Skip to content

fix: prevent undefined error codes in settle#7276

Merged
jasonsaayman merged 5 commits into
axios:v1.xfrom
VeerShah41:v1.x
May 1, 2026
Merged

fix: prevent undefined error codes in settle#7276
jasonsaayman merged 5 commits into
axios:v1.xfrom
VeerShah41:v1.x

Conversation

@VeerShah41
Copy link
Copy Markdown
Contributor

@VeerShah41 VeerShah41 commented Nov 30, 2025

…atus codes

Replace array indexing logic with conditional check to ensure proper error code assignment for all HTTP status code ranges.

Previously, the error code selection used:
[ERR_BAD_REQUEST, ERR_BAD_RESPONSE][Math.floor(status / 100) - 4]

This produced undefined for status codes outside 4xx/5xx ranges (1xx, 2xx, 3xx, 6xx+), which could break error handling when users customize validateStatus to reject non-standard status codes.

Now uses:
status >= 400 && status < 500 ? ERR_BAD_REQUEST : ERR_BAD_RESPONSE

This ensures:

  • 4xx codes → ERR_BAD_REQUEST
  • All other error codes → ERR_BAD_RESPONSE

Instructions

Please read and follow the instructions before creating and submitting a pull request:

  • Create an issue explaining the feature. It could save you some effort in case we don't consider it should be included in axios.
  • If you're fixing a bug, try to commit the failing test/s and the code fixing it in different commits.
  • Ensure you're following our contributing guide.

⚠️👆 Delete the instructions before submitting the pull request 👆⚠️

Describe your pull request here.

fix(core): prevent undefined error codes in settle for non-4xx/5xx st…
3a39062 
…atus codes

Replace array indexing logic with conditional check to ensure proper error
code assignment for all HTTP status code ranges.

Previously, the error code selection used:
[ERR_BAD_REQUEST, ERR_BAD_RESPONSE][Math.floor(status / 100) - 4]

This produced undefined for status codes outside 4xx/5xx ranges (1xx, 2xx,
3xx, 6xx+), which could break error handling when users customize
validateStatus to reject non-standard status codes.

Now uses:
status >= 400 && status < 500 ? ERR_BAD_REQUEST : ERR_BAD_RESPONSE

This ensures:
- 4xx codes → ERR_BAD_REQUEST
- All other error codes → ERR_BAD_RESPONSE
@VeerShah41
Copy link
Copy Markdown
Contributor Author

VeerShah41 commented Nov 30, 2025

@tomaash

@VeerShah41
Copy link
Copy Markdown
Contributor Author

VeerShah41 commented Dec 2, 2025

@adimit

@nidhishgajjar

This comment was marked as spam.

Sign in to view
1 similar comment
@nidhishgajjar

This comment was marked as spam.

Sign in to view
@jasonsaayman
Copy link
Copy Markdown
Member

jasonsaayman commented Apr 29, 2026
edited
Loading

Thanks @VeerShah41, the bug is real, and the diagnosis is right. The current [ERR_BAD_REQUEST, ERR_BAD_RESPONSE][Math.floor(status/100) - 4] produces undefined for any status outside 400–599, which means every 1xx and 6xx+ rejection (and any 2xx/3xx the user rejects via custom validateStatus) gets an AxiosError with no code. Doesn't crash, but error.code === 'ERR_BAD_REQUEST' checks silently miss those cases.

One semantic thing worth flagging on the fix itself. Today ERR_BAD_RESPONSE reads pretty consistently as "server returned a 5xx or the response couldn't be parsed" see http.js:468/860/890/905, fetch.js:204/307/345/390, defaults/index.js:133. After this PR, a 200 the user rejects via a custom validateStatus becomes ERR_BAD_RESPONSE alongside an actual 5xx. Defensible (the user did say it was a bad response), but the meaning broadens.

The bigger gap is in tests. There's no settled spec today grep -r ERR_BAD_REQUEST test/ comes up empty, so the bug existed precisely because nothing exercised these boundaries. A test/specs/core/settle.spec.js covering 4xx → ERR_BAD_REQUEST, 5xx → ERR_BAD_RESPONSE, and a non-4xx/5xx case via custom validateStatus asserting error.code is defined would lock this in.

One last thing, please don't ping unrelated GitHub users on PRs here. They're not maintainers of this repo, and ad-hoc pings tend to get muted rather than acted on. The maintainers do see open PRs.

