reflex-search 1.5.1 → 1.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/node_modules/.package-lock.json +15 -15
- package/node_modules/axios/CHANGELOG.md +126 -1
- package/node_modules/axios/README.md +390 -257
- package/node_modules/axios/dist/axios.js +511 -154
- package/node_modules/axios/dist/axios.min.js +3 -3
- package/node_modules/axios/dist/axios.min.js.map +1 -1
- package/node_modules/axios/dist/browser/axios.cjs +537 -124
- package/node_modules/axios/dist/esm/axios.js +537 -124
- package/node_modules/axios/dist/esm/axios.min.js +2 -2
- package/node_modules/axios/dist/esm/axios.min.js.map +1 -1
- package/node_modules/axios/dist/node/axios.cjs +753 -226
- package/node_modules/axios/index.d.cts +27 -4
- package/node_modules/axios/index.d.ts +23 -2
- package/node_modules/axios/lib/adapters/adapters.js +1 -1
- package/node_modules/axios/lib/adapters/fetch.js +217 -47
- package/node_modules/axios/lib/adapters/http.js +274 -169
- package/node_modules/axios/lib/adapters/xhr.js +1 -0
- package/node_modules/axios/lib/core/Axios.js +4 -2
- package/node_modules/axios/lib/core/AxiosError.js +13 -1
- package/node_modules/axios/lib/core/AxiosHeaders.js +12 -9
- package/node_modules/axios/lib/core/buildFullPath.js +29 -1
- package/node_modules/axios/lib/core/mergeConfig.js +35 -0
- package/node_modules/axios/lib/defaults/transitional.js +2 -0
- package/node_modules/axios/lib/env/data.js +1 -1
- package/node_modules/axios/lib/helpers/AxiosURLSearchParams.js +1 -3
- package/node_modules/axios/lib/helpers/Http2Sessions.js +119 -0
- package/node_modules/axios/lib/helpers/buildURL.js +7 -4
- package/node_modules/axios/lib/helpers/composeSignals.js +1 -1
- package/node_modules/axios/lib/helpers/cookies.js +5 -1
- package/node_modules/axios/lib/helpers/estimateDataURLDecodedBytes.js +16 -11
- package/node_modules/axios/lib/helpers/formDataToJSON.js +25 -3
- package/node_modules/axios/lib/helpers/formDataToStream.js +2 -2
- package/node_modules/axios/lib/helpers/fromDataURI.js +4 -2
- package/node_modules/axios/lib/helpers/resolveConfig.js +26 -13
- package/node_modules/axios/lib/helpers/shouldBypassProxy.js +33 -1
- package/node_modules/axios/lib/helpers/toFormData.js +48 -12
- package/node_modules/axios/lib/helpers/validator.js +1 -1
- package/node_modules/axios/lib/utils.js +97 -12
- package/node_modules/axios/package.json +29 -13
- package/node_modules/brace-expansion/dist/commonjs/index.js +24 -14
- package/node_modules/brace-expansion/dist/commonjs/index.js.map +1 -1
- package/node_modules/brace-expansion/dist/esm/index.js +24 -14
- package/node_modules/brace-expansion/dist/esm/index.js.map +1 -1
- package/node_modules/brace-expansion/package.json +2 -2
- package/node_modules/form-data/CHANGELOG.md +29 -2
- package/node_modules/form-data/README.md +4 -4
- package/node_modules/form-data/lib/form_data.js +14 -2
- package/node_modules/form-data/package.json +7 -7
- package/node_modules/hasown/CHANGELOG.md +18 -0
- package/node_modules/hasown/eslint.config.mjs +6 -0
- package/node_modules/hasown/package.json +13 -14
- package/npm-shrinkwrap.json +16 -16
- package/package.json +2 -2
- package/node_modules/axios/dist/axios.js.map +0 -1
- package/node_modules/axios/dist/browser/axios.cjs.map +0 -1
- package/node_modules/axios/dist/esm/axios.js.map +0 -1
- package/node_modules/axios/dist/node/axios.cjs.map +0 -1
- package/node_modules/hasown/.eslintrc +0 -5
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! Axios v1.
|
|
1
|
+
/*! Axios v1.18.1 Copyright (c) 2026 Matt Zabriskie and contributors */
|
|
2
2
|
/**
|
|
3
3
|
* Create a bound version of a function with a specified `this` context
|
|
4
4
|
*
|
|
@@ -18,6 +18,57 @@ const { toString } = Object.prototype;
|
|
|
18
18
|
const { getPrototypeOf } = Object;
|
|
19
19
|
const { iterator, toStringTag } = Symbol;
|
|
20
20
|
|
|
21
|
+
/* Creating a function that will check if an object has a property. */
|
|
22
|
+
const hasOwnProperty = (
|
|
23
|
+
({ hasOwnProperty }) =>
|
|
24
|
+
(obj, prop) =>
|
|
25
|
+
hasOwnProperty.call(obj, prop)
|
|
26
|
+
)(Object.prototype);
|
|
27
|
+
|
|
28
|
+
/**
|
|
29
|
+
* Walk the prototype chain (excluding the shared Object.prototype) looking for
|
|
30
|
+
* an own `prop`. This distinguishes genuine own/inherited members — including
|
|
31
|
+
* class accessors and template prototypes — from members injected via
|
|
32
|
+
* Object.prototype pollution (e.g. `Object.prototype.username = '...'`), which
|
|
33
|
+
* live on Object.prototype itself and are therefore never matched.
|
|
34
|
+
*
|
|
35
|
+
* @param {*} thing The value whose chain to inspect
|
|
36
|
+
* @param {string|symbol} prop The property key to look for
|
|
37
|
+
*
|
|
38
|
+
* @returns {boolean} True when `prop` is owned below Object.prototype
|
|
39
|
+
*/
|
|
40
|
+
const hasOwnInPrototypeChain = (thing, prop) => {
|
|
41
|
+
let obj = thing;
|
|
42
|
+
const seen = [];
|
|
43
|
+
|
|
44
|
+
while (obj != null && obj !== Object.prototype) {
|
|
45
|
+
if (seen.indexOf(obj) !== -1) {
|
|
46
|
+
return false;
|
|
47
|
+
}
|
|
48
|
+
seen.push(obj);
|
|
49
|
+
|
|
50
|
+
if (hasOwnProperty(obj, prop)) {
|
|
51
|
+
return true;
|
|
52
|
+
}
|
|
53
|
+
obj = getPrototypeOf(obj);
|
|
54
|
+
}
|
|
55
|
+
return false;
|
|
56
|
+
};
|
|
57
|
+
|
|
58
|
+
/**
|
|
59
|
+
* Read `obj[prop]` only when it is safe from Object.prototype pollution. Own
|
|
60
|
+
* properties and members inherited from a non-Object.prototype source (a class
|
|
61
|
+
* instance or template object) are honored; a value reachable only through a
|
|
62
|
+
* polluted Object.prototype is ignored and `undefined` is returned.
|
|
63
|
+
*
|
|
64
|
+
* @param {*} obj The source object
|
|
65
|
+
* @param {string|symbol} prop The property key to read
|
|
66
|
+
*
|
|
67
|
+
* @returns {*} The resolved value, or undefined when unsafe/absent
|
|
68
|
+
*/
|
|
69
|
+
const getSafeProp = (obj, prop) =>
|
|
70
|
+
obj != null && hasOwnInPrototypeChain(obj, prop) ? obj[prop] : undefined;
|
|
71
|
+
|
|
21
72
|
const kindOf = ((cache) => (thing) => {
|
|
22
73
|
const str = toString.call(thing);
|
|
23
74
|
return cache[str] || (cache[str] = str.slice(8, -1).toLowerCase());
|
|
@@ -143,7 +194,7 @@ const isBoolean = (thing) => thing === true || thing === false;
|
|
|
143
194
|
* @returns {boolean} True if value is a plain Object, otherwise false
|
|
144
195
|
*/
|
|
145
196
|
const isPlainObject = (val) => {
|
|
146
|
-
if (
|
|
197
|
+
if (!isObject(val)) {
|
|
147
198
|
return false;
|
|
148
199
|
}
|
|
149
200
|
|
|
@@ -151,9 +202,12 @@ const isPlainObject = (val) => {
|
|
|
151
202
|
return (
|
|
152
203
|
(prototype === null ||
|
|
153
204
|
prototype === Object.prototype ||
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
205
|
+
getPrototypeOf(prototype) === null) &&
|
|
206
|
+
// Treat any genuine (non-Object.prototype-polluted) Symbol.toStringTag or
|
|
207
|
+
// Symbol.iterator as evidence the value is a tagged/iterable type rather
|
|
208
|
+
// than a plain object, while ignoring keys injected onto Object.prototype.
