuth, 'password') || '';
18588
18873
  auth = username + ':' + password;
18589
18874
  }
18590
- if (!auth && parsed.username) {
18591
- const urlUsername = decodeURIComponentSafe(parsed.username);
18592
- const urlPassword = decodeURIComponentSafe(parsed.password);
18875
+ if (!auth && (parsed.username || parsed.password)) {
18876
+ const urlUsername = decodeURIComponentSafe$1(parsed.username);
18877
+ const urlPassword = decodeURIComponentSafe$1(parsed.password);
18593
18878
  auth = urlUsername + ':' + urlPassword;
18594
18879
  }
18595
18880
  auth && headers.delete('authorization');
18596
18881
  let path$1;
18597
18882
  try {
18598
- path$1 = buildURL(parsed.pathname + parsed.search, config.params, config.paramsSerializer).replace(/^\?/, '');
18883
+ path$1 = buildURL(parsed.pathname + parsed.search, own('params'), own('paramsSerializer')).replace(/^\?/, '');
18599
18884
  } catch (err) {
18600
- const customErr = new Error(err.message);
18601
- customErr.config = config;
18602
- customErr.url = config.url;
18603
- customErr.exists = true;
18604
- return reject(customErr);
18885
+ return reject(AxiosError.from(err, AxiosError.ERR_BAD_REQUEST, config, null, null, {
18886
+ url: own('url'),
18887
+ exists: true
18888
+ }));
18605
18889
  }
18606
- headers.set('Accept-Encoding', 'gzip, compress, deflate' + (isBrotliSupported ? ', br' : ''), false);
18890
+ headers.set('Accept-Encoding', utils$1$1.hasOwnProp(transitional, 'advertiseZstdAcceptEncoding') && transitional.advertiseZstdAcceptEncoding === true ? ACCEPT_ENCODING_WITH_ZSTD : ACCEPT_ENCODING, false);
18607
18891
 
18608
18892
  // Null-prototype to block prototype pollution gadgets on properties read
18609
18893
  // directly by Node's http.request (e.g. insecureHTTPParser, lookup).
@@ -18612,8 +18896,8 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18612
18896
  method: method,
18613
18897
  headers: toByteStringHeaderObject(headers),
18614
18898
  agents: {
18615
- http: config.httpAgent,
18616
- https: config.httpsAgent
18899
+ http: httpAgent,
18900
+ https: httpsAgent
18617
18901
  },
18618
18902
  auth,
18619
18903
  protocol,
@@ -18625,31 +18909,37 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18625
18909
 
18626
18910
  // cacheable-lookup integration hotfix
18627
18911
  !utils$1$1.isUndefined(lookup) && (options.lookup = lookup);
18628
- if (config.socketPath) {
18629
- if (typeof config.socketPath !== 'string') {
18912
+ if (socketPath) {
18913
+ if (typeof socketPath !== 'string') {
18630
18914
  return reject(new AxiosError('socketPath must be a string', AxiosError.ERR_BAD_OPTION_VALUE, config));
18631
18915
  }
18632
- if (config.allowedSocketPaths != null) {
18633
- const allowed = Array.isArray(config.allowedSocketPaths) ? config.allowedSocketPaths : [config.allowedSocketPaths];
18634
- const resolvedSocket = path.resolve(config.socketPath);
18916
+ const allowedSocketPaths = own('allowedSocketPaths');
18917
+ if (allowedSocketPaths != null) {
18918
+ const allowed = Array.isArray(allowedSocketPaths) ? allowedSocketPaths : [allowedSocketPaths];
18919
+ const resolvedSocket = path.resolve(socketPath);
18635
18920
  const isAllowed = allowed.some(entry => typeof entry === 'string' && path.resolve(entry) === resolvedSocket);
18636
18921
  if (!isAllowed) {
18637
- return reject(new AxiosError(`socketPath "${config.socketPath}" is not permitted by allowedSocketPaths`, AxiosError.ERR_BAD_OPTION_VALUE, config));
18922
+ return reject(new AxiosError(`socketPath "${socketPath}" is not permitted by allowedSocketPaths`, AxiosError.ERR_BAD_OPTION_VALUE, config));
18638
18923
  }
18639
18924
  }
18640
- options.socketPath = config.socketPath;
18925
+ options.socketPath = socketPath;
18641
18926
  } else {
18642
18927
  options.hostname = parsed.hostname.startsWith('[') ? parsed.hostname.slice(1, -1) : parsed.hostname;
18643
18928
  options.port = parsed.port;
18644
- setProxy(options, config.proxy, protocol + '//' + parsed.hostname + (parsed.port ? ':' + parsed.port : '') + options.path, false, config.httpsAgent);
18929
+ setProxy(options, configProxy, protocol + '//' + parsed.hostname + (parsed.port ? ':' + parsed.port : '') + options.path, false, httpsAgent, httpAgent);
18645
18930
  }
18646
18931
  let transport;
18647
18932
  let isNativeTransport = false;
18933
+ // True only for the follow-redirects transport, which applies
18934
+ // options.maxBodyLength itself. Every other transport (http2, native
18935
+ // http/https, a user-supplied custom transport) needs the explicit
18936
+ // byte-counting pipeline below to enforce maxBodyLength on streamed uploads.
18937
+ let transportEnforcesMaxBodyLength = false;
18648
18938
  const isHttpsRequest = isHttps.test(options.protocol);
18649
18939
  // Don't clobber a CONNECT-tunneling agent installed by setProxy() for an
18650
18940
  // HTTPS target.
18651
18941
  if (options.agent == null) {
18652
- options.agent = isHttpsRequest ? config.httpsAgent : config.httpAgent;
18942
+ options.agent = isHttpsRequest ? httpsAgent : httpAgent;
18653
18943
  }
18654
18944
  if (isHttp2) {
18655
18945
  transport = http2Transport;
@@ -18657,24 +18947,67 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18657
18947
  const configTransport = own('transport');
18658
18948
  if (configTransport) {
18659
18949
  transport = configTransport;
18660
- } else if (config.maxRedirects === 0) {
18950
+ } else if (maxRedirects === 0) {
18661
18951
  transport = isHttpsRequest ? https : http;
18662
18952
  isNativeTransport = true;
18663
18953
  } else {
18664
- if (config.maxRedirects) {
18665
- options.maxRedirects = config.maxRedirects;
18954
+ transportEnforcesMaxBodyLength = true;
18955
+ options.sensitiveHeaders = [];
18956
+ if (maxRedirects) {
18957
+ options.maxRedirects = maxRedirects;
18666
18958
  }
18667
18959
  const configBeforeRedirect = own('beforeRedirect');
18668
18960
  if (configBeforeRedirect) {
18669
18961
  options.beforeRedirects.config = configBeforeRedirect;
18670
18962
  }
18963
+ if (auth) {
18964
+ // Restore HTTP Basic credentials on same-origin redirects only.
18965
+ // follow-redirects >= 1.15.8 strips Authorization on every redirect (see #6929);
18966
+ // cross-origin stripping is the documented mitigation for T-R2 in THREATMODEL.md
18967
+ // and is preserved by deliberately not restoring on origin change.
18968
+ const requestOrigin = parsed.origin;
18969
+ const authToRestore = auth;
18970
+ options.beforeRedirects.auth = function beforeRedirectAuth(redirectOptions) {
18971
+ try {
18972
+ if (new URL(redirectOptions.href).origin === requestOrigin) {
18973
+ redirectOptions.auth = authToRestore;
18974
+ }
18975
+ } catch (e) {
18976
+ // ignore malformed URL: leaving auth stripped is fail-safe
18977
+ }
18978
+ };
18979
+ }
18980
+ const sensitiveHeaders = own('sensitiveHeaders');
18981
+ if (sensitiveHeaders != null) {
18982
+ if (!utils$1$1.isArray(sensitiveHeaders)) {
18983
+ return reject(new AxiosError('sensitiveHeaders must be an array of strings', AxiosError.ERR_BAD_OPTION_VALUE, config));
18984
+ }
18985
+ const sensitiveSet = new Set();
18986
+ for (const header of sensitiveHeaders) {
18987
+ if (!utils$1$1.isString(header)) {
18988
+ return reject(new AxiosError('sensitiveHeaders must be an array of strings', AxiosError.ERR_BAD_OPTION_VALUE, config));
18989
+ }
18990
+ sensitiveSet.add(header.toLowerCase());
18991
+ }
18992
+ if (sensitiveSet.size) {
18993
+ options.sensitiveHeaders = Array.from(sensitiveSet);
18994
+ options.beforeRedirects.sensitiveHeaders = function beforeRedirectSensitiveHeaders(redirectOptions, requestDetails) {
18995
+ if (!isSameOriginRedirect(redirectOptions, requestDetails)) {
18996
+ stripMatchingHeaders(redirectOptions.headers, sensitiveSet);
18997
+ }
18998
+ };
18999
+ }
19000
+ }
18671
19001
  transport = isHttpsRequest ? httpsFollow : httpFollow;
18672
19002
  }
18673
19003
  }
18674
- if (config.maxBodyLength > -1) {
18675
- options.maxBodyLength = config.maxBodyLength;
19004
+
19005
+ // Set an explicit maxBodyLength option for transports that inspect it.
19006
+ // When maxBodyLength is -1 (default/unlimited), use Infinity so
19007
+ // follow-redirects does not fall back to its own 10MB default.
19008
+ if (maxBodyLength > -1) {
19009
+ options.maxBodyLength = maxBodyLength;
18676
19010
  } else {
18677
- // follow-redirects does not skip comparison, so it should always succeed for axios -1 unlimited
18678
19011
  options.maxBodyLength = Infinity;
18679
19012
  }
18680
19013
 
