reflex-search 1.5.1 → 1.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/node_modules/.package-lock.json +15 -15
- package/node_modules/axios/CHANGELOG.md +126 -1
- package/node_modules/axios/README.md +390 -257
- package/node_modules/axios/dist/axios.js +511 -154
- package/node_modules/axios/dist/axios.min.js +3 -3
- package/node_modules/axios/dist/axios.min.js.map +1 -1
- package/node_modules/axios/dist/browser/axios.cjs +537 -124
- package/node_modules/axios/dist/esm/axios.js +537 -124
- package/node_modules/axios/dist/esm/axios.min.js +2 -2
- package/node_modules/axios/dist/esm/axios.min.js.map +1 -1
- package/node_modules/axios/dist/node/axios.cjs +753 -226
- package/node_modules/axios/index.d.cts +27 -4
- package/node_modules/axios/index.d.ts +23 -2
- package/node_modules/axios/lib/adapters/adapters.js +1 -1
- package/node_modules/axios/lib/adapters/fetch.js +217 -47
- package/node_modules/axios/lib/adapters/http.js +274 -169
- package/node_modules/axios/lib/adapters/xhr.js +1 -0
- package/node_modules/axios/lib/core/Axios.js +4 -2
- package/node_modules/axios/lib/core/AxiosError.js +13 -1
- package/node_modules/axios/lib/core/AxiosHeaders.js +12 -9
- package/node_modules/axios/lib/core/buildFullPath.js +29 -1
- package/node_modules/axios/lib/core/mergeConfig.js +35 -0
- package/node_modules/axios/lib/defaults/transitional.js +2 -0
- package/node_modules/axios/lib/env/data.js +1 -1
- package/node_modules/axios/lib/helpers/AxiosURLSearchParams.js +1 -3
- package/node_modules/axios/lib/helpers/Http2Sessions.js +119 -0
- package/node_modules/axios/lib/helpers/buildURL.js +7 -4
- package/node_modules/axios/lib/helpers/composeSignals.js +1 -1
- package/node_modules/axios/lib/helpers/cookies.js +5 -1
- package/node_modules/axios/lib/helpers/estimateDataURLDecodedBytes.js +16 -11
- package/node_modules/axios/lib/helpers/formDataToJSON.js +25 -3
- package/node_modules/axios/lib/helpers/formDataToStream.js +2 -2
- package/node_modules/axios/lib/helpers/fromDataURI.js +4 -2
- package/node_modules/axios/lib/helpers/resolveConfig.js +26 -13
- package/node_modules/axios/lib/helpers/shouldBypassProxy.js +33 -1
- package/node_modules/axios/lib/helpers/toFormData.js +48 -12
- package/node_modules/axios/lib/helpers/validator.js +1 -1
- package/node_modules/axios/lib/utils.js +97 -12
- package/node_modules/axios/package.json +29 -13
- package/node_modules/brace-expansion/dist/commonjs/index.js +24 -14
- package/node_modules/brace-expansion/dist/commonjs/index.js.map +1 -1
- package/node_modules/brace-expansion/dist/esm/index.js +24 -14
- package/node_modules/brace-expansion/dist/esm/index.js.map +1 -1
- package/node_modules/brace-expansion/package.json +2 -2
- package/node_modules/form-data/CHANGELOG.md +29 -2
- package/node_modules/form-data/README.md +4 -4
- package/node_modules/form-data/lib/form_data.js +14 -2
- package/node_modules/form-data/package.json +7 -7
- package/node_modules/hasown/CHANGELOG.md +18 -0
- package/node_modules/hasown/eslint.config.mjs +6 -0
- package/node_modules/hasown/package.json +13 -14
- package/npm-shrinkwrap.json +16 -16
- package/package.json +2 -2
- package/node_modules/axios/dist/axios.js.map +0 -1
- package/node_modules/axios/dist/browser/axios.cjs.map +0 -1
- package/node_modules/axios/dist/esm/axios.js.map +0 -1
- package/node_modules/axios/dist/node/axios.cjs.map +0 -1
- package/node_modules/hasown/.eslintrc +0 -5
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! Axios v1.
|
|
1
|
+
/*! Axios v1.18.1 Copyright (c) 2026 Matt Zabriskie and contributors */
|
|
2
2
|
'use strict';
|
|
3
3
|
|
|
4
4
|
/**
|
|
@@ -20,6 +20,57 @@ const { toString } = Object.prototype;
|
|
|
20
20
|
const { getPrototypeOf } = Object;
|
|
21
21
|
const { iterator, toStringTag } = Symbol;
|
|
22
22
|
|
|
23
|
+
/* Creating a function that will check if an object has a property. */
|
|
24
|
+
const hasOwnProperty = (
|
|
25
|
+
({ hasOwnProperty }) =>
|
|
26
|
+
(obj, prop) =>
|
|
27
|
+
hasOwnProperty.call(obj, prop)
|
|
28
|
+
)(Object.prototype);
|
|
29
|
+
|
|
30
|
+
/**
|
|
31
|
+
* Walk the prototype chain (excluding the shared Object.prototype) looking for
|
|
32
|
+
* an own `prop`. This distinguishes genuine own/inherited members — including
|
|
33
|
+
* class accessors and template prototypes — from members injected via
|
|
34
|
+
* Object.prototype pollution (e.g. `Object.prototype.username = '...'`), which
|
|
35
|
+
* live on Object.prototype itself and are therefore never matched.
|
|
36
|
+
*
|
|
37
|
+
* @param {*} thing The value whose chain to inspect
|
|
38
|
+
* @param {string|symbol} prop The property key to look for
|
|
39
|
+
*
|
|
40
|
+
* @returns {boolean} True when `prop` is owned below Object.prototype
|
|
41
|
+
*/
|
|
42
|
+
const hasOwnInPrototypeChain = (thing, prop) => {
|
|
43
|
+
let obj = thing;
|
|
44
|
+
const seen = [];
|
|
45
|
+
|
|
46
|
+
while (obj != null && obj !== Object.prototype) {
|
|
47
|
+
if (seen.indexOf(obj) !== -1) {
|
|
48
|
+
return false;
|
|
49
|
+
}
|
|
50
|
+
seen.push(obj);
|
|
51
|
+
|
|
52
|
+
if (hasOwnProperty(obj, prop)) {
|
|
53
|
+
return true;
|
|
54
|
+
}
|
|
55
|
+
obj = getPrototypeOf(obj);
|
|
56
|
+
}
|
|
57
|
+
return false;
|
|
58
|
+
};
|
|
59
|
+
|
|
60
|
+
/**
|
|
61
|
+
* Read `obj[prop]` only when it is safe from Object.prototype pollution. Own
|
|
62
|
+
* properties and members inherited from a non-Object.prototype source (a class
|
|
63
|
+
* instance or template object) are honored; a value reachable only through a
|
|
64
|
+
* polluted Object.prototype is ignored and `undefined` is returned.
|
|
65
|
+
*
|
|
66
|
+
* @param {*} obj The source object
|
|
67
|
+
* @param {string|symbol} prop The property key to read
|
|
68
|
+
*
|
|
69
|
+
* @returns {*} The resolved value, or undefined when unsafe/absent
|
|
70
|
+
*/
|
|
71
|
+
const getSafeProp = (obj, prop) =>
|
|
72
|
+
obj != null && hasOwnInPrototypeChain(obj, prop) ? obj[prop] : undefined;
|
|
73
|
+
|
|
23
74
|
const kindOf = ((cache) => (thing) => {
|
|
24
75
|
const str = toString.call(thing);
|
|
25
76
|
return cache[str] || (cache[str] = str.slice(8, -1).toLowerCase());
|
|
@@ -145,7 +196,7 @@ const isBoolean = (thing) => thing === true || thing === false;
|
|
|
145
196
|
* @returns {boolean} True if value is a plain Object, otherwise false
|
|
146
197
|
*/
|
|
147
198
|
const isPlainObject = (val) => {
|
|
148
|
-
if (
|
|
199
|
+
if (!isObject(val)) {
|
|
149
200
|
return false;
|
|
150
201
|
}
|
|
151
202
|
|
|
@@ -153,9 +204,12 @@ const isPlainObject = (val) => {
|
|
|
153
204
|
return (
|
|
154
205
|
(prototype === null ||
|
|
155
206
|
prototype === Object.prototype ||
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
207
|
+
getPrototypeOf(prototype) === null) &&
|
|
208
|
+
// Treat any genuine (non-Object.prototype-polluted) Symbol.toStringTag or
|
|
209
|
+
// Symbol.iterator as evidence the value is a tagged/iterable type rather
|
|
210
|
+
// than a plain object, while ignoring keys injected onto Object.prototype.