|
|
209
|
+
!hasOwnInPrototypeChain(val, toStringTag) &&
|
|
210
|
+
!hasOwnInPrototypeChain(val, iterator)
|
|
157
211
|
);
|
|
158
212
|
};
|
|
159
213
|
|
|
@@ -422,7 +476,9 @@ function merge(...objs) {
|
|
|
422
476
|
return;
|
|
423
477
|
}
|
|
424
478
|
|
|
425
|
-
|
|
479
|
+
// findKey lowercases the key, so caseless lookup only applies to strings —
|
|
480
|
+
// symbol keys are identity-matched.
|
|
481
|
+
const targetKey = (caseless && typeof key === 'string' && findKey(result, key)) || key;
|
|
426
482
|
// Read via own-prop only — a bare `result[targetKey]` walks the prototype
|
|
427
483
|
// chain, so a polluted Object.prototype value could surface here and get
|
|
428
484
|
// copied into the merged result.
|
|
@@ -439,7 +495,24 @@ function merge(...objs) {
|
|
|
439
495
|
};
|
|
440
496
|
|
|
441
497
|
for (let i = 0, l = objs.length; i < l; i++) {
|
|
442
|
-
|
|
498
|
+
const source = objs[i];
|
|
499
|
+
if (!source || isBuffer(source)) {
|
|
500
|
+
continue;
|
|
501
|
+
}
|
|
502
|
+
|
|
503
|
+
forEach(source, assignValue);
|
|
504
|
+
|
|
505
|
+
if (typeof source !== 'object' || isArray(source)) {
|
|
506
|
+
continue;
|
|
507
|
+
}
|
|
508
|
+
|
|
509
|
+
const symbols = Object.getOwnPropertySymbols(source);
|
|
510
|
+
for (let j = 0; j < symbols.length; j++) {
|
|
511
|
+
const symbol = symbols[j];
|
|
512
|
+
if (propertyIsEnumerable.call(source, symbol)) {
|
|
513
|
+
assignValue(source[symbol], symbol);
|
|
514
|
+
}
|
|
515
|
+
}
|
|
443
516
|
}
|
|
444
517
|
return result;
|
|
445
518
|
}
|
|
@@ -661,12 +734,7 @@ const toCamelCase = (str) => {
|
|
|
661
734
|
});
|
|
662
735
|
};
|
|
663
736
|
|
|
664
|
-
|
|
665
|
-
const hasOwnProperty = (
|
|
666
|
-
({ hasOwnProperty }) =>
|
|
667
|
-
(obj, prop) =>
|
|
668
|
-
hasOwnProperty.call(obj, prop)
|
|
669
|
-
)(Object.prototype);
|
|
737
|
+
const { propertyIsEnumerable } = Object.prototype;
|
|
670
738
|
|
|
671
739
|
/**
|
|
672
740
|
* Determine if a value is a RegExp object
|
|
@@ -879,6 +947,20 @@ const asap =
|
|
|
879
947
|
|
|
880
948
|
const isIterable = (thing) => thing != null && isFunction$1(thing[iterator]);
|
|
881
949
|
|
|
950
|
+
/**
|
|
951
|
+
* Determine if a value is iterable via an iterator that is NOT sourced solely
|
|
952
|
+
* from a polluted Object.prototype. Use this instead of `isIterable` whenever
|
|
953
|
+
* the iterable comes from untrusted input (e.g. user-supplied header sources),
|
|
954
|
+
* so `Object.prototype[Symbol.iterator] = ...` cannot turn an ordinary object
|
|
955
|
+
* into an attacker-controlled entries iterator.
|
|
956
|
+
*
|
|
957
|
+
* @param {*} thing The value to test
|
|
958
|
+
*
|
|
959
|
+
* @returns {boolean} True if value has a non-polluted iterator
|
|
960
|
+
*/
|
|
961
|
+
const isSafeIterable = (thing) =>
|
|
962
|
+
thing != null && hasOwnInPrototypeChain(thing, iterator) && isIterable(thing);
|
|
963
|
+
|
|
882
964
|
var utils$1 = {
|
|
883
965
|
isArray,
|
|
884
966
|
isArrayBuffer,
|
|
@@ -923,6 +1005,8 @@ var utils$1 = {
|
|
|
923
1005
|
isHTMLForm,
|
|
924
1006
|
hasOwnProperty,
|
|
925
1007
|
hasOwnProp: hasOwnProperty, // an alias to avoid ESLint no-prototype-builtins detection
|
|
1008
|
+
hasOwnInPrototypeChain,
|
|
1009
|
+
getSafeProp,
|
|
926
1010
|
reduceDescriptors,
|
|
927
1011
|
freezeMethods,
|
|
928
1012
|
toObjectSet,
|
|
@@ -939,6 +1023,7 @@ var utils$1 = {
|
|
|
939
1023
|
setImmediate: _setImmediate,
|
|
940
1024
|
asap,
|
|
941
1025
|
isIterable,
|
|
1026
|
+
isSafeIterable,
|
|
942
1027
|
};
|
|
943
1028
|
|
|
944
1029
|
// RawAxiosHeaders whose duplicates are ignored by node
|
|
@@ -1149,7 +1234,7 @@ let AxiosHeaders$1 = class AxiosHeaders {
|
|
|
1149
1234
|
const lHeader = normalizeHeader(_header);
|
|
1150
1235
|
|
|
1151
1236
|
if (!lHeader) {
|
|
1152
|
-
|
|
1237
|
+
return;
|
|
1153
1238
|
}
|
|
1154
1239
|
|
|
1155
1240
|
const key = utils$1.findKey(self, lHeader);
|
|
@@ -1171,20 +1256,23 @@ let AxiosHeaders$1 = class AxiosHeaders {
|
|
|
1171
1256
|
setHeaders(header, valueOrRewrite);
|
|
1172
1257
|
} else if (utils$1.isString(header) && (header = header.trim()) && !isValidHeaderName(header)) {
|
|
1173
1258
|
setHeaders(parseHeaders(header), valueOrRewrite);
|
|
1174
|
-
} else if (utils$1.isObject(header) && utils$1.
|
|
1175
|
-
let obj =
|
|
1259
|
+
} else if (utils$1.isObject(header) && utils$1.isSafeIterable(header)) {
|
|
1260
|
+
let obj = Object.create(null),
|
|
1176
1261
|
dest,
|
|
1177
1262
|
key;
|
|
1178
1263
|
for (const entry of header) {
|
|
1179
1264
|
if (!utils$1.isArray(entry)) {
|
|
1180
|
-
throw TypeError('Object iterator must return a key-value pair');
|
|
1265
|
+
throw new TypeError('Object iterator must return a key-value pair');
|
|
1181
1266
|
}
|
|
1182
1267
|
|
|
1183
|
-
|
|
1184
|
-
|
|
1185
|
-
|
|
1186
|
-
|
|
1187
|
-
: entry[1];
|
|
1268
|
+
key = entry[0];
|
|
1269
|
+
|
|
1270
|
+
if (utils$1.hasOwnProp(obj, key)) {
|
|
1271
|
+
dest = obj[key];
|
|
1272
|
+
obj[key] = utils$1.isArray(dest) ? [...dest, entry[1]] : [dest, entry[1]];
|
|
1273
|
+
} else {
|
|
1274
|
+
obj[key] = entry[1];
|
|
1275
|
+
}
|
|
1188
1276
|
}
|
|
1189
1277
|
|
|
1190
1278
|
setHeaders(obj, valueOrRewrite);
|
|
@@ -1477,7 +1565,19 @@ function redactConfig(config, redactKeys) {
|
|
|
1477
1565
|
let AxiosError$1 = class AxiosError extends Error {
|
|
1478
1566
|
static from(error, code, config, request, response, customProps) {
|
|
1479
1567
|
const axiosError = new AxiosError(error.message, code || error.code, config, request, response);
|
|
1480
|
-
|
|
1568
|
+
// Match native `Error` `cause` semantics: non-enumerable. The wrapped
|
|
1569
|
+
// error often carries circular internals (sockets, requests, agents), so
|
|
1570
|
+
// an enumerable `cause` makes structured loggers (pino/winston) and any
|
|
1571
|
+
// own-property walk throw "Converting circular structure to JSON".
