reflex-search 1.5.2 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. package/node_modules/.package-lock.json +15 -15
  2. package/node_modules/axios/CHANGELOG.md +126 -1
  3. package/node_modules/axios/README.md +390 -257
  4. package/node_modules/axios/dist/axios.js +511 -154
  5. package/node_modules/axios/dist/axios.min.js +3 -3
  6. package/node_modules/axios/dist/axios.min.js.map +1 -1
  7. package/node_modules/axios/dist/browser/axios.cjs +537 -124
  8. package/node_modules/axios/dist/esm/axios.js +537 -124
  9. package/node_modules/axios/dist/esm/axios.min.js +2 -2
  10. package/node_modules/axios/dist/esm/axios.min.js.map +1 -1
  11. package/node_modules/axios/dist/node/axios.cjs +753 -226
  12. package/node_modules/axios/index.d.cts +27 -4
  13. package/node_modules/axios/index.d.ts +23 -2
  14. package/node_modules/axios/lib/adapters/adapters.js +1 -1
  15. package/node_modules/axios/lib/adapters/fetch.js +217 -47
  16. package/node_modules/axios/lib/adapters/http.js +274 -169
  17. package/node_modules/axios/lib/adapters/xhr.js +1 -0
  18. package/node_modules/axios/lib/core/Axios.js +4 -2
  19. package/node_modules/axios/lib/core/AxiosError.js +13 -1
  20. package/node_modules/axios/lib/core/AxiosHeaders.js +12 -9
  21. package/node_modules/axios/lib/core/buildFullPath.js +29 -1
  22. package/node_modules/axios/lib/core/mergeConfig.js +35 -0
  23. package/node_modules/axios/lib/defaults/transitional.js +2 -0
  24. package/node_modules/axios/lib/env/data.js +1 -1
  25. package/node_modules/axios/lib/helpers/AxiosURLSearchParams.js +1 -3
  26. package/node_modules/axios/lib/helpers/Http2Sessions.js +119 -0
  27. package/node_modules/axios/lib/helpers/buildURL.js +7 -4
  28. package/node_modules/axios/lib/helpers/composeSignals.js +1 -1
  29. package/node_modules/axios/lib/helpers/cookies.js +5 -1
  30. package/node_modules/axios/lib/helpers/estimateDataURLDecodedBytes.js +16 -11
  31. package/node_modules/axios/lib/helpers/formDataToJSON.js +25 -3
  32. package/node_modules/axios/lib/helpers/formDataToStream.js +2 -2
  33. package/node_modules/axios/lib/helpers/fromDataURI.js +4 -2
  34. package/node_modules/axios/lib/helpers/resolveConfig.js +26 -13
  35. package/node_modules/axios/lib/helpers/shouldBypassProxy.js +33 -1
  36. package/node_modules/axios/lib/helpers/toFormData.js +48 -12
  37. package/node_modules/axios/lib/helpers/validator.js +1 -1
  38. package/node_modules/axios/lib/utils.js +97 -12
  39. package/node_modules/axios/package.json +29 -13
  40. package/node_modules/brace-expansion/dist/commonjs/index.js +24 -14
  41. package/node_modules/brace-expansion/dist/commonjs/index.js.map +1 -1
  42. package/node_modules/brace-expansion/dist/esm/index.js +24 -14
  43. package/node_modules/brace-expansion/dist/esm/index.js.map +1 -1
  44. package/node_modules/brace-expansion/package.json +2 -2
  45. package/node_modules/form-data/CHANGELOG.md +29 -2
  46. package/node_modules/form-data/README.md +4 -4
  47. package/node_modules/form-data/lib/form_data.js +14 -2
  48. package/node_modules/form-data/package.json +7 -7
  49. package/node_modules/hasown/CHANGELOG.md +18 -0
  50. package/node_modules/hasown/eslint.config.mjs +6 -0
  51. package/node_modules/hasown/package.json +13 -14
  52. package/npm-shrinkwrap.json +16 -16
  53. package/package.json +2 -2
  54. package/node_modules/axios/dist/axios.js.map +0 -1
  55. package/node_modules/axios/dist/browser/axios.cjs.map +0 -1
  56. package/node_modules/axios/dist/esm/axios.js.map +0 -1
  57. package/node_modules/axios/dist/node/axios.cjs.map +0 -1
  58. package/node_modules/hasown/.eslintrc +0 -5
@@ -218,6 +218,7 @@ export default isXHRAdapterSupported &&
218
218
  config
219
219
  )
220
220
  );
221
+ done();
221
222
  return;
222
223
  }
223
224
 