@jasonsaayman jasonsaayman added priority::medium A medium priority commit::fix The PR is related to a bugfix status::changes-requested A reviewer requested changes to the PR status::needs-rebase The PR requires a rebase labels Apr 29, 2026
@jasonsaayman jasonsaayman changed the title prevent undefined error codes in settle for non-4xx/5xx st... fix: prevent undefined error codes in settle Apr 29, 2026
@VeerShah41
test(core): add unit tests for settle error code assignment
7556708 
Cover the boundary conditions that were previously untested:
- 4xx status codes → ERR_BAD_REQUEST
- 5xx status codes → ERR_BAD_RESPONSE
- Non-4xx/5xx codes rejected via custom validateStatus → ERR_BAD_RESPONSE (defined, not undefined)

These tests would have caught the original array-indexing bug where
Math.floor(status/100) - 4 returned negative/out-of-range indices
for 1xx, 2xx, 3xx, and 6xx+ status codes, resulting in undefined error.code.
cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Confidence score: 5/5

  • Automated review surfaced no issues in the provided summaries.
  • No files require special attention.

@VeerShah41
Copy link
Copy Markdown
Contributor Author

VeerShah41 commented Apr 29, 2026

Hey @jasonsaayman sorry for the unrelated pings and the spam, that was genuinely careless on my part. I didn't check if those people were actually maintainers before tagging them .Won't do that again.

I've added the tests you mentioned . I'll be upfront ,I used an LLM to help me generate them since I'm still learning how to write good test cases though on my part, I did go through each one and understand what it's checking , just wanted to be transparent about that .

The tests cover 4xx ➡️ ERR_BAD_REQUEST, 5xx ➡️ ERR_BAD_RESPONSE ,and the custom validateStatus edge cases where error.code was coming back as undefined before the fix .

Thanks for the detailed feedback it actually helped me understand the codebase a lot better .

@jasonsaayman jasonsaayman merged commit 5107ee6 into axios:v1.x May 1, 2026
23 checks passed
ModyQyW added a commit to uni-helper/uni-network that referenced this pull request May 7, 2026
@ModyQyW
fix: prevent undefined error codes in settle, sync axios/axios#7276
54cd388
saikumarrs pushed a commit to rudderlabs/rudder-sdk-node that referenced this pull request May 24, 2026
@achettyiitr @snyk-bot
chore(deps): bump axios from 1.15.2 to 1.16.0 [Snyk] (#423)
8e7d703 
![snyk-top-banner](https://res.cloudinary.com/snyk/image/upload/r-d/scm-platform/snyk-pull-requests/pr-banner-default.svg)


<h3>Snyk has created this PR to upgrade axios from 1.15.2 to
1.16.0.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.

<hr/>


- The recommended version is **1 version** ahead of your current
version.

- The recommended version was released **21 days ago**.


#### Breaking Change Risk

![Merge Risk:
Medium](https://img.shields.io/badge/Merge%20Risk%3A%20Medium-8B4513?style=for-the-badge)

> **Notice:** This assessment is enhanced by AI.


