diff --git a/composer.lock b/composer.lock index b449bb4ed..d15117012 100644 --- a/composer.lock +++ b/composer.lock @@ -438,16 +438,16 @@ }, { "name": "guzzlehttp/guzzle", - "version": "6.5.5", + "version": "6.5.6", "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "9d4290de1cfd701f38099ef7e183b64b4b7b0c5e" + "reference": "f092dd734083473658de3ee4bef093ed77d2689c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/9d4290de1cfd701f38099ef7e183b64b4b7b0c5e", - "reference": "9d4290de1cfd701f38099ef7e183b64b4b7b0c5e", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/f092dd734083473658de3ee4bef093ed77d2689c", + "reference": "f092dd734083473658de3ee4bef093ed77d2689c", "shasum": "" }, "require": { @@ -472,22 +472,52 @@ } }, "autoload": { - "psr-4": { - "GuzzleHttp\\": "src/" - }, "files": [ "src/functions_include.php" - ] + ], + "psr-4": { + "GuzzleHttp\\": "src/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ "MIT" ], "authors": [ + { + "name": "Graham Campbell", + "email": "hello@gjcampbell.co.uk", + "homepage": "https://github.com/GrahamCampbell" + }, { "name": "Michael Dowling", "email": "mtdowling@gmail.com", "homepage": "https://github.com/mtdowling" + }, + { + "name": "Jeremy Lindblom", + "email": "jeremeamia@gmail.com", + "homepage": "https://github.com/jeremeamia" + }, + { + "name": "George Mponos", + "email": "gmponos@gmail.com", + "homepage": "https://github.com/gmponos" + }, + { + "name": "Tobias Nyholm", + "email": "tobias.nyholm@gmail.com", + "homepage": "https://github.com/Nyholm" + }, + { + "name": "Márk Sági-Kazár", + "email": "mark.sagikazar@gmail.com", + "homepage": "https://github.com/sagikazarmark" + }, + { + "name": "Tobias Schultze", + "email": "webmaster@tubo-world.de", + "homepage": "https://github.com/Tobion" } ], "description": "Guzzle is a PHP HTTP client library", @@ -503,9 +533,23 @@ ], "support": { "issues": "https://github.com/guzzle/guzzle/issues", - "source": "https://github.com/guzzle/guzzle/tree/6.5" + "source": "https://github.com/guzzle/guzzle/tree/6.5.6" }, - "time": "2020-06-16T21:01:06+00:00" + "funding": [ + { + "url": "https://github.com/GrahamCampbell", + "type": "github" + }, + { + "url": "https://github.com/Nyholm", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/guzzle", + "type": "tidelift" + } + ], + "time": "2022-05-25T13:19:12+00:00" }, { "name": "guzzlehttp/promises", @@ -1986,5 +2030,5 @@ "ext-xml": "*" }, "platform-dev": [], - "plugin-api-version": "2.2.0" + "plugin-api-version": "2.0.0" } diff --git a/vendor/composer/InstalledVersions.php b/vendor/composer/InstalledVersions.php index a55519e1e..f25b9721f 100644 --- a/vendor/composer/InstalledVersions.php +++ b/vendor/composer/InstalledVersions.php @@ -29,7 +29,7 @@ private static $installed = array ( 'aliases' => array ( ), - 'reference' => 'f99b38192ba8724d4b58a645423b035ab7a02493', + 'reference' => 'd0cdcb5d2a4d741a4ba25512e9a9e5168b374729', 'name' => 'rhymix/rhymix', ), 'versions' => @@ -99,12 +99,12 @@ private static $installed = array ( ), 'guzzlehttp/guzzle' => array ( - 'pretty_version' => '6.5.5', - 'version' => '6.5.5.0', + 'pretty_version' => '6.5.6', + 'version' => '6.5.6.0', 'aliases' => array ( ), - 'reference' => '9d4290de1cfd701f38099ef7e183b64b4b7b0c5e', + 'reference' => 'f092dd734083473658de3ee4bef093ed77d2689c', ), 'guzzlehttp/promises' => array ( @@ -117,12 +117,12 @@ private static $installed = array ( ), 'guzzlehttp/psr7' => array ( - 'pretty_version' => '1.8.2', - 'version' => '1.8.2.0', + 'pretty_version' => '1.8.5', + 'version' => '1.8.5.0', 'aliases' => array ( ), - 'reference' => 'dc960a912984efb74d0a90222870c72c87f10c91', + 'reference' => '337e3ad8e5716c15f9657bd214d16cc5e69df268', ), 'hautelook/phpass' => array ( @@ -228,7 +228,7 @@ private static $installed = array ( 'aliases' => array ( ), - 'reference' => 'f99b38192ba8724d4b58a645423b035ab7a02493', + 