From 300531f7eb5c37ae29890af9ef09543e04986610 Mon Sep 17 00:00:00 2001
From: Torben Hansen <derhansen@gmail.com>
Date: Sun, 12 Jun 2022 07:49:04 +0200
Subject: [PATCH] [BUGFIX] Update guzzlehttp/guzzle to 6.5.7
The package guzzlehttp/guzzle has been updated to version 7.4.4
and 6.5.7 which both fix the security issues [1] and [2]. Since
TYPO3 is not affected by the issues by default, this is handled
as a public bugfix.
3rd party extensions may however be affected by the vulnerabilities
if `Authorization` or `Cookie` headers are used.
Executed commands:
composer require \
guzzlehttp/guzzle:^6.5.7 \
-W
composer require \
-d typo3/sysext/core \
guzzlehttp/guzzle:^6.5.7 \
--no-update
[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
[2] https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
Resolves: #97759
Releases: main, 11.5, 10.4
Change-Id: I6ed48f2b03e5e0ca82a9aa493499a5eaf65b184c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74879
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
---
composer.json | 2 +-
composer.lock | 70 ++++++++++++++++-----------------
typo3/sysext/core/composer.json | 2 +-
3 files changed, 37 insertions(+), 37 deletions(-)
diff --git a/composer.json b/composer.json
index b5679946347e..1d2952c7de9d 100644
--- a/composer.json
+++ b/composer.json
@@ -49,7 +49,7 @@
"doctrine/lexer": "^1.0",
"egulias/email-validator": "^2.1",
"enshrined/svg-sanitize": "^0.15.4",
- "guzzlehttp/guzzle": "^6.5.6",
+ "guzzlehttp/guzzle": "^6.5.7",
"guzzlehttp/psr7": "^1.8.5",
"lolli42/finediff": "^1.0.1",
"nikic/php-parser": "^4.10.4",
diff --git a/composer.lock b/composer.lock
index e504352743cf..cda9c83ff681 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "f8fab964e7095e6056d7a9e5121c1a3e",
+ "content-hash": "e114d709ddfd886b43e22cacbe66e199",
"packages": [
{
"name": "doctrine/annotations",
@@ -609,16 +609,16 @@
},
{
"name": "guzzlehttp/guzzle",
- "version": "6.5.6",
+ "version": "6.5.7",
"source": {
"type": "git",
"url": "https://github.com/guzzle/guzzle.git",
- "reference": "f092dd734083473658de3ee4bef093ed77d2689c"
+ "reference": "724562fa861e21a4071c652c8a159934e4f05592"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/guzzle/guzzle/zipball/f092dd734083473658de3ee4bef093ed77d2689c",
- "reference": "f092dd734083473658de3ee4bef093ed77d2689c",
+ "url": "https://api.github.com/repos/guzzle/guzzle/zipball/724562fa861e21a4071c652c8a159934e4f05592",
+ "reference": "724562fa861e21a4071c652c8a159934e4f05592",
"shasum": ""
},
"require": {
@@ -704,7 +704,7 @@
],
"support": {
"issues": "https://github.com/guzzle/guzzle/issues",
- "source": "https://github.com/guzzle/guzzle/tree/6.5.6"
+ "source": "https://github.com/guzzle/guzzle/tree/6.5.7"
},
"funding": [
{
@@ -720,7 +720,7 @@
"type": "tidelift"
}
],
- "time": "2022-05-25T13:19:12+00:00"
+ "time": "2022-06-09T21:36:50+00:00"
},
{
"name": "guzzlehttp/promises",
@@ -3291,16 +3291,16 @@
},
{
"name": "symfony/polyfill-intl-idn",
- "version": "v1.25.0",
+ "version": "v1.26.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-intl-idn.git",
- "reference": "749045c69efb97c70d25d7463abba812e91f3a44"
+ "reference": "59a8d271f00dd0e4c2e518104cc7963f655a1aa8"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/749045c69efb97c70d25d7463abba812e91f3a44",
- "reference": "749045c69efb97c70d25d7463abba812e91f3a44",
+ "url": "https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/59a8d271f00dd0e4c2e518104cc7963f655a1aa8",
+ "reference": "59a8d271f00dd0e4c2e518104cc7963f655a1aa8",
"shasum": ""
},
"require": {
@@ -3314,7 +3314,7 @@
"type": "library",
"extra": {
"branch-alias": {
- "dev-main": "1.23-dev"
+ "dev-main": "1.26-dev"
},
"thanks": {
"name": "symfony/polyfill",
@@ -3358,7 +3358,7 @@
"shim"
],
"support": {
- "source": "https://github.com/symfony/polyfill-intl-idn/tree/v1.25.0"
+ "source": "https://github.com/symfony/polyfill-intl-idn/tree/v1.26.0"
},
