Changelog
v1.1.3 - 2026-06-12
Security Updates:
- Updated axios from ^1.3.5 to ^1.17.0 to address 11 critical security
vulnerabilities:
- CVE-2025-62718: Prototype pollution gadgets in config.proxy enabling MITM attacks
- Proxy-Authorization credential leaks across HTTP-to-HTTPS redirects
- NO_PROXY protection bypass via RFC 1122 loopback subnet (127.0.0.0/8)
- Credential theft and response hijacking via prototype pollution
- Regular Expression Denial of Service (ReDoS) via cookie name injection
- Unrestricted cloud metadata exfiltration via header injection chains
- SSRF via hostname normalization bypass
- Resource allocation issues without throttling
Documentation Improvements:
- Updated documentation across README.md, installation guides, usage examples, and API references
v1.0.0 - 2025-03-06
- Initial release