@@ -18704,7 +19037,7 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18704
19037
  const lastRequest = res.req || req;
18705
19038
 
18706
19039
  // if decompress disabled we should not decompress
18707
- if (config.decompress !== false && res.headers['content-encoding']) {
19040
+ if (decompress !== false && res.headers['content-encoding']) {
18708
19041
  // if no content, but headers still say that it is encoded,
18709
19042
  // remove the header not confuse downstream operations
18710
19043
  if (method === 'HEAD' || res.statusCode === 204) {
@@ -18736,6 +19069,13 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18736
19069
  streams.push(zlib.createBrotliDecompress(brotliOptions));
18737
19070
  delete res.headers['content-encoding'];
18738
19071
  }
19072
+ break;
19073
+ case 'zstd':
19074
+ if (isZstdSupported) {
19075
+ streams.push(zlib.createZstdDecompress(zstdOptions));
19076
+ delete res.headers['content-encoding'];
19077
+ }
19078
+ break;
18739
19079
  }
18740
19080
  }
18741
19081
  responseStream = streams.length > 1 ? stream.pipeline(streams, utils$1$1.noop) : streams[0];
@@ -18749,8 +19089,8 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18749
19089
  if (responseType === 'stream') {
18750
19090
  // Enforce maxContentLength on streamed responses; previously this
18751
19091
  // was applied only to buffered responses.
18752
- if (config.maxContentLength > -1) {
18753
- const limit = config.maxContentLength;
19092
+ if (maxContentLength > -1) {
19093
+ const limit = maxContentLength;
18754
19094
  const source = responseStream;
18755
19095
  function enforceMaxContentLength() {
18756
19096
  return _enforceMaxContentLength.apply(this, arguments);
@@ -18803,11 +19143,11 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18803
19143
  totalResponseBytes += chunk.length;
18804
19144
 
18805
19145
  // make sure the content length is not over the maxContentLength if specified
18806
- if (config.maxContentLength > -1 && totalResponseBytes > config.maxContentLength) {
19146
+ if (maxContentLength > -1 && totalResponseBytes > maxContentLength) {
18807
19147
  // stream.destroy() emit aborted event before calling reject() on Node.js v16
18808
19148
  rejected = true;
18809
19149
  responseStream.destroy();
18810
- abort(new AxiosError('maxContentLength size of ' + config.maxContentLength + ' exceeded', AxiosError.ERR_BAD_RESPONSE, config, lastRequest));
19150
+ abort(new AxiosError('maxContentLength size of ' + maxContentLength + ' exceeded', AxiosError.ERR_BAD_RESPONSE, config, lastRequest));
18811
19151
  }
18812
19152
  });
18813
19153
  responseStream.on('aborted', function handlerStreamAborted() {
@@ -18870,7 +19210,11 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18870
19210
  const boundSockets = new Set();
18871
19211
  req.on('socket', function handleRequestSocket(socket) {
18872
19212
  // default interval of sending ack packet is 1 minute
18873
- socket.setKeepAlive(true, 1000 * 60);
19213
+ // proxy agents (e.g. agent-base) may return a generic Duplex stream
19214
+ // that doesn't have setKeepAlive, so guard before calling
19215
+ if (typeof socket.setKeepAlive === 'function') {
19216
+ socket.setKeepAlive(true, 1000 * 60);
19217
+ }
18874
19218
 
