N°6238 Security hardening

lib/guzzlehttp/guzzle/CHANGELOG.md

@@ -2,20 +2,83 @@
 
 Please refer to [UPGRADING](UPGRADING.md) guide for upgrading to a major version.
 
+
+## 7.7.0 - 2023-05-21
+
+### Added
+
+- Support `guzzlehttp/promises` v2
+
+
+## 7.6.1 - 2023-05-15
+
+### Fixed
+
+- Fix `SetCookie::fromString` MaxAge deprecation warning and skip invalid MaxAge values
+
+
+## 7.6.0 - 2023-05-14
+
+### Added
+
+- Support for setting the minimum TLS version in a unified way
+- Apply on request the version set in options parameters
+
+
+## 7.5.2 - 2023-05-14
+
+### Fixed
+
+- Fixed set cookie constructor validation
+- Fixed handling of files with `'0'` body
+
+### Changed
+
+- Corrected docs and default connect timeout value to 300 seconds
+
+
+## 7.5.1 - 2023-04-17
+
+### Fixed
+
+- Fixed `NO_PROXY` settings so that setting the `proxy` option to `no` overrides the env variable
+
+### Changed
+
+- Adjusted `guzzlehttp/psr7` version constraint to `^1.9.1 || ^2.4.5`
+
+
+## 7.5.0 - 2022-08-28
+
+### Added
+
+- Support PHP 8.2
+- Add request to delay closure params
+
+
 ## 7.4.5 - 2022-06-20
 
+### Fixed
+
 * Fix change in port should be considered a change in origin
 * Fix `CURLOPT_HTTPAUTH` option not cleared on change of origin
 
+
 ## 7.4.4 - 2022-06-09
 
+### Fixed
+
 * Fix failure to strip Authorization header on HTTP downgrade
 * Fix failure to strip the Cookie header on change in host or HTTP downgrade
 
+
 ## 7.4.3 - 2022-05-25
 
+### Fixed
+
 * Fix cross-domain cookie leakage
 
+
 ## 7.4.2 - 2022-03-20
 
 ### Fixed
@@ -24,6 +87,7 @@ Please refer to [UPGRADING](UPGRADING.md) guide for upgrading to a major version
 - Reject non-HTTP schemes in StreamHandler
 - Set a default ssl.peer_name context in StreamHandler to allow `force_ip_resolve`
 
+
 ## 7.4.1 - 2021-12-06
 
 ### Changed
@@ -35,6 +99,7 @@ Please refer to [UPGRADING](UPGRADING.md) guide for upgrading to a major version
 
 - Only close curl handle if it's done [#2950](https://github.com/guzzle/guzzle/pull/2950)
 
+
 ## 7.4.0 - 2021-10-18
 
 ### Added
@@ -52,6 +117,7 @@ Please refer to [UPGRADING](UPGRADING.md) guide for upgrading to a major version
 
 - Be more strict with types [#2914](https://github.com/guzzle/guzzle/pull/2914), [#2917](https://github.com/guzzle/guzzle/pull/2917), [#2919](https://github.com/guzzle/guzzle/pull/2919), [#2945](https://github.com/guzzle/guzzle/pull/2945)
 
+
 ## 7.3.0 - 2021-03-23
 
 ### Added
@@ -64,6 +130,7 @@ Please refer to [UPGRADING](UPGRADING.md) guide for upgrading to a major version
 
 - Handle exceptions on invalid header consistently between PHP versions and handlers [#2872](https://github.com/guzzle/guzzle/pull/2872)
 
+
 ## 7.2.0 - 2020-10-10
 
 ### Added
@@ -86,6 +153,7 @@ Please refer to [UPGRADING](UPGRADING.md) guide for upgrading to a major version
 
 - Using environment variable GUZZLE_CURL_SELECT_TIMEOUT [#2786](https://github.com/guzzle/guzzle/pull/2786)
 
+
 ## 7.1.1 - 2020-09-30
 
 ### Fixed
@@ -97,6 +165,7 @@ Please refer to [UPGRADING](UPGRADING.md) guide for upgrading to a major version
 - We dont connect curl `sink` on HEAD requests.
 - Removed some PHP 5 workarounds
 
+
 ## 7.1.0 - 2020-09-22
 
 ### Added
@@ -119,14 +188,17 @@ Please refer to [UPGRADING](UPGRADING.md) guide for upgrading to a major version
 - `Utils::defaultCaBundle()`
 - `CurlFactory::LOW_CURL_VERSION_NUMBER`
 
+
 ## 7.0.1 - 2020-06-27
 
 * Fix multiply defined functions fatal error [#2699](https://github.com/guzzle/guzzle/pull/2699)
 
+
 ## 7.0.0 - 2020-06-27
 
 No changes since 7.0.0-rc1.
 