<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>axios</b></summary>
    <ul>
      <li>
<b>1.16.0</b> - <a
href="https://redirect.github.com/axios/axios/releases/tag/v1.16.0">2026-05-02</a></br><h2>v1.16.0
— May 2, 2026</h2>
<p>This release adds support for the QUERY HTTP method and a new
<code>ECONNREFUSED</code> error constant, lands a substantial wave of
HTTP, fetch, and XHR adapter bug fixes around redirects, aborts,
headers, and timeouts, and welcomes 23 new contributors.</p>
<h2><g-emoji class="g-emoji" alias="warning">⚠️</g-emoji> Notable
Changes</h2>
<p>A handful of fixes in this release are either security-adjacent or
change observable behaviour. Please review before upgrading:</p>
<ul>
<li><strong>Fetch adapter now enforces <code>maxBodyLength</code> and
<code>maxContentLength</code>.</strong> These limits were silently
ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as
a safety net (DoS protection, accidental large uploads) had no
protection. (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="4310518523"
data-permission-text="Title is private"
data-url="axios/axios#10795"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10795/hovercard"
href="https://redirect.github.com/axios/axios/pull/10795">#10795</a></strong>)</li>
<li><strong>Proxy requests now preserve user-supplied <code>Host</code>
headers.</strong> Previously, the proxy path could overwrite a custom
<code>Host</code>. Virtual-host-style routing through a proxy will now
behave correctly. (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="4347021851"
data-permission-text="Title is private"
data-url="axios/axios#10822"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10822/hovercard"
href="https://redirect.github.com/axios/axios/pull/10822">#10822</a></strong>)</li>
<li><strong>Basic auth credentials embedded in URLs are now
URL-decoded.</strong> If you have percent-encoded credentials in a URL
(e.g. <code>https://user:p%40ss@host</code>), the decoded value is what
now goes on the wire. (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="4351589744"
data-permission-text="Title is private"
data-url="axios/axios#10825"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10825/hovercard"
href="https://redirect.github.com/axios/axios/pull/10825">#10825</a></strong>)</li>
<li><strong><code>parseProtocol</code> now strictly requires a colon in
the protocol separator.</strong> Strings that loosely parsed as
protocols before may no longer match. (<strong><a class="issue-link
js-issue-link" data-error-text="Failed to load title"
data-id="4271998290" data-permission-text="Title is private"
data-url="axios/axios#10729"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10729/hovercard"
href="https://redirect.github.com/axios/axios/pull/10729">#10729</a></strong>)</li>
<li><strong>Deprecated <code>unescape()</code> replaced with modern
UTF-8 encoding.</strong> Non-ASCII URL handling is now spec-correct;
consumers depending on legacy <code>unescape()</code> quirks may see
different output bytes. (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="3912225221"
data-permission-text="Title is private"
data-url="axios/axios#7378"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/7378/hovercard"
href="https://redirect.github.com/axios/axios/pull/7378">#7378</a></strong>)</li>
<li><strong><code>transformRequest</code> input typing change was
reverted.</strong> The typing change introduced in <a class="issue-link
js-issue-link" data-error-text="Failed to load title"
data-id="4284929830" data-permission-text="Title is private"
data-url="axios/axios#10745"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10745/hovercard"
href="https://redirect.github.com/axios/axios/pull/10745">#10745</a> was
reverted in <a class="issue-link js-issue-link" data-error-text="Failed
to load title" data-id="4336537376" data-permission-text="Title is
private" data-url="axios/axios#10810"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10810/hovercard"
href="https://redirect.github.com/axios/axios/pull/10810">#10810</a>
after follow-up review — net behavior is unchanged from 1.15.2.
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4284929830" data-permission-text="Title is private"
data-url="axios/axios#10745"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10745/hovercard"
href="https://redirect.github.com/axios/axios/pull/10745">#10745</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4336537376" data-permission-text="Title is private"
data-url="axios/axios#10810"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10810/hovercard"
href="https://redirect.github.com/axios/axios/pull/10810">#10810</a></strong>)</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>QUERY HTTP Method:</strong> Added support for the QUERY HTTP
method across adapters and type definitions. (<strong><a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="4323864507" data-permission-text="Title is private"
data-url="axios/axios#10802"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10802/hovercard"
href="https://redirect.github.com/axios/axios/pull/10802">#10802</a></strong>)</li>
<li><strong>ECONNREFUSED Error Constant:</strong> Exposed
<code>ECONNREFUSED</code> as a constant on <code>AxiosError</code> so
callers can match connection-refused failures without comparing string
literals (closes <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="2398798239"
data-permission-text="Title is private"
data-url="axios/axios#6485"
data-hovercard-type="issue"
data-hovercard-url="/axios/axios/issues/6485/hovercard"
href="https://redirect.github.com/axios/axios/issues/6485">#6485</a>).
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4235938363" data-permission-text="Title is private"
data-url="axios/axios#10680"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10680/hovercard"
href="https://redirect.github.com/axios/axios/pull/10680">#10680</a></strong>)</li>
<li><strong>Encode Helper Export:</strong> Exported the internal
<code>encode</code> helper from <code>buildURL</code> so userland param
serializers can reuse the same encoding logic that axios uses
internally. (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="3023608053"
data-permission-text="Title is private"
data-url="axios/axios#6897"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/6897/hovercard"
href="https://redirect.github.com/axios/axios/pull/6897">#6897</a></strong>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>HTTP Adapter — Redirects &amp; Headers:</strong> Cleared
stale headers when a redirect targets a no-proxy host, fixed the
redirect listener chain so listeners no longer stack across hops,
restored the missing <code>requestDetails</code> argument on
<code>beforeRedirect</code>, preserved user-supplied <code>Host</code>
headers when forwarding through a proxy, and properly URL-decoded basic
auth credentials. (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="4310371730"
data-permission-text="Title is private"
data-url="axios/axios#10794"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10794/hovercard"