18875
19219
  // Install a single 'error' listener per socket (not per request) to avoid
18876
19220
  // accumulating listeners on pooled keep-alive sockets that get reassigned
@@ -18900,9 +19244,9 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18900
19244
  });
18901
19245
 
18902
19246
  // Handle request timeout
18903
- if (config.timeout) {
19247
+ if (own('timeout')) {
18904
19248
  // This is forcing a int timeout to avoid problems if the `req` interface doesn't handle other types.
18905
- const timeout = parseInt(config.timeout, 10);
19249
+ const timeout = parseInt(own('timeout'), 10);
18906
19250
  if (Number.isNaN(timeout)) {
18907
19251
  abort(new AxiosError('error trying to parse `config.timeout` to int', AxiosError.ERR_BAD_OPTION_VALUE, config, req));
18908
19252
  return;
@@ -18946,12 +19290,13 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
18946
19290
  }
18947
19291
  });
18948
19292
 
18949
- // Enforce maxBodyLength for streamed uploads on the native http/https
18950
- // transport (maxRedirects === 0); follow-redirects enforces it on the
18951
- // other path.
19293
+ // Enforce maxBodyLength for streamed uploads on every transport that
19294
+ // does not apply options.maxBodyLength itself (native http/https, http2,
19295
+ // and user-supplied custom transports). The follow-redirects transport
19296
+ // enforces it on the redirected HTTP/1 path.
18952
19297
  let uploadStream = data;
18953
- if (config.maxBodyLength > -1 && config.maxRedirects === 0) {
18954
- const limit = config.maxBodyLength;
19298
+ if (maxBodyLength > -1 && !transportEnforcesMaxBodyLength) {
19299
+ const limit = maxBodyLength;
18955
19300
  let bytesSent = 0;
18956
19301
  uploadStream = stream.pipeline([data, new stream.Transform({
18957
19302
  transform(chunk, _enc, cb) {
@@ -19012,7 +19357,11 @@ var cookies = platform.hasStandardBrowserEnv ?
19012
19357
  const cookie = cookies[i].replace(/^\s+/, '');
19013
19358
  const eq = cookie.indexOf('=');
19014
19359
  if (eq !== -1 && cookie.slice(0, eq) === name) {
19015
- return decodeURIComponent(cookie.slice(eq + 1));
19360
+ try {
19361
+ return decodeURIComponent(cookie.slice(eq + 1));
19362
+ } catch (e) {
19363
+ return cookie.slice(eq + 1);
19364
+ }
19016
19365
  }
19017
19366
  }
19018
19367
  return null;
@@ -19042,6 +19391,7 @@ const headersToObject = thing => thing instanceof AxiosHeaders ? _objectSpread2(
19042
19391
  */
19043
19392
  function mergeConfig(config1, config2) {
19044
19393
  // eslint-disable-next-line no-param-reassign
19394
+ config1 = config1 || {};
19045
19395
  config2 = config2 || {};
19046
19396
 
19047
19397
  // Use a null-prototype object so that downstream reads such as `config.auth`
@@ -19093,6 +19443,23 @@ function mergeConfig(config1, config2) {
19093
19443
  return getMergedValue(undefined, a);
19094
19444
  }
19095
19445
  }
19446
+ function getMergedTransitionalOption(prop) {
19447
+ const transitional2 = utils$1$1.hasOwnProp(config2, 'transitional') ? config2.transitional : undefined;
19448
+ if (!utils$1$1.isUndefined(transitional2)) {
19449
+ if (utils$1$1.isPlainObject(transitional2)) {
19450
+ if (utils$1$1.hasOwnProp(transitional2, prop)) {
19451
+ return transitional2[prop];
19452
+ }
19453
+ } else {
19454
+ return undefined;
19455
+ }
19456
+ }
19457
+ const transitional1 = utils$1$1.hasOwnProp(config1, 'transitional') ? config1.transitional : undefined;
19458
+ if (utils$1$1.isPlainObject(transitional1) && utils$1$1.hasOwnProp(transitional1, prop)) {
19459
+ return transitional1[prop];
19460
+ }
19461
+ return undefined;
19462
+ }
19096
19463
 
19097
19464
  // eslint-disable-next-line consistent-return
19098
19465
  function mergeDirectKeys(a, b, prop) {
@@ -19142,6 +19509,13 @@ function mergeConfig(config1, config2) {
19142
19509
  const configValue = merge(a, b, prop);
19143
19510
  utils$1$1.isUndefined(configValue) && merge !== mergeDirectKeys || (config[prop] = configValue);
19144
19511
  });
19512
+ if (utils$1$1.hasOwnProp(config2, 'validateStatus') && utils$1$1.isUndefined(config2.validateStatus) && getMergedTransitionalOption('validateStatusUndefinedResolves') === false) {
19513
+ if (utils$1$1.hasOwnProp(config1, 'validateStatus')) {
19514
+ config.validateStatus = getMergedValue(undefined, config1.validateStatus);
19515
+ } else {
19516
+ delete config.validateStatus;
19517
+ }
19518
+ }
19145
19519
  return config;
19146
19520
  }
19147
19521
  const FORM_DATA_CONTENT_HEADERS = ['content-type', 'content-length'];
@@ -19150,7 +19524,7 @@ function setFormDataHeaders(headers, formHeaders, policy) {
19150
19524
  headers.set(formHeaders);
19151
19525
  return;
19152
19526
  }
19153
- Object.entries(formHeaders).forEach(([key, val]) => {
19527
+ Object.entries(formHeaders || {}).forEach(([key, val]) => {
19154
19528
  if (FORM_DATA_CONTENT_HEADERS.includes(key.toLowerCase())) {
19155
19529
  headers.set(key, val);
19156
19530
  }
@@ -19165,8 +19539,8 @@ function setFormDataHeaders(headers, formHeaders, policy) {
19165
19539
  *
19166
19540
  * @returns {string} UTF-8 bytes as a Latin-1 string
19167
19541
  */
19168
- const encodeUTF8 = str => encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
19169
- var resolveConfig = config => {
19542
+ const encodeUTF8$1 = str => encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
19543
+ function resolveConfig(config) {
19170
19544
  const newConfig = mergeConfig({}, config);
19171
19545
 
