reflex-search 1.5.2 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. package/node_modules/.package-lock.json +15 -15
  2. package/node_modules/axios/CHANGELOG.md +126 -1
  3. package/node_modules/axios/README.md +390 -257
  4. package/node_modules/axios/dist/axios.js +511 -154
  5. package/node_modules/axios/dist/axios.min.js +3 -3
  6. package/node_modules/axios/dist/axios.min.js.map +1 -1
  7. package/node_modules/axios/dist/browser/axios.cjs +537 -124
  8. package/node_modules/axios/dist/esm/axios.js +537 -124
  9. package/node_modules/axios/dist/esm/axios.min.js +2 -2
  10. package/node_modules/axios/dist/esm/axios.min.js.map +1 -1
  11. package/node_modules/axios/dist/node/axios.cjs +753 -226
  12. package/node_modules/axios/index.d.cts +27 -4
  13. package/node_modules/axios/index.d.ts +23 -2
  14. package/node_modules/axios/lib/adapters/adapters.js +1 -1
  15. package/node_modules/axios/lib/adapters/fetch.js +217 -47
  16. package/node_modules/axios/lib/adapters/http.js +274 -169
  17. package/node_modules/axios/lib/adapters/xhr.js +1 -0
  18. package/node_modules/axios/lib/core/Axios.js +4 -2
  19. package/node_modules/axios/lib/core/AxiosError.js +13 -1
  20. package/node_modules/axios/lib/core/AxiosHeaders.js +12 -9
  21. package/node_modules/axios/lib/core/buildFullPath.js +29 -1
  22. package/node_modules/axios/lib/core/mergeConfig.js +35 -0
  23. package/node_modules/axios/lib/defaults/transitional.js +2 -0
  24. package/node_modules/axios/lib/env/data.js +1 -1
  25. package/node_modules/axios/lib/helpers/AxiosURLSearchParams.js +1 -3
  26. package/node_modules/axios/lib/helpers/Http2Sessions.js +119 -0
  27. package/node_modules/axios/lib/helpers/buildURL.js +7 -4
  28. package/node_modules/axios/lib/helpers/composeSignals.js +1 -1
  29. package/node_modules/axios/lib/helpers/cookies.js +5 -1
  30. package/node_modules/axios/lib/helpers/estimateDataURLDecodedBytes.js +16 -11
  31. package/node_modules/axios/lib/helpers/formDataToJSON.js +25 -3
  32. package/node_modules/axios/lib/helpers/formDataToStream.js +2 -2
  33. package/node_modules/axios/lib/helpers/fromDataURI.js +4 -2
  34. package/node_modules/axios/lib/helpers/resolveConfig.js +26 -13
  35. package/node_modules/axios/lib/helpers/shouldBypassProxy.js +33 -1
  36. package/node_modules/axios/lib/helpers/toFormData.js +48 -12
  37. package/node_modules/axios/lib/helpers/validator.js +1 -1
  38. package/node_modules/axios/lib/utils.js +97 -12
  39. package/node_modules/axios/package.json +29 -13
  40. package/node_modules/brace-expansion/dist/commonjs/index.js +24 -14
  41. package/node_modules/brace-expansion/dist/commonjs/index.js.map +1 -1
  42. package/node_modules/brace-expansion/dist/esm/index.js +24 -14
  43. package/node_modules/brace-expansion/dist/esm/index.js.map +1 -1
  44. package/node_modules/brace-expansion/package.json +2 -2
  45. package/node_modules/form-data/CHANGELOG.md +29 -2
  46. package/node_modules/form-data/README.md +4 -4
  47. package/node_modules/form-data/lib/form_data.js +14 -2
  48. package/node_modules/form-data/package.json +7 -7
  49. package/node_modules/hasown/CHANGELOG.md +18 -0
  50. package/node_modules/hasown/eslint.config.mjs +6 -0
  51. package/node_modules/hasown/package.json +13 -14
  52. package/npm-shrinkwrap.json +16 -16
  53. package/package.json +2 -2
  54. package/node_modules/axios/dist/axios.js.map +0 -1
  55. package/node_modules/axios/dist/browser/axios.cjs.map +0 -1
  56. package/node_modules/axios/dist/esm/axios.js.map +0 -1
  57. package/node_modules/axios/dist/node/axios.cjs.map +0 -1
  58. package/node_modules/hasown/.eslintrc +0 -5
@@ -50,6 +50,7 @@ declare class AxiosHeaders {
50
50
  rewrite?: boolean | AxiosHeaderMatcher
51
51
  ): AxiosHeaders;
52
52
  set(headers?: axios.RawAxiosHeaders | AxiosHeaders | string, rewrite?: boolean): AxiosHeaders;
53
+ set(headers?: Iterable<[string, axios.AxiosHeaderValue]>, rewrite?: boolean): AxiosHeaders;
53
54
 
54
55
  get(headerName: string, parser: RegExp): RegExpExecArray | null;
55
56
  get(headerName: string, matcher?: true | AxiosHeaderParser): axios.AxiosHeaderValue;
@@ -66,7 +67,9 @@ declare class AxiosHeaders {
66
67
  ...targets: Array<AxiosHeaders | axios.RawAxiosHeaders | string | undefined | null>
67
68
  ): AxiosHeaders;
68
69
 
69
- toJSON(asStrings?: boolean): axios.RawAxiosHeaders;
70
+ toJSON(asStrings: true): Record<string, string>;
71
+ toJSON(asStrings?: false): Record<string, string | string[]>;
72
+ toJSON(asStrings?: boolean): Record<string, string | string[]>;
70
73
 
71
74
  static from(thing?: AxiosHeaders | axios.RawAxiosHeaders | string): AxiosHeaders;
72
75
 
@@ -117,6 +120,8 @@ declare class AxiosHeaders {
117
120
 
118
121
  getSetCookie(): string[];
119
122
 
123
+ toString(): string;
124
+
120
125
  [Symbol.iterator](): IterableIterator<[string, axios.AxiosHeaderValue]>;
121
126
  }
122
127
 
@@ -162,7 +167,11 @@ declare class AxiosError<T = unknown, D = any> extends Error {
162
167
  static readonly ETIMEDOUT = 'ETIMEDOUT';
163
168
  }
164
169
 
165
- declare class CanceledError<T> extends AxiosError<T> {}
170
+ declare class CanceledError<T> extends AxiosError<T> {
171
+ constructor(message?: string, config?: axios.InternalAxiosRequestConfig, request?: any);
172
+ readonly name: 'CanceledError';
173
+ __CANCEL__?: boolean;
174
+ }
166
175
 
167
176
  declare class Axios {
168
177
  constructor(config?: axios.AxiosRequestConfig);
@@ -292,6 +301,12 @@ declare enum HttpStatusCode {
292
301
  LoopDetected = 508,
293
302
  NotExtended = 510,
294
303
  NetworkAuthenticationRequired = 511,
304
+ WebServerIsDown = 521,
305
+ ConnectionTimedOut = 522,
306
+ OriginIsUnreachable = 523,
307
+ TimeoutOccurred = 524,
308
+ SslHandshakeFailed = 525,
309
+ InvalidSslCertificate = 526,
295
310
  }
296
311
 
297
312
  type InternalAxiosError<T = unknown, D = any> = AxiosError<T, D>;
@@ -392,6 +407,8 @@ declare namespace axios {
392
407
  forcedJSONParsing?: boolean;
393
408
  clarifyTimeoutError?: boolean;
394
409
  legacyInterceptorReqResOrdering?: boolean;
410
+ advertiseZstdAcceptEncoding?: boolean;
411
+ validateStatusUndefinedResolves?: boolean;
395
412
  }
396
413
 
397
414
  interface GenericAbortSignal {
@@ -422,6 +439,8 @@ declare namespace axios {
422
439
  dots?: boolean;
423
440
  metaTokens?: boolean;
424
441
  indexes?: boolean | null;
442
+ maxDepth?: number;
443
+ Blob?: { new (...args: any[]): any };
425
444
  }
426
445
 
427
446
  // tslint:disable-next-line
@@ -554,6 +573,7 @@ declare namespace axios {
554
573
  };
555
574
  formDataHeaderPolicy?: 'legacy' | 'content-only';
556
575
  redact?: string[];
576
+ sensitiveHeaders?: string[];
557
577
  }
558
578
 
559
579
  // Alias
@@ -618,6 +638,9 @@ declare namespace axios {
618
638
  promise: Promise<Cancel>;
619
639
  reason?: Cancel;
620
640
  throwIfRequested(): void;
641
+ subscribe(listener: (cancel: Cancel | any) => void): void;
642
+ unsubscribe(listener: (cancel: Cancel | any) => void): void;
643
+ toAbortSignal(): AbortSignal;
621
644
  }
622
645
 
623
646
  interface CancelTokenSource {
@@ -684,14 +707,14 @@ declare namespace axios {
684
707
  }
685
708
 
686
709
  interface AxiosStatic extends AxiosInstance {
687
- Cancel: CancelStatic;
710
+ Cancel: typeof CanceledError;
688
711
  CancelToken: CancelTokenStatic;
689
712
  Axios: typeof Axios;
690
713
  AxiosError: typeof AxiosError;
691
714
  CanceledError: typeof CanceledError;
692
715
  HttpStatusCode: typeof HttpStatusCode;
693
716
  readonly VERSION: string;
694
- isCancel(value: any): value is Cancel;
717
+ isCancel<T = any>(value: any): value is CanceledError<T>;
695
718
  all<T>(values: Array<T | Promise<T>>): Promise<T[]>;
696
719
  spread<T, R>(callback: (...args: T[]) => R): (array: T[]) => R;
697
720
  isAxiosError<T = any, D = any>(payload: any): payload is AxiosError<T, D>;
@@ -31,6 +31,7 @@ export class AxiosHeaders {
31
31
  rewrite?: boolean | AxiosHeaderMatcher
32
32
  ): AxiosHeaders;
33
33
  set(headers?: RawAxiosHeaders | AxiosHeaders | string, rewrite?: boolean): AxiosHeaders;
34
+ set(headers?: Iterable<[string, AxiosHeaderValue]>, rewrite?: boolean): AxiosHeaders;
34
35
 
35
36
  get(headerName: string, parser: RegExp): RegExpExecArray | null;
36
37
  get(headerName: string, matcher?: true | AxiosHeaderParser): AxiosHeaderValue;
@@ -47,7 +48,9 @@ export class AxiosHeaders {
47
48
  ...targets: Array<AxiosHeaders | RawAxiosHeaders | string | undefined | null>
48
49
  ): AxiosHeaders;
49
50
 
50
- toJSON(asStrings?: boolean): RawAxiosHeaders;
51
+ toJSON(asStrings: true): Record<string, string>;
52
+ toJSON(asStrings?: false): Record<string, string | string[]>;
53
+ toJSON(asStrings?: boolean): Record<string, string | string[]>;
51
54
 
52
55
  static from(thing?: AxiosHeaders | RawAxiosHeaders | string): AxiosHeaders;
53
56
 
@@ -89,6 +92,8 @@ export class AxiosHeaders {
89
92
 
90
93
  getSetCookie(): string[];
91
94
 
95
+ toString(): string;
96
+
92
97
  [Symbol.iterator](): IterableIterator<[string, AxiosHeaderValue]>;
93
98
  }
94
99
 
@@ -231,6 +236,12 @@ export enum HttpStatusCode {
231
236
  LoopDetected = 508,
232
237
  NotExtended = 510,
233
238
  NetworkAuthenticationRequired = 511,
239
+ WebServerIsDown = 521,
240
+ ConnectionTimedOut = 522,
241
+ OriginIsUnreachable = 523,
242
+ TimeoutOccurred = 524,
243
+ SslHandshakeFailed = 525,
244
+ InvalidSslCertificate = 526,
234
245
  }
235
246
 
236
247
  type UppercaseMethod =
@@ -281,6 +292,8 @@ export interface TransitionalOptions {
281
292
  forcedJSONParsing?: boolean;
282
293
  clarifyTimeoutError?: boolean;
283
294
  legacyInterceptorReqResOrdering?: boolean;
295
+ advertiseZstdAcceptEncoding?: boolean;
296
+ validateStatusUndefinedResolves?: boolean;
284
297
  }
285
298
 
286
299
  export interface GenericAbortSignal {
@@ -311,6 +324,8 @@ export interface SerializerOptions {
311
324
  dots?: boolean;
312
325
  metaTokens?: boolean;
313
326
  indexes?: boolean | null;
327
+ maxDepth?: number;
328
+ Blob?: { new (...args: any[]): any };
314
329
  }
315
330
 
316
331
  // tslint:disable-next-line
@@ -449,6 +464,7 @@ export interface AxiosRequestConfig<D = any> {
449
464
  };
450
465
  formDataHeaderPolicy?: 'legacy' | 'content-only';
451
466
  redact?: string[];
467
+ sensitiveHeaders?: string[];
452
468
  }
453
469
 
454
470
  // Alias
@@ -533,7 +549,9 @@ export class AxiosError<T = unknown, D = any> extends Error {
533
549
  }
534
550
 
535
551
  export class CanceledError<T> extends AxiosError<T> {
552
+ constructor(message?: string, config?: InternalAxiosRequestConfig, request?: any);
536
553
  readonly name: 'CanceledError';
554
+ __CANCEL__?: boolean;
537
555
  }
538
556
 
539
557
  export type AxiosPromise<T = any> = Promise<AxiosResponse<T>>;
@@ -559,6 +577,9 @@ export interface CancelToken {
559
577
  promise: Promise<Cancel>;
560
578
  reason?: Cancel;
561
579
  throwIfRequested(): void;
580
+ subscribe(listener: (cancel: Cancel | any) => void): void;
581
+ unsubscribe(listener: (cancel: Cancel | any) => void): void;
582
+ toAbortSignal(): AbortSignal;
562
583
  }
563
584
 
564
585
  export interface CancelTokenSource {
@@ -711,7 +732,7 @@ export function mergeConfig<D = any>(
711
732
  export function create(config?: CreateAxiosDefaults): AxiosInstance;
712
733
 
713
734
  export interface AxiosStatic extends AxiosInstance {
714
- Cancel: CancelStatic;
735
+ Cancel: typeof CanceledError;
715
736
  CancelToken: CancelTokenStatic;
716
737
  Axios: typeof Axios;
717
738
  AxiosError: typeof AxiosError;
@@ -107,7 +107,7 @@ function getAdapter(adapters, config) {
107
107
 
108
108
  throw new AxiosError(
109
109
  `There is no suitable adapter to dispatch the request ` + s,
110
- 'ERR_NOT_SUPPORT'
110
+ AxiosError.ERR_NOT_SUPPORT
111
111
  );
112
112
  }
113
113
 
@@ -19,6 +19,35 @@ const DEFAULT_CHUNK_SIZE = 64 * 1024;
19
19
 
20
20
  const { isFunction } = utils;
21
21
 
22
+ /**
23
+ * Encode a UTF-8 string to a Latin-1 byte string for use with btoa().
24
+ * This is a modern replacement for the deprecated unescape(encodeURIComponent(str)) pattern.
25
+ *
26
+ * @param {string} str The string to encode
27
+ *
28
+ * @returns {string} UTF-8 bytes as a Latin-1 string
29
+ */
30
+ const encodeUTF8 = (str) =>
31
+ encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) =>
32
+ String.fromCharCode(parseInt(hex, 16))
33
+ );
34
+
35
+ // Node's WHATWG URL parser returns `username` and `password` percent-encoded.
36
+ // Decode before composing the `auth` option so credentials such as
37
+ // `my%40email.com:pass` are sent as `my@email.com:pass`. Falls back to the
38
+ // original value for malformed input so a bad encoding never throws.
39
+ const decodeURIComponentSafe = (value) => {
40
+ if (!utils.isString(value)) {
41
+ return value;
42
+ }
43
+
44
+ try {
45
+ return decodeURIComponent(value);
46
+ } catch (error) {
47
+ return value;
48
+ }
49
+ };
50
+
22
51
  const test = (fn, ...args) => {
23
52
  try {
24
53
  return !!fn(...args);
@@ -27,6 +56,15 @@ const test = (fn, ...args) => {
27
56
  }
28
57
  };
29
58
 
59
+ const maybeWithAuthCredentials = (url) => {
60
+ const protocolIndex = url.indexOf('://');
61
+ let urlToCheck = url;
62
+ if (protocolIndex !== -1) {
63
+ urlToCheck = urlToCheck.slice(protocolIndex + 3);
64
+ }
65
+ return urlToCheck.includes('@') || urlToCheck.includes(':');
66
+ };
67
+
30
68
  const factory = (env) => {
31
69
  const globalObject =
32
70
  utils.global !== undefined && utils.global !== null
@@ -174,6 +212,7 @@ const factory = (env) => {
174
212
 
175
213
  const hasMaxContentLength = utils.isNumber(maxContentLength) && maxContentLength > -1;
176
214
  const hasMaxBodyLength = utils.isNumber(maxBodyLength) && maxBodyLength > -1;
215
+ const own = (key) => (utils.hasOwnProp(config, key) ? config[key] : undefined);
177
216
 
178
217
  let _fetch = envFetch || fetch;
179
218
 
@@ -195,7 +234,61 @@ const factory = (env) => {
195
234
 
196
235
  let requestContentLength;
197
236
 
237
+ // AxiosError we raise while the request body is being streamed. Captured
238
+ // by identity so the catch block can surface it directly, regardless of
239
+ // how the runtime wraps the resulting fetch rejection (undici exposes it
240
+ // as `err.cause`; some browsers drop the original error entirely).
241
+ let pendingBodyError = null;
242
+
243
+ const maxBodyLengthError = () =>
244
+ new AxiosError(
245
+ 'Request body larger than maxBodyLength limit',
246
+ AxiosError.ERR_BAD_REQUEST,
247
+ config,
248
+ request
249
+ );
250
+
198
251
  try {
252
+ // HTTP basic authentication
253
+ let auth = undefined;
254
+ const configAuth = own('auth');
255
+
256
+ if (configAuth) {
257
+ const username = utils.getSafeProp(configAuth, 'username') || '';
258
+ const password = utils.getSafeProp(configAuth, 'password') || '';
259
+ auth = {
260
+ username,
261
+ password
262
+ };
263
+ }
264
+
265
+ if (maybeWithAuthCredentials(url)) {
266
+ const parsedURL = new URL(url, platform.origin);
267
+
268
+ if (!auth && (parsedURL.username || parsedURL.password)) {
269
+ const urlUsername = decodeURIComponentSafe(parsedURL.username);
270
+ const urlPassword = decodeURIComponentSafe(parsedURL.password);
271
+ auth = {
272
+ username: urlUsername,
273
+ password: urlPassword
274
+ };
275
+ }
276
+
277
+ if (parsedURL.username || parsedURL.password) {
278
+ parsedURL.username = '';
279
+ parsedURL.password = '';
280
+ url = parsedURL.href;
281
+ }
282
+ }
283
+
284
+ if (auth) {
285
+ headers.delete('authorization');
286
+ headers.set(
287
+ 'Authorization',
288
+ 'Basic ' + btoa(encodeUTF8((auth.username || '') + ':' + (auth.password || '')))
289
+ );
290
+ }
291
+
199
292
  // Enforce maxContentLength for data: URLs up-front so we never materialize
200
293
  // an oversized payload. The HTTP adapter applies the same check (see http.js
201
294
  // "if (protocol === 'data:')" branch).
@@ -211,53 +304,96 @@ const factory = (env) => {
211
304
  }
212
305
  }
213
306
 
214
- // Enforce maxBodyLength against the outbound request body before dispatch.
215
- // Mirrors http.js behavior (ERR_BAD_REQUEST / 'Request body larger than
216
- // maxBodyLength limit'). Skip when the body length cannot be determined
217
- // (e.g. a live ReadableStream supplied by the caller).
307
+ // Enforce maxBodyLength against known-size bodies before dispatch using
308
+ // the body's *actual* size never a caller-declared Content-Length,
309
+ // which could under-report to slip an oversized body past the check.
310
+ // Unknown-size streams return undefined here and are counted per-chunk
311
+ // below as fetch consumes them.
218
312
  if (hasMaxBodyLength && method !== 'get' && method !== 'head') {
219
- const outboundLength = await resolveBodyLength(headers, data);
220
- if (
221
- typeof outboundLength === 'number' &&
222
- isFinite(outboundLength) &&
223
- outboundLength > maxBodyLength
224
- ) {
225
- throw new AxiosError(
226
- 'Request body larger than maxBodyLength limit',
227
- AxiosError.ERR_BAD_REQUEST,
228
- config,
229
- request
230
- );
313
+ const outboundLength = await getBodyLength(data);
314
+ if (typeof outboundLength === 'number' && isFinite(outboundLength)) {
315
+ requestContentLength = outboundLength;
316
+ if (outboundLength > maxBodyLength) {
317
+ throw maxBodyLengthError();
318
+ }
231
319
  }
232
320
  }
233
321
 
322
+ // A streamed body under maxBodyLength must be counted as fetch consumes
323
+ // it; its size is never trusted from a caller-declared Content-Length.
324
+ const mustEnforceStreamBody =
325
+ hasMaxBodyLength && (utils.isReadableStream(data) || utils.isStream(data));
326
+
327
+ const trackRequestStream = (stream, onProgress, flush) =>
328
+ trackStream(
329
+ stream,
330
+ DEFAULT_CHUNK_SIZE,
331
+ (loadedBytes) => {
332
+ if (hasMaxBodyLength && loadedBytes > maxBodyLength) {
333
+ throw (pendingBodyError = maxBodyLengthError());
334
+ }
335
+ onProgress && onProgress(loadedBytes);
336
+ },
337
+ flush
338
+ );
339
+
234
340
  if (
235
- onUploadProgress &&
236
341
  supportsRequestStream &&
237
342
  method !== 'get' &&
238
343
  method !== 'head' &&
239
- (requestContentLength = await resolveBodyLength(headers, data)) !== 0
344
+ (onUploadProgress || mustEnforceStreamBody)
240
345
  ) {
241
- let _request = new Request(url, {
242
- method: 'POST',
243
- body: data,
244
- duplex: 'half',
245
- });
346
+ requestContentLength =
347
+ requestContentLength == null ? await resolveBodyLength(headers, data) : requestContentLength;
348
+
349
+ // A declared length of 0 is only trusted to skip the wrap when we are
350
+ // not enforcing a stream limit (which must not rely on that header).
351
+ if (requestContentLength !== 0 || mustEnforceStreamBody) {
352
+ let _request = new Request(url, {
353
+ method: 'POST',
354
+ body: data,
355
+ duplex: 'half',
356
+ });
246
357
 
247
- let contentTypeHeader;
358
+ let contentTypeHeader;
248
359
 
249
- if (utils.isFormData(data) && (contentTypeHeader = _request.headers.get('content-type'))) {
250
- headers.setContentType(contentTypeHeader);
251
- }
360
+ if (utils.isFormData(data) && (contentTypeHeader = _request.headers.get('content-type'))) {
361
+ headers.setContentType(contentTypeHeader);
362
+ }
252
363
 
253
- if (_request.body) {
254
- const [onProgress, flush] = progressEventDecorator(
255
- requestContentLength,
256
- progressEventReducer(asyncDecorator(onUploadProgress))
257
- );
364
+ if (_request.body) {
365
+ const [onProgress, flush] =
366
+ (onUploadProgress &&
367
+ progressEventDecorator(
368
+ requestContentLength,
369
+ progressEventReducer(asyncDecorator(onUploadProgress))
370
+ )) ||
371
+ [];
258
372
 
259
- data = trackStream(_request.body, DEFAULT_CHUNK_SIZE, onProgress, flush);
373
+ data = trackRequestStream(_request.body, onProgress, flush);
374
+ }
260
375
  }
376
+ } else if (
377
+ mustEnforceStreamBody &&
378
+ !isRequestSupported &&
379
+ isReadableStreamSupported &&
380
+ method !== 'get' &&
381
+ method !== 'head'
382
+ ) {
383
+ data = trackRequestStream(data);
384
+ } else if (
385
+ mustEnforceStreamBody &&
386
+ isRequestSupported &&
387
+ !supportsRequestStream &&
388
+ method !== 'get' &&
389
+ method !== 'head'
390
+ ) {
391
+ throw new AxiosError(
392
+ 'Stream request bodies are not supported by the current fetch implementation',
393
+ AxiosError.ERR_NOT_SUPPORT,
394
+ config,
395
+ request
396
+ );
261
397
  }
262
398
 
263
399
  if (!utils.isString(withCredentials)) {
@@ -300,10 +436,12 @@ const factory = (env) => {
300
436
  ? _fetch(request, fetchOptions)
301
437
  : _fetch(url, resolvedOptions));
302
438
 
439
+ const responseHeaders = AxiosHeaders.from(response.headers);
440
+
303
441
  // Cheap pre-check: if the server honestly declares a content-length that
304
442
  // already exceeds the cap, reject before we start streaming.
305
443
  if (hasMaxContentLength) {
306
- const declaredLength = utils.toFiniteNumber(response.headers.get('content-length'));
444
+ const declaredLength = utils.toFiniteNumber(responseHeaders.getContentLength());
307
445
  if (declaredLength != null && declaredLength > maxContentLength) {
308
446
  throw new AxiosError(
309
447
  'maxContentLength size of ' + maxContentLength + ' exceeded',
@@ -328,7 +466,7 @@ const factory = (env) => {
328
466
  options[prop] = response[prop];
329
467
  });
330
468
 
331
- const responseContentLength = utils.toFiniteNumber(response.headers.get('content-length'));
469
+ const responseContentLength = utils.toFiniteNumber(responseHeaders.getContentLength());
332
470
 
333
471
  const [onProgress, flush] =
334
472
  (onDownloadProgress &&
@@ -419,23 +557,55 @@ const factory = (env) => {
419
557
  const canceledError = composedSignal.reason;
420
558
  canceledError.config = config;
421
559
  request && (canceledError.request = request);
422
- err !== canceledError && (canceledError.cause = err);
560
+ if (err !== canceledError) {
561
+ // Non-enumerable to match native Error `cause` semantics so loggers
562
+ // don't recurse into circular fetch internals (see #7205).
563
+ Object.defineProperty(canceledError, 'cause', {
564
+ __proto__: null,
565
+ value: err,
566
+ writable: true,
567
+ enumerable: false,
568
+ configurable: true,
569
+ });
570
+ }
423
571
  throw canceledError;
424
572
  }
425
573
 
574
+ // Surface a maxBodyLength violation we raised while the request body was
575
+ // being streamed. Matching by identity (rather than reading
576
+ // `err.cause.isAxiosError`) keeps the error deterministic across runtimes
577
+ // and avoids both prototype-pollution reads and mis-attributing a foreign
578
+ // AxiosError that merely happened to land in `err.cause`.
579
+ if (pendingBodyError) {
580
+ request && !pendingBodyError.request && (pendingBodyError.request = request);
581
+ throw pendingBodyError;
582
+ }
583
+
584
+ // Re-throw AxiosErrors we raised synchronously (data: URL / content-length
585
+ // pre-checks, response size enforcement) without re-wrapping them.
586
+ if (err instanceof AxiosError) {
587
+ request && !err.request && (err.request = request);
588
+ throw err;
589
+ }
590
+
426
591
  if (err && err.name === 'TypeError' && /Load failed|fetch/i.test(err.message)) {
427
- throw Object.assign(
428
- new AxiosError(
429
- 'Network Error',
430
- AxiosError.ERR_NETWORK,
431
- config,
432
- request,
433
- err && err.response
434
- ),
435
- {
436
- cause: err.cause || err,
437
- }
592
+ const networkError = new AxiosError(
593
+ 'Network Error',
594
+ AxiosError.ERR_NETWORK,
595
+ config,
596
+ request,
597
+ err && err.response
438
598
  );
599
+ // Non-enumerable to match native Error `cause` semantics so loggers
600
+ // don't recurse into circular fetch internals (see #7205).
601
+ Object.defineProperty(networkError, 'cause', {
602
+ __proto__: null,
603
+ value: err.cause || err,
604
+ writable: true,
605
+ enumerable: false,
606
+ configurable: true,
607
+ });
608
+ throw networkError;
439
609
  }
440
610
 
441
611
  throw AxiosError.from(err, err && err.code, config, request, err && err.response);