dependabot[bot]
0bf6e28eac
chore(deps): bump denoland/setup-deno in the github-actions group ( #10669 )
...
Bumps the github-actions group with 1 update: [denoland/setup-deno](https://github.com/denoland/setup-deno ).
Updates `denoland/setup-deno` from 2.0.3 to 2.0.4
- [Release notes](https://github.com/denoland/setup-deno/releases )
- [Commits](e95548e56d...667a34cdef
2026-04-07 15:40:09 +02:00
dependabot[bot]
8107157c57
chore(deps-dev): bump the development_dependencies group with 4 updates ( #10670 )
...
Bumps the development_dependencies group with 4 updates: [@vitest/browser](https://github.com/vitest-dev/vitest/tree/HEAD/packages/browser ), [@vitest/browser-playwright](https://github.com/vitest-dev/vitest/tree/HEAD/packages/browser-playwright ), [rollup](https://github.com/rollup/rollup ) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest ).
Updates `@vitest/browser` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/browser )
Updates `@vitest/browser-playwright` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/browser-playwright )
Updates `rollup` from 4.60.0 to 4.60.1
- [Release notes](https://github.com/rollup/rollup/releases )
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rollup/rollup/compare/v4.60.0...v4.60.1 )
Updates `vitest` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/vitest )
---
updated-dependencies:
- dependency-name: "@vitest/browser"
dependency-version: 4.1.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: development_dependencies
- dependency-name: "@vitest/browser-playwright"
dependency-version: 4.1.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: development_dependencies
- dependency-name: rollup
dependency-version: 4.60.1
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: development_dependencies
- dependency-name: vitest
dependency-version: 4.1.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: development_dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-04-07 15:31:33 +02:00
Shaan Majid
e66530e330
ci: require npm-publish environment for releases ( #10666 )
...
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-04-07 13:17:32 +02:00
github-actions[bot]
49f23cbfe4
chore(sponsor): update sponsor block ( #10668 )
...
Co-authored-by: jasonsaayman <4814473+jasonsaayman@users.noreply.github.com>
2026-04-07 08:25:39 +02:00
Jay
363185461b
fix: unrestricted cloud metadata exfiltration via header injection chain ( #10660 )
...
* fix: unrestricted cloud metadata exfiltration via header injection chain
* fix: address pattern issue highlighted by cubic
* fix: code ql feedback
* fix: code ql feedback
2026-04-06 14:01:54 +02:00
Jay
fb3befb6da
fix: no_proxy hostname normalization bypass leads to ssrf ( #10661 )
2026-04-06 13:47:03 +02:00
Jay
8023035109
docs: fix for platinum sponsors ( #10659 )
2026-04-06 12:46:43 +02:00
ashstrc
36bebd1c88
docs: clarify HTTP/2 support and unsupported httpVersion option ( #10644 )
...
* docs: improve beforeRedirect example with HTTPS check and security note
* resolve merge conflict using upstream version
* docs: clarify HTTP/2 support and unsupported httpVersion option
* docs: fix conflicting HTTP/2 documentation
* docs: remove httpVersion and http2Options from example
* docs: clarify HTTP/2 support limitations and environment dependencies
* docs: clarify HTTP/2 support and remove conflicting guidance
* docs: clarify HTTP/2 support and remove conflicting guidance
* docs: clarify HTTP/2 support based on adapter and environment
* docs: clarify HTTP/2 support and remove incorrect statement
---------
Co-authored-by: ashstrc <ashmitkstrc2004@gmail.com>
2026-04-06 12:27:46 +02:00
Jay
e52994ff40
docs: add docs for header case presevation ( #10654 )
...
* docs: update readme with documented work around
* docs: update docs site with documented work around
2026-04-05 21:00:34 +02:00
nthbotast
173efa3b8d
docs: clarify async/await timeout error handling ( #7471 )
...
Co-authored-by: Nathanael BOT <nathanaelbot@minidenathanael.home>
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-04-05 20:48:54 +02:00
theamodhshetty
923ae8f9c5
docs(readme): clarify withCredentials and withXSRFToken behavior ( #7452 )
...
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-04-05 20:37:47 +02:00
Jay
71f14b7fdc
docs: bun deno changes ( #10653 )
...