19172
19546
  // Read only own properties to prevent prototype pollution gadgets
@@ -19182,15 +19556,21 @@ var resolveConfig = config => {
19182
19556
  const allowAbsoluteUrls = own('allowAbsoluteUrls');
19183
19557
  const url = own('url');
19184
19558
  newConfig.headers = headers = AxiosHeaders.from(headers);
19185
- newConfig.url = buildURL(buildFullPath(baseURL, url, allowAbsoluteUrls), config.params, config.paramsSerializer);
19559
+ newConfig.url = buildURL(buildFullPath(baseURL, url, allowAbsoluteUrls, newConfig), own('params'), own('paramsSerializer'));
19186
19560
 
19187
19561
  // HTTP basic authentication
19188
19562
  if (auth) {
19189
- headers.set('Authorization', 'Basic ' + btoa((auth.username || '') + ':' + (auth.password ? encodeUTF8(auth.password) : '')));
19563
+ const username = utils$1$1.getSafeProp(auth, 'username') || '';
19564
+ const password = utils$1$1.getSafeProp(auth, 'password') || '';
19565
+ try {
19566
+ headers.set('Authorization', 'Basic ' + btoa(username + ':' + (password ? encodeUTF8$1(password) : '')));
19567
+ } catch (e) {
19568
+ throw AxiosError.from(e, AxiosError.ERR_BAD_OPTION_VALUE, config);
19569
+ }
19190
19570
  }
19191
19571
  if (utils$1$1.isFormData(data)) {
19192
- if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv) {
19193
- headers.setContentType(undefined); // browser handles it
19572
+ if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv || utils$1$1.isReactNative(data)) {
19573
+ headers.setContentType(undefined); // browser/web worker/RN handles it
19194
19574
  } else if (utils$1$1.isFunction(data.getHeaders)) {
19195
19575
  // Node.js FormData (like form-data package)
19196
19576
  setFormDataHeaders(headers, data.getHeaders(), own('formDataHeaderPolicy'));
@@ -19218,7 +19598,7 @@ var resolveConfig = config => {
19218
19598
  }
19219
19599
  }
19220
19600
  return newConfig;
19221
- };
19601
+ }
19222
19602
  const isXHRAdapterSupported = typeof XMLHttpRequest !== 'undefined';
19223
19603
  var xhrAdapter = isXHRAdapterSupported && function (config) {
19224
19604
  return new Promise(function dispatchXhrRequest(resolve, reject) {
@@ -19386,6 +19766,7 @@ var xhrAdapter = isXHRAdapterSupported && function (config) {
19386
19766
  const protocol = parseProtocol(_config.url);
19387
19767
  if (protocol && !platform.protocols.includes(protocol)) {
19388
19768
  reject(new AxiosError('Unsupported protocol ' + protocol + ':', AxiosError.ERR_BAD_REQUEST, config));
19769
+ done();
19389
19770
  return;
19390
19771
  }
19391
19772
 
