chore: Update axios to 1.6 to pull in fix for CVE 2023 45857 (#971)

kitu-apietila · tiwarishubham635 · web-flow · commit a981eb026667 · 2023-11-09T13:53:34.000+05:30
* Update axios to 1.6.0 Fixes CVE-2023-45857 * Explicit type return on Promise TypeScript's automatic type resolution for the promise returned by the function in getExponentialBackoffResponseHandler determines that it returns a Promise<unknown>. This commit forces TypeScript to recognize that the resolved object is of type Promise<AxiosResponse>. --------- Co-authored-by: Shubham <tiwarishubham635@gmail.com>
diff --git a/package.json b/package.json
@@ -20,7 +20,7 @@
     "url": "https://github.com/twilio/twilio-node.git"
   },
   "dependencies": {
-    "axios": "^0.26.1",
+    "axios": "^1.6.0",
     "dayjs": "^1.11.9",
     "https-proxy-agent": "^5.0.0",
     "jsonwebtoken": "^9.0.0",
diff --git a/src/base/RequestClient.ts b/src/base/RequestClient.ts
@@ -57,7 +57,7 @@ function getExponentialBackoffResponseHandler(
       );
       const delay = Math.floor(baseDelay * Math.random()); // Full jitter backoff
 
-      return new Promise((resolve) => {
+      return new Promise((resolve: (value: Promise<AxiosResponse>) => void) => {
         setTimeout(() => resolve(axios(config)), delay);
       });
     }

Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@ function getExponentialBackoffResponseHandler(`
`57`	`57`	`);`
`58`	`58`	`const delay = Math.floor(baseDelay * Math.random()); // Full jitter backoff`
`59`	`59`
`60`		`- return new Promise((resolve) => {`
	`60`	`+ return new Promise((resolve: (value: Promise<AxiosResponse>) => void) => {`
`61`	`61`	`setTimeout(() => resolve(axios(config)), delay);`
`62`	`62`	`});`
`63`	`63`	`}`