|
|
1572
|
+
// Regression from #6982; see #7205. `__proto__: null` mirrors the
|
|
1573
|
+
// `message` descriptor below (prototype-pollution-safe descriptor).
|
|
1574
|
+
Object.defineProperty(axiosError, 'cause', {
|
|
1575
|
+
__proto__: null,
|
|
1576
|
+
value: error,
|
|
1577
|
+
writable: true,
|
|
1578
|
+
enumerable: false,
|
|
1579
|
+
configurable: true,
|
|
1580
|
+
});
|
|
1481
1581
|
axiosError.name = error.name;
|
|
1482
1582
|
|
|
1483
1583
|
// Preserve status from the original error if not already set from response
|
|
@@ -1578,6 +1678,10 @@ AxiosError$1.ERR_FORM_DATA_DEPTH_EXCEEDED = 'ERR_FORM_DATA_DEPTH_EXCEEDED';
|
|
|
1578
1678
|
// eslint-disable-next-line strict
|
|
1579
1679
|
var httpAdapter = null;
|
|
1580
1680
|
|
|
1681
|
+
// Default nesting limit shared with the inverse transform (formDataToJSON) so
|
|
1682
|
+
// the FormData <-> JSON round-trip stays symmetric.
|
|
1683
|
+
const DEFAULT_FORM_DATA_MAX_DEPTH = 100;
|
|
1684
|
+
|
|
1581
1685
|
/**
|
|
1582
1686
|
* Determines if the given thing is a array or js object.
|
|
1583
1687
|
*
|
|
@@ -1688,8 +1792,9 @@ function toFormData$1(obj, formData, options) {
|
|
|
1688
1792
|
const dots = options.dots;
|
|
1689
1793
|
const indexes = options.indexes;
|
|
1690
1794
|
const _Blob = options.Blob || (typeof Blob !== 'undefined' && Blob);
|
|
1691
|
-
const maxDepth = options.maxDepth === undefined ?
|
|
1795
|
+
const maxDepth = options.maxDepth === undefined ? DEFAULT_FORM_DATA_MAX_DEPTH : options.maxDepth;
|
|
1692
1796
|
const useBlob = _Blob && utils$1.isSpecCompliantForm(formData);
|
|
1797
|
+
const stack = [];
|
|
1693
1798
|
|
|
1694
1799
|
if (!utils$1.isFunction(visitor)) {
|
|
1695
1800
|
throw new TypeError('visitor must be a function');
|
|
@@ -1711,12 +1816,50 @@ function toFormData$1(obj, formData, options) {
|
|
|
1711
1816
|
}
|
|
1712
1817
|
|
|
1713
1818
|
if (utils$1.isArrayBuffer(value) || utils$1.isTypedArray(value)) {
|
|
1714
|
-
|
|
1819
|
+
if (useBlob && typeof _Blob === 'function') {
|
|
1820
|
+
return new _Blob([value]);
|
|
1821
|
+
}
|
|
1822
|
+
if (typeof Buffer !== 'undefined') {
|
|
1823
|
+
return Buffer.from(value);
|
|
1824
|
+
}
|
|
1825
|
+
throw new AxiosError$1('Blob is not supported. Use a Buffer instead.', AxiosError$1.ERR_NOT_SUPPORT);
|
|
1715
1826
|
}
|
|
1716
1827
|
|
|
1717
1828
|
return value;
|
|
1718
1829
|
}
|
|
1719
1830
|
|
|
1831
|
+
function throwIfMaxDepthExceeded(depth) {
|
|
1832
|
+
if (depth > maxDepth) {
|
|
1833
|
+
throw new AxiosError$1(
|
|
1834
|
+
'Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth,
|
|
1835
|
+
AxiosError$1.ERR_FORM_DATA_DEPTH_EXCEEDED
|
|
1836
|
+
);
|
|
1837
|
+
}
|
|
1838
|
+
}
|
|
1839
|
+
|
|
1840
|
+
function stringifyWithDepthLimit(value, depth) {
|
|
1841
|
+
if (maxDepth === Infinity) {
|
|
1842
|
+
return JSON.stringify(value);
|
|
1843
|
+
}
|
|
1844
|
+
|
|
1845
|
+
const ancestors = [];
|
|
1846
|
+
|
|
1847
|
+
return JSON.stringify(value, function limitDepth(_key, currentValue) {
|
|
1848
|
+
if (!utils$1.isObject(currentValue)) {
|
|
1849
|
+
return currentValue;
|
|
1850
|
+
}
|
|
1851
|
+
|
|
1852
|
+
while (ancestors.length && ancestors[ancestors.length - 1] !== this) {
|
|
1853
|
+
ancestors.pop();
|
|
1854
|
+
}
|
|
1855
|
+
|
|
1856
|
+
ancestors.push(currentValue);
|
|
1857
|
+
throwIfMaxDepthExceeded(depth + ancestors.length - 1);
|
|
1858
|
+
|
|
1859
|
+
return currentValue;
|
|
1860
|
+
});
|
|
1861
|
+
}
|
|
1862
|
+
|
|
1720
1863
|
/**
|
|
1721
1864
|
* Default visitor.
|
|
1722
1865
|
*
|
|
@@ -1740,7 +1883,7 @@ function toFormData$1(obj, formData, options) {
|
|
|
1740
1883
|
// eslint-disable-next-line no-param-reassign
|
|
1741
1884
|
key = metaTokens ? key : key.slice(0, -2);
|
|
1742
1885
|
// eslint-disable-next-line no-param-reassign
|
|
1743
|
-
value =
|
|
1886
|
+
value = stringifyWithDepthLimit(value, 1);
|
|
1744
1887
|
} else if (
|
|
1745
1888
|
(utils$1.isArray(value) && isFlatArray(value)) ||
|
|
1746
1889
|
((utils$1.isFileList(value) || utils$1.endsWith(key, '[]')) && (arr = utils$1.toArray(value)))
|
|
@@ -1773,8 +1916,6 @@ function toFormData$1(obj, formData, options) {
|
|
|
1773
1916
|
return false;
|
|
1774
1917
|
}
|
|
1775
1918
|
|
|
1776
|
-
const stack = [];
|
|
1777
|
-
|
|
1778
1919
|
const exposedHelpers = Object.assign(predicates, {
|
|
1779
1920
|
defaultVisitor,
|
|
1780
1921
|
convertValue,
|
|
@@ -1784,15 +1925,10 @@ function toFormData$1(obj, formData, options) {
|
|
|
1784
1925
|
function build(value, path, depth = 0) {
|
|
1785
1926
|
if (utils$1.isUndefined(value)) return;
|
|
1786
1927
|
|
|
1787
|
-
|
|
1788
|
-
throw new AxiosError$1(
|
|
1789
|
-
'Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth,
|
|
1790
|
-
AxiosError$1.ERR_FORM_DATA_DEPTH_EXCEEDED
|
|
1791
|
-
);
|
|
1792
|
-
}
|
|
1928
|
+
throwIfMaxDepthExceeded(depth);
|
|
1793
1929
|
|
|
1794
1930
|
if (stack.indexOf(value) !== -1) {
|
|
1795
|
-
throw Error('Circular reference detected in ' + path.join('.'));
|
|
1931
|
+
throw new Error('Circular reference detected in ' + path.join('.'));
|
|
1796
1932
|
}
|
|
1797
1933
|
|
|
1798
1934
|
stack.push(value);
|
|
@@ -1863,9 +1999,7 @@ prototype.append = function append(name, value) {
|
|
|
1863
1999
|
|
|
1864
2000
|
prototype.toString = function toString(encoder) {
|
|
1865
2001
|
const _encode = encoder
|
|
1866
|
-
?
|
|
1867
|
-
return encoder.call(this, value, encode$1);
|
|
1868
|
-
}
|
|
2002
|
+
? (value) => encoder.call(this, value, encode$1)
|
|
1869
2003
|
: encode$1;
|
|
1870
2004
|
|
|
1871
2005
|
return this._pairs
|
|
@@ -1904,8 +2038,7 @@ function buildURL(url, params, options) {
|
|
|
1904
2038
|
if (!params) {
|
|
1905
2039
|
return url;
|
|
1906
2040
|
}
|
|
1907
|
-
|
|
1908
|
-
const _encode = (options && options.encode) || encode;
|
|
2041
|
+
url = url || '';
|
|
1909
2042
|
|
|
1910
2043
|
const _options = utils$1.isFunction(options)
|
|
1911
2044
|
? {
|
|
@@ -1913,7 +2046,11 @@ function buildURL(url, params, options) {
|
|
|
1913
2046
|
}
|
|
1914
2047
|
: options;
|
|
1915
2048
|
|
|
1916
|
-
|
|
2049
|
+
// Read serializer options pollution-safely: own properties and methods on a
|
|
2050
|
+
// class/template prototype are honored, but values injected onto a polluted
|
|
2051
|
+
// Object.prototype are ignored.
|
|
2052
|
+
const _encode = utils$1.getSafeProp(_options, 'encode') || encode;
|
|
2053
|
+
const serializeFn = utils$1.getSafeProp(_options, 'serialize');
|
|
1917
2054
|
|
|
1918
2055
|
let serializedParams;
|
|
1919
2056
|
|
|
@@ -2009,6 +2146,8 @@ var transitionalDefaults = {
|
|
|
2009
2146
|
forcedJSONParsing: true,
|
|
2010
2147
|
clarifyTimeoutError: false,
|
|
2011
2148
|
legacyInterceptorReqResOrdering: true,
|
|
2149
|
+
advertiseZstdAcceptEncoding: false,
|
|
2150
|
+
validateStatusUndefinedResolves: true,
|
|
2012
2151
|
};
|
|
2013
2152
|
|
|
2014
2153
|
var URLSearchParams$1 = typeof URLSearchParams !== 'undefined' ? URLSearchParams : AxiosURLSearchParams;
|
|
@@ -2100,6 +2239,17 @@ function toURLEncodedForm(data, options) {
|
|
|
2100
2239
|
});
|
|
2101
2240
|
}
|
|
2102
2241
|
|
|
2242
|
+
const MAX_DEPTH = DEFAULT_FORM_DATA_MAX_DEPTH;
|
|
2243
|
+
|
|
2244
|
+
function throwIfDepthExceeded(index) {
|
|
2245
|
+
if (index > MAX_DEPTH) {
|
|
2246
|
+
throw new AxiosError$1(
|
|
2247
|
+
'FormData field is too deeply nested (' + index + ' levels). Max depth: ' + MAX_DEPTH,
|
|
2248
|
+
AxiosError$1.ERR_FORM_DATA_DEPTH_EXCEEDED
|
|
2249
|
+
);
|
|
2250
|
+
}
|
|
2251
|
+
}
|
|
2252
|
+
|
|
2103
2253
|
/**
|
|
2104
2254
|
* It takes a string like `foo[x][y][z]` and returns an array like `['foo', 'x', 'y', 'z']
|
|
2105
2255
|
*
|
|
@@ -2112,9 +2262,16 @@ function parsePropPath(name) {
|
|
|
2112
2262
|
// foo.x.y.z
|
|
2113
2263
|
// foo-x-y-z
|
|
2114
2264
|
// foo x y z
|
|
2115
|
-
|
|
2116
|
-
|
|
2117
|
-
|
|
2265
|
+
const path = [];
|
|
2266
|
+
const pattern = /\w+|\[(\w*)]/g;
|
|
2267
|
+
let match;
|
|
2268
|
+
|
|
2269
|
+
while ((match = pattern.exec(name)) !== null) {
|
|
2270
|
+
throwIfDepthExceeded(path.length);
|
|
2271
|
+
path.push(match[0] === '[]' ? '' : match[1] || match[0]);
|
|
2272
|
+
}
|
|
2273
|
+
|
|
2274
|
+
return path;
|
|
2118
2275
|
}
|
|
2119
2276
|
|
|
2120
2277
|
/**
|
|
@@ -2146,6 +2303,8 @@ function arrayToObject(arr) {
|
|
|
2146
2303
|
*/
|
|
2147
2304
|
function formDataToJSON(formData) {
|
|
2148
2305
|
function buildPath(path, value, target, index) {
|
|
2306
|
+
throwIfDepthExceeded(index);
|
|
2307
|
+
|
|
2149
2308
|
let name = path[index++];
|
|
2150
2309
|
|
|
2151
2310
|
if (name === '__proto__') return true;
|
|
@@ -2631,7 +2790,11 @@ var cookies = platform.hasStandardBrowserEnv
|
|
|
2631
2790
|
const cookie = cookies[i].replace(/^\s+/, '');
|
|
2632
2791
|
const eq = cookie.indexOf('=');
|
|
2633
2792
|
if (eq !== -1 && cookie.slice(0, eq) === name) {
|
|
2634
|
-
|
|
2793
|
+
try {
|
|
2794
|
+
return decodeURIComponent(cookie.slice(eq + 1));
|
|
2795
|
+
} catch (e) {
|
|
2796
|
+
return cookie.slice(eq + 1);
|
|
2797
|
+
}
|
|
2635
2798
|
}
|
|
2636
2799
|
}
|
|
2637
2800
|
return null;
|
|
@@ -2682,6 +2845,31 @@ function combineURLs(baseURL, relativeURL) {
|
|
|
2682
2845
|
: baseURL;
|
|
2683
2846
|
}
|
|
2684
2847
|
|
|
2848
|
+
const malformedHttpProtocol = /^https?:(?!\/\/)/i;
|
|
2849
|
+
const httpProtocolControlCharacters = /[\t\n\r]/g;
|
|
2850
|
+
|
|
2851
|
+
function stripLeadingC0ControlOrSpace(url) {
|
|
2852
|
+
let i = 0;
|
|
2853
|
+
while (i < url.length && url.charCodeAt(i) <= 0x20) {
|
|
2854
|
+
i++;
|
|
2855
|
+
}
|
|
2856
|
+
return url.slice(i);
|
|
2857
|
+
}
|
|
2858
|
+
|
|
2859
|
+
function normalizeURLForProtocolCheck(url) {
|
|
2860
|
+
return stripLeadingC0ControlOrSpace(url).replace(httpProtocolControlCharacters, '');
|
|
2861
|
+
}
|
|
2862
|
+
|
|
2863
|
+
function assertValidHttpProtocolURL(url, config) {
|
|
2864
|
+
if (typeof url === 'string' && malformedHttpProtocol.test(normalizeURLForProtocolCheck(url))) {
|
|
2865
|
+
throw new AxiosError$1(
|
|
2866
|
+
'Invalid URL: missing "//" after protocol',
|
|
2867
|
+
AxiosError$1.ERR_INVALID_URL,
|
|
2868
|
+
config
|
|
2869
|
+
);
|
|
2870
|
+
}
|
|
2871
|
+
}
|
|
2872
|
+
|
|
2685
2873
|
/**
|
|
2686
2874
|
* Creates a new URL by combining the baseURL with the requestedURL,
|
|
2687
2875
|
* only when the requestedURL is not already an absolute URL.