@@ -19423,7 +19804,9 @@ const composeSignals = (signals, timeout) => {
19423
19804
  });
19424
19805
  signals = null;
19425
19806
  };
19426
- signals.forEach(signal => signal.addEventListener('abort', onabort));
19807
+ signals.forEach(signal => signal.addEventListener('abort', onabort, {
19808
+ once: true
19809
+ }));
19427
19810
  const {
19428
19811
  signal
19429
19812
  } = controller;
@@ -19546,6 +19929,31 @@ const DEFAULT_CHUNK_SIZE = 64 * 1024;
19546
19929
  const {
19547
19930
  isFunction
19548
19931
  } = utils$1$1;
19932
+
19933
+ /**
19934
+ * Encode a UTF-8 string to a Latin-1 byte string for use with btoa().
19935
+ * This is a modern replacement for the deprecated unescape(encodeURIComponent(str)) pattern.
19936
+ *
19937
+ * @param {string} str The string to encode
19938
+ *
19939
+ * @returns {string} UTF-8 bytes as a Latin-1 string
19940
+ */
19941
+ const encodeUTF8 = str => encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
19942
+
19943
+ // Node's WHATWG URL parser returns `username` and `password` percent-encoded.
19944
+ // Decode before composing the `auth` option so credentials such as
19945
+ // `my%40email.com:pass` are sent as `my@email.com:pass`. Falls back to the
19946
+ // original value for malformed input so a bad encoding never throws.
19947
+ const decodeURIComponentSafe = value => {
19948
+ if (!utils$1$1.isString(value)) {
19949
+ return value;
19950
+ }
19951
+ try {
19952
+ return decodeURIComponent(value);
19953
+ } catch (error) {
19954
+ return value;
19955
+ }
19956
+ };
19549
19957
  const test = (fn, ...args) => {
19550
19958
  try {
19551
19959
  return !!fn(...args);
@@ -19553,6 +19961,14 @@ const test = (fn, ...args) => {
19553
19961
  return false;
19554
19962
  }
19555
19963
  };
19964
+ const maybeWithAuthCredentials = url => {
19965
+ const protocolIndex = url.indexOf('://');
19966
+ let urlToCheck = url;
19967
+ if (protocolIndex !== -1) {
19968
+ urlToCheck = urlToCheck.slice(protocolIndex + 3);
19969
+ }
19970
+ return urlToCheck.includes('@') || urlToCheck.includes(':');
19971
+ };
19556
19972
  const factory = env => {
19557
19973
  const globalObject = utils$1$1.global !== undefined && utils$1$1.global !== null ? utils$1$1.global : globalThis;
19558
19974
  const {
@@ -19656,6 +20072,7 @@ const factory = env => {
19656
20072
  } = resolveConfig(config);
19657
20073
  const hasMaxContentLength = utils$1$1.isNumber(maxContentLength) && maxContentLength > -1;
19658
20074
  const hasMaxBodyLength = utils$1$1.isNumber(maxBodyLength) && maxBodyLength > -1;
20075
+ const own = key => utils$1$1.hasOwnProp(config, key) ? config[key] : undefined;
19659
20076
  let _fetch = envFetch || fetch;
19660
20077
  responseType = responseType ? (responseType + '').toLowerCase() : 'text';
19661
20078
  let composedSignal = composeSignals([signal, cancelToken && cancelToken.toAbortSignal()], timeout);
@@ -19664,7 +20081,46 @@ const factory = env => {
19664
20081
  composedSignal.unsubscribe();
19665
20082
  });
19666
20083
  let requestContentLength;
20084
+
20085
+ // AxiosError we raise while the request body is being streamed. Captured
20086
+ // by identity so the catch block can surface it directly, regardless of
20087
+ // how the runtime wraps the resulting fetch rejection (undici exposes it
20088
+ // as `err.cause`; some browsers drop the original error entirely).
20089
+ let pendingBodyError = null;
20090
+ const maxBodyLengthError = () => new AxiosError('Request body larger than maxBodyLength limit', AxiosError.ERR_BAD_REQUEST, config, request);
19667
20091
  try {
20092
+ // HTTP basic authentication
20093
+ let auth = undefined;
20094
+ const configAuth = own('auth');
20095
+ if (configAuth) {
20096
+ const username = utils$1$1.getSafeProp(configAuth, 'username') || '';
20097
+ const password = utils$1$1.getSafeProp(configAuth, 'password') || '';
20098
+ auth = {
20099
+ username,
20100
+ password
20101
+ };
20102
+ }
20103
+ if (maybeWithAuthCredentials(url)) {
20104
+ const parsedURL = new URL(url, platform.origin);
20105
+ if (!auth && (parsedURL.username || parsedURL.password)) {
20106
+ const urlUsername = decodeURIComponentSafe(parsedURL.username);
20107
+ const urlPassword = decodeURIComponentSafe(parsedURL.password);
20108
+ auth = {
20109
+ username: urlUsername,
20110
+ password: urlPassword
20111
+ };
20112
+ }
20113
+ if (parsedURL.username || parsedURL.password) {
20114
+ parsedURL.username = '';
20115
+ parsedURL.password = '';
20116
+ url = parsedURL.href;
20117
+ }
20118
+ }
20119
+ if (auth) {
20120
+ headers.delete('authorization');
20121
+ headers.set('Authorization', 'Basic ' + btoa(encodeUTF8((auth.username || '') + ':' + (auth.password || ''))));
20122
+ }
20123
+
19668
20124
  // Enforce maxContentLength for data: URLs up-front so we never materialize
19669
20125
  // an oversized payload. The HTTP adapter applies the same check (see http.js
19670
20126
  // "if (protocol === 'data:')" branch).
@@ -19675,30 +20131,54 @@ const factory = env => {
19675
20131
  }
19676
20132
  }
19677
20133
 
19678
- // Enforce maxBodyLength against the outbound request body before dispatch.
19679
- // Mirrors http.js behavior (ERR_BAD_REQUEST / 'Request body larger than
19680
- // maxBodyLength limit'). Skip when the body length cannot be determined
19681
- // (e.g. a live ReadableStream supplied by the caller).
20134
+ // Enforce maxBodyLength against known-size bodies before dispatch using
20135
+ // the body's *actual* size never a caller-declared Content-Length,
20136
+ // which could under-report to slip an oversized body past the check.
20137
+ // Unknown-size streams return undefined here and are counted per-chunk
20138
+ // below as fetch consumes them.
19682
20139
  if (hasMaxBodyLength && method !== 'get' && method !== 'head') {
19683
- const outboundLength = await resolveBodyLength(headers, data);
19684
- if (typeof outboundLength === 'number' && isFinite(outboundLength) && outboundLength > maxBodyLength) {
19685
- throw new AxiosError('Request body larger than maxBodyLength limit', AxiosError.ERR_BAD_REQUEST, config, request);
20140
+ const outboundLength = await getBodyLength(data);
20141
+ if (typeof outboundLength === 'number' && isFinite(outboundLength)) {
20142
+ requestContentLength = outboundLength;
20143
+ if (outboundLength > maxBodyLength) {
20144
+ throw maxBodyLengthError();
20145
+ }
19686
20146
  }
19687
20147
  }
19688
- if (onUploadProgress && supportsRequestStream && method !== 'get' && method !== 'head' && (requestContentLength = await resolveBodyLength(headers, data)) !== 0) {
19689
- let _request = new Request(url, {
19690
- method: 'POST',
19691
- body: data,
19692
- duplex: 'half'
19693
- });
19694
- let contentTypeHeader;
19695
- if (utils$1$1.isFormData(data) && (contentTypeHeader = _request.headers.get('content-type'))) {
19696
- headers.setContentType(contentTypeHeader);
20148
+
20149
+ // A streamed body under maxBodyLength must be counted as fetch consumes
20150
+ // it; its size is never trusted from a caller-declared Content-Length.
20151
+ const mustEnforceStreamBody = hasMaxBodyLength && (utils$1$1.isReadableStream(data) || utils$1$1.isStream(data));
20152
+ const trackRequestStream = (stream, onProgress, flush) => trackStream(stream, DEFAULT_CHUNK_SIZE, loadedBytes => {
20153
+ if (hasMaxBodyLength && loadedBytes > maxBodyLength) {
20154
+ throw pendingBodyError = maxBodyLengthError();
19697
20155
  }
19698
- if (_request.body) {
19699
- const [onProgress, flush] = progressEventDecorator(requestContentLength, progressEventReducer(asyncDecorator(onUploadProgress)));
19700
- data = trackStream(_request.body, DEFAULT_CHUNK_SIZE, onProgress, flush);
20156
+ onProgress && onProgress(loadedBytes);
20157
+ }, flush);
20158
+ if (supportsRequestStream && method !== 'get' && method !== 'head' && (onUploadProgress || mustEnforceStreamBody)) {
20159
+ requestContentLength = requestContentLength == null ? await resolveBodyLength(headers, data) : requestContentLength;
20160
+
20161
+ // A declared length of 0 is only trusted to skip the wrap when we are
20162
+ // not enforcing a stream limit (which must not rely on that header).
20163
+ if (requestContentLength !== 0 || mustEnforceStreamBody) {
20164
+ let _request = new Request(url, {
20165
+ method: 'POST',
20166
+ body: data,
20167
+ duplex: 'half'
20168
+ });
20169
+ let contentTypeHeader;
20170
+ if (utils$1$1.isFormData(data) && (contentTypeHeader = _request.headers.get('content-type'))) {
20171
+ headers.setContentType(contentTypeHeader);
20172
+ }
20173
+ if (_request.body) {
20174
+ const [onProgress, flush] = onUploadProgress && progressEventDecorator(requestContentLength, progressEventReducer(asyncDecorator(onUploadProgress))) || [];
20175
+ data = trackRequestStream(_request.body, onProgress, flush);
20176
+ }
19701
20177
  }
20178
+ } else if (mustEnforceStreamBody && !isRequestSupported && isReadableStreamSupported && method !== 'get' && method !== 'head') {
20179
+ data = trackRequestStream(data);
20180
+ } else if (mustEnforceStreamBody && isRequestSupported && !supportsRequestStream && method !== 'get' && method !== 'head') {
20181
+ throw new AxiosError('Stream request bodies are not supported by the current fetch implementation', AxiosError.ERR_NOT_SUPPORT, config, request);
19702
20182
  }
19703
20183
  if (!utils$1$1.isString(withCredentials)) {
19704
20184
  withCredentials = withCredentials ? 'include' : 'omit';
@@ -19729,11 +20209,12 @@ const factory = env => {
19729
20209
  });
19730
20210
  request = isRequestSupported && new Request(url, resolvedOptions);
19731
20211
  let response = await (isRequestSupported ? _fetch(request, fetchOptions) : _fetch(url, resolvedOptions));
20212
+ const responseHeaders = AxiosHeaders.from(response.headers);
19732
20213
 
