axios-axios

mirror of https://github.com/axios/axios.git synced 2026-04-11 02:11:50 +08:00

Author	SHA1	Message	Date
dependabot[bot]	8107157c57	chore(deps-dev): bump the development_dependencies group with 4 updates (#10670 ) Bumps the development_dependencies group with 4 updates: [@vitest/browser](https://github.com/vitest-dev/vitest/tree/HEAD/packages/browser), [@vitest/browser-playwright](https://github.com/vitest-dev/vitest/tree/HEAD/packages/browser-playwright), [rollup](https://github.com/rollup/rollup) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Updates `@vitest/browser` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/browser) Updates `@vitest/browser-playwright` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/browser-playwright) Updates `rollup` from 4.60.0 to 4.60.1 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](https://github.com/rollup/rollup/compare/v4.60.0...v4.60.1) Updates `vitest` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/vitest) --- updated-dependencies: - dependency-name: "@vitest/browser" dependency-version: 4.1.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development_dependencies - dependency-name: "@vitest/browser-playwright" dependency-version: 4.1.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development_dependencies - dependency-name: rollup dependency-version: 4.60.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development_dependencies - dependency-name: vitest dependency-version: 4.1.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development_dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-04-07 15:31:33 +02:00
Shaan Majid	e66530e330	ci: require npm-publish environment for releases (#10666 ) Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-04-07 13:17:32 +02:00
github-actions[bot]	49f23cbfe4	chore(sponsor): update sponsor block (#10668 ) Co-authored-by: jasonsaayman <4814473+jasonsaayman@users.noreply.github.com>	2026-04-07 08:25:39 +02:00
Jay	363185461b	fix: unrestricted cloud metadata exfiltration via header injection chain (#10660 ) * fix: unrestricted cloud metadata exfiltration via header injection chain * fix: address pattern issue highlighted by cubic * fix: code ql feedback * fix: code ql feedback	2026-04-06 14:01:54 +02:00
Jay	fb3befb6da	fix: no_proxy hostname normalization bypass leads to ssrf (#10661 )	2026-04-06 13:47:03 +02:00
Jay	8023035109	docs: fix for platinum sponsors (#10659 )	2026-04-06 12:46:43 +02:00
ashstrc	36bebd1c88	docs: clarify HTTP/2 support and unsupported httpVersion option (#10644 ) * docs: improve beforeRedirect example with HTTPS check and security note * resolve merge conflict using upstream version * docs: clarify HTTP/2 support and unsupported httpVersion option * docs: fix conflicting HTTP/2 documentation * docs: remove httpVersion and http2Options from example * docs: clarify HTTP/2 support limitations and environment dependencies * docs: clarify HTTP/2 support and remove conflicting guidance * docs: clarify HTTP/2 support and remove conflicting guidance * docs: clarify HTTP/2 support based on adapter and environment * docs: clarify HTTP/2 support and remove incorrect statement --------- Co-authored-by: ashstrc <ashmitkstrc2004@gmail.com>	2026-04-06 12:27:46 +02:00
Jay	e52994ff40	docs: add docs for header case presevation (#10654 ) * docs: update readme with documented work around * docs: update docs site with documented work around	2026-04-05 21:00:34 +02:00
nthbotast	173efa3b8d	docs: clarify async/await timeout error handling (#7471 ) Co-authored-by: Nathanael BOT <nathanaelbot@minidenathanael.home> Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-04-05 20:48:54 +02:00
theamodhshetty	923ae8f9c5	docs(readme): clarify withCredentials and withXSRFToken behavior (#7452 ) Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-04-05 20:37:47 +02:00
Jay	71f14b7fdc	docs: bun deno changes (#10653 ) * docs: update deno and bun support * docs: improve responsiveness * docs: improve deno to better match conventions	2026-04-05 17:55:45 +02:00