|
|
@@ -2692,9 +2880,11 @@ function combineURLs(baseURL, relativeURL) {
|
|
|
2692
2880
|
*
|
|
2693
2881
|
* @returns {string} The combined full path
|
|
2694
2882
|
*/
|
|
2695
|
-
function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls) {
|
|
2883
|
+
function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls, config) {
|
|
2884
|
+
assertValidHttpProtocolURL(requestedURL, config);
|
|
2696
2885
|
let isRelativeUrl = !isAbsoluteURL(requestedURL);
|
|
2697
2886
|
if (baseURL && (isRelativeUrl || allowAbsoluteUrls === false)) {
|
|
2887
|
+
assertValidHttpProtocolURL(baseURL, config);
|
|
2698
2888
|
return combineURLs(baseURL, requestedURL);
|
|
2699
2889
|
}
|
|
2700
2890
|
return requestedURL;
|
|
@@ -2713,6 +2903,7 @@ const headersToObject = (thing) => (thing instanceof AxiosHeaders$1 ? { ...thing
|
|
|
2713
2903
|
*/
|
|
2714
2904
|
function mergeConfig$1(config1, config2) {
|
|
2715
2905
|
// eslint-disable-next-line no-param-reassign
|
|
2906
|
+
config1 = config1 || {};
|
|
2716
2907
|
config2 = config2 || {};
|
|
2717
2908
|
|
|
2718
2909
|
// Use a null-prototype object so that downstream reads such as `config.auth`
|
|
@@ -2765,6 +2956,28 @@ function mergeConfig$1(config1, config2) {
|
|
|
2765
2956
|
}
|
|
2766
2957
|
}
|
|
2767
2958
|
|
|
2959
|
+
function getMergedTransitionalOption(prop) {
|
|
2960
|
+
const transitional2 = utils$1.hasOwnProp(config2, 'transitional') ? config2.transitional : undefined;
|
|
2961
|
+
|
|
2962
|
+
if (!utils$1.isUndefined(transitional2)) {
|
|
2963
|
+
if (utils$1.isPlainObject(transitional2)) {
|
|
2964
|
+
if (utils$1.hasOwnProp(transitional2, prop)) {
|
|
2965
|
+
return transitional2[prop];
|
|
2966
|
+
}
|
|
2967
|
+
} else {
|
|
2968
|
+
return undefined;
|
|
2969
|
+
}
|
|
2970
|
+
}
|
|
2971
|
+
|
|
2972
|
+
const transitional1 = utils$1.hasOwnProp(config1, 'transitional') ? config1.transitional : undefined;
|
|
2973
|
+
|
|
2974
|
+
if (utils$1.isPlainObject(transitional1) && utils$1.hasOwnProp(transitional1, prop)) {
|
|
2975
|
+
return transitional1[prop];
|
|
2976
|
+
}
|
|
2977
|
+
|
|
2978
|
+
return undefined;
|
|
2979
|
+
}
|
|
2980
|
+
|
|
2768
2981
|
// eslint-disable-next-line consistent-return
|
|
2769
2982
|
function mergeDirectKeys(a, b, prop) {
|
|
2770
2983
|
if (utils$1.hasOwnProp(config2, prop)) {
|
|
@@ -2817,6 +3030,18 @@ function mergeConfig$1(config1, config2) {
|
|
|
2817
3030
|
(utils$1.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
|
|
2818
3031
|
});
|
|
2819
3032
|
|
|
3033
|
+
if (
|
|
3034
|
+
utils$1.hasOwnProp(config2, 'validateStatus') &&
|
|
3035
|
+
utils$1.isUndefined(config2.validateStatus) &&
|
|
3036
|
+
getMergedTransitionalOption('validateStatusUndefinedResolves') === false
|
|
3037
|
+
) {
|
|
3038
|
+
if (utils$1.hasOwnProp(config1, 'validateStatus')) {
|
|
3039
|
+
config.validateStatus = getMergedValue(undefined, config1.validateStatus);
|
|
3040
|
+
} else {
|
|
3041
|
+
delete config.validateStatus;
|
|
3042
|
+
}
|
|
3043
|
+
}
|
|
3044
|
+
|
|
2820
3045
|
return config;
|
|
2821
3046
|
}
|
|
2822
3047
|
|
|
@@ -2828,7 +3053,7 @@ function setFormDataHeaders(headers, formHeaders, policy) {
|
|
|
2828
3053
|
return;
|
|
2829
3054
|
}
|
|
2830
3055
|
|
|
2831
|
-
Object.entries(formHeaders).forEach(([key, val]) => {
|
|
3056
|
+
Object.entries(formHeaders || {}).forEach(([key, val]) => {
|
|
2832
3057
|
if (FORM_DATA_CONTENT_HEADERS.includes(key.toLowerCase())) {
|
|
2833
3058
|
headers.set(key, val);
|
|
2834
3059
|
}
|
|
@@ -2843,12 +3068,12 @@ function setFormDataHeaders(headers, formHeaders, policy) {
|
|
|
2843
3068
|
*
|
|
2844
3069
|
* @returns {string} UTF-8 bytes as a Latin-1 string
|
|
2845
3070
|
*/
|
|
2846
|
-
const encodeUTF8 = (str) =>
|
|
3071
|
+
const encodeUTF8$1 = (str) =>
|
|
2847
3072
|
encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) =>
|
|
2848
3073
|
String.fromCharCode(parseInt(hex, 16))
|
|
2849
3074
|
);
|
|
2850
3075
|
|
|
2851
|
-
|
|
3076
|
+
function resolveConfig(config) {
|
|
2852
3077
|
const newConfig = mergeConfig$1({}, config);
|
|
2853
3078
|
|
|
2854
3079
|
// Read only own properties to prevent prototype pollution gadgets
|
|
@@ -2868,23 +3093,33 @@ var resolveConfig = (config) => {
|
|
|
2868
3093
|
newConfig.headers = headers = AxiosHeaders$1.from(headers);
|
|
2869
3094
|
|
|
2870
3095
|
newConfig.url = buildURL(
|
|
2871
|
-
buildFullPath(baseURL, url, allowAbsoluteUrls),
|
|
2872
|
-
|
|
2873
|
-
|
|
3096
|
+
buildFullPath(baseURL, url, allowAbsoluteUrls, newConfig),
|
|
3097
|
+
own('params'),
|
|
3098
|
+
own('paramsSerializer')
|
|
2874
3099
|
);
|
|
2875
3100
|
|
|
2876
3101
|
// HTTP basic authentication
|
|
2877
3102
|
if (auth) {
|
|
2878
|
-
|
|
2879
|
-
|
|
2880
|
-
|
|
2881
|
-
|
|
2882
|
-
|
|
3103
|
+
const username = utils$1.getSafeProp(auth, 'username') || '';
|
|
3104
|
+
const password = utils$1.getSafeProp(auth, 'password') || '';
|
|
3105
|
+
|
|
3106
|
+
try {
|
|
3107
|
+
headers.set(
|
|
3108
|
+
'Authorization',
|
|
3109
|
+
'Basic ' + btoa(username + ':' + (password ? encodeUTF8$1(password) : ''))
|
|
3110
|
+
);
|
|
3111
|
+
} catch (e) {
|
|
3112
|
+
throw AxiosError$1.from(e, AxiosError$1.ERR_BAD_OPTION_VALUE, config);
|
|
3113
|
+
}
|
|
2883
3114
|
}
|
|
2884
3115
|
|
|
2885
3116
|
if (utils$1.isFormData(data)) {
|
|
2886
|
-
if (
|
|
2887
|
-
|
|
3117
|
+
if (
|
|
3118
|
+
platform.hasStandardBrowserEnv ||
|
|
3119
|
+
platform.hasStandardBrowserWebWorkerEnv ||
|
|
3120
|
+
utils$1.isReactNative(data)
|
|
3121
|
+
) {
|
|
3122
|
+
headers.setContentType(undefined); // browser/web worker/RN handles it
|
|
2888
3123
|
} else if (utils$1.isFunction(data.getHeaders)) {
|
|
2889
3124
|
// Node.js FormData (like form-data package)
|
|
2890
3125
|
setFormDataHeaders(headers, data.getHeaders(), own('formDataHeaderPolicy'));
|
|
@@ -2916,7 +3151,7 @@ var resolveConfig = (config) => {
|
|
|
2916
3151
|
}
|
|
2917
3152
|
|
|
2918
3153
|
return newConfig;
|
|
2919
|
-
}
|
|
3154
|
+
}
|
|
2920
3155
|
|
|
2921
3156
|
const isXHRAdapterSupported = typeof XMLHttpRequest !== 'undefined';
|
|
2922
3157
|
|
|
@@ -3126,6 +3361,7 @@ var xhrAdapter = isXHRAdapterSupported &&
|
|
|
3126
3361
|
config
|
|
3127
3362
|
)
|
|
3128
3363
|
);
|
|
3364
|
+
done();
|
|
3129
3365
|
return;
|
|
3130
3366
|
}
|
|
3131
3367
|
|
|
@@ -3177,7 +3413,7 @@ const composeSignals = (signals, timeout) => {
|
|
|
3177
3413
|
signals = null;
|
|
3178
3414
|
};
|
|
3179
3415
|
|
|
3180
|
-
signals.forEach((signal) => signal.addEventListener('abort', onabort));
|
|
3416
|
+
signals.forEach((signal) => signal.addEventListener('abort', onabort, { once: true }));
|
|
3181
3417
|
|
|
3182
3418
|
const { signal } = controller;
|
|
3183
3419
|
|
|
@@ -3280,11 +3516,19 @@ const trackStream = (stream, chunkSize, onProgress, onFinish) => {
|
|
|
3280
3516
|
* Estimate decoded byte length of a data:// URL *without* allocating large buffers.
|
|
3281
3517
|
* - For base64: compute exact decoded size using length and padding;
|
|
3282
3518
|
* handle %XX at the character-count level (no string allocation).
|
|
3283
|
-
* - For non-base64:
|
|
3519
|
+
* - For non-base64: compute the exact percent-decoded UTF-8 byte length.