19733
20214
  // Cheap pre-check: if the server honestly declares a content-length that
19734
20215
  // already exceeds the cap, reject before we start streaming.
19735
20216
  if (hasMaxContentLength) {
19736
- const declaredLength = utils$1$1.toFiniteNumber(response.headers.get('content-length'));
20217
+ const declaredLength = utils$1$1.toFiniteNumber(responseHeaders.getContentLength());
19737
20218
  if (declaredLength != null && declaredLength > maxContentLength) {
19738
20219
  throw new AxiosError('maxContentLength size of ' + maxContentLength + ' exceeded', AxiosError.ERR_BAD_RESPONSE, config, request);
19739
20220
  }
@@ -19744,7 +20225,7 @@ const factory = env => {
19744
20225
  ['status', 'statusText', 'headers'].forEach(prop => {
19745
20226
  options[prop] = response[prop];
19746
20227
  });
19747
- const responseContentLength = utils$1$1.toFiniteNumber(response.headers.get('content-length'));
20228
+ const responseContentLength = utils$1$1.toFiniteNumber(responseHeaders.getContentLength());
19748
20229
  const [onProgress, flush] = onDownloadProgress && progressEventDecorator(responseContentLength, progressEventReducer(asyncDecorator(onDownloadProgress), true)) || [];
19749
20230
  let bytesRead = 0;
19750
20231
  const onChunkProgress = loadedBytes => {
@@ -19803,13 +20284,48 @@ const factory = env => {
19803
20284
  const canceledError = composedSignal.reason;
19804
20285
  canceledError.config = config;
19805
20286
  request && (canceledError.request = request);
19806
- err !== canceledError && (canceledError.cause = err);
20287
+ if (err !== canceledError) {
20288
+ // Non-enumerable to match native Error `cause` semantics so loggers
20289
+ // don't recurse into circular fetch internals (see #7205).
20290
+ Object.defineProperty(canceledError, 'cause', {
20291
+ __proto__: null,
20292
+ value: err,
20293
+ writable: true,
20294
+ enumerable: false,
20295
+ configurable: true
20296
+ });
20297
+ }
19807
20298
  throw canceledError;
19808
20299
  }
20300
+
20301
+ // Surface a maxBodyLength violation we raised while the request body was
20302
+ // being streamed. Matching by identity (rather than reading
20303
+ // `err.cause.isAxiosError`) keeps the error deterministic across runtimes
20304
+ // and avoids both prototype-pollution reads and mis-attributing a foreign
20305
+ // AxiosError that merely happened to land in `err.cause`.
20306
+ if (pendingBodyError) {
20307
+ request && !pendingBodyError.request && (pendingBodyError.request = request);
20308
+ throw pendingBodyError;
20309
+ }
20310
+
20311
+ // Re-throw AxiosErrors we raised synchronously (data: URL / content-length
20312
+ // pre-checks, response size enforcement) without re-wrapping them.
20313
+ if (err instanceof AxiosError) {
20314
+ request && !err.request && (err.request = request);
20315
+ throw err;
20316
+ }
19809
20317
  if (err && err.name === 'TypeError' && /Load failed|fetch/i.test(err.message)) {
19810
- throw Object.assign(new AxiosError('Network Error', AxiosError.ERR_NETWORK, config, request, err && err.response), {
19811
- cause: err.cause || err
20318
+ const networkError = new AxiosError('Network Error', AxiosError.ERR_NETWORK, config, request, err && err.response);
20319
+ // Non-enumerable to match native Error `cause` semantics so loggers
20320
+ // don't recurse into circular fetch internals (see #7205).
20321
+ Object.defineProperty(networkError, 'cause', {
20322
+ __proto__: null,
20323
+ value: err.cause || err,
20324
+ writable: true,
20325
+ enumerable: false,
20326
+ configurable: true
19812
20327
  });
20328
+ throw networkError;
19813
20329
  }
19814
20330
  throw AxiosError.from(err, err && err.code, config, request, err && err.response);
19815
20331
  }
@@ -19928,7 +20444,7 @@ function getAdapter(adapters, config) {
19928
20444
  if (!adapter) {
19929
20445
  const reasons = Object.entries(rejectedReasons).map(([id, state]) => `adapter ${id} ` + (state === false ? 'is not supported by the environment' : 'is not available in the build'));
19930
20446
  let s = length ? reasons.length > 1 ? 'since :\n' + reasons.map(renderReason).join('\n') : ' ' + renderReason(reasons[0]) : 'as no adapter specified';
19931
- throw new AxiosError(`There is no suitable adapter to dispatch the request ` + s, 'ERR_NOT_SUPPORT');
20447
+ throw new AxiosError(`There is no suitable adapter to dispatch the request ` + s, AxiosError.ERR_NOT_SUPPORT);
19932
20448
  }
19933
20449
  return adapter;
19934
20450
  }
@@ -20070,7 +20586,7 @@ validators$1.spelling = function spelling(correctSpelling) {
20070
20586
  */
20071
20587
 