"funding": [
{
@@ -3374,20 +3374,20 @@
"type": "tidelift"
}
],
- "time": "2021-09-14T14:02:44+00:00"
+ "time": "2022-05-24T11:49:31+00:00"
},
{
"name": "symfony/polyfill-intl-normalizer",
- "version": "v1.25.0",
+ "version": "v1.26.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-intl-normalizer.git",
- "reference": "8590a5f561694770bdcd3f9b5c69dde6945028e8"
+ "reference": "219aa369ceff116e673852dce47c3a41794c14bd"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/8590a5f561694770bdcd3f9b5c69dde6945028e8",
- "reference": "8590a5f561694770bdcd3f9b5c69dde6945028e8",
+ "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/219aa369ceff116e673852dce47c3a41794c14bd",
+ "reference": "219aa369ceff116e673852dce47c3a41794c14bd",
"shasum": ""
},
"require": {
@@ -3399,7 +3399,7 @@
"type": "library",
"extra": {
"branch-alias": {
- "dev-main": "1.23-dev"
+ "dev-main": "1.26-dev"
},
"thanks": {
"name": "symfony/polyfill",
@@ -3442,7 +3442,7 @@
"shim"
],
"support": {
- "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.25.0"
+ "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.26.0"
},
"funding": [
{
@@ -3458,20 +3458,20 @@
"type": "tidelift"
}
],
- "time": "2021-02-19T12:13:01+00:00"
+ "time": "2022-05-24T11:49:31+00:00"
},
{
"name": "symfony/polyfill-mbstring",
- "version": "v1.25.0",
+ "version": "v1.26.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-mbstring.git",
- "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825"
+ "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/0abb51d2f102e00a4eefcf46ba7fec406d245825",
- "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825",
+ "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e",
+ "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e",
"shasum": ""
},
"require": {
@@ -3486,7 +3486,7 @@
"type": "library",
"extra": {
"branch-alias": {
- "dev-main": "1.23-dev"
+ "dev-main": "1.26-dev"
},
"thanks": {
"name": "symfony/polyfill",
@@ -3525,7 +3525,7 @@
"shim"
],
"support": {
- "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.25.0"
+ "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.26.0"
},
"funding": [
{
@@ -3541,20 +3541,20 @@
"type": "tidelift"
}
],
- "time": "2021-11-30T18:21:41+00:00"
+ "time": "2022-05-24T11:49:31+00:00"
},
{
"name": "symfony/polyfill-php72",
- "version": "v1.25.0",
+ "version": "v1.26.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-php72.git",
- "reference": "9a142215a36a3888e30d0a9eeea9766764e96976"
+ "reference": "bf44a9fd41feaac72b074de600314a93e2ae78e2"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/symfony/polyfill-php72/zipball/9a142215a36a3888e30d0a9eeea9766764e96976",
- "reference": "9a142215a36a3888e30d0a9eeea9766764e96976",
+ "url": "https://api.github.com/repos/symfony/polyfill-php72/zipball/bf44a9fd41feaac72b074de600314a93e2ae78e2",
+ "reference": "bf44a9fd41feaac72b074de600314a93e2ae78e2",
"shasum": ""
},
"require": {
@@ -3563,7 +3563,7 @@
"type": "library",
"extra": {
"branch-alias": {
- "dev-main": "1.23-dev"
+ "dev-main": "1.26-dev"
},
"thanks": {
"name": "symfony/polyfill",
@@ -3601,7 +3601,7 @@
"shim"
],
"support": {
- "source": "https://github.com/symfony/polyfill-php72/tree/v1.25.0"
+ "source": "https://github.com/symfony/polyfill-php72/tree/v1.26.0"
},
"funding": [
{
@@ -3617,7 +3617,7 @@
"type": "tidelift"
}
],
- "time": "2021-05-27T09:17:38+00:00"
+ "time": "2022-05-24T11:49:31+00:00"
},
{
"name": "symfony/polyfill-php73",
diff --git a/typo3/sysext/core/composer.json b/typo3/sysext/core/composer.json
index 59987f18822d..daf95762cb53 100644
--- a/typo3/sysext/core/composer.json
+++ b/typo3/sysext/core/composer.json
@@ -32,7 +32,7 @@
"doctrine/lexer": "^1.0",
"egulias/email-validator": "^2.1",
"enshrined/svg-sanitize": "^0.15.4",
- "guzzlehttp/guzzle": "^6.5.6",
+ "guzzlehttp/guzzle": "^6.5.7",
"guzzlehttp/psr7": "^1.8.5",
"lolli42/finediff": "^1.0.1",
"nikic/php-parser": "^4.10.4",
--
GitLab