* docs: update deno and bun support
* docs: improve responsiveness
* docs: improve deno to better match conventions
2026-04-05 17:55:45 +02:00
Jay
2f52f6b13b
feat: add checks to support deno and bun ( #10652 )
...
* feat: added smoke tests for deno
* feat: added bun smoke tests
* chore: added workflows for deno and bun
* chore: swap workflow implementation
* chore: apply ai suggestion
* chore: test alt install of bun deps
* chore: deno install
* chore: map bun file install
* chore: try a different approach for bun
* chore: unpack and then install for bun
* chore: remove un-needed step
* chore: try with tgx again for bun
* chore: alternative zip approach
* ci: full ci added back
2026-04-05 14:37:16 +02:00
Jay
23fcd5f278
chore: fix docs deploy ( #10650 )
2026-04-04 20:37:42 +02:00
Jay
054c1f30fd
feat: unify docs to main repo ( #10649 )
...
* ci: set hardened --ignore-scripts for all ci actions
* docs: adds new docs platform
* chore: remove un-needed ignore
* chore: add sponsors data. adjust package.json to be of type module
* fix: inconsistency between the docs and readme
* fix: docs inconsistency
* docs: update language and phrasing
* style: fix issues with card styling
* docs: update security.md with latest changes
* docs: remove un-needed code
* docs: fix inconsistencies with actual library function
* ci: added deployment for docs
* chore: added axios as dep for docs
* docs: fix batch of errors
* fix: bump esbuild as the version included is a risk
2026-04-04 20:25:41 +02:00
Abhijeet Abhi
395a1604be
docs: fix various typos in comments and documentation ( #10589 )
...
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-04-03 13:29:34 +02:00
ashstrc
64d02a195a
docs: improve beforeRedirect example to prevent credential leakage ( #10624 )
...
* docs: fix formatting and clarify beforeRedirect security note
* docs: fix code block formatting for beforeRedirect example
* docs: fix code block formatting for beforeRedirect example
* docs: fix code block formatting for beforeRedirect example
* docs: fix code block formatting for beforeRedirect example
---------
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-04-03 13:21:42 +02:00
Shaan Majid
3ca13062ee
ci: narrow workflow permissions to least privilege ( #10637 )
...
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-04-03 13:13:11 +02:00
Shaan Majid
e4bd759def
ci: prevent sponsor block workflow from running on forks ( #10641 )
2026-04-03 13:07:33 +02:00
github-actions[bot]
26f8e5796a
chore(sponsor): update sponsor block ( #10640 )
...
Co-authored-by: jasonsaayman <4814473+jasonsaayman@users.noreply.github.com>
2026-04-03 05:55:34 +03:00
Kai Lee
947f7091d8
Fixes #10610 Deprecation Warning : url.parse() is deprecated in Node.… ( #10625 )
...
* Fixes #10610 Deprecation Warning : url.parse() is deprecated in Node.js v22 (via follow-redirects)
* Fixes #10610 Deprecation Warning : fixed again
* Apply suggestion from @cubic-dev-ai[bot]
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
---------
Co-authored-by: tona jose <tona00jose@gmail.com>
Co-authored-by: Jay <jasonsaayman@gmail.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
2026-04-02 09:02:58 +02:00
Shaan Majid
a04dd96dbb
fix(ci): add zizmor scanner and fix workflow security findings ( #10618 )
...
* ci: add zizmor GitHub Actions security scanner
* fix(ci): prevent script injection via env vars
* fix(ci): set persist-credentials: false across workflows
2026-04-02 08:42:08 +02:00
Jay
e9a1db9d9b
ci: pin versions of actions and review to be certain these are correct ( #10627 )
2026-04-01 20:08:07 +02:00
Shaan Majid
ebf3036932
fix(ci): use OIDC for npm publish instead of token auth ( #10619 )
...
* fix(ci): use OIDC for npm publish instead of token auth
* Change permissions from write to read for contents
---------
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-04-01 15:50:33 +02:00
Shaan Majid
a5881813d3
chore(deps): add 7-day cooldown period to dependabot ( #10616 )
...
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-04-01 13:50:19 +02:00
Shaan Majid
a40f8d3398
revert: "chore(ci): add deprecate action; ( #10591 )" ( #10617 )
...