20072
20588
  function assertOptions(options, schema, allowUnknown) {
20073
- if (typeof options !== 'object') {
20589
+ if (typeof options !== 'object' || options === null) {
20074
20590
  throw new AxiosError('options must be an object', AxiosError.ERR_BAD_OPTION_VALUE);
20075
20591
  }
20076
20592
  const keys = Object.keys(options);
@@ -20178,7 +20694,9 @@ class Axios {
20178
20694
  silentJSONParsing: validators.transitional(validators.boolean),
20179
20695
  forcedJSONParsing: validators.transitional(validators.boolean),
20180
20696
  clarifyTimeoutError: validators.transitional(validators.boolean),
20181
- legacyInterceptorReqResOrdering: validators.transitional(validators.boolean)
20697
+ legacyInterceptorReqResOrdering: validators.transitional(validators.boolean),
20698
+ advertiseZstdAcceptEncoding: validators.transitional(validators.boolean),
20699
+ validateStatusUndefinedResolves: validators.transitional(validators.boolean)
20182
20700
  }, false);
20183
20701
  }
20184
20702
  if (paramsSerializer != null) {
@@ -20275,7 +20793,7 @@ class Axios {
20275
20793
  }
20276
20794
  getUri(config) {
20277
20795
  config = mergeConfig(this.defaults, config);
20278
- const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls);
20796
+ const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls, config);
20279
20797
  return buildURL(fullPath, config.params, config.paramsSerializer);
20280
20798
  }
20281
20799
  }
@@ -20287,7 +20805,7 @@ utils$1$1.forEach(['delete', 'get', 'head', 'options'], function forEachMethodNo
20287
20805
  return this.request(mergeConfig(config || {}, {
20288
20806
  method,
20289
20807
  url,
20290
- data: (config || {}).data
20808
+ data: config && utils$1$1.hasOwnProp(config, 'data') ? config.data : undefined
20291
20809
  }));
20292
20810
  };
20293
20811
  });
@@ -23998,54 +24516,72 @@ const $ = (t, n, o, e, r) => {
23998
24516
  return e;
23999
24517
  };
24000
24518
 
24001
- var _typeof = typeof Symbol === "function" && typeof Symbol.iterator === "symbol" ? function (obj) {
24002
- return typeof obj;
24003
- } : function (obj) {
24004
- return obj && typeof Symbol === "function" && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj;
24005
- };
24006
- var _slicedToArray = function () {
24007
- function sliceIterator(arr, i) {
24008
- var _arr = [];
24009
- var _n = true;
24010
- var _d = false;
24011
- var _e = undefined;
24519
+ function _toConsumableArray(r) {
24520
+ return _arrayWithoutHoles(r) || _iterableToArray(r) || _unsupportedIterableToArray(r) || _nonIterableSpread();
24521
+ }
24522
+ function _nonIterableSpread() {
24523
+ throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
24524
+ }
24525
+ function _iterableToArray(r) {
24526
+ if ("undefined" != typeof Symbol && null != r[Symbol.iterator] || null != r["@@iterator"]) return Array.from(r);
24527
+ }
24528
+ function _arrayWithoutHoles(r) {
24529
+ if (Array.isArray(r)) return _arrayLikeToArray(r);
24530
+ }
24531
+ function _typeof(o) {
24532
+ "@babel/helpers - typeof";
24533
+
24534
+ return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (o) {
24535
+ return typeof o;
24536
+ } : function (o) {
24537
+ return o && "function" == typeof Symbol && o.constructor === Symbol && o !== Symbol.prototype ? "symbol" : typeof o;
24538
+ }, _typeof(o);
24539
+ }
24540
+ function _slicedToArray(r, e) {
24541
+ return _arrayWithHoles(r) || _iterableToArrayLimit(r, e) || _unsupportedIterableToArray(r, e) || _nonIterableRest();
24542
+ }
24543
+ function _nonIterableRest() {
24544
+ throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
24545
+ }
24546
+ function _unsupportedIterableToArray(r, a) {
24547
+ if (r) {
24548
+ if ("string" == typeof r) return _arrayLikeToArray(r, a);
24549
+ var t = {}.toString.call(r).slice(8, -1);
24550
+ return "Object" === t && r.constructor && (t = r.constructor.name), "Map" === t || "Set" === t ? Array.from(r) : "Arguments" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? _arrayLikeToArray(r, a) : void 0;
24551
+ }
24552
+ }
24553
+ function _arrayLikeToArray(r, a) {
24554
+ (null == a || a > r.length) && (a = r.length);
24555
+ for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e];
24556
+ return n;
24557
+ }
24558
+ function _iterableToArrayLimit(r, l) {
24559
+ var t = null == r ? null : "undefined" != typeof Symbol && r[Symbol.iterator] || r["@@iterator"];
24560
+ if (null != t) {
24561
+ var e,
24562
+ n,
24563
+ i,
24564
+ u,
24565
+ a = [],
24566
+ f = true,
24567
+ o = false;
24012
24568
  try {
24013
- for (var _i = arr[Symbol.iterator](), _s; !(_n = (_s = _i.next()).done); _n = true) {
24014
- _arr.push(_s.value);
24015
- if (i && _arr.length === i) break;
24016
- }
24017
- } catch (err) {
24018
- _d = true;
24019
- _e = err;
24569
+ if (i = (t = t.call(r)).next, 0 === l) ; else for (; !(f = (e = i.call(t)).done) && (a.push(e.value), a.length !== l); f = !0);
24570
+ } catch (r) {
24571
+ o = true, n = r;
24020
24572
  } finally {
24021
24573
  try {
24022
- if (!_n && _i["return"]) _i["return"]();
24574
+ if (!f && null != t.return && (u = t.return(), Object(u) !== u)) return;
24023
24575
  } finally {
24024
- if (_d) throw _e;
24576
+ if (o) throw n;
24025
24577
  }
24026
24578
  }
24027
- return _arr;
24028
- }
24029
- return function (arr, i) {
24030
- if (Array.isArray(arr)) {
24031
- return arr;
24032
- } else if (Symbol.iterator in Object(arr)) {
24033
- return sliceIterator(arr, i);
24034
- } else {
24035
- throw new TypeError("Invalid attempt to destructure non-iterable instance");
24036
- }
24037
- };
24038
- }();
24039
- function _toConsumableArray(arr) {
24040
- if (Array.isArray(arr)) {
24041
- for (var i = 0, arr2 = Array(arr.length); i < arr.length; i++) {
24042
- arr2[i] = arr[i];
24043
- }
24044
- return arr2;
24045
- } else {
24046
- return Array.from(arr);
24579
+ return a;
24047
24580
  }
24048
24581
  }
24582
+ function _arrayWithHoles(r) {
24583
+ if (Array.isArray(r)) return r;
24584
+ }
24049
24585
  var UNRESOLVED_LINK = {}; // unique object to avoid polyfill bloat using Symbol()
24050
24586
 
