From 4699f8dedf8033737ea8b28bf33bdaa7428e19cf Mon Sep 17 00:00:00 2001
From: Cody Born <codyborn@outlook.com>
Date: Thu, 25 Feb 2021 04:46:22 -0800
Subject: [PATCH] Upgrade dependencies of axios (#7269)

### Description

Axios has [a vulnerability](https://github.com/axios/axios/issues/3369) fixed in versions >= 0.21.1. Upgrading our dependencies to newer versions to be compatible.
---
 packages/attestation-service/package.json     |  2 +-
 packages/celotool/package.json                |  2 +-
 packages/env-tests/package.json               |  2 +-
 packages/faucet/package.json                  |  2 +-
 .../phone-number-privacy/signer/package.json  |  2 +-
 packages/protocol/package.json                |  2 +-
 yarn.lock                                     | 90 +++++++++----------
 7 files changed, 47 insertions(+), 55 deletions(-)

diff --git a/packages/attestation-service/package.json b/packages/attestation-service/package.json
index b63fc5d734b..a6570714c31 100644
--- a/packages/attestation-service/package.json
+++ b/packages/attestation-service/package.json
@@ -54,7 +54,7 @@
     "prom-client": "11.2.0",
     "sequelize": "5.21.5",
     "sqlite3": "4.0.9",
-    "twilio": "^3.51.0",
+    "twilio": "^3.57.0",
     "yargs": "13.3.0"
   },
   "devDependencies": {
diff --git a/packages/celotool/package.json b/packages/celotool/package.json
index 871f991e186..8f0c00afa2e 100644
--- a/packages/celotool/package.json
+++ b/packages/celotool/package.json
@@ -35,7 +35,7 @@
     "read-last-lines": "^1.7.2",
     "sleep-promise": "^8.0.1",
     "string-hash": "^1.1.3",
-    "twilio": "^3.51.0",
+    "twilio": "^3.57.0",
     "web3": "1.3.0",
     "web3-eth-admin": "1.0.0-beta.55",
     "yargs": "14.0.0"
diff --git a/packages/env-tests/package.json b/packages/env-tests/package.json
index 7ea6280e37a..fee18e6b7b6 100644
--- a/packages/env-tests/package.json
+++ b/packages/env-tests/package.json
@@ -16,7 +16,7 @@
     "dotenv": "8.2.0",
     "jest": "26.4.2",
     "moment": "^2.29.0",
-    "twilio": "^3.23.2",
+    "twilio": "^3.57.0",
     "web3": "1.3.0"
   },
 
diff --git a/packages/faucet/package.json b/packages/faucet/package.json
index a7711782caa..26e9c5dbfee 100644
--- a/packages/faucet/package.json
+++ b/packages/faucet/package.json
@@ -26,7 +26,7 @@
     "firebase": "^7.8.0",
     "firebase-admin": "^8.10.0",
     "firebase-functions": "^3.6.0",
-    "twilio": "^3.39.3",
+    "twilio": "^3.57.0",
     "web3": "1.3.0"
   },
   "devDependencies": {
diff --git a/packages/phone-number-privacy/signer/package.json b/packages/phone-number-privacy/signer/package.json
index 9a36d9f7660..6d0b8b1a916 100644
--- a/packages/phone-number-privacy/signer/package.json
+++ b/packages/phone-number-privacy/signer/package.json
@@ -33,7 +33,7 @@
     "elliptic": "6.5.3",
     "express": "^4.17.1",
     "knex": "^0.21.1",
-    "mssql": "^6.2.0",
+    "mssql": "^6.3.1",
     "mysql2": "^2.1.0",
     "pg": "^8.2.1",
     "prom-client": "12.0.0",
diff --git a/packages/protocol/package.json b/packages/protocol/package.json
index 32574a3c39d..114f51aa1dd 100644
--- a/packages/protocol/package.json
+++ b/packages/protocol/package.json
@@ -81,7 +81,7 @@
     "truffle-plugin-blockscout-verify": "git+https://github.com/celo-org/truffle-plugin-blockscout-verify#91627b3",
     "truffle-resolver": "^5.0.16",
     "truffle-security": "^1.7.1",
-    "twilio": "^3.23.2",
+    "twilio": "^3.57.0",
     "weak-map": "^1.0.5",
     "web3": "1.3.0",
     "web3-core": "1.3.0",
diff --git a/yarn.lock b/yarn.lock
index 4e34d59f09e..48ba835da49 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -6340,7 +6340,7 @@
     "@types/node" "*"
     "@types/range-parser" "*"
 