href="https://redirect.github.com/axios/axios/pull/10794">#10794</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4323346513" data-permission-text="Title is private"
data-url="axios/axios#10800"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10800/hovercard"
href="https://redirect.github.com/axios/axios/pull/10800">#10800</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="2141603120" data-permission-text="Title is private"
data-url="axios/axios#6241"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/6241/hovercard"
href="https://redirect.github.com/axios/axios/pull/6241">#6241</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4347021851" data-permission-text="Title is private"
data-url="axios/axios#10822"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10822/hovercard"
href="https://redirect.github.com/axios/axios/pull/10822">#10822</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4351589744" data-permission-text="Title is private"
data-url="axios/axios#10825"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10825/hovercard"
href="https://redirect.github.com/axios/axios/pull/10825">#10825</a></strong>)</li>
<li><strong>HTTP Adapter — Streams &amp; Timeouts:</strong> Preserved
the partial response object on <code>AxiosError</code> when a stream is
aborted after headers arrive, honoured the <code>timeout</code> option
during the connect phase when redirects are disabled, and resolved an
unsettled-promise hang when an aborted request was combined with
compression and <code>maxRedirects: 0</code>. (<strong><a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="4260994859" data-permission-text="Title is private"
data-url="axios/axios#10708"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10708/hovercard"
href="https://redirect.github.com/axios/axios/pull/10708">#10708</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4344944445" data-permission-text="Title is private"
data-url="axios/axios#10819"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10819/hovercard"
href="https://redirect.github.com/axios/axios/pull/10819">#10819</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="3509777101" data-permission-text="Title is private"
data-url="axios/axios#7149"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/7149/hovercard"
href="https://redirect.github.com/axios/axios/pull/7149">#7149</a></strong>)</li>
<li><strong>Fetch Adapter:</strong> Enforced <code>maxBodyLength</code>
/ <code>maxContentLength</code> in the fetch adapter, set the
<code>User-Agent</code> header to match the HTTP adapter, preserved the
original abort reason instead of replacing it with a generic error, and
deferred global access so importing the module no longer throws a
<code>TypeError</code> in restricted environments. (<strong><a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="4310518523" data-permission-text="Title is private"
data-url="axios/axios#10795"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10795/hovercard"
href="https://redirect.github.com/axios/axios/pull/10795">#10795</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4294198336" data-permission-text="Title is private"
data-url="axios/axios#10772"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10772/hovercard"
href="https://redirect.github.com/axios/axios/pull/10772">#10772</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4336242387" data-permission-text="Title is private"
data-url="axios/axios#10806"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10806/hovercard"
href="https://redirect.github.com/axios/axios/pull/10806">#10806</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="3662226069" data-permission-text="Title is private"
data-url="axios/axios#7260"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/7260/hovercard"
href="https://redirect.github.com/axios/axios/pull/7260">#7260</a></strong>)</li>
<li><strong>XHR Adapter:</strong> Unsubscribed the
<code>cancelToken</code> and <code>AbortSignal</code> listeners on the
error, timeout, and abort code paths to prevent leaked subscriptions.
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4303641135" data-permission-text="Title is private"
data-url="axios/axios#10787"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10787/hovercard"
href="https://redirect.github.com/axios/axios/pull/10787">#10787</a></strong>)</li>
<li><strong>Error Handling:</strong> Attached the parsed response to
<code>AxiosError</code> when <code>JSON.parse</code> fails inside
<code>dispatchRequest</code>, prevented <code>settle</code> from
emitting <code>undefined</code> error codes, and tightened the
<code>parseProtocol</code> regex to require a colon in the protocol
separator. (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="4270604544"
data-permission-text="Title is private"
data-url="axios/axios#10724"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10724/hovercard"
href="https://redirect.github.com/axios/axios/pull/10724">#10724</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="3678162351" data-permission-text="Title is private"
data-url="axios/axios#7276"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/7276/hovercard"
href="https://redirect.github.com/axios/axios/pull/7276">#7276</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4271998290" data-permission-text="Title is private"
data-url="axios/axios#10729"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10729/hovercard"
href="https://redirect.github.com/axios/axios/pull/10729">#10729</a></strong>)</li>
<li><strong>Types &amp; Exports:</strong> Aligned the CommonJS
<code>CancelToken</code> typings with the ESM build, fixed a compiler
error caused by <code>RawAxiosHeaders</code>, and re-exported
<code>create</code> from the package index. (<strong><a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3959718695" data-permission-text="Title is private"
data-url="axios/axios#7414"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/7414/hovercard"
href="https://redirect.github.com/axios/axios/pull/7414">#7414</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="2291674940" data-permission-text="Title is private"
data-url="axios/axios#6389"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/6389/hovercard"
href="https://redirect.github.com/axios/axios/pull/6389">#6389</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="2365076865" data-permission-text="Title is private"
data-url="axios/axios#6460"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/6460/hovercard"
href="https://redirect.github.com/axios/axios/pull/6460">#6460</a></strong>)</li>
<li><strong>UTF-8 Encoding:</strong> Replaced the deprecated
<code>unescape()</code> call with a modern UTF-8 encoding
implementation. (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="3912225221"
data-permission-text="Title is private"
data-url="axios/axios#7378"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/7378/hovercard"
href="https://redirect.github.com/axios/axios/pull/7378">#7378</a></strong>)</li>