@@ -101,6 +101,8 @@ class Axios {
101
101
  forcedJSONParsing: validators.transitional(validators.boolean),
102
102
  clarifyTimeoutError: validators.transitional(validators.boolean),
103
103
  legacyInterceptorReqResOrdering: validators.transitional(validators.boolean),
104
+ advertiseZstdAcceptEncoding: validators.transitional(validators.boolean),
105
+ validateStatusUndefinedResolves: validators.transitional(validators.boolean),
104
106
  },
105
107
  false
106
108
  );
@@ -232,7 +234,7 @@ class Axios {
232
234
 
233
235
  getUri(config) {
234
236
  config = mergeConfig(this.defaults, config);
235
- const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls);
237
+ const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls, config);
236
238
  return buildURL(fullPath, config.params, config.paramsSerializer);
237
239
  }
238
240
  }
@@ -245,7 +247,7 @@ utils.forEach(['delete', 'get', 'head', 'options'], function forEachMethodNoData
245
247
  mergeConfig(config || {}, {
246
248
  method,
247
249
  url,
248
- data: (config || {}).data,
250
+ data: config && utils.hasOwnProp(config, 'data') ? config.data : undefined,
249
251
  })
250
252
  );
251
253
  };
@@ -75,7 +75,19 @@ function redactConfig(config, redactKeys) {
75
75
  class AxiosError extends Error {
76
76
  static from(error, code, config, request, response, customProps) {
77
77
  const axiosError = new AxiosError(error.message, code || error.code, config, request, response);
78
- axiosError.cause = error;
78
+ // Match native `Error` `cause` semantics: non-enumerable. The wrapped
79
+ // error often carries circular internals (sockets, requests, agents), so
80
+ // an enumerable `cause` makes structured loggers (pino/winston) and any
81
+ // own-property walk throw "Converting circular structure to JSON".
82
+ // Regression from #6982; see #7205. `__proto__: null` mirrors the
83
+ // `message` descriptor below (prototype-pollution-safe descriptor).
84
+ Object.defineProperty(axiosError, 'cause', {
85
+ __proto__: null,
86
+ value: error,
87
+ writable: true,
88
+ enumerable: false,
89
+ configurable: true,
90
+ });
79
91
  axiosError.name = error.name;
80
92
 
81
93
  // Preserve status from the original error if not already set from response
@@ -89,7 +89,7 @@ class AxiosHeaders {
89
89
  const lHeader = normalizeHeader(_header);
90
90
 
91
91
  if (!lHeader) {
92
- throw new Error('header name must be a non-empty string');
92
+ return;
93
93
  }
94
94
 
95
95
  const key = utils.findKey(self, lHeader);
@@ -111,20 +111,23 @@ class AxiosHeaders {
111
111
  setHeaders(header, valueOrRewrite);
112
112
  } else if (utils.isString(header) && (header = header.trim()) && !isValidHeaderName(header)) {
113
113
  setHeaders(parseHeaders(header), valueOrRewrite);
114
- } else if (utils.isObject(header) && utils.isIterable(header)) {
115
- let obj = {},
114
+ } else if (utils.isObject(header) && utils.isSafeIterable(header)) {
115
+ let obj = Object.create(null),
116
116
  dest,
117
117
  key;
118
118
  for (const entry of header) {
119
119
  if (!utils.isArray(entry)) {
120
- throw TypeError('Object iterator must return a key-value pair');
120
+ throw new TypeError('Object iterator must return a key-value pair');
121
121
  }
122
122
 
123
- obj[(key = entry[0])] = (dest = obj[key])
124
- ? utils.isArray(dest)
125
- ? [...dest, entry[1]]
126
- : [dest, entry[1]]
127
- : entry[1];
123
+ key = entry[0];
124
+
125
+ if (utils.hasOwnProp(obj, key)) {
126
+ dest = obj[key];
127
+ obj[key] = utils.isArray(dest) ? [...dest, entry[1]] : [dest, entry[1]];
128
+ } else {
129
+ obj[key] = entry[1];
130
+ }
128
131
  }
129
132
 
130
133
  setHeaders(obj, valueOrRewrite);
@@ -1,8 +1,34 @@
1
1
  'use strict';
2
2
 
3
+ import AxiosError from './AxiosError.js';
3
4
  import isAbsoluteURL from '../helpers/isAbsoluteURL.js';
4
5
  import combineURLs from '../helpers/combineURLs.js';
5
6
 
7
+ const malformedHttpProtocol = /^https?:(?!\/\/)/i;
8
+ const httpProtocolControlCharacters = /[\t\n\r]/g;
9
+
10
+ function stripLeadingC0ControlOrSpace(url) {
11
+ let i = 0;
12
+ while (i < url.length && url.charCodeAt(i) <= 0x20) {
13
+ i++;
14
+ }
15
+ return url.slice(i);
16
+ }
17
+
18
+ function normalizeURLForProtocolCheck(url) {
19
+ return stripLeadingC0ControlOrSpace(url).replace(httpProtocolControlCharacters, '');
20
+ }
21
+
22
+ function assertValidHttpProtocolURL(url, config) {
23
+ if (typeof url === 'string' && malformedHttpProtocol.test(normalizeURLForProtocolCheck(url))) {
24
+ throw new AxiosError(
25
+ 'Invalid URL: missing "//" after protocol',
26
+ AxiosError.ERR_INVALID_URL,
27
+ config
28
+ );
29
+ }
30
+ }
31
+
6
32
  /**
7
33
  * Creates a new URL by combining the baseURL with the requestedURL,
8
34
  * only when the requestedURL is not already an absolute URL.
@@ -13,9 +39,11 @@ import combineURLs from '../helpers/combineURLs.js';
13
39
  *
14
40
  * @returns {string} The combined full path
15
41
  */
16
- export default function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls) {
42
+ export default function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls, config) {
43
+ assertValidHttpProtocolURL(requestedURL, config);
17
44
  let isRelativeUrl = !isAbsoluteURL(requestedURL);
18
45
  if (baseURL && (isRelativeUrl || allowAbsoluteUrls === false)) {
46
+ assertValidHttpProtocolURL(baseURL, config);
19
47
  return combineURLs(baseURL, requestedURL);
20
48
  }
21
49
  return requestedURL;
@@ -16,6 +16,7 @@ const headersToObject = (thing) => (thing instanceof AxiosHeaders ? { ...thing }
16
16
  */
17
17
  export default function mergeConfig(config1, config2) {
18
18
  // eslint-disable-next-line no-param-reassign
19
+ config1 = config1 || {};
19
20
  config2 = config2 || {};
20
21
 
21
22
  // Use a null-prototype object so that downstream reads such as `config.auth`
@@ -68,6 +69,28 @@ export default function mergeConfig(config1, config2) {
68
69
  }
69
70
  }
70
71
 
72
+ function getMergedTransitionalOption(prop) {
73
+ const transitional2 = utils.hasOwnProp(config2, 'transitional') ? config2.transitional : undefined;
74
+
75
+ if (!utils.isUndefined(transitional2)) {
76
+ if (utils.isPlainObject(transitional2)) {
77
+ if (utils.hasOwnProp(transitional2, prop)) {
78
+ return transitional2[prop];
79
+ }
80
+ } else {
81
+ return undefined;
82
+ }
83
+ }
84
+
85
+ const transitional1 = utils.hasOwnProp(config1, 'transitional') ? config1.transitional : undefined;
86
+
87
+ if (utils.isPlainObject(transitional1) && utils.hasOwnProp(transitional1, prop)) {
88
+ return transitional1[prop];
89
+ }
90
+
91
+ return undefined;
92
+ }
93
+
71
94
  // eslint-disable-next-line consistent-return
72
95
  function mergeDirectKeys(a, b, prop) {
73
96
  if (utils.hasOwnProp(config2, prop)) {
@@ -120,5 +143,17 @@ export default function mergeConfig(config1, config2) {
120
143
  (utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
121
144
  });
122
145
 
