🚨 [security] [server] Update guzzlehttp/guzzle: 6.3.3 → 6.5.8 (minor) #15
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![depfu[bot]](https://avatars.githubusercontent.com/in/715?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Welcome to Depfu 👋
This is one of the first three pull requests with dependency updates we've sent your way. We tried to start with a few easy patch-level updates. Hopefully your tests will pass and you can merge this pull request without too much risk. This should give you an idea how Depfu works in general.
After you merge your first pull request, we'll send you a few more. We'll never open more than seven PRs at the same time so you're not getting overwhelmed with updates.
Let us know if you have any questions. Thanks so much for giving Depfu a try!
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
Security Advisories 🚨
🚨 CURLOPT_HTTPAUTH option not cleared on change of origin
🚨 Change in port should be considered a change in origin
🚨 Failure to strip the Cookie header on change in host or HTTP downgrade
🚨 Fix failure to strip Authorization header on HTTP downgrade
🚨 Cross-domain cookie leakage in Guzzle
Release Notes
6.5.7
6.5.6
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 1 commit:
Release 6.5.8 (#3042)Release Notes
1.5.1
1.4.1
1.4.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 65 commits:
Release 1.5.1Revert "Call handler when waiting on fulfilled/rejected Promise (#135)" (#146)Fix pool memory leak when empty array of promises provided (#144)Release 1.5.0Bumped branch aliasFix manually settle promises generated with Utils::task (#136)Call handler when waiting on fulfilled/rejected Promise (#135)Upgrade PHP-CS-Fixer to 3.x (#141)Support PHP 8.1 (#140)Updated docsRelease 1.4.1 (#137)Update .gitattributes (#132)Use incrementing counter to generate pending indexes. (#134)Prepare for 1.4.0 (#123)Fix memory leak (#128)Added tests for repeated calls to wait() (#127)Use travis_retry to mitigate random errors (#126)Test on PHP 5.5.9 again (#125)Fix some namespaces in tests/ (#124)Test on PHP8 (#122)Dont test PHP on travis (#121)Fixed Psalm & PHPStan issues (#120)Added CI with Github actions (#119)Param type fix for inspect_all() (#104)remove useless code (#115)Extracted functions to static methods (#113)Merge pull request #110 from GrahamCampbell/php-55Changed branch alias to 1.3-devRestored support for PHP 5.5 and HHVM 3Merge pull request #95 from ikeyan/patch-1Merge pull request #105 from jimcottrell/masterReject promise instead of throwing if coroutine throws before 1st yield (#98)Merge pull request #106 from guzzle/gmponos-patch-1Update .travis.ymlAdd explicit object checks before calling method_exists()Merge pull request #102 from guzzle/help-code-analysershelp code analysers not confuse each function with the deprecated php global oneMerge pull request #81 from Tobion/hhvm-yield-syntaxfix risky testsremove hhvm and php 5.5 supportunify use-statement usageMake Promise.php shorter and more readableMerge pull request #94 from andreybolonin/patch-1add php 7.3 to travisMerge pull request #90 from baileylo/patch-1Grammar Fix of Inline CommentMerge pull request #88 from gmponos/patch-1Update .travis.ymlMerge pull request #85 from stevenwadejr/patch-1Fix spelling error in functions.phpMerge pull request #80 from Tobion/test-cleanupMerge pull request #77 from Tobion/patch-1it cannot be a fulfilled promise as it is not resolved with the pending array but with the queue. so it wouldn't fail with duplicate keysFix promise handling for Iterators of non-unique keysadd test for cancelled eachpromiseremove duplicate logic from #10 and #64use ::class constantuse namespaced phpunit classesMerge pull request #79 from ntzm/patch-1Fix misplaced " in READMEMerge pull request #63 from bpolaszek/fix-46Merge pull request #64 from alexeyshockov/resolve-empty-each-promisesResolve EachPromise in case of an empty listCheck the wait function is called only once when using recursionFix #46Security Advisories 🚨
🚨 Improper Input Validation in guzzlehttp/psr7
Release Notes
1.8.5
1.8.4
1.8.3
1.8.2
1.8.0
