This is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).
Recommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.
🛡️ Security Fixes
- Backport: Fix DoS via proto key in merge config
⚙️ Maintenance & CI
- CI Infrastructure Update
- Updated Continuous Integration workflows for the v0.x branch to maintain long-term support and build reliability. - by @jasonsaayman in PR #7407
⚠️ Breaking Changes
Configuration Merging Behavior:
As part of the security fix, Axios now restricts the merging of the proto key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.
Full Changelog: v0.30.2...v0.30.3