146
+ if (
147
+ utils.hasOwnProp(config2, 'validateStatus') &&
148
+ utils.isUndefined(config2.validateStatus) &&
149
+ getMergedTransitionalOption('validateStatusUndefinedResolves') === false
150
+ ) {
151
+ if (utils.hasOwnProp(config1, 'validateStatus')) {
152
+ config.validateStatus = getMergedValue(undefined, config1.validateStatus);
153
+ } else {
154
+ delete config.validateStatus;
155
+ }
156
+ }
157
+
123
158
  return config;
124
159
  }
@@ -5,4 +5,6 @@ export default {
5
5
  forcedJSONParsing: true,
6
6
  clarifyTimeoutError: false,
7
7
  legacyInterceptorReqResOrdering: true,
8
+ advertiseZstdAcceptEncoding: false,
9
+ validateStatusUndefinedResolves: true,
8
10
  };
@@ -1 +1 @@
1
- export const VERSION = "1.16.1";
1
+ export const VERSION = "1.18.1";
@@ -46,9 +46,7 @@ prototype.append = function append(name, value) {
46
46
 
47
47
  prototype.toString = function toString(encoder) {
48
48
  const _encode = encoder
49
- ? function (value) {
50
- return encoder.call(this, value, encode);
51
- }
49
+ ? (value) => encoder.call(this, value, encode)
52
50
  : encode;
53
51
 
54
52
  return this._pairs
@@ -0,0 +1,119 @@
1
+ 'use strict';
2
+
3
+ // Node-only: relies on the built-in `http2` module. Browser/react-native
4
+ // builds replace `lib/adapters/http.js` (the sole importer) with `lib/helpers/null.js`
5
+ // via the `browser` package.json field, so this module is never reached in
6
+ // those environments. Do not import it from any browser-reachable code path.
7
+
8
+ import http2 from 'http2';
9
+ import util from 'util';
10
+
11
+ class Http2Sessions {
12
+ constructor() {
13
+ this.sessions = Object.create(null);
14
+ }
15
+
16
+ getSession(authority, options) {
17
+ options = Object.assign(
18
+ {
19
+ sessionTimeout: 1000,
20
+ },
21
+ options
22
+ );
23
+
24
+ let authoritySessions = this.sessions[authority];
25
+
26
+ if (authoritySessions) {
27
+ let len = authoritySessions.length;
28
+
29
+ for (let i = 0; i < len; i++) {
30
+ const [sessionHandle, sessionOptions] = authoritySessions[i];
31
+ if (
32
+ !sessionHandle.destroyed &&
33
+ !sessionHandle.closed &&
34
+ util.isDeepStrictEqual(sessionOptions, options)
35
+ ) {
36
+ return sessionHandle;
37
+ }
38
+ }
39
+ }
40
+
41
+ const session = http2.connect(authority, options);
42
+
43
+ let removed;
44
+ let timer;
45
+
46
+ const removeSession = () => {
47
+ if (removed) {
48
+ return;
49
+ }
50
+
51
+ removed = true;
52
+
53
+ if (timer) {
54
+ clearTimeout(timer);
55
+ timer = null;
56
+ }
57
+
58
+ let entries = authoritySessions,
59
+ len = entries.length,
60
+ i = len;
61
+
62
+ while (i--) {
63
+ if (entries[i][0] === session) {
64
+ if (len === 1) {
65
+ delete this.sessions[authority];
66
+ } else {
67
+ entries.splice(i, 1);
68
+ }
69
+ if (!session.closed) {
70
+ session.close();
71
+ }
72
+ return;
73
+ }
74
+ }
75
+ };
76
+
77
+ const originalRequestFn = session.request;
78
+
79
+ const { sessionTimeout } = options;
80
+
81
+ if (sessionTimeout != null) {
82
+ let streamsCount = 0;
83
+
84
+ session.request = function () {
85
+ const stream = originalRequestFn.apply(this, arguments);
86
+
87
+ streamsCount++;
88
+
89
+ if (timer) {
90
+ clearTimeout(timer);
91
+ timer = null;
92
+ }
93
+
94
+ stream.once('close', () => {
95
+ if (!--streamsCount) {
96
+ timer = setTimeout(() => {
97
+ timer = null;
98
+ removeSession();
99
+ }, sessionTimeout);
100
+ }
101
+ });
102
+
103
+ return stream;
104
+ };
105
+ }
106
+
107
+ session.once('close', removeSession);
108
+
109
+ let entry = [session, options];
110
+
111
+ authoritySessions
112
+ ? authoritySessions.push(entry)
113
+ : (authoritySessions = this.sessions[authority] = [entry]);
114
+
115
+ return session;
116
+ }
117
+ }
118
+
119
+ export default Http2Sessions;
@@ -1,7 +1,7 @@
1
1
  'use strict';
2
2
 
