René's URL Explorer Experiment


Title: build(deps-dev): bump axios from 0.30.3 to 0.32.0 in /js by dependabot[bot] · Pull Request #371 · hyperblast/beefweb · GitHub

Open Graph Title: build(deps-dev): bump axios from 0.30.3 to 0.32.0 in /js by dependabot[bot] · Pull Request #371 · hyperblast/beefweb

X Title: build(deps-dev): bump axios from 0.30.3 to 0.32.0 in /js by dependabot[bot] · Pull Request #371 · hyperblast/beefweb

Description: Bumps axios from 0.30.3 to 0.32.0. Release notes Sourced from axios's releases. v0.32.0 — May 4, 2026 This release backports a comprehensive set of security and hardening fixes from the v1.x branch into v0.x, covering prototype-pollution protections, default error redaction, stricter proxy/cookie/socket handling, and one breaking change to merged config and header object prototypes. ⚠️ Breaking Changes & Deprecations Null-prototype merged objects: mergeConfig and header merging now return objects with a null prototype to block prototype-pollution gadgets. Consumers must use Object.prototype.hasOwnProperty.call(obj, key) and avoid implicit string coercion against merged config or header objects. (#10838) 🔒 Security Fixes Default error redaction: AxiosError.toJSON() now redacts sensitive keys by default to prevent credential leaks in logs. The behavior is configurable via config.redact, with defaults exposed on defaults.redact. (#10838) Cookie & XSRF handling: Cookie names are read literally rather than via regex, and only own properties are respected when evaluating withXSRFToken. (#10838) Proxy bypass IPv6 parity: NO_PROXY matching now handles canonical IPv4-mapped IPv6 forms such as ::ffff:127.0.0.1 and ::ffff:7f00:1. (#10838) Node http adapter hardening: Strips Proxy-Authorization when no proxy is in use and gates socketPath behind a new allowedSocketPaths allowlist (string or array, normalized) to reduce accidental Unix socket exposure. (#10838) Browser xhr adapter: Stricter own-property checks when reading config and headers. (#10838) URL parameters: AxiosURLSearchParams keeps encoded and applies consistent encoding throughout. (#10838) Public type surface: Adds formDataHeaderPolicy, redact, and allowedSocketPaths to the TypeScript declarations alongside their runtime defaults. (#10838) 🔧 Maintenance & Chores Repo hygiene: Updates README.md and CHANGELOG.md, adds AGENTS.md, and refreshes the issue and PR templates. (#10838) Full Changelog v0.31.1 This release backports a broad set of security hardenings from the v1 line — covering prototype-pollution defences, stream size enforcement, XSRF handling, URL null-byte encoding, and bounded FormData recursion — and drops committed dist/ artefacts along with Bower support. ⚠️ Breaking Changes & Deprecations Bower & Committed dist/ Removed: dist/ bundles are no longer committed to the repo, and bower.json plus the Grunt package2bower task have been removed. CI still builds bundles before publish, so npm/yarn/pnpm consumers are unaffected; installs via Bower or directly from the git tree must migrate to npm or a CDN. (#10747) 🔒 Security Fixes Prototype Pollution in Header Merge (GHSA-6chq-wfr3-2hj9): Tightened isFormData to reject plain/null-prototype objects and require append, and guarded the Node HTTP adapter so data.getHeaders() is only merged when it is not inherited from Object.prototype. Blocks injected headers via polluted getHeaders. (#10750) Prototype Pollution in Config Merging (GHSA-pf86-5x62-jrwf): mergeConfig, defaults resolution, and the HTTP adapter now uses own-property checks for transport, env, Blob, formSerializer, and transforms arrays, and merged configs are returned as null-prototype objects. Prevents hijacking of the request flow through polluted prototypes. (#10752) FormData / Params Recursion DoS: Added a configurable maxDepth (default 100, Infinity disables) to toFormData and params serialisation, throwing AxiosError with code ERR_FORM_DATA_DEPTH_EXCEEDED when exceeded. Circular-reference detection is preserved. (#10728) Null-Byte Injection in Query Strings: Removed the unsafe → null-byte substitution from AxiosURLSearchParams.encode so is preserved as-is. Other encoding behaviour (including → +) unchanged. (#10737) Consolidated v1 Security Backport: Rolls up remaining v1 hardenings into v0.x: maxContentLength enforcement for responseType: 'stream' via a guarded transform with deferred piping, maxBodyLength enforcement for streamed uploads on native http/https with maxRedirects: 0, and stricter withXSRFToken handling so only own boolean true enables cross-origin XSRF headers. (#10764) 🔧 Maintenance & Chores CODEOWNERS: Added .github/CODEOWNERS with * @jasonsaayman to set a default reviewer for all paths. (#10740) Full Changelog v0.31.0 This release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and zizmor scanning, resolves TypeScript typing issues in AxiosInstance, and fixes a performance regression in isEmptyObject(). 🔒 Security Fixes ... (truncated) Commits 8db2d44 chore: bump version to v0.32.0 (#10840) 2af6116 chore: backport fixes from the v1x branch (#10838) a589dc5 chore: bump version to v0.31.1 (#10766) b0c632f fix: backport security issues (#10764) b52187f fix: harden config merging (#10752) e3ddeb4 fix: header security issues (#10750) f4f2d76 chore: stop committing dist/ and remove bower (#10747) 1f2f644 chore: add CODEOWNERS (#10740) 44bca90 fix: improve regex in AxiosURLSearchParams (#10737) 4c4f07f fix: form data recursion (#10728) Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot show ignore conditions will show all of the ignore conditions of the specified dependency @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Open Graph Description: Bumps axios from 0.30.3 to 0.32.0. Release notes Sourced from axios's releases. v0.32.0 — May 4, 2026 This release backports a comprehensive set of security and hardening fixes from the v1.x ...