Jay	2f52f6b13b	feat: add checks to support deno and bun (#10652 ) * feat: added smoke tests for deno * feat: added bun smoke tests * chore: added workflows for deno and bun * chore: swap workflow implementation * chore: apply ai suggestion * chore: test alt install of bun deps * chore: deno install * chore: map bun file install * chore: try a different approach for bun * chore: unpack and then install for bun * chore: remove un-needed step * chore: try with tgx again for bun * chore: alternative zip approach * ci: full ci added back	2026-04-05 14:37:16 +02:00
Jay	23fcd5f278	chore: fix docs deploy (#10650 )	2026-04-04 20:37:42 +02:00
Jay	054c1f30fd	feat: unify docs to main repo (#10649 ) * ci: set hardened --ignore-scripts for all ci actions * docs: adds new docs platform * chore: remove un-needed ignore * chore: add sponsors data. adjust package.json to be of type module * fix: inconsistency between the docs and readme * fix: docs inconsistency * docs: update language and phrasing * style: fix issues with card styling * docs: update security.md with latest changes * docs: remove un-needed code * docs: fix inconsistencies with actual library function * ci: added deployment for docs * chore: added axios as dep for docs * docs: fix batch of errors * fix: bump esbuild as the version included is a risk	2026-04-04 20:25:41 +02:00
Abhijeet Abhi	395a1604be	docs: fix various typos in comments and documentation (#10589 ) Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-04-03 13:29:34 +02:00
ashstrc	64d02a195a	docs: improve beforeRedirect example to prevent credential leakage (#10624 ) * docs: fix formatting and clarify beforeRedirect security note * docs: fix code block formatting for beforeRedirect example * docs: fix code block formatting for beforeRedirect example * docs: fix code block formatting for beforeRedirect example * docs: fix code block formatting for beforeRedirect example --------- Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-04-03 13:21:42 +02:00
Shaan Majid	3ca13062ee	ci: narrow workflow permissions to least privilege (#10637 ) Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-04-03 13:13:11 +02:00
Shaan Majid	e4bd759def	ci: prevent sponsor block workflow from running on forks (#10641 )	2026-04-03 13:07:33 +02:00
github-actions[bot]	26f8e5796a	chore(sponsor): update sponsor block (#10640 ) Co-authored-by: jasonsaayman <4814473+jasonsaayman@users.noreply.github.com>	2026-04-03 05:55:34 +03:00
Kai Lee	947f7091d8	Fixes #10610 Deprecation Warning : url.parse() is deprecated in Node.… (#10625 ) * Fixes #10610 Deprecation Warning : url.parse() is deprecated in Node.js v22 (via follow-redirects) * Fixes #10610 Deprecation Warning : fixed again * Apply suggestion from @cubic-dev-ai[bot] Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com> --------- Co-authored-by: tona jose <tona00jose@gmail.com> Co-authored-by: Jay <jasonsaayman@gmail.com> Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>	2026-04-02 09:02:58 +02:00
Shaan Majid	a04dd96dbb	fix(ci): add zizmor scanner and fix workflow security findings (#10618 ) * ci: add zizmor GitHub Actions security scanner * fix(ci): prevent script injection via env vars * fix(ci): set persist-credentials: false across workflows	2026-04-02 08:42:08 +02:00
Jay	e9a1db9d9b	ci: pin versions of actions and review to be certain these are correct (#10627 )	2026-04-01 20:08:07 +02:00
Shaan Majid	ebf3036932	fix(ci): use OIDC for npm publish instead of token auth (#10619 ) * fix(ci): use OIDC for npm publish instead of token auth * Change permissions from write to read for contents --------- Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-04-01 15:50:33 +02:00
Shaan Majid	a5881813d3	chore(deps): add 7-day cooldown period to dependabot (#10616 ) Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-04-01 13:50:19 +02:00
Shaan Majid	a40f8d3398	revert: "chore(ci): add deprecate action; (#10591 )" (#10617 ) This reverts commit `e2bed7f84d`.	2026-04-01 12:54:13 +02:00
Dmitriy Mozgovoy	e2bed7f84d	chore(ci): add deprecate action; (#10591 )	2026-03-31 04:42:15 +03:00
Jay	a7f41f5bb5	chore: remove all old and un-needed files (#10584 ) * chore: remove all old and un-needed files * chore: fix missing file * chore: fix ref error * chore: add back missing file * chore: incorrect folder location * chore: ignore ts issues	2026-03-30 20:15:15 +02:00