<li><strong>Misc Cleanup:</strong> Resolved a batch of small
inconsistencies and gadget-level issues across the codebase. (<strong><a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="4365717510" data-permission-text="Title is private"
data-url="axios/axios#10833"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10833/hovercard"
href="https://redirect.github.com/axios/axios/pull/10833">#10833</a></strong>)</li>
</ul>
<h2>🔧 Maintenance &amp; Chores</h2>
<ul>
<li><strong>Refactor — ES6 Modernisation:</strong> Modernised the
<code>utils</code> module and XHR adapter to use ES6 features, and
tidied the multipart boundary error message. (<strong><a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="4173424907" data-permission-text="Title is private"
data-url="axios/axios#10588"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10588/hovercard"
href="https://redirect.github.com/axios/axios/pull/10588">#10588</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="3967256044" data-permission-text="Title is private"
data-url="axios/axios#7419"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/7419/hovercard"
href="https://redirect.github.com/axios/axios/pull/7419">#7419</a></strong>)</li>
<li><strong>Tests:</strong> Hardened the HTTP test server lifecycle to
fix flaky <code>FormData</code> EPIPE failures, fixed Win32 platform
support for the pipe tests, and corrected an incorrect test assumption.
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4345005129" data-permission-text="Title is private"
data-url="axios/axios#10820"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10820/hovercard"
href="https://redirect.github.com/axios/axios/pull/10820">#10820</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4305591702" data-permission-text="Title is private"
data-url="axios/axios#10791"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10791/hovercard"
href="https://redirect.github.com/axios/axios/pull/10791">#10791</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4310668356" data-permission-text="Title is private"
data-url="axios/axios#10796"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10796/hovercard"
href="https://redirect.github.com/axios/axios/pull/10796">#10796</a></strong>)</li>
<li><strong>Docs:</strong> Documented
<code>paramsSerializer.encode</code> for strict RFC 3986 query encoding,
updated the <code>parseReviver</code> TypeScript definitions and
configuration docs for ES2023, added timeout guidance to the README's
first async example, and expanded notes around the recent type changes.
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4346633084" data-permission-text="Title is private"
data-url="axios/axios#10821"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10821/hovercard"
href="https://redirect.github.com/axios/axios/pull/10821">#10821</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4298576114" data-permission-text="Title is private"
data-url="axios/axios#10782"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10782/hovercard"
href="https://redirect.github.com/axios/axios/pull/10782">#10782</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4290932663" data-permission-text="Title is private"
data-url="axios/axios#10759"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10759/hovercard"
href="https://redirect.github.com/axios/axios/pull/10759">#10759</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4335735712" data-permission-text="Title is private"
data-url="axios/axios#10804"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10804/hovercard"
href="https://redirect.github.com/axios/axios/pull/10804">#10804</a></strong>)</li>
<li><strong>Reverted:</strong> Reverted the
<code>transformRequest</code> input typing change from <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="4284929830" data-permission-text="Title is private"
data-url="axios/axios#10745"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10745/hovercard"
href="https://redirect.github.com/axios/axios/pull/10745">#10745</a>
after follow-up review. (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="4284929830"
data-permission-text="Title is private"
data-url="axios/axios#10745"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10745/hovercard"
href="https://redirect.github.com/axios/axios/pull/10745">#10745</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4336537376" data-permission-text="Title is private"
data-url="axios/axios#10810"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10810/hovercard"
href="https://redirect.github.com/axios/axios/pull/10810">#10810</a></strong>)</li>
<li><strong>Dependencies:</strong> Bumped
<code>actions/setup-node</code>, the <code>github-actions</code> group,
and <code>postcss</code> (in <code>/docs</code>) to their latest
versions. (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="4301894928"
data-permission-text="Title is private"
data-url="axios/axios#10785"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10785/hovercard"
href="https://redirect.github.com/axios/axios/pull/10785">#10785</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4342327794" data-permission-text="Title is private"
data-url="axios/axios#10813"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10813/hovercard"
href="https://redirect.github.com/axios/axios/pull/10813">#10813</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4342985432" data-permission-text="Title is private"
data-url="axios/axios#10814"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10814/hovercard"
href="https://redirect.github.com/axios/axios/pull/10814">#10814</a></strong>)</li>
<li><strong>Release:</strong> Updated changelog and packages, and
prepared the 1.16.0 release. (<strong><a class="issue-link
js-issue-link" data-error-text="Failed to load title"
data-id="4304455485" data-permission-text="Title is private"
data-url="axios/axios#10790"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10790/hovercard"
href="https://redirect.github.com/axios/axios/pull/10790">#10790</a></strong>,
<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4368693595" data-permission-text="Title is private"
data-url="axios/axios#10834"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10834/hovercard"
href="https://redirect.github.com/axios/axios/pull/10834">#10834</a></strong>)</li>
</ul>
<h2>🌟 New Contributors</h2>
<p>We are thrilled to welcome our new contributors. Thank you for
helping improve axios:</p>
<ul>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/singhankit001/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/singhankit001">@
singhankit001</a></strong> (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="4173424907"
data-permission-text="Title is private"
data-url="axios/axios#10588"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10588/hovercard"
href="https://redirect.github.com/axios/axios/pull/10588">#10588</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/cuiweixie/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/cuiweixie">@ cuiweixie</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="3967256044" data-permission-text="Title is private"
