From a1dafd405f81b4e6f7d3987fb2011ae06f6756d5 Mon Sep 17 00:00:00 2001
From: Andreas Fernandez <a.fernandez@scripting-base.de>
Date: Wed, 22 Jun 2022 08:10:47 +0200
Subject: [PATCH] [BUGFIX] Update guzzlehttp/guzzle to 6.5.8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The maintainers of the package guzzlehttp/guzzle released a new version
6.5.8 that fixes two security issues:
* CURLOPT_HTTPAUTH option not cleared on change of origin [1]
* Change in port should be considered a change in origin [2]
Executed commands:
composer require \
guzzlehttp/guzzle:^6.5.8 \
-W
composer require \
-d typo3/sysext/core \
guzzlehttp/guzzle:^6.5.8 \
--no-update
[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
[2] https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699
Resolves: #97802
Releases: main, 11.5, 10.4
Change-Id: Ia49f75f8ed078beb43ba42f89efdd8e68ee146c5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74973
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
---
composer.json | 2 +-
composer.lock | 32 ++++++++++++++++----------------
typo3/sysext/core/composer.json | 2 +-
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/composer.json b/composer.json
index 1d2952c7de9d..abf6a5534226 100644
--- a/composer.json
+++ b/composer.json
@@ -49,7 +49,7 @@
"doctrine/lexer": "^1.0",
"egulias/email-validator": "^2.1",
"enshrined/svg-sanitize": "^0.15.4",
- "guzzlehttp/guzzle": "^6.5.7",
+ "guzzlehttp/guzzle": "^6.5.8",
"guzzlehttp/psr7": "^1.8.5",
"lolli42/finediff": "^1.0.1",
"nikic/php-parser": "^4.10.4",
diff --git a/composer.lock b/composer.lock
index cda9c83ff681..464f90459889 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "e114d709ddfd886b43e22cacbe66e199",
+ "content-hash": "c27fd345db6d142f20111304658ac1e8",
"packages": [
{
"name": "doctrine/annotations",
@@ -609,24 +609,24 @@
},
{
"name": "guzzlehttp/guzzle",
- "version": "6.5.7",
+ "version": "6.5.8",
"source": {
"type": "git",
"url": "https://github.com/guzzle/guzzle.git",
- "reference": "724562fa861e21a4071c652c8a159934e4f05592"
+ "reference": "a52f0440530b54fa079ce76e8c5d196a42cad981"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/guzzle/guzzle/zipball/724562fa861e21a4071c652c8a159934e4f05592",
- "reference": "724562fa861e21a4071c652c8a159934e4f05592",
+ "url": "https://api.github.com/repos/guzzle/guzzle/zipball/a52f0440530b54fa079ce76e8c5d196a42cad981",
+ "reference": "a52f0440530b54fa079ce76e8c5d196a42cad981",
"shasum": ""
},
"require": {
"ext-json": "*",
"guzzlehttp/promises": "^1.0",
- "guzzlehttp/psr7": "^1.6.1",
+ "guzzlehttp/psr7": "^1.9",
"php": ">=5.5",
- "symfony/polyfill-intl-idn": "^1.17.0"
+ "symfony/polyfill-intl-idn": "^1.17"
},
"require-dev": {
"ext-curl": "*",
@@ -704,7 +704,7 @@
],
"support": {
"issues": "https://github.com/guzzle/guzzle/issues",
- "source": "https://github.com/guzzle/guzzle/tree/6.5.7"
+ "source": "https://github.com/guzzle/guzzle/tree/6.5.8"
},
"funding": [
{
@@ -720,7 +720,7 @@
"type": "tidelift"
}
],
- "time": "2022-06-09T21:36:50+00:00"
+ "time": "2022-06-20T22:16:07+00:00"
},
{
"name": "guzzlehttp/promises",
@@ -808,16 +808,16 @@
},
{
"name": "guzzlehttp/psr7",
- "version": "1.8.5",
+ "version": "1.9.0",
"source": {
"type": "git",
"url": "https://github.com/guzzle/psr7.git",
- "reference": "337e3ad8e5716c15f9657bd214d16cc5e69df268"
+ "reference": "e98e3e6d4f86621a9b75f623996e6bbdeb4b9318"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/guzzle/psr7/zipball/337e3ad8e5716c15f9657bd214d16cc5e69df268",
- "reference": "337e3ad8e5716c15f9657bd214d16cc5e69df268",
+ "url": "https://api.github.com/repos/guzzle/psr7/zipball/e98e3e6d4f86621a9b75f623996e6bbdeb4b9318",
+ "reference": "e98e3e6d4f86621a9b75f623996e6bbdeb4b9318",
"shasum": ""
},
"require": {
@@ -838,7 +838,7 @@
"type": "library",
"extra": {
"branch-alias": {
- "dev-master": "1.7-dev"
+ "dev-master": "1.9-dev"
}
},
"autoload": {
@@ -898,7 +898,7 @@
],
"support": {
"issues": "https://github.com/guzzle/psr7/issues",
- "source": "https://github.com/guzzle/psr7/tree/1.8.5"
+ "source": "https://github.com/guzzle/psr7/tree/1.9.0"
},
"funding": [
{
@@ -914,7 +914,7 @@
"type": "tidelift"
}
],
- "time": "2022-03-20T21:51:18+00:00"
+ "time": "2022-06-20T21:43:03+00:00"
},
{
"name": "lolli42/finediff",
diff --git a/typo3/sysext/core/composer.json b/typo3/sysext/core/composer.json
index daf95762cb53..239d4610ea9e 100644
--- a/typo3/sysext/core/composer.json
+++ b/typo3/sysext/core/composer.json
@@ -32,7 +32,7 @@
"doctrine/lexer": "^1.0",
"egulias/email-validator": "^2.1",
"enshrined/svg-sanitize": "^0.15.4",
- "guzzlehttp/guzzle": "^6.5.7",
+ "guzzlehttp/guzzle": "^6.5.8",
"guzzlehttp/psr7": "^1.8.5",
"lolli42/finediff": "^1.0.1",
"nikic/php-parser": "^4.10.4",
--
GitLab