You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.
🐛 Bug Fixes
AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#10913)
Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#10917, #10930, #10942, #10993)
Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#10959, #11021)
AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#11019)
🔧 Maintenance & Chores
Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)
This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.
This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.
This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.
This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.
This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.
This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.
Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an axios instance #4248
There are multiple deprecations, refactors and fixes provided in this release. Please read through the full release notes to see how this may impact your project and use case.
Removed
Removed incorrect argument for NetworkError constructor #4656
This release fixes a security vulnerability in the formidable dependency, resolves a CommonJS compatibility regression, hardens proxy and HTTP/2 handling, and modernises the build and test toolchain.
This release adds React Native Blob support, fixes several enumeration and export regressions, and patches FormData detection for WeChat Mini Program environments.
Configuration
📅 Schedule: (UTC)
Branch creation
At any time (no schedule defined)
Automerge
At any time (no schedule defined)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
If you want to rebase/retry this PR, check this box
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.13.5→1.18.1Release Notes
axios/axios (axios)
v1.18.1Compare Source
v1.18.1 — June 21, 2026
This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.
🐛 Bug Fixes
encoder.call(this)receives theAxiosURLSearchParamsinstance correctly. (#11019)🔧 Maintenance & Chores
Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)
Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#11011, #11012, #11013, #11014, #11015, #11016, #11017, #11026)
🌟 New Contributors
We are thrilled to welcome our new contributors. Thank you for helping improve axios:
Full Changelog
v1.18.0Compare Source
This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.
v1.17.0Compare Source
This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.
v1.16.1Compare Source
This release ships a defence-in-depth fix for prototype pollution in
formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.v1.16.0Compare Source
This release adds support for the QUERY HTTP method and a new
ECONNREFUSEDerror constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.v1.15.2Compare Source
This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in
allowedSocketPathsallowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.v1.15.1Compare Source
This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.
v1.15.0Compare Source
Bug Fixes
Features
Contributors to this release
PRs
1.2.6 (2023-01-28)
Bug Fixes
CommonRequestHeadersList&CommonResponseHeadersListtypes to be private in commonJS; (#5503) (5a3d0a3)Contributors to this release
PRs
1.2.5 (2023-01-26)
Bug Fixes
Contributors to this release
PRs
1.2.4 (2023-01-22)
Bug Fixes
RawAxiosRequestConfigback toAxiosRequestConfig; (#5486) (2a71f49)AxiosRequestConfiggeneric; (#5478) (9bce81b)Contributors to this release
PRs
1.2.3 (2023-01-10)
Bug Fixes
Contributors to this release
PRs
[1.2.2] - 2022-12-29
Fixed
Chores
Contributors to this release
[1.2.1] - 2022-12-05
Changed
Fixed
Refactors
Chores
Contributors to this release
PRs
[1.2.0] - 2022-11-10
Changed
Fixed
Refactors
Chores
Contributors to this release
PRs
[1.1.3] - 2022-10-15
Added
Fixed
Chores
Contributors to this release
PRs
[1.1.2] - 2022-10-07
Fixed
Contributors to this release
PRs
[1.1.1] - 2022-10-07
Fixed
Contributors to this release
PRs
[1.1.0] - 2022-10-06
Fixed
Contributors to this release
PRs
[1.0.0] - 2022-10-04
Added
Changed
Deprecated
Removed
Fixed
Chores
Security
Contributors to this release
Bertrand Marron
Dmitriy Mozgovoy
Dan Mooney
Michael Li
aong
Des Preston
Ted Robertson
zhoulixiang
Arthur Fiorette
Kumar Shanu
JALAL
Jingyi Lin
Philipp Loose
Alexander Shchukin
Dave Cardwell
Cat Scarlet
Luca Pizzini
Kai
Maxime Bargiel
Brian Helba
reslear
Jamie Slome
Landro3
rafw87
Afzal Sayed
Koki Oyatsu
Dave
暴走老七
Spencer
Adrian Wieprzkowicz
Jamie Telin
毛呆
Kirill Shakirov
Rraji Abdelbari
Jelle Schutter
Tom Ceuppens
Johann Cooper
Dimitris Halatsis
chenjigeng
João Gabriel Quaresma
Victor Augusto
neilnaveen
Pavlos
Kiryl Valkovich
Naveen
wenzheng
hcwhan
Bassel Rachid
Grégoire Pineau
felipedamin
Karl Horky
Yue JIN
Usman Ali Siddiqui
WD
Günther Foidl
Stephen Jennings
C.T.Lin
mia-z
Parth Banathia
parth0105pluang
Marco Weber
Luca Pizzini
Willian Agostini
Huyen Nguyen
v1.14.0Compare Source
This release fixes a security vulnerability in the
formidabledependency, resolves a CommonJS compatibility regression, hardens proxy and HTTP/2 handling, and modernises the build and test toolchain.v1.13.6Compare Source
This release adds React Native Blob support, fixes several enumeration and export regressions, and patches FormData detection for WeChat Mini Program environments.
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.