3
3
  import utils from '../utils.js';
4
- import AxiosURLSearchParams from '../helpers/AxiosURLSearchParams.js';
4
+ import AxiosURLSearchParams from './AxiosURLSearchParams.js';
5
5
 
6
6
  /**
7
7
  * It replaces URL-encoded forms of `:`, `$`, `,`, and spaces with
@@ -32,8 +32,7 @@ export default function buildURL(url, params, options) {
32
32
  if (!params) {
33
33
  return url;
34
34
  }
35
-
36
- const _encode = (options && options.encode) || encode;
35
+ url = url || '';
37
36
 
38
37
  const _options = utils.isFunction(options)
39
38
  ? {
@@ -41,7 +40,11 @@ export default function buildURL(url, params, options) {
41
40
  }
42
41
  : options;
43
42
 
44
- const serializeFn = _options && _options.serialize;
43
+ // Read serializer options pollution-safely: own properties and methods on a
44
+ // class/template prototype are honored, but values injected onto a polluted
45
+ // Object.prototype are ignored.
46
+ const _encode = utils.getSafeProp(_options, 'encode') || encode;
47
+ const serializeFn = utils.getSafeProp(_options, 'serialize');
45
48
 
46
49
  let serializedParams;
47
50
 
@@ -45,7 +45,7 @@ const composeSignals = (signals, timeout) => {
45
45
  signals = null;
46
46
  };
47
47
 
48
- signals.forEach((signal) => signal.addEventListener('abort', onabort));
48
+ signals.forEach((signal) => signal.addEventListener('abort', onabort, { once: true }));
49
49
 
50
50
  const { signal } = controller;
51
51
 
@@ -40,7 +40,11 @@ export default platform.hasStandardBrowserEnv
40
40
  const cookie = cookies[i].replace(/^\s+/, '');
41
41
  const eq = cookie.indexOf('=');
42
42
  if (eq !== -1 && cookie.slice(0, eq) === name) {
43
- return decodeURIComponent(cookie.slice(eq + 1));
43
+ try {
44
+ return decodeURIComponent(cookie.slice(eq + 1));
45
+ } catch (e) {
46
+ return cookie.slice(eq + 1);
47
+ }
44
48
  }
45
49
  }
46
50
  return null;
@@ -2,11 +2,19 @@
2
2
  * Estimate decoded byte length of a data:// URL *without* allocating large buffers.
3
3
  * - For base64: compute exact decoded size using length and padding;
4
4
  * handle %XX at the character-count level (no string allocation).
5
- * - For non-base64: use UTF-8 byteLength of the encoded body as a safe upper bound.
5
+ * - For non-base64: compute the exact percent-decoded UTF-8 byte length.
6
6
  *
7
7
  * @param {string} url
8
8
  * @returns {number}
9
9
  */
10
+ const isHexDigit = (charCode) =>
11
+ (charCode >= 48 && charCode <= 57) ||
12
+ (charCode >= 65 && charCode <= 70) ||
13
+ (charCode >= 97 && charCode <= 102);
14
+
15
+ const isPercentEncodedByte = (str, i, len) =>
16
+ i + 2 < len && isHexDigit(str.charCodeAt(i + 1)) && isHexDigit(str.charCodeAt(i + 2));
17
+
10
18
  export default function estimateDataURLDecodedBytes(url) {
11
19
  if (!url || typeof url !== 'string') return 0;
12
20
  if (!url.startsWith('data:')) return 0;
@@ -26,9 +34,7 @@ export default function estimateDataURLDecodedBytes(url) {
26
34
  if (body.charCodeAt(i) === 37 /* '%' */ && i + 2 < len) {
27
35
  const a = body.charCodeAt(i + 1);
28
36
  const b = body.charCodeAt(i + 2);
29
- const isHex =
30
- ((a >= 48 && a <= 57) || (a >= 65 && a <= 70) || (a >= 97 && a <= 102)) &&
31
- ((b >= 48 && b <= 57) || (b >= 65 && b <= 70) || (b >= 97 && b <= 102));
37
+ const isHex = isHexDigit(a) && isHexDigit(b);
32
38
 
33
39
  if (isHex) {
34
40
  effectiveLen -= 2;
@@ -69,18 +75,17 @@ export default function estimateDataURLDecodedBytes(url) {
69
75
  return bytes > 0 ? bytes : 0;
70
76
  }
71
77
 
72
- if (typeof Buffer !== 'undefined' && typeof Buffer.byteLength === 'function') {
73
- return Buffer.byteLength(body, 'utf8');
74
- }
75
-
76
78
  // Compute UTF-8 byte length directly from UTF-16 code units without allocating
77
79
  // a byte buffer (TextEncoder.encode would defeat the DoS guard on large bodies).
78
- // Using body.length here would undercount non-ASCII (e.g. '€' is 1 code unit
79
- // but 3 UTF-8 bytes).
80
+ // Valid %XX triplets count as one decoded byte; this matches the bytes that
81
+ // decodeURIComponent(body) would produce before Buffer re-encodes the string.
80
82
  let bytes = 0;
81
83
  for (let i = 0, len = body.length; i < len; i++) {
82
84
  const c = body.charCodeAt(i);
83
- if (c < 0x80) {
85
+ if (c === 37 /* '%' */ && isPercentEncodedByte(body, i, len)) {
86
+ bytes += 1;
87
+ i += 2;
88
+ } else if (c < 0x80) {
84
89
  bytes += 1;
85
90
  } else if (c < 0x800) {
86
91
  bytes += 2;
@@ -1,6 +1,19 @@
1
1
  'use strict';
2
2
 
3
3
  import utils from '../utils.js';
4
+ import AxiosError from '../core/AxiosError.js';
5
+ import { DEFAULT_FORM_DATA_MAX_DEPTH } from './toFormData.js';
6
+
7
+ const MAX_DEPTH = DEFAULT_FORM_DATA_MAX_DEPTH;
8
+
9
+ function throwIfDepthExceeded(index) {
10
+ if (index > MAX_DEPTH) {
11
+ throw new AxiosError(
12
+ 'FormData field is too deeply nested (' + index + ' levels). Max depth: ' + MAX_DEPTH,
13
+ AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED
14
+ );
15
+ }
16
+ }
4
17
 
5
18
  /**
6
19
  * It takes a string like `foo[x][y][z]` and returns an array like `['foo', 'x', 'y', 'z']
@@ -14,9 +27,16 @@ function parsePropPath(name) {
14
27
  // foo.x.y.z
15
28
  // foo-x-y-z
16
29
  // foo x y z
17
- return utils.matchAll(/\w+|\[(\w*)]/g, name).map((match) => {
18
- return match[0] === '[]' ? '' : match[1] || match[0];
19
- });
30
+ const path = [];
31
+ const pattern = /\w+|\[(\w*)]/g;
32
+ let match;
33
+
34
+ while ((match = pattern.exec(name)) !== null) {
35
+ throwIfDepthExceeded(path.length);
36
+ path.push(match[0] === '[]' ? '' : match[1] || match[0]);
37
+ }
38
+
39
+ return path;
20
40
  }
21
41
 