This reverts commit e2bed7f84d
2026-04-01 12:54:13 +02:00
Dmitriy Mozgovoy
e2bed7f84d
chore(ci): add deprecate action; ( #10591 )
2026-03-31 04:42:15 +03:00
Jay
a7f41f5bb5
chore: remove all old and un-needed files ( #10584 )
...
* chore: remove all old and un-needed files
* chore: fix missing file
* chore: fix ref error
* chore: add back missing file
* chore: incorrect folder location
* chore: ignore ts issues
2026-03-30 20:15:15 +02:00
Jay
2d14d8a300
feat: update sponsors script and how this works for more consistency ( #10583 )
2026-03-30 16:56:40 +02:00
Jay
4950ff6017
feat: update sponsors script and how this works for more consistency ( #10582 )
2026-03-30 12:52:55 +02:00
Raashish Aggarwal
7173706380
test: add coverage for content-type header casing ( #10573 )
...
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-03-29 19:23:38 +02:00
dependabot[bot]
3ec6858bd4
chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 in /tests/module/cjs ( #10564 )
...
Bumps [picomatch](https://github.com/micromatch/picomatch ) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases )
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md )
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2 )
---
updated-dependencies:
- dependency-name: picomatch
dependency-version: 2.3.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-03-29 15:31:13 +02:00
dependabot[bot]
391ed22d01
chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 in /tests/smoke/cjs ( #10565 )
...
Bumps [picomatch](https://github.com/micromatch/picomatch ) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases )
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md )
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2 )
---
updated-dependencies:
- dependency-name: picomatch
dependency-version: 2.3.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-03-29 12:19:37 +02:00
dependabot[bot]
53fa6fe03c
chore(deps-dev): bump picomatch from 4.0.3 to 4.0.4 in /tests/smoke/esm ( #10567 )
...
Bumps [picomatch](https://github.com/micromatch/picomatch ) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/micromatch/picomatch/releases )
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md )
- [Commits](https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4 )
---
updated-dependencies:
- dependency-name: picomatch
dependency-version: 4.0.4
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-03-28 11:32:56 +02:00
dependabot[bot]
0902502fd5
chore(deps): bump picomatch from 4.0.3 to 4.0.4 ( #10568 )
...
Bumps [picomatch](https://github.com/micromatch/picomatch ) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/micromatch/picomatch/releases )
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md )
- [Commits](https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4 )
---
updated-dependencies:
- dependency-name: picomatch
dependency-version: 4.0.4
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-03-28 11:28:28 +02:00
dependabot[bot]
0c139622c4
chore(deps-dev): bump handlebars from 4.7.8 to 4.7.9 ( #10572 )
...
Bumps [handlebars](https://github.com/handlebars-lang/handlebars.js ) from 4.7.8 to 4.7.9.
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases )
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md )
- [Commits](https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9 )
---
updated-dependencies:
- dependency-name: handlebars
dependency-version: 4.7.9
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-03-28 11:22:12 +02:00
dependabot[bot]
d79317f35f
chore(deps-dev): bump serialize-javascript from 7.0.4 to 7.0.5 ( #10574 )
...
Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript ) from 7.0.4 to 7.0.5.
- [Release notes](https://github.com/yahoo/serialize-javascript/releases )
- [Commits](https://github.com/yahoo/serialize-javascript/compare/v7.0.4...v7.0.5 )
---
updated-dependencies:
- dependency-name: serialize-javascript
dependency-version: 7.0.5
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-28 10:32:38 +02:00
github-actions[bot]
46bee3dea7
chore(release): prepare release 1.14.0 ( #10563 )
...
* 1.14.0
* chore(release): prepare release 1.14.0
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: jasonsaayman <4814473+jasonsaayman@users.noreply.github.com>
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-03-27 20:54:05 +02:00
Copilot
518aff5690
chore: add AI Moderator workflow for spam detection ( #10551 )
...
Agent-Logs-Url: https://github.com/axios/axios/sessions/d6a0122c-d59c-4fc1-bd13-253ad466b636
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jasonsaayman <4814473+jasonsaayman@users.noreply.github.com>
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-03-26 08:21:14 +02:00
github-actions[bot]
b7dfda3e7c
chore(sponsor): update sponsor block ( #10557 )
...