+
 ## 7.0.0-rc1 - 2020-06-15
 
 ### Changed
@@ -134,6 +206,7 @@ No changes since 7.0.0-rc1.
 * Use error level for logging errors in Middleware [#2629](https://github.com/guzzle/guzzle/pull/2629)
 * Disabled IDN support by default and require ext-intl to use it [#2675](https://github.com/guzzle/guzzle/pull/2675)
 
+
 ## 7.0.0-beta2 - 2020-05-25
 
 ### Added
@@ -159,6 +232,7 @@ No changes since 7.0.0-rc1.
 
 * Pool option `pool_size` [#2528](https://github.com/guzzle/guzzle/pull/2528)
 
+
 ## 7.0.0-beta1 - 2019-12-30
 
 The diff might look very big but 95% of Guzzle users will be able to upgrade without modification.
@@ -192,15 +266,18 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
 * `uri_template()` and `UriTemplate` [#2440](https://github.com/guzzle/guzzle/pull/2440)
 * Request options `save_to` and `exceptions` [#2464](https://github.com/guzzle/guzzle/pull/2464)
 
+
 ## 6.5.2 - 2019-12-23
 
 * idn_to_ascii() fix for old PHP versions [#2489](https://github.com/guzzle/guzzle/pull/2489)
 
+
 ## 6.5.1 - 2019-12-21
 
 * Better defaults for PHP installations with old ICU lib [#2454](https://github.com/guzzle/guzzle/pull/2454)
 * IDN support for redirects [#2424](https://github.com/guzzle/guzzle/pull/2424)
 
+
 ## 6.5.0 - 2019-12-07
 
 * Improvement: Added support for reset internal queue in MockHandler. [#2143](https://github.com/guzzle/guzzle/pull/2143)
@@ -210,11 +287,13 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
 * Fix: Prevent undefined offset when using array for ssl_key options. [#2348](https://github.com/guzzle/guzzle/pull/2348)
 * Deprecated `ClientInterface::VERSION`
 
+
 ## 6.4.1 - 2019-10-23
 
 * No `guzzle.phar` was created in 6.4.0 due expired API token. This release will fix that
 * Added `parent::__construct()` to `FileCookieJar` and `SessionCookieJar`
 
+
 ## 6.4.0 - 2019-10-23
 
 * Improvement: Improved error messages when using curl < 7.21.2 [#2108](https://github.com/guzzle/guzzle/pull/2108)
@@ -227,6 +306,7 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
 * Fix: Prevent concurrent writes to file when saving `CookieJar` [#2335](https://github.com/guzzle/guzzle/pull/2335)
 * Improvement: Update `MockHandler` so we can test transfer time [#2362](https://github.com/guzzle/guzzle/pull/2362)
 
+
 ## 6.3.3 - 2018-04-22
 
 * Fix: Default headers when decode_content is specified
@@ -268,13 +348,14 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
 * Bug fix: Fill `CURLOPT_CAPATH` and `CURLOPT_CAINFO` properly [#1684](https://github.com/guzzle/guzzle/pull/1684)
 * Improvement:  	Use `\GuzzleHttp\Promise\rejection_for` function instead of object init [#1827](https://github.com/guzzle/guzzle/pull/1827)
 
-
 + Minor code cleanups, documentation fixes and clarifications.
 
+
 ## 6.2.3 - 2017-02-28
 
 * Fix deprecations with guzzle/psr7 version 1.4
 
+
 ## 6.2.2 - 2016-10-08
 
 * Allow to pass nullable Response to delay callable
@@ -282,6 +363,7 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
 * Fix drain case where content-length is the literal string zero
 * Obfuscate in-URL credentials in exceptions
 
+
 ## 6.2.1 - 2016-07-18
 
 * Address HTTP_PROXY security vulnerability, CVE-2016-5385:
@@ -292,6 +374,7 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
   a server does not honor `Connection: close`.
 * Ignore URI fragment when sending requests.
 