data-url="axios/axios#7419"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/7419/hovercard"
href="https://redirect.github.com/axios/axios/pull/7419">#7419</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/iruizsalinas/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/iruizsalinas">@
iruizsalinas</a></strong> (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="4303641135"
data-permission-text="Title is private"
data-url="axios/axios#10787"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10787/hovercard"
href="https://redirect.github.com/axios/axios/pull/10787">#10787</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/MarcosNocetti/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/MarcosNocetti">@
MarcosNocetti</a></strong> (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="4235938363"
data-permission-text="Title is private"
data-url="axios/axios#10680"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10680/hovercard"
href="https://redirect.github.com/axios/axios/pull/10680">#10680</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/deepview-autofix/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/deepview-autofix">@
deepview-autofix</a></strong> (<strong><a class="issue-link
js-issue-link" data-error-text="Failed to load title"
data-id="4271998290" data-permission-text="Title is private"
data-url="axios/axios#10729"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10729/hovercard"
href="https://redirect.github.com/axios/axios/pull/10729">#10729</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/atharvasingh7007/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/atharvasingh7007">@
atharvasingh7007</a></strong> (<strong><a class="issue-link
js-issue-link" data-error-text="Failed to load title"
data-id="4284929830" data-permission-text="Title is private"
data-url="axios/axios#10745"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10745/hovercard"
href="https://redirect.github.com/axios/axios/pull/10745">#10745</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/OfekDanny/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/OfekDanny">@ OfekDanny</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4294198336" data-permission-text="Title is private"
data-url="axios/axios#10772"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10772/hovercard"
href="https://redirect.github.com/axios/axios/pull/10772">#10772</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/mnahkies/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/mnahkies">@ mnahkies</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="3959718695" data-permission-text="Title is private"
data-url="axios/axios#7414"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/7414/hovercard"
href="https://redirect.github.com/axios/axios/pull/7414">#7414</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user" data-hovercard-url="/users/tboyila/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/tboyila">@ tboyila</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4290932663" data-permission-text="Title is private"
data-url="axios/axios#10759"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10759/hovercard"
href="https://redirect.github.com/axios/axios/pull/10759">#10759</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user" data-hovercard-url="/users/Kingo64/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/Kingo64">@ Kingo64</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="3023608053" data-permission-text="Title is private"
data-url="axios/axios#6897"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/6897/hovercard"
href="https://redirect.github.com/axios/axios/pull/6897">#6897</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/ramram1048/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/ramram1048">@ ramram1048</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="2291674940" data-permission-text="Title is private"
data-url="axios/axios#6389"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/6389/hovercard"
href="https://redirect.github.com/axios/axios/pull/6389">#6389</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user" data-hovercard-url="/users/FLNacif/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/FLNacif">@ FLNacif</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="2365076865" data-permission-text="Title is private"
data-url="axios/axios#6460"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/6460/hovercard"
href="https://redirect.github.com/axios/axios/pull/6460">#6460</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user" data-hovercard-url="/users/zozo123/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/zozo123">@ zozo123</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4336242387" data-permission-text="Title is private"
data-url="axios/axios#10806"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10806/hovercard"
href="https://redirect.github.com/axios/axios/pull/10806">#10806</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/pierluigilenoci/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/pierluigilenoci">@
pierluigilenoci</a></strong> (<strong><a class="issue-link
js-issue-link" data-error-text="Failed to load title"
data-id="4323864507" data-permission-text="Title is private"
data-url="axios/axios#10802"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10802/hovercard"
href="https://redirect.github.com/axios/axios/pull/10802">#10802</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user" data-hovercard-url="/users/afurm/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/afurm">@ afurm</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4260994859" data-permission-text="Title is private"
data-url="axios/axios#10708"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10708/hovercard"
href="https://redirect.github.com/axios/axios/pull/10708">#10708</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/karan-lrn/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/karan-lrn">@ karan-lrn</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="3912225221" data-permission-text="Title is private"
data-url="axios/axios#7378"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/7378/hovercard"
href="https://redirect.github.com/axios/axios/pull/7378">#7378</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/ebeigarts/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/ebeigarts">@ ebeigarts</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="3509777101" data-permission-text="Title is private"
data-url="axios/axios#7149"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/7149/hovercard"
href="https://redirect.github.com/axios/axios/pull/7149">#7149</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/Raymondo97/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/Raymondo97">@ Raymondo97</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4298576114" data-permission-text="Title is private"
data-url="axios/axios#10782"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10782/hovercard"
href="https://redirect.github.com/axios/axios/pull/10782">#10782</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/mixelburg/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/mixelburg">@ mixelburg</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4346633084" data-permission-text="Title is private"
data-url="axios/axios#10821"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10821/hovercard"
href="https://redirect.github.com/axios/axios/pull/10821">#10821</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/ashishkr96/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/ashishkr96">@ ashishkr96</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4347021851" data-permission-text="Title is private"
data-url="axios/axios#10822"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10822/hovercard"
href="https://redirect.github.com/axios/axios/pull/10822">#10822</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/cyphercodes/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/cyphercodes">@
cyphercodes</a></strong> (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="4344944445"
data-permission-text="Title is private"
data-url="axios/axios#10819"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10819/hovercard"
href="https://redirect.github.com/axios/axios/pull/10819">#10819</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/Jye10032/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/Jye10032">@ Jye10032</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="3662226069" data-permission-text="Title is private"
data-url="axios/axios#7260"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/7260/hovercard"
href="https://redirect.github.com/axios/axios/pull/7260">#7260</a></strong>)</li>
<li><strong><a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/VeerShah41/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/VeerShah41">@ VeerShah41</a></strong>
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="3678162351" data-permission-text="Title is private"
data-url="axios/axios#7276"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/7276/hovercard"
href="https://redirect.github.com/axios/axios/pull/7276">#7276</a></strong>)</li>
</ul>
<p><a
href="https://redirect.github.com/axios/axios/compare/v1.15.2...v1.16.0">Full
Changelog</a></p>
      </li>
      <li>
<b>1.15.2</b> - <a
href="https://redirect.github.com/axios/axios/releases/tag/v1.15.2">2026-04-21</a></br><p>This
release delivers prototype-pollution hardening for the Node HTTP
adapter, adds an opt-in <code>allowedSocketPaths</code> allowlist to
mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory
leak, and ships supply-chain hardening across CI and security docs.</p>
<h2>🔒 Security Fixes</h2>
<ul>
<li><strong>Prototype Pollution Hardening (HTTP Adapter):</strong>
Hardened the Node HTTP adapter and
<code>resolveConfig</code>/<code>mergeConfig</code>/validator paths to
read only own properties and use null-prototype config objects,
preventing polluted <code>auth</code>, <code>baseURL</code>,
<code>socketPath</code>, <code>beforeRedirect</code>, and
<code>insecureHTTPParser</code> from influencing requests. (<strong><a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="4297881989" data-permission-text="Title is private"
data-url="axios/axios#10779"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10779/hovercard"
href="https://redirect.github.com/axios/axios/pull/10779">#10779</a></strong>)</li>
<li><strong>SSRF via <code>socketPath</code>:</strong> Rejects
non-string <code>socketPath</code> values and adds an opt-in
<code>allowedSocketPaths</code> config option to restrict permitted Unix
domain socket paths, returning <code>AxiosError</code>
<code>ERR_BAD_OPTION_VALUE</code> on mismatch. (<strong><a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="4297772207" data-permission-text="Title is private"
data-url="axios/axios#10777"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10777/hovercard"
href="https://redirect.github.com/axios/axios/pull/10777">#10777</a></strong>)</li>
<li><strong>Supply-chain Hardening:</strong> Added <code>.npmrc</code>
with <code>ignore-scripts=true</code>, lockfile lint CI, non-blocking
reproducible build diff, scoped CODEOWNERS, expanded
<code>SECURITY.md</code>/<code>THREATMODEL.md</code> with provenance
verification (<code>npm audit signatures</code>), 60-day resolution
policy, and maintainer incident-response runbook. (<strong><a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="4297522478" data-permission-text="Title is private"
data-url="axios/axios#10776"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10776/hovercard"
href="https://redirect.github.com/axios/axios/pull/10776">#10776</a></strong>)</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong><code>allowedSocketPaths</code> Config Option:</strong> New
request config option (and TypeScript types) to allowlist Unix domain
socket paths used by the Node http adapter; backwards compatible when
unset. (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="4297772207"
data-permission-text="Title is private"
data-url="axios/axios#10777"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10777/hovercard"
href="https://redirect.github.com/axios/axios/pull/10777">#10777</a></strong>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>Keep-alive Socket Memory Leak:</strong> Installs a single
per-socket <code>error</code> listener tracking the active request via
<code>kAxiosSocketListener</code>/<code>kAxiosCurrentReq</code>,
eliminating per-request listener accumulation,
<code>MaxListenersExceededWarning</code>, and linear heap growth under
concurrent or long-running keep-alive workloads (fixes <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="4298011964" data-permission-text="Title is private"
data-url="axios/axios#10780"
data-hovercard-type="issue"
data-hovercard-url="/axios/axios/issues/10780/hovercard"
href="https://redirect.github.com/axios/axios/issues/10780">#10780</a>).
(<strong><a class="issue-link js-issue-link" data-error-text="Failed to
load title" data-id="4304224147" data-permission-text="Title is private"
data-url="axios/axios#10788"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10788/hovercard"
href="https://redirect.github.com/axios/axios/pull/10788">#10788</a></strong>)</li>
</ul>
<h2>🔧 Maintenance &amp; Chores</h2>
<ul>
<li><strong>Changelog:</strong> Updated <code>CHANGELOG.md</code> with
v1.15.1 release notes. (<strong><a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="4298245836"
data-permission-text="Title is private"
data-url="axios/axios#10781"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/10781/hovercard"
href="https://redirect.github.com/axios/axios/pull/10781">#10781</a></strong>)</li>
</ul>
<p><a
href="https://redirect.github.com/axios/axios/compare/v1.15.1...v1.15.2">Full
Changelog</a></p>
      </li>
    </ul>
from <a href="https://redirect.github.com/axios/axios/releases">axios
GitHub release notes</a>
  </details>
</details>