|
|
211
|
+
!hasOwnInPrototypeChain(val, toStringTag) &&
|
|
212
|
+
!hasOwnInPrototypeChain(val, iterator)
|
|
159
213
|
);
|
|
160
214
|
};
|
|
161
215
|
|
|
@@ -424,7 +478,9 @@ function merge(...objs) {
|
|
|
424
478
|
return;
|
|
425
479
|
}
|
|
426
480
|
|
|
427
|
-
|
|
481
|
+
// findKey lowercases the key, so caseless lookup only applies to strings —
|
|
482
|
+
// symbol keys are identity-matched.
|
|
483
|
+
const targetKey = (caseless && typeof key === 'string' && findKey(result, key)) || key;
|
|
428
484
|
// Read via own-prop only — a bare `result[targetKey]` walks the prototype
|
|
429
485
|
// chain, so a polluted Object.prototype value could surface here and get
|
|
430
486
|
// copied into the merged result.
|
|
@@ -441,7 +497,24 @@ function merge(...objs) {
|
|
|
441
497
|
};
|
|
442
498
|
|
|
443
499
|
for (let i = 0, l = objs.length; i < l; i++) {
|
|
444
|
-
|
|
500
|
+
const source = objs[i];
|
|
501
|
+
if (!source || isBuffer(source)) {
|
|
502
|
+
continue;
|
|
503
|
+
}
|
|
504
|
+
|
|
505
|
+
forEach(source, assignValue);
|
|
506
|
+
|
|
507
|
+
if (typeof source !== 'object' || isArray(source)) {
|
|
508
|
+
continue;
|
|
509
|
+
}
|
|
510
|
+
|
|
511
|
+
const symbols = Object.getOwnPropertySymbols(source);
|
|
512
|
+
for (let j = 0; j < symbols.length; j++) {
|
|
513
|
+
const symbol = symbols[j];
|
|
514
|
+
if (propertyIsEnumerable.call(source, symbol)) {
|
|
515
|
+
assignValue(source[symbol], symbol);
|
|
516
|
+
}
|
|
517
|
+
}
|
|
445
518
|
}
|
|
446
519
|
return result;
|
|
447
520
|
}
|
|
@@ -663,12 +736,7 @@ const toCamelCase = (str) => {
|
|
|
663
736
|
});
|
|
664
737
|
};
|
|
665
738
|
|
|
666
|
-
|
|
667
|
-
const hasOwnProperty = (
|
|
668
|
-
({ hasOwnProperty }) =>
|
|
669
|
-
(obj, prop) =>
|
|
670
|
-
hasOwnProperty.call(obj, prop)
|
|
671
|
-
)(Object.prototype);
|
|
739
|
+
const { propertyIsEnumerable } = Object.prototype;
|
|
672
740
|
|
|
673
741
|
/**
|
|
674
742
|
* Determine if a value is a RegExp object
|
|
@@ -881,6 +949,20 @@ const asap =
|
|
|
881
949
|
|
|
882
950
|
const isIterable = (thing) => thing != null && isFunction$1(thing[iterator]);
|
|
883
951
|
|
|
952
|
+
/**
|
|
953
|
+
* Determine if a value is iterable via an iterator that is NOT sourced solely
|
|
954
|
+
* from a polluted Object.prototype. Use this instead of `isIterable` whenever
|
|
955
|
+
* the iterable comes from untrusted input (e.g. user-supplied header sources),
|
|
956
|
+
* so `Object.prototype[Symbol.iterator] = ...` cannot turn an ordinary object
|
|
957
|
+
* into an attacker-controlled entries iterator.
|
|
958
|
+
*
|
|
959
|
+
* @param {*} thing The value to test
|
|
960
|
+
*
|
|
961
|
+
* @returns {boolean} True if value has a non-polluted iterator
|
|
962
|
+
*/
|
|
963
|
+
const isSafeIterable = (thing) =>
|
|
964
|
+
thing != null && hasOwnInPrototypeChain(thing, iterator) && isIterable(thing);
|
|
965
|
+
|
|
884
966
|
var utils$1 = {
|
|
885
967
|
isArray,
|
|
886
968
|
isArrayBuffer,
|
|
@@ -925,6 +1007,8 @@ var utils$1 = {
|
|
|
925
1007
|
isHTMLForm,
|
|
926
1008
|
hasOwnProperty,
|
|
927
1009
|
hasOwnProp: hasOwnProperty, // an alias to avoid ESLint no-prototype-builtins detection
|
|
1010
|
+
hasOwnInPrototypeChain,
|
|
1011
|
+
getSafeProp,
|
|
928
1012
|
reduceDescriptors,
|
|
929
1013
|
freezeMethods,
|
|
930
1014
|
toObjectSet,
|
|
@@ -941,6 +1025,7 @@ var utils$1 = {
|
|
|
941
1025
|
setImmediate: _setImmediate,
|
|
942
1026
|
asap,
|
|
943
1027
|
isIterable,
|
|
1028
|
+
isSafeIterable,
|
|
944
1029
|
};
|
|
945
1030
|
|
|
946
1031
|
// RawAxiosHeaders whose duplicates are ignored by node
|
|
@@ -1151,7 +1236,7 @@ class AxiosHeaders {
|
|
|
1151
1236
|
const lHeader = normalizeHeader(_header);
|
|
1152
1237
|
|
|
1153
1238
|
if (!lHeader) {
|
|
1154
|
-
|
|
1239
|
+
return;
|
|
1155
1240
|
}
|
|
1156
1241
|
|
|
1157
1242
|
const key = utils$1.findKey(self, lHeader);
|
|
@@ -1173,20 +1258,23 @@ class AxiosHeaders {
|
|
|
1173
1258
|
setHeaders(header, valueOrRewrite);
|
|
1174
1259
|
} else if (utils$1.isString(header) && (header = header.trim()) && !isValidHeaderName(header)) {
|
|
1175
1260
|
setHeaders(parseHeaders(header), valueOrRewrite);
|
|
1176
|
-
} else if (utils$1.isObject(header) && utils$1.
|
|
1177
|
-
let obj =
|
|
1261
|
+
} else if (utils$1.isObject(header) && utils$1.isSafeIterable(header)) {
|
|
1262
|
+
let obj = Object.create(null),
|
|
1178
1263
|
dest,
|
|
1179
1264
|
key;
|
|
1180
1265
|
for (const entry of header) {
|
|
1181
1266
|
if (!utils$1.isArray(entry)) {
|
|
1182
|
-
throw TypeError('Object iterator must return a key-value pair');
|
|
1267
|
+
throw new TypeError('Object iterator must return a key-value pair');
|
|
1183
1268
|
}
|
|
1184
1269
|
|
|
1185
|
-
|
|
1186
|
-
|
|
1187
|
-
|
|
1188
|
-
|
|
1189
|
-
: entry[1];
|
|
1270
|
+
key = entry[0];
|
|
1271
|
+
|
|
1272
|
+
if (utils$1.hasOwnProp(obj, key)) {
|
|
1273
|
+
dest = obj[key];
|
|
1274
|
+
obj[key] = utils$1.isArray(dest) ? [...dest, entry[1]] : [dest, entry[1]];
|
|
1275
|
+
} else {
|
|
1276
|
+
obj[key] = entry[1];
|
|
1277
|
+
}
|
|
1190
1278
|
}
|
|
1191
1279
|
|
|
1192
1280
|
setHeaders(obj, valueOrRewrite);
|
|
@@ -1479,7 +1567,19 @@ function redactConfig(config, redactKeys) {
|
|
|
1479
1567
|
class AxiosError extends Error {
|
|
1480
1568
|
static from(error, code, config, request, response, customProps) {
|
|
1481
1569
|
const axiosError = new AxiosError(error.message, code || error.code, config, request, response);
|
|
1482
|
-
|
|
1570
|
+
// Match native `Error` `cause` semantics: non-enumerable. The wrapped
|
|
1571
|
+
// error often carries circular internals (sockets, requests, agents), so
|
|
1572
|
+
// an enumerable `cause` makes structured loggers (pino/winston) and any
|
|
1573
|
+
// own-property walk throw "Converting circular structure to JSON".
|
|
1574
|
+
// Regression from #6982; see #7205. `__proto__: null` mirrors the
|
|
1575
|
+
// `message` descriptor below (prototype-pollution-safe descriptor).
|
|
1576
|
+
Object.defineProperty(axiosError, 'cause', {
|
|
1577
|
+
__proto__: null,
|
|
1578
|
+
value: error,
|
|
1579
|
+
writable: true,
|
|
1580
|
+
enumerable: false,
|
|
1581
|
+
configurable: true,
|
|
1582
|
+
});
|
|
1483
1583
|
axiosError.name = error.name;
|
|
1484
1584
|
|
|
1485
1585
|
// Preserve status from the original error if not already set from response
|
|
@@ -1580,6 +1680,10 @@ AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED = 'ERR_FORM_DATA_DEPTH_EXCEEDED';
|
|
|
1580
1680
|
// eslint-disable-next-line strict
|
|
1581
1681
|
var httpAdapter = null;
|
|
1582
1682
|
|
|
1683
|
+
// Default nesting limit shared with the inverse transform (formDataToJSON) so
|
|
1684
|
+
// the FormData <-> JSON round-trip stays symmetric.
|
|
1685
|
+
const DEFAULT_FORM_DATA_MAX_DEPTH = 100;
|
|
1686
|
+
|
|
1583
1687
|
/**
|
|
1584
1688
|
* Determines if the given thing is a array or js object.
|
|
1585
1689
|
*
|
|
@@ -1690,8 +1794,9 @@ function toFormData(obj, formData, options) {
|
|
|
1690
1794
|
const dots = options.dots;
|
|
1691
1795
|
const indexes = options.indexes;
|
|
1692
1796
|
const _Blob = options.Blob || (typeof Blob !== 'undefined' && Blob);
|
|
1693
|
-
const maxDepth = options.maxDepth === undefined ?
|
|
1797
|
+
const maxDepth = options.maxDepth === undefined ? DEFAULT_FORM_DATA_MAX_DEPTH : options.maxDepth;
|
|
1694
1798
|
const useBlob = _Blob && utils$1.isSpecCompliantForm(formData);
|
|
1799
|
+
const stack = [];
|
|
1695
1800
|
|
|
1696
1801
|
if (!utils$1.isFunction(visitor)) {
|
|
1697
1802
|
throw new TypeError('visitor must be a function');
|
|
@@ -1713,12 +1818,50 @@ function toFormData(obj, formData, options) {
|
|
|
1713
1818
|
}
|
|
1714
1819
|
|
|
1715
1820
|
if (utils$1.isArrayBuffer(value) || utils$1.isTypedArray(value)) {
|
|
1716
|
-
|
|
1821
|
+
if (useBlob && typeof _Blob === 'function') {
|
|
1822
|
+
return new _Blob([value]);
|
|
1823
|
+
}
|
|
1824
|
+
if (typeof Buffer !== 'undefined') {
|
|
1825
|
+
return Buffer.from(value);
|
|
1826
|
+
}
|
|
1827
|
+
throw new AxiosError('Blob is not supported. Use a Buffer instead.', AxiosError.ERR_NOT_SUPPORT);
|
|
1717
1828
|
}
|
|
1718
1829
|
|
|
1719
1830
|
return value;
|
|
1720
1831
|
}
|
|
1721
1832
|
|
|
1833
|
+
function throwIfMaxDepthExceeded(depth) {
|
|
1834
|
+
if (depth > maxDepth) {
|
|
1835
|
+
throw new AxiosError(
|
|
1836
|
+
'Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth,
|
|
1837
|
+
AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED
|
|
1838
|
+
);
|
|
1839
|
+
}
|
|
1840
|
+
}
|
|
1841
|
+
|
|
1842
|
+
function stringifyWithDepthLimit(value, depth) {
|
|
1843
|
+
if (maxDepth === Infinity) {
|
|
1844
|
+
return JSON.stringify(value);
|
|
1845
|
+
}
|
|
1846
|
+
|
|
1847
|
+
const ancestors = [];
|
|
1848
|
+
|
|
1849
|
+
return JSON.stringify(value, function limitDepth(_key, currentValue) {
|
|
1850
|
+
if (!utils$1.isObject(currentValue)) {
|
|
1851
|
+
return currentValue;
|
|
1852
|
+
}
|
|
1853
|
+
|
|
1854
|
+
while (ancestors.length && ancestors[ancestors.length - 1] !== this) {
|
|
1855
|
+
ancestors.pop();
|
|
1856
|
+
}
|
|
1857
|
+
|
|
1858
|
+
ancestors.push(currentValue);
|
|
1859
|
+
throwIfMaxDepthExceeded(depth + ancestors.length - 1);
|
|
1860
|
+
|
|
1861
|
+
return currentValue;
|
|
1862
|
+
});
|
|
1863
|
+
}
|
|
1864
|
+
|
|
1722
1865
|
/**
|
|
1723
1866
|
* Default visitor.
|
|
1724
1867
|
*
|
|
@@ -1742,7 +1885,7 @@ function toFormData(obj, formData, options) {
|
|
|
1742
1885
|
// eslint-disable-next-line no-param-reassign
|
|
1743
1886
|
key = metaTokens ? key : key.slice(0, -2);
|
|
1744
1887
|
// eslint-disable-next-line no-param-reassign
|
|
1745
|
-
value =
|
|
1888
|
+
value = stringifyWithDepthLimit(value, 1);
|
|
1746
1889
|
} else if (
|
|
1747
1890
|
(utils$1.isArray(value) && isFlatArray(value)) ||
|
|
1748
1891
|
((utils$1.isFileList(value) || utils$1.endsWith(key, '[]')) && (arr = utils$1.toArray(value)))
|
|
@@ -1775,8 +1918,6 @@ function toFormData(obj, formData, options) {
|
|
|
1775
1918
|
return false;
|
|
1776
1919
|
}
|
|
1777
1920
|
|
|
1778
|
-
const stack = [];
|
|
1779
|
-
|
|
1780
1921
|
const exposedHelpers = Object.assign(predicates, {
|
|
1781
1922
|
defaultVisitor,
|
|
1782
1923
|
convertValue,
|
|
@@ -1786,15 +1927,10 @@ function toFormData(obj, formData, options) {
|
|
|
1786
1927
|
function build(value, path, depth = 0) {
|
|
1787
1928
|
if (utils$1.isUndefined(value)) return;
|
|
1788
1929
|
|
|
1789
|
-
|
|
1790
|
-
throw new AxiosError(
|
|
1791
|
-
'Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth,
|
|
1792
|
-
AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED
|
|
1793
|
-
);
|
|
1794
|
-
}
|
|
1930
|
+
throwIfMaxDepthExceeded(depth);
|
|
1795
1931
|
|
|
1796
1932
|
if (stack.indexOf(value) !== -1) {
|
|
1797
|
-
throw Error('Circular reference detected in ' + path.join('.'));
|
|
1933
|
+
throw new Error('Circular reference detected in ' + path.join('.'));
|
|
1798
1934
|
}
|
|
1799
1935
|
|
|
1800
1936
|
stack.push(value);
|
|
@@ -1865,9 +2001,7 @@ prototype.append = function append(name, value) {
|
|
|
1865
2001
|
|
|
1866
2002
|
prototype.toString = function toString(encoder) {
|
|
1867
2003
|
const _encode = encoder
|
|
1868
|
-
?
|
|
1869
|
-
return encoder.call(this, value, encode$1);
|
|
1870
|
-
}
|
|
2004
|
+
? (value) => encoder.call(this, value, encode$1)
|
|
1871
2005
|
: encode$1;
|
|
1872
2006
|
|
|
1873
2007
|
return this._pairs
|
|
@@ -1906,8 +2040,7 @@ function buildURL(url, params, options) {
|
|
|
1906
2040
|
if (!params) {
|
|
1907
2041
|
return url;
|
|
1908
2042
|
}
|
|
1909
|
-
|
|
1910
|
-
const _encode = (options && options.encode) || encode;
|
|
2043
|
+
url = url || '';
|
|
1911
2044
|
|
|
1912
2045
|
const _options = utils$1.isFunction(options)
|
|
1913
2046
|
? {
|
|
@@ -1915,7 +2048,11 @@ function buildURL(url, params, options) {
|
|
|
1915
2048
|
}
|
|
1916
2049
|
: options;
|
|
1917
2050
|
|
|
1918
|
-
|
|
2051
|
+
// Read serializer options pollution-safely: own properties and methods on a
|
|
2052
|
+
// class/template prototype are honored, but values injected onto a polluted
|
|
2053
|
+
// Object.prototype are ignored.
|
|
2054
|
+
const _encode = utils$1.getSafeProp(_options, 'encode') || encode;
|
|
2055
|
+
const serializeFn = utils$1.getSafeProp(_options, 'serialize');
|
|
1919
2056
|
|
|
1920
2057
|
let serializedParams;
|
|
1921
2058
|
|
|
@@ -2011,6 +2148,8 @@ var transitionalDefaults = {
|
|
|
2011
2148
|
forcedJSONParsing: true,
|
|
2012
2149
|
clarifyTimeoutError: false,
|
|
2013
2150
|
legacyInterceptorReqResOrdering: true,
|
|
2151
|
+
advertiseZstdAcceptEncoding: false,
|
|
2152
|
+
validateStatusUndefinedResolves: true,
|
|
2014
2153
|
};
|
|
2015
2154
|
|
|
2016
2155
|
var URLSearchParams$1 = typeof URLSearchParams !== 'undefined' ? URLSearchParams : AxiosURLSearchParams;
|
|
@@ -2102,6 +2241,17 @@ function toURLEncodedForm(data, options) {
|
|
|
2102
2241
|
});
|
|
2103
2242
|
}
|
|
2104
2243
|
|
|
2244
|
+
const MAX_DEPTH = DEFAULT_FORM_DATA_MAX_DEPTH;
|
|
2245
|
+
|
|
2246
|
+
function throwIfDepthExceeded(index) {
|
|
2247
|
+
if (index > MAX_DEPTH) {
|
|
2248
|
+
throw new AxiosError(
|
|
2249
|
+
'FormData field is too deeply nested (' + index + ' levels). Max depth: ' + MAX_DEPTH,
|
|
2250
|
+
AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED
|
|
2251
|
+
);
|
|
2252
|
+
}
|
|
2253
|
+
}
|
|
2254
|
+
|
|
2105
2255
|
/**
|
|
2106
2256
|
* It takes a string like `foo[x][y][z]` and returns an array like `['foo', 'x', 'y', 'z']
|
|
2107
2257
|
*
|
|
@@ -2114,9 +2264,16 @@ function parsePropPath(name) {
|
|
|
2114
2264
|
// foo.x.y.z
|
|
2115
2265
|
// foo-x-y-z
|
|
2116
2266
|
// foo x y z
|
|
2117
|
-
|
|
2118
|
-
|
|
2119
|
-
|
|
2267
|
+
const path = [];
|
|
2268
|
+
const pattern = /\w+|\[(\w*)]/g;
|
|
2269
|
+
let match;
|
|
2270
|
+
|
|
2271
|
+
while ((match = pattern.exec(name)) !== null) {
|
|
2272
|
+
throwIfDepthExceeded(path.length);
|
|
2273
|
+
path.push(match[0] === '[]' ? '' : match[1] || match[0]);
|
|
2274
|
+
}
|
|
2275
|
+
|
|
2276
|
+
return path;
|
|
2120
2277
|
}
|
|
2121
2278
|
|
|
2122
2279
|
/**
|
|
@@ -2148,6 +2305,8 @@ function arrayToObject(arr) {
|
|
|
2148
2305
|
*/
|
|
2149
2306
|
function formDataToJSON(formData) {
|
|
2150
2307
|
function buildPath(path, value, target, index) {
|
|
2308
|
+
throwIfDepthExceeded(index);
|
|
2309
|
+
|
|
2151
2310
|
let name = path[index++];
|
|
2152
2311
|
|
|
2153
2312
|
if (name === '__proto__') return true;
|
|
@@ -2633,7 +2792,11 @@ var cookies = platform.hasStandardBrowserEnv
|
|
|
2633
2792
|
const cookie = cookies[i].replace(/^\s+/, '');
|
|
2634
2793
|
const eq = cookie.indexOf('=');
|
|
2635
2794
|
if (eq !== -1 && cookie.slice(0, eq) === name) {
|
|
2636
|
-
|
|
2795
|
+
try {
|
|
2796
|
+
return decodeURIComponent(cookie.slice(eq + 1));
|
|
2797
|
+
} catch (e) {
|
|
2798
|
+
return cookie.slice(eq + 1);
|
|
2799
|
+
}
|
|
2637
2800
|
}
|
|
2638
2801
|
}
|
|
2639
2802
|
return null;
|
|
@@ -2684,6 +2847,31 @@ function combineURLs(baseURL, relativeURL) {
|
|
|
2684
2847
|
: baseURL;
|
|
2685
2848
|
}
|
|
2686
2849
|
|
|
2850
|
+
const malformedHttpProtocol = /^https?:(?!\/\/)/i;
|
|
2851
|
+
const httpProtocolControlCharacters = /[\t\n\r]/g;
|
|
2852
|
+
|
|
2853
|
+
function stripLeadingC0ControlOrSpace(url) {
|
|
2854
|
+
let i = 0;
|
|
2855
|
+
while (i < url.length && url.charCodeAt(i) <= 0x20) {
|
|
2856
|
+
i++;
|
|
2857
|
+
}
|
|
2858
|
+
return url.slice(i);
|
|
2859
|
+
}
|
|
2860
|
+
|
|
2861
|
+
function normalizeURLForProtocolCheck(url) {
|
|
2862
|
+
return stripLeadingC0ControlOrSpace(url).replace(httpProtocolControlCharacters, '');
|
|
2863
|
+
}
|
|
2864
|
+
|
|
2865
|
+
function assertValidHttpProtocolURL(url, config) {
|
|
2866
|
+
if (typeof url === 'string' && malformedHttpProtocol.test(normalizeURLForProtocolCheck(url))) {
|
|
2867
|
+
throw new AxiosError(
|
|
2868
|
+
'Invalid URL: missing "//" after protocol',
|
|
2869
|
+
AxiosError.ERR_INVALID_URL,
|
|
2870
|
+
config
|
|
2871
|
+
);
|
|
2872
|
+
}
|
|
2873
|
+
}
|
|
2874
|
+
|
|
2687
2875
|
/**
|
|
2688
2876
|
* Creates a new URL by combining the baseURL with the requestedURL,
|
|
2689
2877
|
* only when the requestedURL is not already an absolute URL.
|
|
@@ -2694,9 +2882,11 @@ function combineURLs(baseURL, relativeURL) {
|
|
|
2694
2882
|
*
|
|
2695
2883
|
* @returns {string} The combined full path
|
|
2696
2884
|
*/
|
|
2697
|
-
function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls) {
|
|
2885
|
+
function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls, config) {
|
|
2886
|
+
assertValidHttpProtocolURL(requestedURL, config);
|
|
2698
2887
|
let isRelativeUrl = !isAbsoluteURL(requestedURL);
|
|
2699
2888
|
if (baseURL && (isRelativeUrl || allowAbsoluteUrls === false)) {
|
|
2889
|
+
assertValidHttpProtocolURL(baseURL, config);
|
|
2700
2890
|
return combineURLs(baseURL, requestedURL);
|
|
2701
2891
|
}
|
|
2702
2892
|
return requestedURL;
|
|
@@ -2715,6 +2905,7 @@ const headersToObject = (thing) => (thing instanceof AxiosHeaders ? { ...thing }
|
|
|
2715
2905
|
*/
|
|
2716
2906
|
function mergeConfig(config1, config2) {
|
|
2717
2907
|
// eslint-disable-next-line no-param-reassign
|
|
2908
|
+
config1 = config1 || {};
|
|
2718
2909
|
config2 = config2 || {};
|
|
2719
2910
|
|
|
2720
2911
|
// Use a null-prototype object so that downstream reads such as `config.auth`
|
|
@@ -2767,6 +2958,28 @@ function mergeConfig(config1, config2) {
|
|
|
2767
2958
|
}
|
|
2768
2959
|
}
|
|
2769
2960
|
|
|
2961
|
+
function getMergedTransitionalOption(prop) {
|
|
2962
|
+
const transitional2 = utils$1.hasOwnProp(config2, 'transitional') ? config2.transitional : undefined;
|
|
2963
|
+
|
|
2964
|
+
if (!utils$1.isUndefined(transitional2)) {
|
|
2965
|
+
if (utils$1.isPlainObject(transitional2)) {
|
|
2966
|
+
if (utils$1.hasOwnProp(transitional2, prop)) {
|
|
2967
|
+
return transitional2[prop];
|
|
2968
|
+
}
|
|
2969
|
+
} else {
|
|
2970
|
+
return undefined;
|
|
2971
|
+
}
|
|
2972
|
+
}
|
|
2973
|
+
|
|
2974
|
+
const transitional1 = utils$1.hasOwnProp(config1, 'transitional') ? config1.transitional : undefined;
|
|
2975
|
+
|
|
2976
|
+
if (utils$1.isPlainObject(transitional1) && utils$1.hasOwnProp(transitional1, prop)) {
|
|
2977
|
+
return transitional1[prop];
|
|
2978
|
+
}
|
|
2979
|
+
|
|
2980
|
+
return undefined;
|
|
2981
|
+
}
|
|
2982
|
+
|
|
2770
2983
|
// eslint-disable-next-line consistent-return
|
|
2771
2984
|
function mergeDirectKeys(a, b, prop) {
|
|
2772
2985
|
if (utils$1.hasOwnProp(config2, prop)) {
|
|
@@ -2819,6 +3032,18 @@ function mergeConfig(config1, config2) {
|
|
|
2819
3032
|
(utils$1.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
|
|
2820
3033
|
});
|
|
2821
3034
|
|
|
3035
|
+
if (
|
|
3036
|
+
utils$1.hasOwnProp(config2, 'validateStatus') &&
|
|
3037
|
+
utils$1.isUndefined(config2.validateStatus) &&
|
|
3038
|
+
getMergedTransitionalOption('validateStatusUndefinedResolves') === false
|
|
3039
|
+
) {
|
|
3040
|
+
if (utils$1.hasOwnProp(config1, 'validateStatus')) {
|
|
3041
|
+
config.validateStatus = getMergedValue(undefined, config1.validateStatus);
|
|
3042
|
+
} else {
|
|
3043
|
+
delete config.validateStatus;
|
|
3044
|
+
}
|
|
3045
|
+
}
|
|
3046
|
+
|
|
2822
3047
|
return config;
|
|
2823
3048
|
}
|
|
2824
3049
|
|
|
@@ -2830,7 +3055,7 @@ function setFormDataHeaders(headers, formHeaders, policy) {
|
|
|
2830
3055
|
return;
|
|
2831
3056
|
}
|
|
2832
3057
|
|
|
2833
|
-
Object.entries(formHeaders).forEach(([key, val]) => {
|
|
3058
|
+
Object.entries(formHeaders || {}).forEach(([key, val]) => {
|
|
2834
3059
|
if (FORM_DATA_CONTENT_HEADERS.includes(key.toLowerCase())) {
|
|
2835
3060
|
headers.set(key, val);
|
|
2836
3061
|
}
|
|
@@ -2845,12 +3070,12 @@ function setFormDataHeaders(headers, formHeaders, policy) {
|
|
|
2845
3070
|
*
|
|
2846
3071
|
* @returns {string} UTF-8 bytes as a Latin-1 string
|
|
2847
3072
|
*/
|
|
2848
|
-
const encodeUTF8 = (str) =>
|
|
3073
|
+
const encodeUTF8$1 = (str) =>
|
|
2849
3074
|
encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) =>
|
|
2850
3075
|
String.fromCharCode(parseInt(hex, 16))
|
|
2851
3076
|
);
|
|
2852
3077
|
|
|
2853
|
-
|
|
3078
|
+
function resolveConfig(config) {
|
|
2854
3079
|
const newConfig = mergeConfig({}, config);
|
|
2855
3080
|
|
|
2856
3081
|
// Read only own properties to prevent prototype pollution gadgets
|
|
@@ -2870,23 +3095,33 @@ var resolveConfig = (config) => {
|
|
|
2870
3095
|
newConfig.headers = headers = AxiosHeaders.from(headers);
|
|
2871
3096
|
|
|
2872
3097
|
newConfig.url = buildURL(
|
|
2873
|
-
buildFullPath(baseURL, url, allowAbsoluteUrls),
|
|
2874
|
-
|
|
2875
|
-
|
|
3098
|
+
buildFullPath(baseURL, url, allowAbsoluteUrls, newConfig),
|
|
3099
|
+
own('params'),
|
|
3100
|
+
own('paramsSerializer')
|
|
2876
3101
|
);
|
|
2877
3102
|
|
|
2878
3103
|
// HTTP basic authentication
|
|
2879
3104
|
if (auth) {
|
|
2880
|
-
|
|
2881
|
-
|
|
2882
|
-
|
|
2883
|
-
|
|
2884
|
-
|
|
3105
|
+
const username = utils$1.getSafeProp(auth, 'username') || '';
|
|
3106
|
+
const password = utils$1.getSafeProp(auth, 'password') || '';
|
|
3107
|
+
|
|
3108
|
+
try {
|
|
3109
|
+
headers.set(
|
|
3110
|
+
'Authorization',
|
|
3111
|
+
'Basic ' + btoa(username + ':' + (password ? encodeUTF8$1(password) : ''))
|
|
3112
|
+
);
|
|
3113
|
+
} catch (e) {
|
|
3114
|
+
throw AxiosError.from(e, AxiosError.ERR_BAD_OPTION_VALUE, config);
|
|
3115
|
+
}
|
|
2885
3116
|
}
|
|
2886
3117
|
|
|
2887
3118
|
if (utils$1.isFormData(data)) {
|
|
2888
|
-
if (
|
|
2889
|
-
|
|
3119
|
+
if (
|
|
3120
|
+
platform.hasStandardBrowserEnv ||
|
|
3121
|
+
platform.hasStandardBrowserWebWorkerEnv ||
|
|
3122
|
+
utils$1.isReactNative(data)
|
|
3123
|
+
) {
|
|
3124
|
+
headers.setContentType(undefined); // browser/web worker/RN handles it
|
|
2890
3125
|
} else if (utils$1.isFunction(data.getHeaders)) {
|
|
2891
3126
|
// Node.js FormData (like form-data package)
|
|
2892
3127
|
setFormDataHeaders(headers, data.getHeaders(), own('formDataHeaderPolicy'));
|
|
@@ -2918,7 +3153,7 @@ var resolveConfig = (config) => {
|
|
|
2918
3153
|
}
|
|
2919
3154
|
|
|
2920
3155
|
return newConfig;
|
|
2921
|
-
}
|
|
3156
|
+
}
|
|
2922
3157
|
|
|
2923
3158
|
const isXHRAdapterSupported = typeof XMLHttpRequest !== 'undefined';
|
|
2924
3159
|
|
|
@@ -3128,6 +3363,7 @@ var xhrAdapter = isXHRAdapterSupported &&
|
|
|
3128
3363
|
config
|
|
3129
3364
|
)
|
|
3130
3365
|
);
|
|
3366
|
+
done();
|
|
3131
3367
|
return;
|
|
3132
3368
|
}
|
|
3133
3369
|
|
|
@@ -3179,7 +3415,7 @@ const composeSignals = (signals, timeout) => {
|
|
|
3179
3415
|
signals = null;
|
|
3180
3416
|
};
|
|
3181
3417
|
|
|
3182
|
-
signals.forEach((signal) => signal.addEventListener('abort', onabort));
|
|
3418
|
+
signals.forEach((signal) => signal.addEventListener('abort', onabort, { once: true }));
|
|
3183
3419
|
|
|
3184
3420
|
const { signal } = controller;
|
|
3185
3421
|
|
|
@@ -3282,11 +3518,19 @@ const trackStream = (stream, chunkSize, onProgress, onFinish) => {
|
|
|
3282
3518
|
* Estimate decoded byte length of a data:// URL *without* allocating large buffers.
|
|
3283
3519
|
* - For base64: compute exact decoded size using length and padding;
|
|
3284
3520
|
* handle %XX at the character-count level (no string allocation).
|
|
3285
|
-
* - For non-base64:
|
|
3521
|
+
* - For non-base64: compute the exact percent-decoded UTF-8 byte length.
|
|
3286
3522
|
*
|
|
3287
3523
|
* @param {string} url
|
|
3288
3524
|
* @returns {number}
|
|
3289
3525
|
*/
|
|
3526
|
+
const isHexDigit = (charCode) =>
|
|
3527
|
+
(charCode >= 48 && charCode <= 57) ||
|
|
3528
|
+
(charCode >= 65 && charCode <= 70) ||
|
|
3529
|
+
(charCode >= 97 && charCode <= 102);
|
|
3530
|
+
|
|
3531
|
+
const isPercentEncodedByte = (str, i, len) =>
|
|
3532
|
+
i + 2 < len && isHexDigit(str.charCodeAt(i + 1)) && isHexDigit(str.charCodeAt(i + 2));
|
|
3533
|
+
|
|
3290
3534
|
function estimateDataURLDecodedBytes(url) {
|
|
3291
3535
|
if (!url || typeof url !== 'string') return 0;
|
|
3292
3536
|
if (!url.startsWith('data:')) return 0;
|
|
@@ -3306,9 +3550,7 @@ function estimateDataURLDecodedBytes(url) {
|
|
|
3306
3550
|
if (body.charCodeAt(i) === 37 /* '%' */ && i + 2 < len) {
|
|
3307
3551
|
const a = body.charCodeAt(i + 1);
|
|
3308
3552
|
const b = body.charCodeAt(i + 2);
|
|
3309
|
-
const isHex =
|
|
3310
|
-
((a >= 48 && a <= 57) || (a >= 65 && a <= 70) || (a >= 97 && a <= 102)) &&
|
|
3311
|
-
((b >= 48 && b <= 57) || (b >= 65 && b <= 70) || (b >= 97 && b <= 102));
|
|
3553
|
+
const isHex = isHexDigit(a) && isHexDigit(b);
|
|
3312
3554
|
|
|
3313
3555
|
if (isHex) {
|
|
3314
3556
|
effectiveLen -= 2;
|
|
@@ -3349,18 +3591,17 @@ function estimateDataURLDecodedBytes(url) {
|
|
|
3349
3591
|
return bytes > 0 ? bytes : 0;
|
|
3350
3592
|
}
|
|
3351
3593
|
|
|
3352
|
-
if (typeof Buffer !== 'undefined' && typeof Buffer.byteLength === 'function') {
|
|
3353
|
-
return Buffer.byteLength(body, 'utf8');
|
|
3354
|
-
}
|
|
3355
|
-
|
|
3356
3594
|
// Compute UTF-8 byte length directly from UTF-16 code units without allocating
|
|
3357
3595
|
// a byte buffer (TextEncoder.encode would defeat the DoS guard on large bodies).
|
|
3358
|
-
//
|
|
3359
|
-
//
|
|
3596
|
+
// Valid %XX triplets count as one decoded byte; this matches the bytes that
|
|
3597
|
+
// decodeURIComponent(body) would produce before Buffer re-encodes the string.
|
|
3360
3598
|
let bytes = 0;
|
|
3361
3599
|
for (let i = 0, len = body.length; i < len; i++) {
|
|
3362
3600
|
const c = body.charCodeAt(i);
|
|
3363
|
-
if (c
|
|
3601
|
+
if (c === 37 /* '%' */ && isPercentEncodedByte(body, i, len)) {
|
|
3602
|
+
bytes += 1;
|
|
3603
|
+
i += 2;
|
|
3604
|
+
} else if (c < 0x80) {
|
|
3364
3605
|
bytes += 1;
|
|
3365
3606
|
} else if (c < 0x800) {
|
|
3366
3607
|
bytes += 2;
|
|
@@ -3379,12 +3620,41 @@ function estimateDataURLDecodedBytes(url) {
|
|
|
3379
3620
|
return bytes;
|
|
3380
3621
|
}
|
|
3381
3622
|
|
|
3382
|
-
const VERSION = "1.
|
|
3623
|
+
const VERSION = "1.18.1";
|
|
3383
3624
|
|
|
3384
3625
|
const DEFAULT_CHUNK_SIZE = 64 * 1024;
|
|
3385
3626
|
|
|
3386
3627
|
const { isFunction } = utils$1;
|
|
3387
3628
|
|
|
3629
|
+
/**
|
|
3630
|
+
* Encode a UTF-8 string to a Latin-1 byte string for use with btoa().
|
|
3631
|
+
* This is a modern replacement for the deprecated unescape(encodeURIComponent(str)) pattern.
|
|
3632
|
+
*
|
|
3633
|
+
* @param {string} str The string to encode
|
|
3634
|
+
*
|
|
3635
|
+
* @returns {string} UTF-8 bytes as a Latin-1 string
|
|
3636
|
+
*/
|
|
3637
|
+
const encodeUTF8 = (str) =>
|
|
3638
|
+
encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) =>
|
|
3639
|
+
String.fromCharCode(parseInt(hex, 16))
|
|
3640
|
+
);
|
|
3641
|
+
|
|
3642
|
+
// Node's WHATWG URL parser returns `username` and `password` percent-encoded.
|
|
3643
|
+
// Decode before composing the `auth` option so credentials such as
|
|
3644
|
+
// `my%40email.com:pass` are sent as `my@email.com:pass`. Falls back to the
|
|
3645
|
+
// original value for malformed input so a bad encoding never throws.
|
|
3646
|
+
const decodeURIComponentSafe = (value) => {
|
|
3647
|
+
if (!utils$1.isString(value)) {
|
|
3648
|
+
return value;
|
|
3649
|
+
}
|
|
3650
|
+
|
|
3651
|
+
try {
|
|
3652
|
+
return decodeURIComponent(value);
|
|
3653
|
+
} catch (error) {
|
|
3654
|
+
return value;
|
|
3655
|
+
}
|
|
3656
|
+
};
|
|
3657
|
+
|
|
3388
3658
|
const test = (fn, ...args) => {
|
|
3389
3659
|
try {
|
|
3390
3660
|
return !!fn(...args);
|
|
@@ -3393,6 +3663,15 @@ const test = (fn, ...args) => {
|
|
|
3393
3663
|
}
|
|
3394
3664
|
};
|
|
3395
3665
|
|
|
3666
|
+
const maybeWithAuthCredentials = (url) => {
|
|
3667
|
+
const protocolIndex = url.indexOf('://');
|
|
3668
|
+
let urlToCheck = url;
|
|
3669
|
+
if (protocolIndex !== -1) {
|
|
3670
|
+
urlToCheck = urlToCheck.slice(protocolIndex + 3);
|
|
3671
|
+
}
|
|
3672
|
+
return urlToCheck.includes('@') || urlToCheck.includes(':');
|
|
3673
|
+
};
|
|
3674
|
+
|
|
3396
3675
|
const factory = (env) => {
|
|
3397
3676
|
const globalObject =
|
|
3398
3677
|
utils$1.global !== undefined && utils$1.global !== null
|
|
@@ -3540,6 +3819,7 @@ const factory = (env) => {
|
|
|
3540
3819
|
|
|
3541
3820
|
const hasMaxContentLength = utils$1.isNumber(maxContentLength) && maxContentLength > -1;
|
|
3542
3821
|
const hasMaxBodyLength = utils$1.isNumber(maxBodyLength) && maxBodyLength > -1;
|
|
3822
|
+
const own = (key) => (utils$1.hasOwnProp(config, key) ? config[key] : undefined);
|
|
3543
3823
|
|
|
3544
3824
|
let _fetch = envFetch || fetch;
|
|
3545
3825
|
|
|
@@ -3561,7 +3841,61 @@ const factory = (env) => {
|
|
|
3561
3841
|
|
|
3562
3842
|
let requestContentLength;
|
|
3563
3843
|
|
|
3844
|
+
// AxiosError we raise while the request body is being streamed. Captured
|
|
3845
|
+
// by identity so the catch block can surface it directly, regardless of
|
|
3846
|
+
// how the runtime wraps the resulting fetch rejection (undici exposes it
|
|
3847
|
+
// as `err.cause`; some browsers drop the original error entirely).
|
|
3848
|
+
let pendingBodyError = null;
|
|
3849
|
+
|
|
3850
|
+
const maxBodyLengthError = () =>
|
|
3851
|
+
new AxiosError(
|
|
3852
|
+
'Request body larger than maxBodyLength limit',
|
|
3853
|
+
AxiosError.ERR_BAD_REQUEST,
|
|
3854
|
+
config,
|
|
3855
|
+
request
|
|
3856
|
+
);
|
|
3857
|
+
|
|
3564
3858
|
try {
|
|
3859
|
+
// HTTP basic authentication
|
|
3860
|
+
let auth = undefined;
|
|
3861
|
+
const configAuth = own('auth');
|
|
3862
|
+
|
|
3863
|
+
if (configAuth) {
|
|
3864
|
+
const username = utils$1.getSafeProp(configAuth, 'username') || '';
|
|
3865
|
+
const password = utils$1.getSafeProp(configAuth, 'password') || '';
|
|
3866
|
+
auth = {
|
|
3867
|
+
username,
|
|
3868
|
+
password
|
|
3869
|
+
};
|
|
3870
|
+
}
|
|
3871
|
+
|
|
3872
|
+
if (maybeWithAuthCredentials(url)) {
|
|
3873
|
+
const parsedURL = new URL(url, platform.origin);
|
|
3874
|
+
|
|
3875
|
+
if (!auth && (parsedURL.username || parsedURL.password)) {
|
|
3876
|
+
const urlUsername = decodeURIComponentSafe(parsedURL.username);
|
|
3877
|
+
const urlPassword = decodeURIComponentSafe(parsedURL.password);
|
|
3878
|
+
auth = {
|
|
3879
|
+
username: urlUsername,
|
|
3880
|
+
password: urlPassword
|
|
3881
|
+
};
|
|
3882
|
+
}
|
|
3883
|
+
|
|
3884
|
+
if (parsedURL.username || parsedURL.password) {
|
|
3885
|
+
parsedURL.username = '';
|
|
3886
|
+
parsedURL.password = '';
|
|
3887
|
+
url = parsedURL.href;
|
|
3888
|
+
}
|
|
3889
|
+
}
|
|
3890
|
+
|
|
3891
|
+
if (auth) {
|
|
3892
|
+
headers.delete('authorization');
|
|
3893
|
+
headers.set(
|
|
3894
|
+
'Authorization',
|
|
3895
|
+
'Basic ' + btoa(encodeUTF8((auth.username || '') + ':' + (auth.password || '')))
|
|
3896
|
+
);
|
|
3897
|
+
}
|
|
3898
|
+
|
|
3565
3899
|
// Enforce maxContentLength for data: URLs up-front so we never materialize
|
|
3566
3900
|
// an oversized payload. The HTTP adapter applies the same check (see http.js
|
|
3567
3901
|
// "if (protocol === 'data:')" branch).
|
|
@@ -3577,53 +3911,96 @@ const factory = (env) => {
|
|
|
3577
3911
|
}
|
|
3578
3912
|
}
|
|
3579
3913
|
|
|
3580
|
-
// Enforce maxBodyLength against
|
|
3581
|
-
//
|
|
3582
|
-
//
|
|
3583
|
-
//
|
|
3914
|
+
// Enforce maxBodyLength against known-size bodies before dispatch using
|
|
3915
|
+
// the body's *actual* size — never a caller-declared Content-Length,
|
|
3916
|
+
// which could under-report to slip an oversized body past the check.
|
|
3917
|
+
// Unknown-size streams return undefined here and are counted per-chunk
|
|
3918
|
+
// below as fetch consumes them.
|
|
3584
3919
|
if (hasMaxBodyLength && method !== 'get' && method !== 'head') {
|
|
3585
|
-
const outboundLength = await
|
|
3586
|
-
if (
|
|
3587
|
-
|
|
3588
|
-
|
|
3589
|
-
|
|
3590
|
-
|
|
3591
|
-
throw new AxiosError(
|
|
3592
|
-
'Request body larger than maxBodyLength limit',
|
|
3593
|
-
AxiosError.ERR_BAD_REQUEST,
|
|
3594
|
-
config,
|
|
3595
|
-
request
|
|
3596
|
-
);
|
|
3920
|
+
const outboundLength = await getBodyLength(data);
|
|
3921
|
+
if (typeof outboundLength === 'number' && isFinite(outboundLength)) {
|
|
3922
|
+
requestContentLength = outboundLength;
|
|
3923
|
+
if (outboundLength > maxBodyLength) {
|
|
3924
|
+
throw maxBodyLengthError();
|
|
3925
|
+
}
|
|
3597
3926
|
}
|
|
3598
3927
|
}
|
|
3599
3928
|
|
|
3929
|
+
// A streamed body under maxBodyLength must be counted as fetch consumes
|
|
3930
|
+
// it; its size is never trusted from a caller-declared Content-Length.
|
|
3931
|
+
const mustEnforceStreamBody =
|
|
3932
|
+
hasMaxBodyLength && (utils$1.isReadableStream(data) || utils$1.isStream(data));
|
|
3933
|
+
|
|
3934
|
+
const trackRequestStream = (stream, onProgress, flush) =>
|
|
3935
|
+
trackStream(
|
|
3936
|
+
stream,
|
|
3937
|
+
DEFAULT_CHUNK_SIZE,
|
|
3938
|
+
(loadedBytes) => {
|
|
3939
|
+
if (hasMaxBodyLength && loadedBytes > maxBodyLength) {
|
|
3940
|
+
throw (pendingBodyError = maxBodyLengthError());
|
|
3941
|
+
}
|
|
3942
|
+
onProgress && onProgress(loadedBytes);
|
|
3943
|
+
},
|
|
3944
|
+
flush
|
|
3945
|
+
);
|
|
3946
|
+
|
|
3600
3947
|
if (
|
|
3601
|
-
onUploadProgress &&
|
|
3602
3948
|
supportsRequestStream &&
|
|
3603
3949
|
method !== 'get' &&
|
|
3604
3950
|
method !== 'head' &&
|
|
3605
|
-
(
|
|
3951
|
+
(onUploadProgress || mustEnforceStreamBody)
|
|
3606
3952
|
) {
|
|
3607
|
-
|
|
3608
|
-
|
|
3609
|
-
|
|
3610
|
-
|
|
3611
|
-
|
|
3953
|
+
requestContentLength =
|
|
3954
|
+
requestContentLength == null ? await resolveBodyLength(headers, data) : requestContentLength;
|
|
3955
|
+
|
|
3956
|
+
// A declared length of 0 is only trusted to skip the wrap when we are
|
|
3957
|
+
// not enforcing a stream limit (which must not rely on that header).
|
|
3958
|
+
if (requestContentLength !== 0 || mustEnforceStreamBody) {
|
|
3959
|
+
let _request = new Request(url, {
|
|
3960
|
+
method: 'POST',
|
|
3961
|
+
body: data,
|
|
3962
|
+
duplex: 'half',
|
|
3963
|
+
});
|
|
3612
3964
|
|
|
3613
|
-
|
|
3965
|
+
let contentTypeHeader;
|
|
3614
3966
|
|
|
3615
|
-
|
|
3616
|
-
|
|
3617
|
-
|
|
3967
|
+
if (utils$1.isFormData(data) && (contentTypeHeader = _request.headers.get('content-type'))) {
|
|
3968
|
+
headers.setContentType(contentTypeHeader);
|
|
3969
|
+
}
|
|
3618
3970
|
|
|
3619
|
-
|
|
3620
|
-
|
|
3621
|
-
|
|
3622
|
-
|
|
3623
|
-
|
|
3971
|
+
if (_request.body) {
|
|
3972
|
+
const [onProgress, flush] =
|
|
3973
|
+
(onUploadProgress &&
|
|
3974
|
+
progressEventDecorator(
|
|
3975
|
+
requestContentLength,
|
|
3976
|
+
progressEventReducer(asyncDecorator(onUploadProgress))
|
|
3977
|
+
)) ||
|
|
3978
|
+
[];
|
|
3624
3979
|
|
|
3625
|
-
|
|
3980
|
+
data = trackRequestStream(_request.body, onProgress, flush);
|
|
3981
|
+
}
|
|
3626
3982
|
}
|
|
3983
|
+
} else if (
|
|
3984
|
+
mustEnforceStreamBody &&
|
|
3985
|
+
!isRequestSupported &&
|
|
3986
|
+
isReadableStreamSupported &&
|
|
3987
|
+
method !== 'get' &&
|
|
3988
|
+
method !== 'head'
|
|
3989
|
+
) {
|
|
3990
|
+
data = trackRequestStream(data);
|
|
3991
|
+
} else if (
|
|
3992
|
+
mustEnforceStreamBody &&
|
|
3993
|
+
isRequestSupported &&
|
|
3994
|
+
!supportsRequestStream &&
|
|
3995
|
+
method !== 'get' &&
|
|
3996
|
+
method !== 'head'
|
|
3997
|
+
) {
|
|
3998
|
+
throw new AxiosError(
|
|
3999
|
+
'Stream request bodies are not supported by the current fetch implementation',
|
|
4000
|
+
AxiosError.ERR_NOT_SUPPORT,
|
|
4001
|
+
config,
|
|
4002
|
+
request
|
|
4003
|
+
);
|
|
3627
4004
|
}
|
|
3628
4005
|
|
|
3629
4006
|
if (!utils$1.isString(withCredentials)) {
|
|
@@ -3666,10 +4043,12 @@ const factory = (env) => {
|
|
|
3666
4043
|
? _fetch(request, fetchOptions)
|
|
3667
4044
|
: _fetch(url, resolvedOptions));
|
|
3668
4045
|
|
|
4046
|
+
const responseHeaders = AxiosHeaders.from(response.headers);
|
|
4047
|
+
|
|
3669
4048
|
// Cheap pre-check: if the server honestly declares a content-length that
|
|
3670
4049
|
// already exceeds the cap, reject before we start streaming.
|
|
3671
4050
|
if (hasMaxContentLength) {
|
|
3672
|
-
const declaredLength = utils$1.toFiniteNumber(
|
|
4051
|
+
const declaredLength = utils$1.toFiniteNumber(responseHeaders.getContentLength());
|
|
3673
4052
|
if (declaredLength != null && declaredLength > maxContentLength) {
|
|
3674
4053
|
throw new AxiosError(
|
|
3675
4054
|
'maxContentLength size of ' + maxContentLength + ' exceeded',
|
|
@@ -3694,7 +4073,7 @@ const factory = (env) => {
|
|
|
3694
4073
|
options[prop] = response[prop];
|
|
3695
4074
|
});
|
|
3696
4075
|
|
|
3697
|
-
const responseContentLength = utils$1.toFiniteNumber(
|
|
4076
|
+
const responseContentLength = utils$1.toFiniteNumber(responseHeaders.getContentLength());
|
|
3698
4077
|
|
|
3699
4078
|
const [onProgress, flush] =
|
|
3700
4079
|
(onDownloadProgress &&
|
|
@@ -3785,23 +4164,55 @@ const factory = (env) => {
|
|
|
3785
4164
|
const canceledError = composedSignal.reason;
|
|
3786
4165
|
canceledError.config = config;
|
|
3787
4166
|
request && (canceledError.request = request);
|
|
3788
|
-
err !== canceledError
|
|
4167
|
+
if (err !== canceledError) {
|
|
4168
|
+
// Non-enumerable to match native Error `cause` semantics so loggers
|
|
4169
|
+
// don't recurse into circular fetch internals (see #7205).
|
|
4170
|
+
Object.defineProperty(canceledError, 'cause', {
|
|
4171
|
+
__proto__: null,
|
|
4172
|
+
value: err,
|
|
4173
|
+
writable: true,
|
|
4174
|
+
enumerable: false,
|
|
4175
|
+
configurable: true,
|
|
4176
|
+
});
|
|
4177
|
+
}
|
|
3789
4178
|
throw canceledError;
|
|
3790
4179
|
}
|
|
3791
4180
|
|
|
4181
|
+
// Surface a maxBodyLength violation we raised while the request body was
|
|
4182
|
+
// being streamed. Matching by identity (rather than reading
|
|
4183
|
+
// `err.cause.isAxiosError`) keeps the error deterministic across runtimes
|
|
4184
|
+
// and avoids both prototype-pollution reads and mis-attributing a foreign
|
|
4185
|
+
// AxiosError that merely happened to land in `err.cause`.
|
|
4186
|
+
if (pendingBodyError) {
|
|
4187
|
+
request && !pendingBodyError.request && (pendingBodyError.request = request);
|
|
4188
|
+
throw pendingBodyError;
|
|
4189
|
+
}
|
|
4190
|
+
|
|
4191
|
+
// Re-throw AxiosErrors we raised synchronously (data: URL / content-length
|
|
4192
|
+
// pre-checks, response size enforcement) without re-wrapping them.
|
|
4193
|
+
if (err instanceof AxiosError) {
|
|
4194
|
+
request && !err.request && (err.request = request);
|
|
4195
|
+
throw err;
|
|
4196
|
+
}
|
|
4197
|
+
|
|
3792
4198
|
if (err && err.name === 'TypeError' && /Load failed|fetch/i.test(err.message)) {
|
|
3793
|
-
|
|
3794
|
-
|
|
3795
|
-
|
|
3796
|
-
|
|
3797
|
-
|
|
3798
|
-
|
|
3799
|
-
err && err.response
|
|
3800
|
-
),
|
|
3801
|
-
{
|
|
3802
|
-
cause: err.cause || err,
|
|
3803
|
-
}
|
|
4199
|
+
const networkError = new AxiosError(
|
|
4200
|
+
'Network Error',
|
|
4201
|
+
AxiosError.ERR_NETWORK,
|
|
4202
|
+
config,
|
|
4203
|
+
request,
|
|
4204
|
+
err && err.response
|
|
3804
4205
|
);
|
|
4206
|
+
// Non-enumerable to match native Error `cause` semantics so loggers
|
|
4207
|
+
// don't recurse into circular fetch internals (see #7205).
|
|
4208
|
+
Object.defineProperty(networkError, 'cause', {
|
|
4209
|
+
__proto__: null,
|
|
4210
|
+
value: err.cause || err,
|
|
4211
|
+
writable: true,
|
|
4212
|
+
enumerable: false,
|
|
4213
|
+
configurable: true,
|
|
4214
|
+
});
|
|
4215
|
+
throw networkError;
|
|
3805
4216
|
}
|
|
3806
4217
|
|
|
3807
4218
|
throw AxiosError.from(err, err && err.code, config, request, err && err.response);
|
|
@@ -3939,7 +4350,7 @@ function getAdapter(adapters, config) {
|
|
|
3939
4350
|
|
|
3940
4351
|
throw new AxiosError(
|
|
3941
4352
|
`There is no suitable adapter to dispatch the request ` + s,
|
|
3942
|
-
|
|
4353
|
+
AxiosError.ERR_NOT_SUPPORT
|
|
3943
4354
|
);
|
|
3944
4355
|
}
|
|
3945
4356
|
|
|
@@ -4120,7 +4531,7 @@ validators$1.spelling = function spelling(correctSpelling) {
|
|
|
4120
4531
|
*/
|
|
4121
4532
|
|
|
4122
4533
|
function assertOptions(options, schema, allowUnknown) {
|
|
4123
|
-
if (typeof options !== 'object') {
|
|
4534
|
+
if (typeof options !== 'object' || options === null) {
|
|
4124
4535
|
throw new AxiosError('options must be an object', AxiosError.ERR_BAD_OPTION_VALUE);
|
|
4125
4536
|
}
|
|
4126
4537
|
const keys = Object.keys(options);
|
|
@@ -4243,6 +4654,8 @@ class Axios {
|
|
|
4243
4654
|
forcedJSONParsing: validators.transitional(validators.boolean),
|
|
4244
4655
|
clarifyTimeoutError: validators.transitional(validators.boolean),
|
|
4245
4656
|
legacyInterceptorReqResOrdering: validators.transitional(validators.boolean),
|
|
4657
|
+
advertiseZstdAcceptEncoding: validators.transitional(validators.boolean),
|
|
4658
|
+
validateStatusUndefinedResolves: validators.transitional(validators.boolean),
|
|
4246
4659
|
},
|
|
4247
4660
|
false
|
|
4248
4661
|
);
|
|
@@ -4372,7 +4785,7 @@ class Axios {
|
|
|
4372
4785
|
|
|
4373
4786
|
getUri(config) {
|
|
4374
4787
|
config = mergeConfig(this.defaults, config);
|
|
4375
|
-
const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls);
|
|
4788
|
+
const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls, config);
|
|
4376
4789
|
return buildURL(fullPath, config.params, config.paramsSerializer);
|
|
4377
4790
|
}
|
|
4378
4791
|
}
|
|
@@ -4385,7 +4798,7 @@ utils$1.forEach(['delete', 'get', 'head', 'options'], function forEachMethodNoDa
|
|
|
4385
4798
|
mergeConfig(config || {}, {
|
|
4386
4799
|
method,
|
|
4387
4800
|
url,
|
|
4388
|
-
data: (config
|
|
4801
|
+
data: config && utils$1.hasOwnProp(config, 'data') ? config.data : undefined,
|
|
4389
4802
|
})
|
|
4390
4803
|
);
|
|
4391
4804
|
};
|