|
|
3284
3520
|
*
|
|
3285
3521
|
* @param {string} url
|
|
3286
3522
|
* @returns {number}
|
|
3287
3523
|
*/
|
|
3524
|
+
const isHexDigit = (charCode) =>
|
|
3525
|
+
(charCode >= 48 && charCode <= 57) ||
|
|
3526
|
+
(charCode >= 65 && charCode <= 70) ||
|
|
3527
|
+
(charCode >= 97 && charCode <= 102);
|
|
3528
|
+
|
|
3529
|
+
const isPercentEncodedByte = (str, i, len) =>
|
|
3530
|
+
i + 2 < len && isHexDigit(str.charCodeAt(i + 1)) && isHexDigit(str.charCodeAt(i + 2));
|
|
3531
|
+
|
|
3288
3532
|
function estimateDataURLDecodedBytes(url) {
|
|
3289
3533
|
if (!url || typeof url !== 'string') return 0;
|
|
3290
3534
|
if (!url.startsWith('data:')) return 0;
|
|
@@ -3304,9 +3548,7 @@ function estimateDataURLDecodedBytes(url) {
|
|
|
3304
3548
|
if (body.charCodeAt(i) === 37 /* '%' */ && i + 2 < len) {
|
|
3305
3549
|
const a = body.charCodeAt(i + 1);
|
|
3306
3550
|
const b = body.charCodeAt(i + 2);
|
|
3307
|
-
const isHex =
|
|
3308
|
-
((a >= 48 && a <= 57) || (a >= 65 && a <= 70) || (a >= 97 && a <= 102)) &&
|
|
3309
|
-
((b >= 48 && b <= 57) || (b >= 65 && b <= 70) || (b >= 97 && b <= 102));
|
|
3551
|
+
const isHex = isHexDigit(a) && isHexDigit(b);
|
|
3310
3552
|
|
|
3311
3553
|
if (isHex) {
|
|
3312
3554
|
effectiveLen -= 2;
|
|
@@ -3347,18 +3589,17 @@ function estimateDataURLDecodedBytes(url) {
|
|
|
3347
3589
|
return bytes > 0 ? bytes : 0;
|
|
3348
3590
|
}
|
|
3349
3591
|
|
|
3350
|
-
if (typeof Buffer !== 'undefined' && typeof Buffer.byteLength === 'function') {
|
|
3351
|
-
return Buffer.byteLength(body, 'utf8');
|
|
3352
|
-
}
|
|
3353
|
-
|
|
3354
3592
|
// Compute UTF-8 byte length directly from UTF-16 code units without allocating
|
|
3355
3593
|
// a byte buffer (TextEncoder.encode would defeat the DoS guard on large bodies).
|
|
3356
|
-
//
|
|
3357
|
-
//
|
|
3594
|
+
// Valid %XX triplets count as one decoded byte; this matches the bytes that
|
|
3595
|
+
// decodeURIComponent(body) would produce before Buffer re-encodes the string.
|
|
3358
3596
|
let bytes = 0;
|
|
3359
3597
|
for (let i = 0, len = body.length; i < len; i++) {
|
|
3360
3598
|
const c = body.charCodeAt(i);
|
|
3361
|
-
if (c
|
|
3599
|
+
if (c === 37 /* '%' */ && isPercentEncodedByte(body, i, len)) {
|
|
3600
|
+
bytes += 1;
|
|
3601
|
+
i += 2;
|
|
3602
|
+
} else if (c < 0x80) {
|
|
3362
3603
|
bytes += 1;
|
|
3363
3604
|
} else if (c < 0x800) {
|
|
3364
3605
|
bytes += 2;
|
|
@@ -3377,12 +3618,41 @@ function estimateDataURLDecodedBytes(url) {
|
|
|
3377
3618
|
return bytes;
|
|
3378
3619
|
}
|
|
3379
3620
|
|
|
3380
|
-
const VERSION$1 = "1.
|
|
3621
|
+
const VERSION$1 = "1.18.1";
|
|
3381
3622
|
|
|
3382
3623
|
const DEFAULT_CHUNK_SIZE = 64 * 1024;
|
|
3383
3624
|
|
|
3384
3625
|
const { isFunction } = utils$1;
|
|
3385
3626
|
|
|
3627
|
+
/**
|
|
3628
|
+
* Encode a UTF-8 string to a Latin-1 byte string for use with btoa().
|
|
3629
|
+
* This is a modern replacement for the deprecated unescape(encodeURIComponent(str)) pattern.
|
|
3630
|
+
*
|
|
3631
|
+
* @param {string} str The string to encode
|
|
3632
|
+
*
|
|
3633
|
+
* @returns {string} UTF-8 bytes as a Latin-1 string
|
|
3634
|
+
*/
|
|
3635
|
+
const encodeUTF8 = (str) =>
|
|
3636
|
+
encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) =>
|
|
3637
|
+
String.fromCharCode(parseInt(hex, 16))
|
|
3638
|
+
);
|
|
3639
|
+
|
|
3640
|
+
// Node's WHATWG URL parser returns `username` and `password` percent-encoded.
|
|
3641
|
+
// Decode before composing the `auth` option so credentials such as
|
|
3642
|
+
// `my%40email.com:pass` are sent as `my@email.com:pass`. Falls back to the
|
|
3643
|
+
// original value for malformed input so a bad encoding never throws.
|
|
3644
|
+
const decodeURIComponentSafe = (value) => {
|
|
3645
|
+
if (!utils$1.isString(value)) {
|
|
3646
|
+
return value;
|
|
3647
|
+
}
|
|
3648
|
+
|
|
3649
|
+
try {
|
|
3650
|
+
return decodeURIComponent(value);
|
|
3651
|
+
} catch (error) {
|
|
3652
|
+
return value;
|
|
3653
|
+
}
|
|
3654
|
+
};
|
|
3655
|
+
|
|
3386
3656
|
const test = (fn, ...args) => {
|
|
3387
3657
|
try {
|
|
3388
3658
|
return !!fn(...args);
|
|
@@ -3391,6 +3661,15 @@ const test = (fn, ...args) => {
|
|
|
3391
3661
|
}
|
|
3392
3662
|
};
|
|
3393
3663
|
|
|
3664
|
+
const maybeWithAuthCredentials = (url) => {
|
|
3665
|
+
const protocolIndex = url.indexOf('://');
|
|
3666
|
+
let urlToCheck = url;
|
|
3667
|
+
if (protocolIndex !== -1) {
|
|
3668
|
+
urlToCheck = urlToCheck.slice(protocolIndex + 3);
|
|
3669
|
+
}
|
|
3670
|
+
return urlToCheck.includes('@') || urlToCheck.includes(':');
|
|
3671
|
+
};
|
|
3672
|
+
|
|
3394
3673
|
const factory = (env) => {
|
|
3395
3674
|
const globalObject =
|
|
3396
3675
|
utils$1.global !== undefined && utils$1.global !== null
|
|
@@ -3538,6 +3817,7 @@ const factory = (env) => {
|
|
|
3538
3817
|
|
|
3539
3818
|
const hasMaxContentLength = utils$1.isNumber(maxContentLength) && maxContentLength > -1;
|
|
3540
3819
|
const hasMaxBodyLength = utils$1.isNumber(maxBodyLength) && maxBodyLength > -1;
|
|
3820
|
+
const own = (key) => (utils$1.hasOwnProp(config, key) ? config[key] : undefined);
|
|
3541
3821
|
|
|
3542
3822
|
let _fetch = envFetch || fetch;
|
|
3543
3823
|
|
|
@@ -3559,7 +3839,61 @@ const factory = (env) => {
|
|
|
3559
3839
|
|
|
3560
3840
|
let requestContentLength;
|
|
3561
3841
|
|
|
3842
|
+
// AxiosError we raise while the request body is being streamed. Captured
|
|
3843
|
+
// by identity so the catch block can surface it directly, regardless of
|
|
3844
|
+
// how the runtime wraps the resulting fetch rejection (undici exposes it
|
|
3845
|
+
// as `err.cause`; some browsers drop the original error entirely).