-"@types/express@*", "@types/express@^4.17.2", "@types/express@^4.17.3", "@types/express@^4.17.6":
+"@types/express@*", "@types/express@^4.17.3", "@types/express@^4.17.6":
   version "4.17.8"
   resolved "https://registry.yarnpkg.com/@types/express/-/express-4.17.8.tgz#3df4293293317e61c60137d273a2e96cd8d5f27a"
   integrity sha512-wLhcKh3PMlyA2cNAB9sjM1BntnhPMiM0JOBwPBqttjHev2428MLEB4AYVN+d8s2iyCVZac+o41Pflm/ZH5vLXQ==
@@ -6360,16 +6360,6 @@
     "@types/qs" "*"
     "@types/serve-static" "*"
 
-"@types/express@^4.17.7":
-  version "4.17.9"
-  resolved "https://registry.yarnpkg.com/@types/express/-/express-4.17.9.tgz#f5f2df6add703ff28428add52bdec8a1091b0a78"
-  integrity sha512-SDzEIZInC4sivGIFY4Sz1GG6J9UObPwCInYJjko2jzOf/Imx/dlpume6Xxwj1ORL82tBbmN4cPDIDkLbWHk9hw==
-  dependencies:
-    "@types/body-parser" "*"
-    "@types/express-serve-static-core" "*"
-    "@types/qs" "*"
-    "@types/serve-static" "*"
-
 "@types/fbemitter@^2.0.32":
   version "2.0.32"
   resolved "https://registry.yarnpkg.com/@types/fbemitter/-/fbemitter-2.0.32.tgz#8ed204da0f54e9c8eaec31b1eec91e25132d082c"
@@ -6772,11 +6762,6 @@
   resolved "https://registry.yarnpkg.com/@types/qs/-/qs-6.9.1.tgz#937fab3194766256ee09fcd40b781740758617e7"
   integrity sha512-lhbQXx9HKZAPgBkISrBcmAcMpZsmpe/Cd/hY7LGZS5OfkySUBItnPZHgQPssWYUET8elF+yCFBbP1Q0RZPTdaw==
 
-"@types/qs@6.9.4":
-  version "6.9.4"
-  resolved "https://registry.yarnpkg.com/@types/qs/-/qs-6.9.4.tgz#a59e851c1ba16c0513ea123830dd639a0a15cb6a"
-  integrity sha512-+wYo+L6ZF6BMoEjtf8zB2esQsqdV6WsjRK/GP9WOgLPrq87PbNWgIxS76dS5uvl/QXtHGakZmwTznIfcPXcKlQ==
-
 "@types/randombytes@^2.0.0":
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/@types/randombytes/-/randombytes-2.0.0.tgz#0087ff5e60ae68023b9bc4398b406fea7ad18304"
@@ -8918,13 +8903,20 @@ axios@^0.18.0:
     follow-redirects "1.5.10"
     is-buffer "^2.0.2"
 
-axios@^0.19.0, axios@^0.19.2:
+axios@^0.19.0:
   version "0.19.2"
   resolved "https://registry.yarnpkg.com/axios/-/axios-0.19.2.tgz#3ea36c5d8818d0d5f8a8a97a6d36b86cdc00cb27"
   integrity sha512-fjgm5MvRHLhx+osE2xoekY70AhARk3a6hkN+3Io1jc00jtquGvxYlKlsFUhmUET0V5te6CcZI7lcv2Ym61mjHA==
   dependencies:
     follow-redirects "1.5.10"
 
