chore: Update axios to 1.6 to pull in fix for CVE 2023 45857 (#971)

* Update axios to 1.6.0 Fixes CVE-2023-45857 * Explicit type return on Promise TypeScript's automatic type resolution for the promise returned by the function in getExponentialBackoffResponseHandler determines that it returns a Promise<unknown>. This commit forces TypeScript to recognize that the resolved object is of type Promise<AxiosResponse>. --------- Co-authored-by: Shubham <tiwarishubham635@gmail.com>
twilio · Nov 9, 2023 · a981eb0 · a981eb0
1 parent e7bbeb1
commit a981eb0
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/package.json b/package.json
@@ -20,7 +20,7 @@
     "url": "https://github.com/twilio/twilio-node.git"
   },
   "dependencies": {
-    "axios": "^0.26.1",
+    "axios": "^1.6.0",
     "dayjs": "^1.11.9",
     "https-proxy-agent": "^5.0.0",
     "jsonwebtoken": "^9.0.0",

diff --git a/src/base/RequestClient.ts b/src/base/RequestClient.ts
@@ -57,7 +57,7 @@ function getExponentialBackoffResponseHandler(
       );
       const delay = Math.floor(baseDelay * Math.random()); // Full jitter backoff
 
-      return new Promise((resolve) => {
+      return new Promise((resolve: (value: Promise<AxiosResponse>) => void) => {
         setTimeout(() => resolve(axios(config)), delay);
       });
     }