1.7.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Commits
See the full diff on Github. The new version differs by 17 commits:
Merge pull request #9 from peter279k/test_enhancementTest enhancementMerge pull request #8 from ralouphie/hotfix/composer-installRemove composer.json from .gitattributesMerge pull request #6 from GrahamCampbell/patch-1Merge pull request #5 from gmponos/patch-1Test on PHP 7.3Test on php 7.3Break from PHP < 5.6 for version 3Downgrade to PHPUnit 5.Merge pull request #4 from reedy/reedy-patch-2Upgrade PHPUnit.Update .travis.ymlMerge pull request #3 from reedy/reedy-patch-1Added PHP 7.1 and 7.2 to .travis.ymlexport-ignore tests tooAdd .gitattributesCommits
See the full diff on Github. The new version differs by 45 commits:
Update changelogUpdate CHANGELOG.mdPassing null to preg_split() throws deprecation on PHP 8.1Passing null to strpos() throws deprecation on PHP 8.1Indicates that polyfills provides corresponding extensions[Mbstring] fix throwing from mb_substitute_character on PHP >= 8Fixed `grapheme_str(r)ipos()`Update to Unicode 13Various fixes[mbstring] add return value to mb_parse_str (#351)minor #349 Use fully-qualified iconv calls in the mbstring polyfill (stof)Use fully-qualified iconv calls in the mbstring polyfillUpdate CHANGELOG and branch-aliasAlways accept null values on PHP 8Add polyfill-php81Update and apply CS rulesAdjust mbstring polyfill for PHP 8Verify the signature of polyfills on PHP >= 8Drop polyfills for PHP <= 7.1 from the metapackageBump minimum PHP version to 7.1Fix the name of arguments for PHP 8Update branch-alias for main + v1.19Fix php8 error passing too many arguments to strrchrUpdate CHANGELOG and branch-aliasAdd missing "extra.thanks" entries in composer.jsonBump unicode dataFix declaring extra constants when `intl` is loadedBump for 1.17.0Add separate checks for all polyfilled functions and constantsBumped branch aliasFix support for preloadingBump branch-aliasAdd link in intl idn readmePHP 8.0 - add fdiv() function polyfill[Mbstring] fix `mb_str_split()` ignoring new-line charactersminor #199 Optimization of mb_str_split (kamil-tekiela)Optimization of mb_str_split[Uuid] Added the polyfill[Mbstring] fix mb_strrpos with negative offsetbump branch-alias and update changelogfeature #181 add new PHP 7.4 functions (IonBazan)add new PHP 7.4 functions[Mbstring ] fix mb_substr return typeAdded missing polyfill for JsonExceptionUpdate year in license fileCommits
See the full diff on Github. The new version differs by 28 commits:
Update changelogUpdate CHANGELOG.mdupdate Php72 README about mbstring functionsVarious fixesUpdate CHANGELOG and branch-aliasAdd polyfill-php81Update and apply CS rulesDrop polyfills for PHP <= 7.1 from the metapackageBump minimum PHP version to 7.1Fix the name of arguments for PHP 8Update branch-alias for main + v1.19Fix null comparisonUpdate CHANGELOG and branch-aliasAdd missing "extra.thanks" entries in composer.jsonFix declaring extra constants when `intl` is loadedBump for 1.17.0fix a minor typoAdd polyfill for `PHP_FLOAT_*` constantsAdd separate checks for all polyfilled functions and constantsBumped branch aliasFix the polyfill for spl_object_id()Bump branch-aliasAdd link in intl idn readmePHP 8.0 - add fdiv() function polyfill[Uuid] Added the polyfillbump branch-alias and update changelogAdded missing polyfill for JsonExceptionUpdate year in license file🆕 symfony/polyfill-intl-idn (added, 1.26.0)
🆕 symfony/polyfill-intl-normalizer (added, 1.26.0)
🗑️ laravel/envoy (removed)
🗑️ nategood/httpful (removed)
👉 No CI detected
You don't seem to have any Continuous Integration service set up!
Without a service that will test the Depfu branches and pull requests, we can't inform you if incoming updates actually work with your app. We think that this degrades the service we're trying to provide down to a point where it is more or less meaningless.
This is fine if you just want to give Depfu a quick try. If you want to really let Depfu help you keep your app up-to-date, we recommend setting up a CI system:
depfu/.Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands