stack.pulse
#stacks/axios/library

Axios release notes, breaking changes, and upgrade notes.

Promise based HTTP client for the browser and Node.js StackPulse turns upstream changelogs into scannable summaries with risky changes, deprecations, migration notes, and source links.

source repo$track this stackplan upgraderss
releases
8
breaking
3
security
7
deprecated
1
migrations
1

Get source-linked upgrade notes and occasional sponsor recommendations. No GitHub login required.

what stackpulse tracks

Axios releases from GitHub

StackPulse watches Axios release notes and keeps the original source link close to every summary.

upgrade risk

Breaking changes and deprecations

Risky changes are separated from normal feature notes so you can scan upgrade impact before changing production dependencies.

migration notes

Source-backed next steps

Migration steps and recommended actions are only shown when the upstream release notes support them.

# latest_releases

source-backed
allbreakingdeprecationmigrationsecurity
v0.32.0criticalbreakingmigrationfeaturesecurityMay 4, 2026

v0.32.0

This release backports security and hardening fixes from the v1.x branch into v0.x, including prototype-pollution protections, default error redaction, stricter proxy/cookie/socket handling, and a breaking change to merged config and header object prototypes.

affected

Users relying on implicit string coercion against merged config or header objects will be affected.

action

Update code to use Object.prototype.hasOwnProperty.call(obj, key) for merged config or header objects.

release_signals
-mergeConfig and header merging now return objects with a null prototype to block prototype-pollution gadgets. Consumers must use Object.prototype.hasOwnProperty.call(obj, key) and avoid implicit string coercion against merged config or header objects.
!Default error redaction to prevent credential leaks in logs
!Cookie & XSRF handling improvements
!Proxy bypass IPv6 parity fixes
!Node http adapter hardening with stricter Proxy-Authorization and socketPath handling
!Browser xhr adapter stricter own-property checks
+Default error redaction in AxiosError.toJSON()
+Stricter proxy bypass IPv6 parity handling
+Node http adapter hardening with allowedSocketPaths allowlist
+Browser xhr adapter stricter own-property checks
+Public type surface additions: formDataHeaderPolicy, redact, and allowedSocketPaths
migration_steps1 steps
  1. 01Use Object.prototype.hasOwnProperty.call(obj, key) for merged config or header objects to avoid implicit string coercion.
view source on github->