Change8

v0.30.3

Breaking Changes
📦 axiosView on GitHub →
1 breaking🐛 1 fixes

Summary

This critical security release addresses a high-priority vulnerability related to prototype pollution leading to Denial of Service (DoS) by restricting the merging of the __proto__ key in configuration objects.

⚠️ Breaking Changes

  • Configuration merging behavior has changed: Axios now restricts the merging of the __proto__ key within configuration objects. If your code relied on deep-merging patterns targeting the object prototype via Axios config, those operations will now be blocked.

Migration Steps

  1. Review any deep-merging logic in configuration objects to ensure they do not rely on setting the __proto__ key, as this is now blocked for security reasons.

🐛 Bug Fixes

  • Patched a vulnerability where specifically crafted configuration objects using the __proto__ key could cause a Denial of Service (DoS) during the merge process.