Co-authored-by: jasonsaayman <4814473+jasonsaayman@users.noreply.github.com>
2026-03-26 08:13:21 +02:00
Jay
9aa34d5291
fix: updated release flow to match the current flows ( #10562 )
...
* fix: updated release flow to match the current flows
* chore: remove un-needed dep review
2026-03-25 22:08:12 +02:00
Jay
e9e5ebe483
Update packages to latest version ( #10556 )
...
* chore: change package json to be better
* chore: update simple issues
* chore: update rollup/plugin-alias
* chore: update@rollup/plugin-terser to the latest version
* chore: bump lock
* chore: bump cross-env
* chore: bump smaller packages only used in bin
* chore: bump formdata-node
* chore: bump gulp
* chore: bump selsigned to latest
2026-03-24 21:23:22 +02:00
Jay
4d8931ca8a
fix: formidable dependency vulnerable to arbitrary ( #7533 )
...
* fix: dependabot uses the correct labels
* fix: issue #7463
* fix: update to the latest version of formidable
2026-03-19 16:08:47 +02:00
dependabot[bot]
3a6f5c1ae1
chore(deps-dev): bump @babel/preset-env ( #7531 )
...
Bumps the development_dependencies group with 1 update: [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env ).
Updates `@babel/preset-env` from 7.29.0 to 7.29.2
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-preset-env )
---
updated-dependencies:
- dependency-name: "@babel/preset-env"
dependency-version: 7.29.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: development_dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-03-19 15:34:53 +02:00
Jay
bcfd2997dc
fix: bug axios breaks commonjs compatibility main entry ( #7532 )
...
* fix: dependabot uses the correct labels
* fix: issue #7463
2026-03-19 14:30:33 +02:00
Jay
d6dcbfd53e
fix: dependabot uses the correct labels ( #7530 )
2026-03-19 12:05:54 +02:00
Jay
5dd7ba78b8
chore: upgrade to latest ts ( #7522 )
...
* chore: upgrade to latest ts
* chore: lock versions
* chore: stop pinning
2026-03-16 21:36:12 +02:00
dependabot[bot]
525e6fbeb0
chore(deps-dev): bump the development_dependencies group with 2 updates ( #7517 )
...
Bumps the development_dependencies group with 2 updates: [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli ) and [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional ).
Updates `@commitlint/cli` from 20.4.4 to 20.5.0
- [Release notes](https://github.com/conventional-changelog/commitlint/releases )
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md )
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.0/@commitlint/cli )
Updates `@commitlint/config-conventional` from 20.4.4 to 20.5.0
- [Release notes](https://github.com/conventional-changelog/commitlint/releases )
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md )
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.0/@commitlint/config-conventional )
---
updated-dependencies:
- dependency-name: "@commitlint/cli"
dependency-version: 20.5.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: development_dependencies
- dependency-name: "@commitlint/config-conventional"
dependency-version: 20.5.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: development_dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jay <jasonsaayman@gmail.com>
2026-03-16 20:48:53 +02:00
Jay
9e705864d2
chore: migrate get stream to latest ( #7516 )
...
* build: bump get-stream to v9
* test: migrate helper buffer reads to get-stream v9 API
* fix: tests with sessions
* chore: update stream handler to better manage sessions
* chore: revert some changes
* chore: swap to buffer
* chore: add port for stream test
* chore: swap localhost
* chore: change timeout
* chore: update to stream type
* chore: try again
* chore: tests
* chore: updat tests/unit/adapters/http.test.js to check ipv4
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
---------
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
2026-03-16 20:38:14 +02:00
Old Autumn
94e1543576
fix(fetch): cancel ReadableStream body after request stream capability probe ( #7515 )
...
The module-level capability probe in the fetch adapter creates a
ReadableStream as a Request body to test for streaming support, but
never cancels it. The Request constructor sets up an internal pull
pipeline on the stream; since the stream is never consumed or
cancelled, the [[pullAlgorithm]] Promise remains pending indefinitely,
causing an async resource leak detectable by Node.js async_hooks and
Vitest --detect-async-leaks.
Extract the ReadableStream to a variable and call body.cancel() after
the probe completes to properly tear down the stream's internal
pipeline.
2026-03-16 09:12:42 +02:00
