From 24cde96a37f4fdebbca6d5255a4e7f33ec4d6b5d Mon Sep 17 00:00:00 2001
From: Torben Hansen <derhansen@gmail.com>
Date: Sun, 12 Jun 2022 07:49:04 +0200
Subject: [PATCH] [BUGFIX] Update guzzlehttp/guzzle to 7.4.4
The package guzzlehttp/guzzle has been updated to version 7.4.4
and 6.5.7 which both fix the security issues [1] and [2]. Since
TYPO3 is not affected by the issues by default, this is handled
as a public bugfix.
3rd party extensions may however be affected by the vulnerabilities
if `Authorization` or `Cookie` headers are used.
Executed commands:
composer require \
guzzlehttp/guzzle:^7.4.4 \
-W
composer require \
-d typo3/sysext/core \
guzzlehttp/guzzle:^7.4.4 \
--no-update
[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
[2] https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
Resolves: #97759
Releases: main, 11.5, 10.4
Change-Id: I6ed48f2b03e5e0ca82a9aa493499a5eaf65b184c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74878
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
---
composer.json | 2 +-
composer.lock | 28 ++++++++++++++--------------
typo3/sysext/core/composer.json | 2 +-
3 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/composer.json b/composer.json
index c9e81ac97663..ba983b98f808 100644
--- a/composer.json
+++ b/composer.json
@@ -54,7 +54,7 @@
"doctrine/lexer": "^1.2.3",
"egulias/email-validator": "^3.1",
"enshrined/svg-sanitize": "^0.15.4",
- "guzzlehttp/guzzle": "^7.4.3",
+ "guzzlehttp/guzzle": "^7.4.4",
"guzzlehttp/promises": "^1.4.0",
"guzzlehttp/psr7": "^1.8.5 || ^2.1.2",
"lolli42/finediff": "^1.0.1",
diff --git a/composer.lock b/composer.lock
index 792b38e23c51..a4f4f2c60414 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "e3c969146a7419d6be022bd87a9bce1b",
+ "content-hash": "e7b6ae1818b11f1b9deb74e5fd08f4b6",
"packages": [
{
"name": "bacon/bacon-qr-code",
@@ -823,16 +823,16 @@
},
{
"name": "guzzlehttp/guzzle",
- "version": "7.4.3",
+ "version": "7.4.4",
"source": {
"type": "git",
"url": "https://github.com/guzzle/guzzle.git",
- "reference": "74a8602c6faec9ef74b7a9391ac82c5e65b1cdab"
+ "reference": "e3ff079b22820c2029d4c2a87796b6a0b8716ad8"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/guzzle/guzzle/zipball/74a8602c6faec9ef74b7a9391ac82c5e65b1cdab",
- "reference": "74a8602c6faec9ef74b7a9391ac82c5e65b1cdab",
+ "url": "https://api.github.com/repos/guzzle/guzzle/zipball/e3ff079b22820c2029d4c2a87796b6a0b8716ad8",
+ "reference": "e3ff079b22820c2029d4c2a87796b6a0b8716ad8",
"shasum": ""
},
"require": {
@@ -927,7 +927,7 @@
],
"support": {
"issues": "https://github.com/guzzle/guzzle/issues",
- "source": "https://github.com/guzzle/guzzle/tree/7.4.3"
+ "source": "https://github.com/guzzle/guzzle/tree/7.4.4"
},
"funding": [
{
@@ -943,7 +943,7 @@
"type": "tidelift"
}
],
- "time": "2022-05-25T13:24:33+00:00"
+ "time": "2022-06-09T21:39:15+00:00"
},
{
"name": "guzzlehttp/promises",
@@ -1031,16 +1031,16 @@
},
{
"name": "guzzlehttp/psr7",
- "version": "2.2.1",
+ "version": "2.3.0",
"source": {
"type": "git",
"url": "https://github.com/guzzle/psr7.git",
- "reference": "c94a94f120803a18554c1805ef2e539f8285f9a2"
+ "reference": "83260bb50b8fc753c72d14dc1621a2dac31877ee"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/guzzle/psr7/zipball/c94a94f120803a18554c1805ef2e539f8285f9a2",
- "reference": "c94a94f120803a18554c1805ef2e539f8285f9a2",
+ "url": "https://api.github.com/repos/guzzle/psr7/zipball/83260bb50b8fc753c72d14dc1621a2dac31877ee",
+ "reference": "83260bb50b8fc753c72d14dc1621a2dac31877ee",
"shasum": ""
},
"require": {
@@ -1064,7 +1064,7 @@
"type": "library",
"extra": {
"branch-alias": {
- "dev-master": "2.2-dev"
+ "dev-master": "2.3-dev"
}
},
"autoload": {
@@ -1126,7 +1126,7 @@
],
"support": {
"issues": "https://github.com/guzzle/psr7/issues",
- "source": "https://github.com/guzzle/psr7/tree/2.2.1"
+ "source": "https://github.com/guzzle/psr7/tree/2.3.0"
},
"funding": [
{
@@ -1142,7 +1142,7 @@
"type": "tidelift"
}
],
- "time": "2022-03-20T21:55:58+00:00"
+ "time": "2022-06-09T08:26:02+00:00"
},
{
"name": "lolli42/finediff",
diff --git a/typo3/sysext/core/composer.json b/typo3/sysext/core/composer.json
index 348c101c201e..ac3bb299b180 100644
--- a/typo3/sysext/core/composer.json
+++ b/typo3/sysext/core/composer.json
@@ -37,7 +37,7 @@
"doctrine/lexer": "^1.2.3",
"egulias/email-validator": "^3.1",
"enshrined/svg-sanitize": "^0.15.4",
- "guzzlehttp/guzzle": "^7.4.3",
+ "guzzlehttp/guzzle": "^7.4.4",
"guzzlehttp/psr7": "^1.8.5 || ^2.1.2",
"lolli42/finediff": "^1.0.1",
"masterminds/html5": "^2.7.5",
--
GitLab