---

> [!IMPORTANT]
>
> - Check the changes in this PR to ensure they won't cause issues with
your project.
> - This PR was automatically created by Snyk using the credentials of a
real user.

---

**Note:** _You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs._

**For more information:** <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJlMjE3ZGU0YS02ZGE2LTRhNGUtYThiZC1jNjQxMDUyZjI2YTciLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImUyMTdkZTRhLTZkYTYtNGE0ZS1hOGJkLWM2NDEwNTJmMjZhNyJ9fQ=="
width="0" height="0"/>

> - 🧐 [View latest project
report](https://app.snyk.io/org/rudder-qa/project/3ec84776-2902-4d8e-9cd9-a5d98be10724?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)
> - 📜 [Customise PR
templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=&utm_content=fix-pr-template)
> - 🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/rudder-qa/project/3ec84776-2902-4d8e-9cd9-a5d98be10724/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)
> - 🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/rudder-qa/project/3ec84776-2902-4d8e-9cd9-a5d98be10724/settings/integration?pkg&#x3D;axios&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

[//]: #
'snyk:metadata:{"breakingChangeRiskLevel":"medium","FF_showPullRequestBreakingChanges":true,"FF_showPullRequestBreakingChangesWebSearch":false,"customTemplate":{"variablesUsed":[],"fieldsUsed":["commitMessage","title"],"templateUrl":"https://app.snyk.io/rest/groups/f6659a58-7be6-43af-8ec5-3d06dd5bfeaa/settings/pull_request_template?version=2024-10-15"},"dependencies":[{"name":"axios","from":"1.15.2","to":"1.16.0"}],"env":"prod","hasFixes":false,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[],"prId":"e217de4a-6da6-4a4e-a8bd-c641052f26a7","prPublicId":"e217de4a-6da6-4a4e-a8bd-c641052f26a7","packageManager":"npm","priorityScoreList":[],"projectPublicId":"3ec84776-2902-4d8e-9cd9-a5d98be10724","projectUrl":"https://app.snyk.io/org/rudder-qa/project/3ec84776-2902-4d8e-9cd9-a5d98be10724?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"group","description":"default","title":"group"},"templateVariants":["custom"],"type":"auto","upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2026-05-02T15:04:00.274Z"},"vulns":[]}'

Co-authored-by: snyk-bot <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@jasonsaayman jasonsaayman jasonsaayman approved these changes

Assignees

@VeerShah41 VeerShah41

Labels

commit::fix The PR is related to a bugfix priority::medium A medium priority status::changes-requested A reviewer requested changes to the PR status::needs-rebase The PR requires a rebase

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@VeerShah41 @nidhishgajjar @jasonsaayman