|
|
3846
|
+
let pendingBodyError = null;
|
|
3847
|
+
|
|
3848
|
+
const maxBodyLengthError = () =>
|
|
3849
|
+
new AxiosError$1(
|
|
3850
|
+
'Request body larger than maxBodyLength limit',
|
|
3851
|
+
AxiosError$1.ERR_BAD_REQUEST,
|
|
3852
|
+
config,
|
|
3853
|
+
request
|
|
3854
|
+
);
|
|
3855
|
+
|
|
3562
3856
|
try {
|
|
3857
|
+
// HTTP basic authentication
|
|
3858
|
+
let auth = undefined;
|
|
3859
|
+
const configAuth = own('auth');
|
|
3860
|
+
|
|
3861
|
+
if (configAuth) {
|
|
3862
|
+
const username = utils$1.getSafeProp(configAuth, 'username') || '';
|
|
3863
|
+
const password = utils$1.getSafeProp(configAuth, 'password') || '';
|
|
3864
|
+
auth = {
|
|
3865
|
+
username,
|
|
3866
|
+
password
|
|
3867
|
+
};
|
|
3868
|
+
}
|
|
3869
|
+
|
|
3870
|
+
if (maybeWithAuthCredentials(url)) {
|
|
3871
|
+
const parsedURL = new URL(url, platform.origin);
|
|
3872
|
+
|
|
3873
|
+
if (!auth && (parsedURL.username || parsedURL.password)) {
|
|
3874
|
+
const urlUsername = decodeURIComponentSafe(parsedURL.username);
|
|
3875
|
+
const urlPassword = decodeURIComponentSafe(parsedURL.password);
|
|
3876
|
+
auth = {
|
|
3877
|
+
username: urlUsername,
|
|
3878
|
+
password: urlPassword
|
|
3879
|
+
};
|
|
3880
|
+
}
|
|
3881
|
+
|
|
3882
|
+
if (parsedURL.username || parsedURL.password) {
|
|
3883
|
+
parsedURL.username = '';
|
|
3884
|
+
parsedURL.password = '';
|
|
3885
|
+
url = parsedURL.href;
|
|
3886
|
+
}
|
|
3887
|
+
}
|
|
3888
|
+
|
|
3889
|
+
if (auth) {
|
|
3890
|
+
headers.delete('authorization');
|
|
3891
|
+
headers.set(
|
|
3892
|
+
'Authorization',
|
|
3893
|
+
'Basic ' + btoa(encodeUTF8((auth.username || '') + ':' + (auth.password || '')))
|
|
3894
|
+
);
|
|
3895
|
+
}
|
|
3896
|
+
|
|
3563
3897
|
// Enforce maxContentLength for data: URLs up-front so we never materialize
|
|
3564
3898
|
// an oversized payload. The HTTP adapter applies the same check (see http.js
|
|
3565
3899
|
// "if (protocol === 'data:')" branch).
|
|
@@ -3575,53 +3909,96 @@ const factory = (env) => {
|
|
|
3575
3909
|
}
|
|
3576
3910
|
}
|
|
3577
3911
|
|
|
3578
|
-
// Enforce maxBodyLength against
|
|
3579
|
-
//
|
|
3580
|
-
//
|
|
3581
|
-
//
|
|
3912
|
+
// Enforce maxBodyLength against known-size bodies before dispatch using
|
|
3913
|
+
// the body's *actual* size — never a caller-declared Content-Length,
|
|
3914
|
+
// which could under-report to slip an oversized body past the check.
|
|
3915
|
+
// Unknown-size streams return undefined here and are counted per-chunk
|
|
3916
|
+
// below as fetch consumes them.
|
|
3582
3917
|
if (hasMaxBodyLength && method !== 'get' && method !== 'head') {
|
|
3583
|
-
const outboundLength = await
|
|
3584
|
-
if (
|
|
3585
|
-
|
|
3586
|
-
|
|
3587
|
-
|
|
3588
|
-
|
|
3589
|
-
throw new AxiosError$1(
|
|
3590
|
-
'Request body larger than maxBodyLength limit',
|
|
3591
|
-
AxiosError$1.ERR_BAD_REQUEST,
|
|
3592
|
-
config,
|
|
3593
|
-
request
|
|
3594
|
-
);
|
|
3918
|
+
const outboundLength = await getBodyLength(data);
|
|
3919
|
+
if (typeof outboundLength === 'number' && isFinite(outboundLength)) {
|
|
3920
|
+
requestContentLength = outboundLength;
|
|
3921
|
+
if (outboundLength > maxBodyLength) {
|
|
3922
|
+
throw maxBodyLengthError();
|
|
3923
|
+
}
|
|
3595
3924
|
}
|
|
3596
3925
|
}
|
|
3597
3926
|
|
|
3927
|
+
// A streamed body under maxBodyLength must be counted as fetch consumes
|
|
3928
|
+
// it; its size is never trusted from a caller-declared Content-Length.
|
|
3929
|
+
const mustEnforceStreamBody =
|
|
3930
|
+
hasMaxBodyLength && (utils$1.isReadableStream(data) || utils$1.isStream(data));
|
|
3931
|
+
|
|
3932
|
+
const trackRequestStream = (stream, onProgress, flush) =>
|
|
3933
|
+
trackStream(
|
|
3934
|
+
stream,
|
|
3935
|
+
DEFAULT_CHUNK_SIZE,
|
|
3936
|
+
(loadedBytes) => {
|
|
3937
|
+
if (hasMaxBodyLength && loadedBytes > maxBodyLength) {
|
|
3938
|
+
throw (pendingBodyError = maxBodyLengthError());
|
|
3939
|
+
}
|
|
3940
|
+
onProgress && onProgress(loadedBytes);
|
|
3941
|
+
},
|
|
3942
|
+
flush
|
|
3943
|
+
);
|
|
3944
|
+
|
|
3598
3945
|
if (
|
|
3599
|
-
onUploadProgress &&
|
|
3600
3946
|
supportsRequestStream &&
|
|
3601
3947
|
method !== 'get' &&
|
|
3602
3948
|
method !== 'head' &&
|
|
3603
|
-
(
|
|
3949
|
+
(onUploadProgress || mustEnforceStreamBody)
|
|
3604
3950
|
) {
|
|
3605
|
-
|
|
3606
|
-
|
|
3607
|
-
|
|
3608
|
-
|
|
3609
|
-
|
|
3951
|
+
requestContentLength =
|
|
3952
|
+
requestContentLength == null ? await resolveBodyLength(headers, data) : requestContentLength;
|
|
3953
|
+
|
|
3954
|
+
// A declared length of 0 is only trusted to skip the wrap when we are
|
|
3955
|
+
// not enforcing a stream limit (which must not rely on that header).
|
|
3956
|
+
if (requestContentLength !== 0 || mustEnforceStreamBody) {
|
|
3957
|
+
let _request = new Request(url, {
|
|
3958
|
+
method: 'POST',
|
|
3959
|
+
body: data,
|
|
3960
|
+
duplex: 'half',
|
|
3961
|
+
});
|
|
3610
3962
|
|
|
3611
|
-
|
|
3963
|
+
let contentTypeHeader;
|
|
3612
3964
|
|
|
3613
|
-
|
|
3614
|
-
|
|
3615
|
-
|
|
3965
|
+
if (utils$1.isFormData(data) && (contentTypeHeader = _request.headers.get('content-type'))) {
|
|
3966
|
+
headers.setContentType(contentTypeHeader);
|
|
3967
|
+
}
|
|
3616
3968
|
|
|
3617
|
-
|
|
3618
|
-
|
|
3619
|
-
|
|
3620
|
-
|
|
3621
|
-
|
|
3969
|
+
if (_request.body) {
|
|
3970
|
+
const [onProgress, flush] =
|
|
3971
|
+
(onUploadProgress &&
|
|
3972
|
+
progressEventDecorator(
|
|
3973
|
+
requestContentLength,
|
|
3974
|
+
progressEventReducer(asyncDecorator(onUploadProgress))
|
|
3975
|
+
)) ||
|
|
3976
|
+
[];
|
|
3622
3977
|
|
|
3623
|
-
|
|
3978
|
+
data = trackRequestStream(_request.body, onProgress, flush);
|
|
3979
|
+
}
|
|
3624
3980
|
}
|
|
3981
|
+
} else if (
|
|
3982
|
+
mustEnforceStreamBody &&
|
|
3983
|
+
!isRequestSupported &&
|
|
3984
|
+
isReadableStreamSupported &&
|
|
3985
|
+
method !== 'get' &&
|
|
3986
|
+
method !== 'head'
|
|
3987
|
+
) {
|
|
3988
|
+
data = trackRequestStream(data);
|
|
3989
|
+
} else if (
|
|
3990
|
+
mustEnforceStreamBody &&
|
|
3991
|
+
isRequestSupported &&
|
|
3992
|
+
!supportsRequestStream &&
|
|
3993
|
+
method !== 'get' &&
|
|
3994
|
+
method !== 'head'
|
|
3995
|
+
) {
|
|
3996
|
+
throw new AxiosError$1(
|
|
3997
|
+
'Stream request bodies are not supported by the current fetch implementation',
|
|
3998
|
+
AxiosError$1.ERR_NOT_SUPPORT,
|
|
3999
|
+
config,
|
|
4000
|
+
request
|
|
4001
|
+
);
|
|
3625
4002
|
}
|
|
3626
4003
|
|
|
3627
4004
|
if (!utils$1.isString(withCredentials)) {
|
|
@@ -3664,10 +4041,12 @@ const factory = (env) => {
|
|
|
3664
4041
|
? _fetch(request, fetchOptions)
|
|
3665
4042
|
: _fetch(url, resolvedOptions));
|
|
3666
4043
|
|
|
4044
|
+
const responseHeaders = AxiosHeaders$1.from(response.headers);
|
|
4045
|
+
|
|
3667
4046
|
// Cheap pre-check: if the server honestly declares a content-length that
|
|
3668
4047
|
// already exceeds the cap, reject before we start streaming.
