Axios

This critical security release addresses a high-priority vulnerability related to prototype pollution leading to Denial of Service (DoS) by restricting the merging of the __proto__ key in configuration objects.

Release 1.13.5 addresses a critical Denial of Service vulnerability in mergeConfig and fixes a bug where the status field was missing from AxiosError objects. It also introduces input validation for isAbsoluteURL.

This patch release addresses issues found in v1.13.3 and includes substantial refactoring and improvements to the CI/CD infrastructure.

This release focuses heavily on bug fixes, including improvements to HTTP2 default ports, interceptor error handling, and better Node.js/Bun compatibility via package.json exports. It also introduces several features like enhanced TypeScript support and better error handling in pipeFileToResponse.

This release fixes socket hang‑up issues for keep‑alive requests with timeouts, adds default export support for the http2 module, and improves HTTP loop performance.

This release fixes a regression in the HTTP handling where data streams were interrupted for non-OK responses.

This release adds HTTP/2 support and fixes several bugs including a TypeError in fetch when config.env is undefined.

Version 0.30.2 backports a security fix for the maxContentLength option.

This release fixes the fetch handling by using the current global fetch when no env fetch is specified, preserving MSW support.

This release fixes environment configuration type handling in the types module.

This release adds low‑level network error details, fetch adapter env config, parse reviver support, and extends AxiosResponse, while fixing several bugs including content‑type handling and URL encoding.

Patch release v0.30.1 updates the form-data dependency to 4.0.4, fixing related issues.

This release addresses several bugs, including fixes for the form-data npm package, a RangeError with large Buffers, and TypeScript type discrepancies between ESM and CJS.

This release improves the TypeScript fetchOptions typing, fixes adapter option passing, corrects FormData boolean serialization, and adds a React Native module entry point.

This release adds a new getSetCookie method to AxiosHeaders and includes several bug fixes across core, fetch, headers, http, and type definitions.

This release (v0.30.0) primarily contains bug fixes, including handling aborted requests, updating the changelog, fixing the upgrade guide, backporting a vulnerability fix, and adding the allowAbsoluteUrls type.

Bug fix released to improve buildFullPath handling of allowAbsoluteUrls set to false when no baseURL is provided.

This release fixes a missing type for `allowAbsoluteUrls` and ensures the flag is correctly passed to `buildFullPath` in both xhr and fetch adapters.

This patch adds support for absolute URLs in the http‑adapter path builder.

The update relocates `generateString` to platform utils, preventing the crypto module from being bundled in client builds.

This release adds a new `allowAbsoluteUrls` config for URL handling, updates utils to use the crypto module, and includes several bug fixes, but introduces breaking changes to how URLs are combined.