+axios@^0.21.1:
+  version "0.21.1"
+  resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.1.tgz#22563481962f4d6bde9a76d516ef0e5d3c09b2b8"
+  integrity sha512-dKQiRHxGD9PPRIUNIWvZhPTPpl1rf/OxTYKsqKUDjBwYylTvV7SjSHJb9ratfyzM6wCdLCOYLzs73qpg5c4iGA==
+  dependencies:
+    follow-redirects "^1.10.0"
+
 babel-code-frame@^6.22.0, babel-code-frame@^6.26.0:
   version "6.26.0"
   resolved "https://registry.yarnpkg.com/babel-code-frame/-/babel-code-frame-6.26.0.tgz#63fd43f7dc1e3bb7ce35947db8fe369a3f58c74b"
@@ -12664,7 +12656,7 @@ dateformat@^3.0.0:
   resolved "https://registry.yarnpkg.com/dateformat/-/dateformat-3.0.3.tgz#a6e37499a4d9a9cf85ef5872044d62901c9889ae"
   integrity sha512-jyCETtSl3VMZMWeRo7iY1FL19ges1t55hMo5yaam4Jrsm5EPL89UQkoQRyiI+Yf4k8r2ZpdngkV8hr1lIdjb3Q==
 
-dayjs@^1.8.15, dayjs@^1.8.19:
+dayjs@^1.8.15:
   version "1.8.20"
   resolved "https://registry.yarnpkg.com/dayjs/-/dayjs-1.8.20.tgz#724a5cb6ad1f6fc066b0bd9a800dedcc7886f19e"
   integrity sha512-mH0MCDxw6UCGJYxVN78h8ugWycZAO8thkj3bW6vApL5tS0hQplIDdAQcmbvl7n35H0AKdCJQaArTrIQw2xt4Qg==
@@ -12719,7 +12711,7 @@ debug@3.2.6, debug@^3.0.1, debug@^3.1.0:
   dependencies:
     ms "^2.1.1"
 
-debug@4, debug@4.1.1, debug@^4, debug@^4.0.0, debug@^4.0.1, debug@^4.1.0, debug@^4.1.1:
+debug@4, debug@4.1.1, debug@^4.0.0, debug@^4.0.1, debug@^4.1.0, debug@^4.1.1:
   version "4.1.1"
   resolved "https://registry.yarnpkg.com/debug/-/debug-4.1.1.tgz#3b72260255109c6b589cee050f1d516139664791"
   integrity sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==
@@ -12733,6 +12725,13 @@ debug@4.1.0:
   dependencies:
     ms "^2.1.1"
 
+debug@^4.3.1:
+  version "4.3.1"
+  resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.1.tgz#f0d229c505e0c6d8c49ac553d1b13dc183f6b2ee"
+  integrity sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==
+  dependencies:
+    ms "2.1.2"
+
 debuglog@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/debuglog/-/debuglog-1.0.1.tgz#aa24ffb9ac3df9a2351837cfb2d279360cd78492"
@@ -16087,6 +16086,11 @@ follow-redirects@1.5.10:
   dependencies:
     debug "=3.1.0"
 
+follow-redirects@^1.10.0:
+  version "1.13.2"
+  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.13.2.tgz#dd73c8effc12728ba5cf4259d760ea5fb83e3147"
+  integrity sha512-6mPTgLxYm3r6Bkkg0vNM0HTjfGrOEtsfbhagQvbxDEsEkpNhw582upBaoRZylzen6krEmxXJgt9Ju6HiI4O7BA==
+
 fontfaceobserver@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/fontfaceobserver/-/fontfaceobserver-2.1.0.tgz#e2705d293e2c585a6531c2a722905657317a2991"
@@ -23922,6 +23926,11 @@ ms@2.1.1, ms@^2.0.0, ms@^2.1.1:
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.1.tgz#30a5864eb3ebb0a66f2ebe6d727af06a09d86e0a"
   integrity sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==
 
+ms@2.1.2:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009"
+  integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==
+
 msal@^1.0.2:
   version "1.2.1"
   resolved "https://registry.yarnpkg.com/msal/-/msal-1.2.1.tgz#08133e37ab0b9741866c89a3fadc55aadb980723"
@@ -23929,14 +23938,14 @@ msal@^1.0.2:
   dependencies:
     tslib "^1.9.3"
 
