Commit 8cf1f942 authored by Torben Hansen's avatar Torben Hansen Committed by Oliver Hader
Browse files

[BUGFIX] Update guzzlehttp/guzzle to 7.4.4

The package guzzlehttp/guzzle has been updated to version 7.4.4
and 6.5.7 which both fix the security issues [1] and [2]. Since
TYPO3 is not affected by the issues by default, this is handled
as a public bugfix.

3rd party extensions may however be affected by the vulnerabilities
if `Authorization` or `Cookie` headers are used.

Executed commands:

    composer require \
        guzzlehttp/guzzle:^7.4.4 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^7.4.4 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
[2] https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9

Resolves: #97759
Releases: main, 11.5, 10.4
Change-Id: I6ed48f2b03e5e0ca82a9aa493499a5eaf65b184c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74876


Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
Tested-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Klee's avatarOliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
parent edad6900
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "7b690f9d894fba5f19a97c186850abdf", "content-hash": "9a58031d982feb74aab0f411eb0851f4",
"packages": [ "packages": [
{ {
"name": "bacon/bacon-qr-code", "name": "bacon/bacon-qr-code",
...@@ -775,16 +775,16 @@ ...@@ -775,16 +775,16 @@
}, },
{ {
"name": "guzzlehttp/guzzle", "name": "guzzlehttp/guzzle",
"version": "7.4.3", "version": "7.4.4",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/guzzle/guzzle.git", "url": "https://github.com/guzzle/guzzle.git",
"reference": "74a8602c6faec9ef74b7a9391ac82c5e65b1cdab" "reference": "e3ff079b22820c2029d4c2a87796b6a0b8716ad8"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab", "url": "https://api.github.com/repos/guzzle/guzzle/zipball/e3ff079b22820c2029d4c2a87796b6a0b8716ad8",
"reference": "74a8602c6faec9ef74b7a9391ac82c5e65b1cdab", "reference": "e3ff079b22820c2029d4c2a87796b6a0b8716ad8",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
...@@ -879,7 +879,7 @@ ...@@ -879,7 +879,7 @@
], ],
"support": { "support": {
"issues": "https://github.com/guzzle/guzzle/issues", "issues": "https://github.com/guzzle/guzzle/issues",
"source": "https://github.com/guzzle/guzzle/tree/7.4.3" "source": "https://github.com/guzzle/guzzle/tree/7.4.4"
}, },
"funding": [ "funding": [
{ {
...@@ -895,7 +895,7 @@ ...@@ -895,7 +895,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2022-05-25T13:24:33+00:00" "time": "2022-06-09T21:39:15+00:00"
}, },
{ {
"name": "guzzlehttp/promises", "name": "guzzlehttp/promises",
...@@ -983,16 +983,16 @@ ...@@ -983,16 +983,16 @@
}, },
{ {
"name": "guzzlehttp/psr7", "name": "guzzlehttp/psr7",
"version": "2.2.1", "version": "2.3.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/guzzle/psr7.git", "url": "https://github.com/guzzle/psr7.git",
"reference": "c94a94f120803a18554c1805ef2e539f8285f9a2" "reference": "83260bb50b8fc753c72d14dc1621a2dac31877ee"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/guzzle/psr7/zipball/c94a94f120803a18554c1805ef2e539f8285f9a2", "url": "https://api.github.com/repos/guzzle/psr7/zipball/83260bb50b8fc753c72d14dc1621a2dac31877ee",
"reference": "c94a94f120803a18554c1805ef2e539f8285f9a2", "reference": "83260bb50b8fc753c72d14dc1621a2dac31877ee",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
...@@ -1016,7 +1016,7 @@ ...@@ -1016,7 +1016,7 @@
"type": "library", "type": "library",
"extra": { "extra": {
"branch-alias": { "branch-alias": {
"dev-master": "2.2-dev" "dev-master": "2.3-dev"
} }
}, },
"autoload": { "autoload": {
...@@ -1078,7 +1078,7 @@ ...@@ -1078,7 +1078,7 @@
], ],
"support": { "support": {
"issues": "https://github.com/guzzle/psr7/issues", "issues": "https://github.com/guzzle/psr7/issues",
"source": "https://github.com/guzzle/psr7/tree/2.2.1" "source": "https://github.com/guzzle/psr7/tree/2.3.0"
}, },
"funding": [ "funding": [
{ {
...@@ -1094,7 +1094,7 @@ ...@@ -1094,7 +1094,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2022-03-20T21:55:58+00:00" "time": "2022-06-09T08:26:02+00:00"
}, },
{ {
"name": "lolli42/finediff", "name": "lolli42/finediff",
...@@ -2406,25 +2406,25 @@ ...@@ -2406,25 +2406,25 @@
}, },
{ {
"name": "symfony/deprecation-contracts", "name": "symfony/deprecation-contracts",
"version": "v3.0.1", "version": "v3.1.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/deprecation-contracts.git", "url": "https://github.com/symfony/deprecation-contracts.git",
"reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c" "reference": "07f1b9cc2ffee6aaafcf4b710fbc38ff736bd918"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/26954b3d62a6c5fd0ea8a2a00c0353a14978d05c", "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/07f1b9cc2ffee6aaafcf4b710fbc38ff736bd918",
"reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c", "reference": "07f1b9cc2ffee6aaafcf4b710fbc38ff736bd918",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"php": ">=8.0.2" "php": ">=8.1"
}, },
"type": "library", "type": "library",
"extra": { "extra": {
"branch-alias": { "branch-alias": {
"dev-main": "3.0-dev" "dev-main": "3.1-dev"
}, },
"thanks": { "thanks": {
"name": "symfony/contracts", "name": "symfony/contracts",
...@@ -2453,7 +2453,7 @@ ...@@ -2453,7 +2453,7 @@
"description": "A generic function and convention to trigger deprecation notices", "description": "A generic function and convention to trigger deprecation notices",
"homepage": "https://symfony.com", "homepage": "https://symfony.com",
"support": { "support": {
"source": "https://github.com/symfony/deprecation-contracts/tree/v3.0.1" "source": "https://github.com/symfony/deprecation-contracts/tree/v3.1.0"
}, },
"funding": [ "funding": [
{ {
...@@ -2469,7 +2469,7 @@ ...@@ -2469,7 +2469,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2022-01-02T09:55:41+00:00" "time": "2022-02-25T11:15:52+00:00"
}, },
{ {
"name": "symfony/event-dispatcher", "name": "symfony/event-dispatcher",
......
...@@ -38,7 +38,7 @@ ...@@ -38,7 +38,7 @@
"doctrine/lexer": "^1.2.3", "doctrine/lexer": "^1.2.3",
"egulias/email-validator": "^3.1", "egulias/email-validator": "^3.1",
"enshrined/svg-sanitize": "^0.15.4", "enshrined/svg-sanitize": "^0.15.4",
"guzzlehttp/guzzle": "^7.4.3", "guzzlehttp/guzzle": "^7.4.4",
"guzzlehttp/psr7": "^1.8.5 || ^2.1.2", "guzzlehttp/psr7": "^1.8.5 || ^2.1.2",
"lolli42/finediff": "^1.0.1", "lolli42/finediff": "^1.0.1",
"masterminds/html5": "^2.7.5", "masterminds/html5": "^2.7.5",
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment