PRE_RELEASE_CHANGELOG.md
sensitiveHeaders request config option that strips caller-selected custom secret headers from cross-origin redirects. (#10892)http: and https: URLs that omit // before adapter URL normalization, returning ERR_INVALID_URL instead of silently normalizing invalid input. (#10900, closes #7315)name: 'CanceledError' declaration to CommonJS CanceledError typings to match the ESM declarations. (#10922)transitional.validateStatusUndefinedResolves (default true) so applications can opt into treating explicit validateStatus: undefined like an omitted option by setting it to false. validateStatus: null still accepts every response status. (#10899, closes #6688)transitional.validateStatusUndefinedResolves; README/docs updates are tracked in PRE_RELEASE_DOCS.md for release preparation.