24051
24587
  /**
@@ -24079,9 +24615,9 @@ var isResourceLink = function isResourceLink(object) {
24079
24615
  */
24080
24616
  var makeEntityMapKeys = function makeEntityMapKeys(sys) {
24081
24617
  if (sys.space && sys.environment) {
24082
- return [sys.type + '!' + sys.id, sys.space.sys.id + '!' + sys.environment.sys.id + '!' + sys.type + '!' + sys.id];
24618
+ return ["".concat(sys.type, "!").concat(sys.id), "".concat(sys.space.sys.id, "!").concat(sys.environment.sys.id, "!").concat(sys.type, "!").concat(sys.id)];
24083
24619
  }
24084
- return [sys.type + '!' + sys.id];
24620
+ return ["".concat(sys.type, "!").concat(sys.id)];
24085
24621
  };
24086
24622
 
24087
24623
  /**
@@ -24101,9 +24637,9 @@ var lookupInEntityMap = function lookupInEntityMap(entityMap, linkData) {
24101
24637
  spaceId = linkData.spaceId,
24102
24638
  environmentId = linkData.environmentId;
24103
24639
  if (spaceId && environmentId) {
24104
- return entityMap.get(spaceId + '!' + environmentId + '!' + linkType + '!' + entryId);
24640
+ return entityMap.get("".concat(spaceId, "!").concat(environmentId, "!").concat(linkType, "!").concat(entryId));
24105
24641
  }
24106
- return entityMap.get(linkType + '!' + entryId);
24642
+ return entityMap.get("".concat(linkType, "!").concat(entryId));
24107
24643
  };
24108
24644
  var getIdsFromUrn = function getIdsFromUrn(urn) {
24109
24645
  var regExp = /.*:spaces\/([^/]+)(?:\/environments\/([^/]+))?\/entries\/([^/]+)$/;
@@ -24112,13 +24648,12 @@ var getIdsFromUrn = function getIdsFromUrn(urn) {
24112
24648
  }
24113
24649
 
24114
24650
  // eslint-disable-next-line no-unused-vars
24115
-
24116
24651
  var _urn$match = urn.match(regExp),
24117
24652
  _urn$match2 = _slicedToArray(_urn$match, 4);
24118
24653
  _urn$match2[0];
24119
24654
  var spaceId = _urn$match2[1],
24120
24655
  _urn$match2$ = _urn$match2[2],
24121
- environmentId = _urn$match2$ === undefined ? 'master' : _urn$match2$,
24656
+ environmentId = _urn$match2$ === void 0 ? 'master' : _urn$match2$,
24122
24657
  entryId = _urn$match2[3];
24123
24658
  return {
24124
24659
  spaceId: spaceId,
@@ -24190,15 +24725,15 @@ var cleanUpLinks = function cleanUpLinks(input) {
24190
24725
  * @param removeUnresolved
24191
24726
  * @return {*}
24192
24727
  */
24193
- var walkMutate = function walkMutate(input, predicate, mutator, removeUnresolved) {
24728
+ var _walkMutate = function walkMutate(input, predicate, mutator, removeUnresolved) {
24194
24729
  if (predicate(input)) {
24195
24730
  return mutator(input);
24196
24731
  }
24197
- if (input && (typeof input === 'undefined' ? 'undefined' : _typeof(input)) === 'object') {
24732
+ if (input && _typeof(input) === 'object') {
24198
24733
  for (var key in input) {
24199
24734
  // eslint-disable-next-line no-prototype-builtins
24200
24735
  if (input.hasOwnProperty(key)) {
24201
- input[key] = walkMutate(input[key], predicate, mutator, removeUnresolved);
24736
+ input[key] = _walkMutate(input[key], predicate, mutator, removeUnresolved);
24202
24737
  }
24203
24738
  }
24204
24739
  if (removeUnresolved) {
@@ -24257,7 +24792,7 @@ var resolveResponse = function resolveResponse(response, options) {
24257
24792
  }, []));
24258
24793
  allEntries.forEach(function (item) {
24259
24794
  var entryObject = makeEntryObject(item, options.itemEntryPoints);
24260
- Object.assign(item, walkMutate(entryObject, function (x) {
24795
+ Object.assign(item, _walkMutate(entryObject, function (x) {
24261
24796
  return isLink(x) || isResourceLink(x);
24262
24797
  }, function (link) {
24263
24798
  return normalizeLink(entityMap, link, options.removeUnresolved);
@@ -24268,9 +24803,9 @@ var resolveResponse = function resolveResponse(response, options) {
24268
24803
 
24269
24804
  var stringify = {exports: {}};
24270
24805
 
24271
- (function (module, exports$1) {
24272
- exports$1 = module.exports = stringify;
24273
- exports$1.getSerialize = serializer;
24806
+ (function (module, exports) {
24807
+ exports = module.exports = stringify;
24808
+ exports.getSerialize = serializer;
24274
24809
  function stringify(obj, replacer, spaces, cycleReplacer) {
24275
24810
  return JSON.stringify(obj, serializer(replacer, cycleReplacer), spaces);
24276
24811
  }