+
 ## 6.2.0 - 2016-03-21
 
 * Feature: added `GuzzleHttp\json_encode` and `GuzzleHttp\json_decode`.
@@ -311,6 +394,7 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
 * Bug fix: provide an empty string to `http_build_query` for HHVM workaround.
   https://github.com/guzzle/guzzle/pull/1367
 
+
 ## 6.1.1 - 2015-11-22
 
 * Bug fix: Proxy::wrapSync() now correctly proxies to the appropriate handler
@@ -326,6 +410,7 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
 * Bug fix: fixed regression where MockHandler was not using `sink`.
   https://github.com/guzzle/guzzle/pull/1292
 
+
 ## 6.1.0 - 2015-09-08
 
 * Feature: Added the `on_stats` request option to provide access to transfer
@@ -360,6 +445,7 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
 * Bug fix: Adding a Content-Length to PHP stream wrapper requests if not set.
   https://github.com/guzzle/guzzle/pull/1189
 
+
 ## 6.0.2 - 2015-07-04
 
 * Fixed a memory leak in the curl handlers in which references to callbacks
@@ -377,6 +463,7 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
 * Functions are now conditionally required using an additional level of
   indirection to help with global Composer installations.
 
+
 ## 6.0.1 - 2015-05-27
 
 * Fixed a bug with serializing the `query` request option where the `&`
@@ -385,6 +472,7 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
   use `form_params` or `multipart` instead.
 * Various doc fixes.
 
+
 ## 6.0.0 - 2015-05-26
 
 * See the UPGRADING.md document for more information.
@@ -409,6 +497,7 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
 * `$maxHandles` has been removed from CurlMultiHandler.
 * `MultipartPostBody` is now part of the `guzzlehttp/psr7` package.
 
+
 ## 5.3.0 - 2015-05-19
 
 * Mock now supports `save_to`
@@ -419,6 +508,7 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
 * Marked `GuzzleHttp\Client::getDefaultUserAgent` as deprecated.
 * URL scheme is now always lowercased.
 
+
 ## 6.0.0-beta.1
 
 * Requires PHP >= 5.5
@@ -471,6 +561,7 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
 * `GuzzleHttp\QueryParser` has been replaced with the
   `GuzzleHttp\Psr7\parse_query`.
 
+
 ## 5.2.0 - 2015-01-27
 
 * Added `AppliesHeadersInterface` to make applying headers to a request based
@@ -481,6 +572,7 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
   RingBridge.
 * Added a guard in the Pool class to not use recursion for request retries.
 
+
 ## 5.1.0 - 2014-12-19
 
 * Pool class no longer uses recursion when a request is intercepted.
@@ -501,6 +593,7 @@ Please see [the upgrade document](UPGRADING.md) that describes all BC breaking c
 * Exceptions thrown in the `end` event are now correctly wrapped with Guzzle
   specific exceptions if necessary.
 
+
 ## 5.0.3 - 2014-11-03
 
 This change updates query strings so that they are treated as un-encoded values
@@ -515,6 +608,7 @@ string that should not be parsed or encoded (unless a call to getQuery() is
 subsequently made, forcing the query-string to be converted into a Query
 object).
 
+
 ## 5.0.2 - 2014-10-30
 
 * Added a trailing `\r\n` to multipart/form-data payloads. See
@@ -536,6 +630,7 @@ object).
     string on a URL: Now allowing many more characters to be present in the
     query string without being percent encoded. See https://tools.ietf.org/html/rfc3986#appendix-A
 
+
 ## 5.0.1 - 2014-10-16
 
 Bugfix release.
@@ -547,6 +642,7 @@ Bugfix release.
 * Fixed an issue where transfer statistics were not being populated in the
   RingBridge. https://github.com/guzzle/guzzle/issues/866
 
+
 ## 5.0.0 - 2014-10-12
 
 Adding support for non-blocking responses and some minor API cleanup.
@@ -628,6 +724,7 @@ interfaces.
       argument. They now accept an associative array of options, including the
       "size" key and "metadata" key which can be used to provide custom metadata.
 
+
 ## 4.2.2 - 2014-09-08
 
 * Fixed a memory leak in the CurlAdapter when reusing cURL handles.