-mssql@^6.2.0:
-  version "6.2.0"
-  resolved "https://registry.yarnpkg.com/mssql/-/mssql-6.2.0.tgz#44af82701ffadf979baa0275b77a9ddb776f00c3"
-  integrity sha512-C1WcvpiyGGoNyA+rNae/87V4O47S1P75zqmITutxzamocccY8BsZA+cljXJvpnYbbGlmMB5eoSaVUSqR9NyLCg==
+mssql@^6.3.1:
+  version "6.3.1"
+  resolved "https://registry.yarnpkg.com/mssql/-/mssql-6.3.1.tgz#b6da02f9d4dc8f105ef54528a806922bac4aa20d"
+  integrity sha512-ammxrhbdDpcBWhiZLiy6miiU7ELt9qFbGvwmPbiufn+tBHAYUFR/AgwE4/v4jzPzbatowscmhFx1U61L91uVzQ==
   dependencies:
-    debug "^4"
+    debug "^4.3.1"
     tarn "^1.1.5"
-    tedious "^6.6.2"
+    tedious "^6.7.0"
 
 multi-progress@^2.0.0:
   version "2.0.0"
@@ -31007,7 +31016,7 @@ tdigest@^0.1.1:
   dependencies:
     bintrees "1.0.1"
 
-tedious@^6.6.2:
+tedious@^6.7.0:
   version "6.7.0"
   resolved "https://registry.yarnpkg.com/tedious/-/tedious-6.7.0.tgz#ad02365f16f9e0416b216e13d3f83c53addd42ca"
   integrity sha512-8qr7+sB0h4SZVQBRWUgHmYuOEflAOl2eihvxk0fVNvpvGJV4V5UC/YmSvebyfgyfwWcPO22/AnSbYVZZqf9wuQ==
@@ -32021,31 +32030,14 @@ tweetnacl@^1.0.0:
   resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-1.0.1.tgz#2594d42da73cd036bd0d2a54683dd35a6b55ca17"
   integrity sha512-kcoMoKTPYnoeS50tzoqjPY3Uv9axeuuFAZY9M/9zFnhoVvRfxz9K29IMPD7jGmt2c8SW7i3gT9WqDl2+nV7p4A==
 
-twilio@^3.23.2, twilio@^3.39.3:
-  version "3.39.3"
-  resolved "https://registry.yarnpkg.com/twilio/-/twilio-3.39.3.tgz#519fe68d1df0e25d658e27c4a52cfcca5fb5e02e"
-  integrity sha512-RxVuanhKyjvi6OqbvlKSuvwBIRAhlf5W3A9FkZsDBatVslvLGxxuB5y5SYkEqSZVBREFEt7/HqJpTuK1YUwMwQ==
+twilio@^3.57.0:
+  version "3.57.0"
+  resolved "https://registry.yarnpkg.com/twilio/-/twilio-3.57.0.tgz#626d212fb86c5d73abf23e7d39cb83f25d477a49"
+  integrity sha512-gt1NtEM647c/+KGcPiBEY2YCCrvm7nKXfd2bOT6PNYUAbBF5n0s3Ed0lYQW5BngpJEjeZROMZjfp9ikwehS/pg==
   dependencies:
-    "@types/express" "^4.17.2"
-    dayjs "^1.8.19"
-    jsonwebtoken "^8.5.1"
-    lodash "^4.17.15"
-    q "2.0.x"
-    request "^2.88.0"
-    rootpath "^0.1.2"
-    scmp "^2.1.0"
-    url-parse "^1.4.7"
-    xmlbuilder "^13.0.2"
-
-twilio@^3.51.0:
-  version "3.51.0"
-  resolved "https://registry.yarnpkg.com/twilio/-/twilio-3.51.0.tgz#0a3ca643f967a1bfc2319bc8fd11b91053ef001e"
-  integrity sha512-6TjXI7U1FWlKhqqdM2tKSZoq7MlRxv+K5IgKhKSrgcoYTm6/qZ51UwwY2rfVHUMicr6y6j4NgaBDrPiOtiu9Xg==
-  dependencies:
-    "@types/express" "^4.17.7"
-    "@types/qs" "6.9.4"
-    axios "^0.19.2"
+    axios "^0.21.1"
     dayjs "^1.8.29"
+    https-proxy-agent "^5.0.0"
     jsonwebtoken "^8.5.1"
     lodash "^4.17.19"
     q "2.0.x"