22
42
  /**
@@ -48,6 +68,8 @@ function arrayToObject(arr) {
48
68
  */
49
69
  function formDataToJSON(formData) {
50
70
  function buildPath(path, value, target, index) {
71
+ throwIfDepthExceeded(index);
72
+
51
73
  let name = path[index++];
52
74
 
53
75
  if (name === '__proto__') return true;
@@ -73,11 +73,11 @@ const formDataToStream = (form, headersHandler, options) => {
73
73
  } = options || {};
74
74
 
75
75
  if (!utils.isFormData(form)) {
76
- throw TypeError('FormData instance required');
76
+ throw new TypeError('FormData instance required');
77
77
  }
78
78
 
79
79
  if (boundary.length < 1 || boundary.length > 70) {
80
- throw Error('boundary must be 1-70 characters long');
80
+ throw new Error('boundary must be 1-70 characters long');
81
81
  }
82
82
 
83
83
  const boundaryBytes = textEncoder.encode('--' + boundary + CRLF);
@@ -42,14 +42,16 @@ export default function fromDataURI(uri, asBlob, options) {
42
42
 
43
43
  // RFC 2397 section 3: default mediatype is text/plain;charset=US-ASCII
44
44
  // Bare `data:,` leaves mime undefined; Blob normalises that to "" per spec.
45
- let mime;
45
+ let mime = '';
46
46
  if (type) {
47
47
  mime = params ? type + params : type;
48
48
  } else if (params) {
49
49
  mime = 'text/plain' + params;
50
50
  }
51
51
 
52
- const buffer = Buffer.from(decodeURIComponent(body), encoding);
52
+ const buffer = encoding === 'base64'
53
+ ? Buffer.from(body, 'base64')
54
+ : Buffer.from(decodeURIComponent(body), encoding);
53
55
 
54
56
  if (asBlob) {
55
57
  if (!_Blob) {
@@ -1,5 +1,6 @@
1
1
  import platform from '../platform/index.js';
2
2
  import utils from '../utils.js';
3
+ import AxiosError from '../core/AxiosError.js';
3
4
  import isURLSameOrigin from './isURLSameOrigin.js';
4
5
  import cookies from './cookies.js';
5
6
  import buildFullPath from '../core/buildFullPath.js';
@@ -15,7 +16,7 @@ function setFormDataHeaders(headers, formHeaders, policy) {
15
16
  return;
16
17
  }
17
18
 
18
- Object.entries(formHeaders).forEach(([key, val]) => {
19
+ Object.entries(formHeaders || {}).forEach(([key, val]) => {
19
20
  if (FORM_DATA_CONTENT_HEADERS.includes(key.toLowerCase())) {
20
21
  headers.set(key, val);
21
22
  }
@@ -35,7 +36,7 @@ const encodeUTF8 = (str) =>
35
36
  String.fromCharCode(parseInt(hex, 16))
36
37
  );
37
38
 
38
- export default (config) => {
39
+ function resolveConfig(config) {
39
40
  const newConfig = mergeConfig({}, config);
40
41
 
41
42
  // Read only own properties to prevent prototype pollution gadgets
@@ -55,23 +56,33 @@ export default (config) => {
55
56
  newConfig.headers = headers = AxiosHeaders.from(headers);
56
57
 
57
58
  newConfig.url = buildURL(
58
- buildFullPath(baseURL, url, allowAbsoluteUrls),
59
- config.params,
60
- config.paramsSerializer
59
+ buildFullPath(baseURL, url, allowAbsoluteUrls, newConfig),
60
+ own('params'),
61
+ own('paramsSerializer')
61
62
  );
62
63
 
63
64
  // HTTP basic authentication
64
65
  if (auth) {
65
- headers.set(
66
- 'Authorization',
67
- 'Basic ' +
68
- btoa((auth.username || '') + ':' + (auth.password ? encodeUTF8(auth.password) : ''))
69
- );
66
+ const username = utils.getSafeProp(auth, 'username') || '';
67
+ const password = utils.getSafeProp(auth, 'password') || '';
68
+
69
+ try {
70
+ headers.set(
71
+ 'Authorization',
72
+ 'Basic ' + btoa(username + ':' + (password ? encodeUTF8(password) : ''))
73
+ );
74
+ } catch (e) {
75
+ throw AxiosError.from(e, AxiosError.ERR_BAD_OPTION_VALUE, config);
76
+ }
70
77
  }
71
78
 
72
79
  if (utils.isFormData(data)) {
73
- if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv) {
74
- headers.setContentType(undefined); // browser handles it
80
+ if (
81
+ platform.hasStandardBrowserEnv ||
82
+ platform.hasStandardBrowserWebWorkerEnv ||
83
+ utils.isReactNative(data)
84
+ ) {
85
+ headers.setContentType(undefined); // browser/web worker/RN handles it
75
86
  } else if (utils.isFunction(data.getHeaders)) {
76
87
  // Node.js FormData (like form-data package)
77
88
  setFormDataHeaders(headers, data.getHeaders(), own('formDataHeaderPolicy'));
@@ -103,4 +114,6 @@ export default (config) => {
103
114
  }
104
115
 
105
116
  return newConfig;
106
- };
117
+ }
118
+
119
+ export default resolveConfig;
@@ -1,4 +1,4 @@
1
- const LOOPBACK_HOSTNAMES = new Set(['localhost']);
1
+ const LOOPBACK_HOSTNAMES = new Set(['localhost', '0.0.0.0']);
2
2
 
3
3
  const isIPv4Loopback = (host) => {
4
4
  const parts = host.split('.');
@@ -7,6 +7,37 @@ const isIPv4Loopback = (host) => {
7
7
  return parts.every((p) => /^\d+$/.test(p) && Number(p) >= 0 && Number(p) <= 255);
8
8
  };
9
9
 
10
+ const isIPv6ZeroGroup = (group) => /^0{1,4}$/.test(group);
11
+
12
+ // The unspecified address (IPv4 0.0.0.0 / IPv6 ::) resolves to the local host
13
+ // for outbound connections, so treat it as loopback-equivalent for NO_PROXY
14
+ // matching. 0.0.0.0 is covered by LOOPBACK_HOSTNAMES; this handles compressed
15
+ // and full IPv6 all-zero forms so both families bypass symmetrically.
16
+ const isIPv6Unspecified = (host) => {
17
+ if (host === '::') return true;
18
+
19
+ const compressionIndex = host.indexOf('::');
20
+
21
+ if (compressionIndex !== -1) {
22
+ if (compressionIndex !== host.lastIndexOf('::')) return false;
23
+
24
+ const left = host.slice(0, compressionIndex);
25
+ const right = host.slice(compressionIndex + 2);
26
+ const leftGroups = left ? left.split(':') : [];
27
+ const rightGroups = right ? right.split(':') : [];
28
+ const explicitGroups = leftGroups.length + rightGroups.length;
29
+
30
+ return (
31
+ explicitGroups < 8 &&
32
+ leftGroups.every(isIPv6ZeroGroup) &&
33
+ rightGroups.every(isIPv6ZeroGroup)
34
+ );
35
+ }
36
+
37
+ const groups = host.split(':');
38
+ return groups.length === 8 && groups.every(isIPv6ZeroGroup);
39
+ };
40
+
10
41
  const isIPv6Loopback = (host) => {
11
42
  // Collapse all-zero groups: any form of ::1 / 0:0:...:0:1
12
43
  // First, strip any leading "::" by normalising with Set lookup of common forms,
@@ -42,6 +73,7 @@ const isLoopback = (host) => {
42
73
  if (!host) return false;
43
74
  if (LOOPBACK_HOSTNAMES.has(host)) return true;
44
75
  if (isIPv4Loopback(host)) return true;
76
+ if (isIPv6Unspecified(host)) return true;
45
77
  return isIPv6Loopback(host);
46
78
  };
47
79