|
|
3669
4048
|
if (hasMaxContentLength) {
|
|
3670
|
-
const declaredLength = utils$1.toFiniteNumber(
|
|
4049
|
+
const declaredLength = utils$1.toFiniteNumber(responseHeaders.getContentLength());
|
|
3671
4050
|
if (declaredLength != null && declaredLength > maxContentLength) {
|
|
3672
4051
|
throw new AxiosError$1(
|
|
3673
4052
|
'maxContentLength size of ' + maxContentLength + ' exceeded',
|
|
@@ -3692,7 +4071,7 @@ const factory = (env) => {
|
|
|
3692
4071
|
options[prop] = response[prop];
|
|
3693
4072
|
});
|
|
3694
4073
|
|
|
3695
|
-
const responseContentLength = utils$1.toFiniteNumber(
|
|
4074
|
+
const responseContentLength = utils$1.toFiniteNumber(responseHeaders.getContentLength());
|
|
3696
4075
|
|
|
3697
4076
|
const [onProgress, flush] =
|
|
3698
4077
|
(onDownloadProgress &&
|
|
@@ -3783,23 +4162,55 @@ const factory = (env) => {
|
|
|
3783
4162
|
const canceledError = composedSignal.reason;
|
|
3784
4163
|
canceledError.config = config;
|
|
3785
4164
|
request && (canceledError.request = request);
|
|
3786
|
-
err !== canceledError
|
|
4165
|
+
if (err !== canceledError) {
|
|
4166
|
+
// Non-enumerable to match native Error `cause` semantics so loggers
|
|
4167
|
+
// don't recurse into circular fetch internals (see #7205).
|
|
4168
|
+
Object.defineProperty(canceledError, 'cause', {
|
|
4169
|
+
__proto__: null,
|
|
4170
|
+
value: err,
|
|
4171
|
+
writable: true,
|
|
4172
|
+
enumerable: false,
|
|
4173
|
+
configurable: true,
|
|
4174
|
+
});
|
|
4175
|
+
}
|
|
3787
4176
|
throw canceledError;
|
|
3788
4177
|
}
|
|
3789
4178
|
|
|
4179
|
+
// Surface a maxBodyLength violation we raised while the request body was
|
|
4180
|
+
// being streamed. Matching by identity (rather than reading
|
|
4181
|
+
// `err.cause.isAxiosError`) keeps the error deterministic across runtimes
|
|
4182
|
+
// and avoids both prototype-pollution reads and mis-attributing a foreign
|
|
4183
|
+
// AxiosError that merely happened to land in `err.cause`.
|
|
4184
|
+
if (pendingBodyError) {
|
|
4185
|
+
request && !pendingBodyError.request && (pendingBodyError.request = request);
|
|
4186
|
+
throw pendingBodyError;
|
|
4187
|
+
}
|
|
4188
|
+
|
|
4189
|
+
// Re-throw AxiosErrors we raised synchronously (data: URL / content-length
|
|
4190
|
+
// pre-checks, response size enforcement) without re-wrapping them.
|
|
4191
|
+
if (err instanceof AxiosError$1) {
|
|
4192
|
+
request && !err.request && (err.request = request);
|
|
4193
|
+
throw err;
|
|
4194
|
+
}
|
|
4195
|
+
|
|
3790
4196
|
if (err && err.name === 'TypeError' && /Load failed|fetch/i.test(err.message)) {
|
|
3791
|
-
|
|
3792
|
-
|
|
3793
|
-
|
|
3794
|
-
|
|
3795
|
-
|
|
3796
|
-
|
|
3797
|
-
err && err.response
|
|
3798
|
-
),
|
|
3799
|
-
{
|
|
3800
|
-
cause: err.cause || err,
|
|
3801
|
-
}
|
|
4197
|
+
const networkError = new AxiosError$1(
|
|
4198
|
+
'Network Error',
|
|
4199
|
+
AxiosError$1.ERR_NETWORK,
|
|
4200
|
+
config,
|
|
4201
|
+
request,
|
|
4202
|
+
err && err.response
|
|
3802
4203
|
);
|
|
4204
|
+
// Non-enumerable to match native Error `cause` semantics so loggers
|
|
4205
|
+
// don't recurse into circular fetch internals (see #7205).
|
|
4206
|
+
Object.defineProperty(networkError, 'cause', {
|
|
4207
|
+
__proto__: null,
|
|
4208
|
+
value: err.cause || err,
|
|
4209
|
+
writable: true,
|
|
4210
|
+
enumerable: false,
|
|
4211
|
+
configurable: true,
|
|
4212
|
+
});
|
|
4213
|
+
throw networkError;
|
|
3803
4214
|
}
|
|
3804
4215
|
|
|
3805
4216
|
throw AxiosError$1.from(err, err && err.code, config, request, err && err.response);
|
|
@@ -3937,7 +4348,7 @@ function getAdapter$1(adapters, config) {
|
|
|
3937
4348
|
|
|
3938
4349
|
throw new AxiosError$1(
|
|
3939
4350
|
`There is no suitable adapter to dispatch the request ` + s,
|
|
3940
|
-
|
|
4351
|
+
AxiosError$1.ERR_NOT_SUPPORT
|
|
3941
4352
|
);
|
|
3942
4353
|
}
|
|
3943
4354
|
|
|
@@ -4118,7 +4529,7 @@ validators$1.spelling = function spelling(correctSpelling) {
|
|
|
4118
4529
|
*/
|
|
4119
4530
|
|
|
4120
4531
|
function assertOptions(options, schema, allowUnknown) {
|
|
4121
|
-
if (typeof options !== 'object') {
|
|
4532
|
+
if (typeof options !== 'object' || options === null) {
|
|
4122
4533
|
throw new AxiosError$1('options must be an object', AxiosError$1.ERR_BAD_OPTION_VALUE);
|
|
4123
4534
|
}
|
|
4124
4535
|
const keys = Object.keys(options);
|
|
@@ -4241,6 +4652,8 @@ let Axios$1 = class Axios {
|
|
|
4241
4652
|
forcedJSONParsing: validators.transitional(validators.boolean),
|
|
4242
4653
|
clarifyTimeoutError: validators.transitional(validators.boolean),
|
|
4243
4654
|
legacyInterceptorReqResOrdering: validators.transitional(validators.boolean),
|
|
4655
|
+
advertiseZstdAcceptEncoding: validators.transitional(validators.boolean),
|
|
4656
|
+
validateStatusUndefinedResolves: validators.transitional(validators.boolean),
|
|
4244
4657
|
},
|
|
4245
4658
|
false
|
|
4246
4659
|
);
|
|
@@ -4370,7 +4783,7 @@ let Axios$1 = class Axios {
|
|
|
4370
4783
|
|
|
4371
4784
|
getUri(config) {
|
|
4372
4785
|
config = mergeConfig$1(this.defaults, config);
|
|
4373
|
-
const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls);
|
|
4786
|
+
const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls, config);
|
|
4374
4787
|
return buildURL(fullPath, config.params, config.paramsSerializer);
|
|
4375
4788
|
}
|
|
4376
4789
|
};
|
|
@@ -4383,7 +4796,7 @@ utils$1.forEach(['delete', 'get', 'head', 'options'], function forEachMethodNoDa
|
|
|
4383
4796
|
mergeConfig$1(config || {}, {
|
|
4384
4797
|
method,
|
|
4385
4798
|
url,
|
|
4386
|
-
data: (config
|
|
4799
|
+
data: config && utils$1.hasOwnProp(config, 'data') ? config.data : undefined,
|
|
4387
4800
|
})
|
|
4388
4801
|
);
|
|
4389
4802
|
};
|