Jay	2d14d8a300	feat: update sponsors script and how this works for more consistency (#10583 )	2026-03-30 16:56:40 +02:00
Jay	4950ff6017	feat: update sponsors script and how this works for more consistency (#10582 )	2026-03-30 12:52:55 +02:00
Raashish Aggarwal	7173706380	test: add coverage for content-type header casing (#10573 ) Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-03-29 19:23:38 +02:00
dependabot[bot]	3ec6858bd4	chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 in /tests/module/cjs (#10564 ) Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2. - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2) --- updated-dependencies: - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-03-29 15:31:13 +02:00
dependabot[bot]	391ed22d01	chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 in /tests/smoke/cjs (#10565 ) Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2. - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2) --- updated-dependencies: - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-03-29 12:19:37 +02:00
dependabot[bot]	53fa6fe03c	chore(deps-dev): bump picomatch from 4.0.3 to 4.0.4 in /tests/smoke/esm (#10567 ) Bumps [picomatch](https://github.com/micromatch/picomatch) from 4.0.3 to 4.0.4. - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4) --- updated-dependencies: - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-03-28 11:32:56 +02:00
dependabot[bot]	0902502fd5	chore(deps): bump picomatch from 4.0.3 to 4.0.4 (#10568 ) Bumps [picomatch](https://github.com/micromatch/picomatch) from 4.0.3 to 4.0.4. - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4) --- updated-dependencies: - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-03-28 11:28:28 +02:00
dependabot[bot]	0c139622c4	chore(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (#10572 ) Bumps [handlebars](https://github.com/handlebars-lang/handlebars.js) from 4.7.8 to 4.7.9. - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md) - [Commits](https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9) --- updated-dependencies: - dependency-name: handlebars dependency-version: 4.7.9 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-03-28 11:22:12 +02:00
dependabot[bot]	d79317f35f	chore(deps-dev): bump serialize-javascript from 7.0.4 to 7.0.5 (#10574 ) Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) from 7.0.4 to 7.0.5. - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](https://github.com/yahoo/serialize-javascript/compare/v7.0.4...v7.0.5) --- updated-dependencies: - dependency-name: serialize-javascript dependency-version: 7.0.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-28 10:32:38 +02:00
github-actions[bot]	46bee3dea7	chore(release): prepare release 1.14.0 (#10563 ) * 1.14.0 * chore(release): prepare release 1.14.0 --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: jasonsaayman <4814473+jasonsaayman@users.noreply.github.com> Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-03-27 20:54:05 +02:00
Copilot	518aff5690	chore: add AI Moderator workflow for spam detection (#10551 ) Agent-Logs-Url: https://github.com/axios/axios/sessions/d6a0122c-d59c-4fc1-bd13-253ad466b636 Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jasonsaayman <4814473+jasonsaayman@users.noreply.github.com> Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-03-26 08:21:14 +02:00
github-actions[bot]	b7dfda3e7c	chore(sponsor): update sponsor block (#10557 ) Co-authored-by: jasonsaayman <4814473+jasonsaayman@users.noreply.github.com>	2026-03-26 08:13:21 +02:00
Jay	9aa34d5291	fix: updated release flow to match the current flows (#10562 ) * fix: updated release flow to match the current flows * chore: remove un-needed dep review	2026-03-25 22:08:12 +02:00
Jay	e9e5ebe483	Update packages to latest version (#10556 ) * chore: change package json to be better * chore: update simple issues * chore: update rollup/plugin-alias * chore: update@rollup/plugin-terser to the latest version * chore: bump lock * chore: bump cross-env * chore: bump smaller packages only used in bin * chore: bump formdata-node * chore: bump gulp * chore: bump selsigned to latest	2026-03-24 21:23:22 +02:00
Jay	4d8931ca8a	fix: formidable dependency vulnerable to arbitrary (#7533 ) * fix: dependabot uses the correct labels * fix: issue #7463 * fix: update to the latest version of formidable	2026-03-19 16:08:47 +02:00
dependabot[bot]	3a6f5c1ae1	chore(deps-dev): bump @babel/preset-env (#7531 ) Bumps the development_dependencies group with 1 update: [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env). Updates `@babel/preset-env` from 7.29.0 to 7.29.2 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-preset-env) --- updated-dependencies: - dependency-name: "@babel/preset-env" dependency-version: 7.29.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development_dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-03-19 15:34:53 +02:00
Jay	bcfd2997dc	fix: bug axios breaks commonjs compatibility main entry (#7532 ) * fix: dependabot uses the correct labels * fix: issue #7463	2026-03-19 14:30:33 +02:00
Jay	d6dcbfd53e	fix: dependabot uses the correct labels (#7530 )	2026-03-19 12:05:54 +02:00
Jay	5dd7ba78b8	chore: upgrade to latest ts (#7522 ) * chore: upgrade to latest ts * chore: lock versions * chore: stop pinning	2026-03-16 21:36:12 +02:00
dependabot[bot]	525e6fbeb0	chore(deps-dev): bump the development_dependencies group with 2 updates (#7517 ) Bumps the development_dependencies group with 2 updates: [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) and [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional). Updates `@commitlint/cli` from 20.4.4 to 20.5.0 - [Release notes](https://github.com/conventional-changelog/commitlint/releases) - [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md) - [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.0/@commitlint/cli) Updates `@commitlint/config-conventional` from 20.4.4 to 20.5.0 - [Release notes](https://github.com/conventional-changelog/commitlint/releases) - [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md) - [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.0/@commitlint/config-conventional) --- updated-dependencies: - dependency-name: "@commitlint/cli" dependency-version: 20.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development_dependencies - dependency-name: "@commitlint/config-conventional" dependency-version: 20.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development_dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jay <jasonsaayman@gmail.com>	2026-03-16 20:48:53 +02:00
Jay	9e705864d2	chore: migrate get stream to latest (#7516 ) * build: bump get-stream to v9 * test: migrate helper buffer reads to get-stream v9 API * fix: tests with sessions * chore: update stream handler to better manage sessions * chore: revert some changes * chore: swap to buffer * chore: add port for stream test * chore: swap localhost * chore: change timeout * chore: update to stream type * chore: try again * chore: tests * chore: updat tests/unit/adapters/http.test.js to check ipv4 Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com> --------- Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>	2026-03-16 20:38:14 +02:00
Old Autumn	94e1543576	fix(fetch): cancel ReadableStream body after request stream capability probe (#7515 ) The module-level capability probe in the fetch adapter creates a ReadableStream as a Request body to test for streaming support, but never cancels it. The Request constructor sets up an internal pull pipeline on the stream; since the stream is never consumed or cancelled, the [[pullAlgorithm]] Promise remains pending indefinitely, causing an async resource leak detectable by Node.js async_hooks and Vitest --detect-async-leaks. Extract the ReadableStream to a variable and call body.cancel() after the probe completes to properly tear down the stream's internal pipeline.	2026-03-16 09:12:42 +02:00
Jay	76794ac27a	chore: update module test for full check (#7510 ) * chore: add additional testing to esm and cjs smoke * test: updated test suite to include module tests * fix: esm test smoke import * fix: cubic feedback * fix: failing cjs * fix: cjs timeout	2026-03-15 21:10:52 +02:00

1 2 3 4 5 ...

1907 Commits