X Description: Bumps axios from 0.30.3 to 0.32.0. Release notes Sourced from axios's releases. v0.32.0 — May 4, 2026 This release backports a comprehensive set of security and hardening fixes from the v...

Opengraph URL: https://github.com/hyperblast/beefweb/pull/371

X: @github

direct link

Domain: github.com

route-pattern/:user_id/:repository/pull/:id/files(.:format)
route-controllerpull_requests
route-actionfiles
fetch-noncev2:4609cb47-ceae-9bfe-a246-4012682f2584
current-catalog-service-hashae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b
request-idE860:2ED9BA:B66A34:FFBCDB:6A4BE253
html-safe-noncefbdf37374f04f038f47cc44a8b75fccb9a30244656b02d36cfce4aab61212987
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJFODYwOjJFRDlCQTpCNjZBMzQ6RkZCQ0RCOjZBNEJFMjUzIiwidmlzaXRvcl9pZCI6IjU2MDM5MDA3NjY0MDgxMzkzNDciLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ==
visitor-hmacc08155e9bbb3e3abd1d2bdc0b28876ac9aa58dc8369e5540d344b39b289914f4
hovercard-subject-tagpull_request:3773097000
github-keyboard-shortcutsrepository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///pull_requests/show/files
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/hyperblast/beefweb/pull/371/files
twitter:imagehttps://avatars.githubusercontent.com/in/29110?s=400&v=4
twitter:cardsummary_large_image
og:imagehttps://avatars.githubusercontent.com/in/29110?s=400&v=4
og:image:altBumps axios from 0.30.3 to 0.32.0. Release notes Sourced from axios's releases. v0.32.0 — May 4, 2026 This release backports a comprehensive set of security and hardening fixes from the v1.x ...
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
None0f5d3ba365b3985d75c32a5957c8635488d58dcf027ae6ae958eee7edaa306a2
turbo-cache-controlno-preview
diff-viewunified
go-importgithub.com/hyperblast/beefweb git https://github.com/hyperblast/beefweb.git
octolytics-dimension-user_id19171756
octolytics-dimension-user_loginhyperblast
octolytics-dimension-repository_id100525135
octolytics-dimension-repository_nwohyperblast/beefweb
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id100525135
octolytics-dimension-repository_network_root_nwohyperblast/beefweb
turbo-body-classeslogged-out env-production page-responsive full-width
disable-turbotrue
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release253920ac2dc35b0849cca4633895f1f2e5f03051
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/hyperblast/beefweb/pull/371/files#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fhyperblast%2Fbeefweb%2Fpull%2F371%2Ffiles
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fhyperblast%2Fbeefweb%2Fpull%2F371%2Ffiles
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow%2Ffiles&source=header-repo&source_repo=hyperblast%2Fbeefweb
Reloadhttps://github.com/hyperblast/beefweb/pull/371/files
Reloadhttps://github.com/hyperblast/beefweb/pull/371/files
Reloadhttps://github.com/hyperblast/beefweb/pull/371/files
hyperblast https://github.com/hyperblast
beefwebhttps://github.com/hyperblast/beefweb
Please reload this pagehttps://github.com/hyperblast/beefweb/pull/371/files
Notifications https://github.com/login?return_to=%2Fhyperblast%2Fbeefweb
Fork 38 https://github.com/login?return_to=%2Fhyperblast%2Fbeefweb
Star 316 https://github.com/login?return_to=%2Fhyperblast%2Fbeefweb
Code https://github.com/hyperblast/beefweb
Issues 63 https://github.com/hyperblast/beefweb/issues
Pull requests 12 https://github.com/hyperblast/beefweb/pulls
Discussions https://github.com/hyperblast/beefweb/discussions
Actions https://github.com/hyperblast/beefweb/actions
Projects https://github.com/hyperblast/beefweb/projects
Security and quality 0 https://github.com/hyperblast/beefweb/security
Insights https://github.com/hyperblast/beefweb/pulse
Code https://github.com/hyperblast/beefweb
Issues https://github.com/hyperblast/beefweb/issues
Pull requests https://github.com/hyperblast/beefweb/pulls
Discussions https://github.com/hyperblast/beefweb/discussions
Actions https://github.com/hyperblast/beefweb/actions
Projects https://github.com/hyperblast/beefweb/projects
Security and quality https://github.com/hyperblast/beefweb/security
Insights https://github.com/hyperblast/beefweb/pulse
Sign up for GitHub https://github.com/signup?return_to=%2Fhyperblast%2Fbeefweb%2Fissues%2Fnew%2Fchoose
terms of servicehttps://docs.github.com/terms
privacy statementhttps://docs.github.com/privacy
Sign inhttps://github.com/login?return_to=%2Fhyperblast%2Fbeefweb%2Fissues%2Fnew%2Fchoose
dependabothttps://github.com/apps/dependabot
masterhttps://github.com/hyperblast/beefweb/tree/master
dependabot/npm_and_yarn/js/axios-0.32.0https://github.com/hyperblast/beefweb/tree/dependabot/npm_and_yarn/js/axios-0.32.0
Conversation 0 https://github.com/hyperblast/beefweb/pull/371
Commits 1 https://github.com/hyperblast/beefweb/pull/371/commits
Checks 6 https://github.com/hyperblast/beefweb/pull/371/checks
Files changed https://github.com/hyperblast/beefweb/pull/371/files
Please reload this pagehttps://github.com/hyperblast/beefweb/pull/371/files
build(deps-dev): bump axios from 0.30.3 to 0.32.0 in /js https://github.com/hyperblast/beefweb/pull/371/files#top
Show all changes 1 commit https://github.com/hyperblast/beefweb/pull/371/files
78fd04c build(deps-dev): bump axios from 0.30.3 to 0.32.0 in /js dependabot[bot] May 30, 2026 https://github.com/hyperblast/beefweb/pull/371/commits/78fd04cfab1edd6e8854eb61bf201cafcfee9dd3
Clear filters https://github.com/hyperblast/beefweb/pull/371/files
Please reload this pagehttps://github.com/hyperblast/beefweb/pull/371/files
Please reload this pagehttps://github.com/hyperblast/beefweb/pull/371/files
package.json https://github.com/hyperblast/beefweb/pull/371/files#diff-7255a640f1bf86e38ee3503cc375e6993d5a4455715c451a4b9c46ad9fc22c88
yarn.lock https://github.com/hyperblast/beefweb/pull/371/files#diff-533105a648e77ec623e068154954ba5c7f4287056859d53cf772c274caff74e6
js/api_tests/package.jsonhttps://github.com/hyperblast/beefweb/pull/371/files#diff-7255a640f1bf86e38ee3503cc375e6993d5a4455715c451a4b9c46ad9fc22c88
View file https://github.com/hyperblast/beefweb/blob/78fd04cfab1edd6e8854eb61bf201cafcfee9dd3/js/api_tests/package.json
Open in desktop https://desktop.github.com
https://github.co/hiddenchars
https://github.com/hyperblast/beefweb/pull/371/{{ revealButtonHref }}
https://github.com/hyperblast/beefweb/pull/371/files#diff-7255a640f1bf86e38ee3503cc375e6993d5a4455715c451a4b9c46ad9fc22c88
https://github.com/hyperblast/beefweb/pull/371/files#diff-7255a640f1bf86e38ee3503cc375e6993d5a4455715c451a4b9c46ad9fc22c88
js/yarn.lockhttps://github.com/hyperblast/beefweb/pull/371/files#diff-533105a648e77ec623e068154954ba5c7f4287056859d53cf772c274caff74e6
View file https://github.com/hyperblast/beefweb/blob/78fd04cfab1edd6e8854eb61bf201cafcfee9dd3/js/yarn.lock
Open in desktop https://desktop.github.com
https://github.co/hiddenchars
https://github.com/hyperblast/beefweb/pull/371/{{ revealButtonHref }}
https://github.com/hyperblast/beefweb/pull/371/files#diff-533105a648e77ec623e068154954ba5c7f4287056859d53cf772c274caff74e6
https://github.com/hyperblast/beefweb/pull/371/files#diff-533105a648e77ec623e068154954ba5c7f4287056859d53cf772c274caff74e6
Please reload this pagehttps://github.com/hyperblast/beefweb/pull/371/files
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.