'reference' => 'd0cdcb5d2a4d741a4ba25512e9a9e5168b374729', ), 'rmccue/requests' => array ( diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json index d25cb595a..620432d39 100644 --- a/vendor/composer/installed.json +++ b/vendor/composer/installed.json @@ -445,17 +445,17 @@ }, { "name": "guzzlehttp/guzzle", - "version": "6.5.5", - "version_normalized": "6.5.5.0", + "version": "6.5.6", + "version_normalized": "6.5.6.0", "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "9d4290de1cfd701f38099ef7e183b64b4b7b0c5e" + "reference": "f092dd734083473658de3ee4bef093ed77d2689c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/9d4290de1cfd701f38099ef7e183b64b4b7b0c5e", - "reference": "9d4290de1cfd701f38099ef7e183b64b4b7b0c5e", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/f092dd734083473658de3ee4bef093ed77d2689c", + "reference": "f092dd734083473658de3ee4bef093ed77d2689c", "shasum": "" }, "require": { @@ -473,7 +473,7 @@ "suggest": { "psr/log": "Required for using the Log middleware" }, - "time": "2020-06-16T21:01:06+00:00", + "time": "2022-05-25T13:19:12+00:00", "type": "library", "extra": { "branch-alias": { @@ -482,22 +482,52 @@ }, "installation-source": "dist", "autoload": { - "psr-4": { - "GuzzleHttp\\": "src/" - }, "files": [ "src/functions_include.php" - ] + ], + "psr-4": { + "GuzzleHttp\\": "src/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ "MIT" ], "authors": [ + { + "name": "Graham Campbell", + "email": "hello@gjcampbell.co.uk", + "homepage": "https://github.com/GrahamCampbell" + }, { "name": "Michael Dowling", "email": "mtdowling@gmail.com", "homepage": "https://github.com/mtdowling" + }, + { + "name": "Jeremy Lindblom", + "email": "jeremeamia@gmail.com", + "homepage": "https://github.com/jeremeamia" + }, + { + "name": "George Mponos", + "email": "gmponos@gmail.com", + "homepage": "https://github.com/gmponos" + }, + { + "name": "Tobias Nyholm", + "email": "tobias.nyholm@gmail.com", + "homepage": "https://github.com/Nyholm" + }, + { + "name": "Márk Sági-Kazár", + "email": "mark.sagikazar@gmail.com", + "homepage": "https://github.com/sagikazarmark" + }, + { + "name": "Tobias Schultze", + "email": "webmaster@tubo-world.de", + "homepage": "https://github.com/Tobion" } ], "description": "Guzzle is a PHP HTTP client library", @@ -513,8 +543,22 @@ ], "support": { "issues": "https://github.com/guzzle/guzzle/issues", - "source": "https://github.com/guzzle/guzzle/tree/6.5" + "source": "https://github.com/guzzle/guzzle/tree/6.5.6" }, + "funding": [ + { + "url": "https://github.com/GrahamCampbell", + "type": "github" + }, + { + "url": "https://github.com/Nyholm", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/guzzle", + "type": "tidelift" + } + ], "install-path": "../guzzlehttp/guzzle" }, { @@ -577,17 +621,17 @@ }, { "name": "guzzlehttp/psr7", - "version": "1.8.2", - "version_normalized": "1.8.2.0", + "version": "1.8.5", + "version_normalized": "1.8.5.0", "source": { "type": "git", "url": "https://github.com/guzzle/psr7.git", - "reference": "dc960a912984efb74d0a90222870c72c87f10c91" + "reference": "337e3ad8e5716c15f9657bd214d16cc5e69df268" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/psr7/zipball/dc960a912984efb74d0a90222870c72c87f10c91", - "reference": "dc960a912984efb74d0a90222870c72c87f10c91", + "url": "https://api.github.com/repos/guzzle/psr7/zipball/337e3ad8e5716c15f9657bd214d16cc5e69df268", + "reference": "337e3ad8e5716c15f9657bd214d16cc5e69df268", "shasum": "" }, "require": { @@ -605,7 +649,7 @@ "suggest": { "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses" }, - "time": "2021-04-26T09:17:50+00:00", + "time": "2022-03-20T21:51:18+00:00", "type": "library", "extra": { "branch-alias": { @@ -614,25 +658,46 @@ }, "installation-source": "dist", "autoload": { - "psr-4": { - "GuzzleHttp\\Psr7\\": "src/" - }, "files": [ "src/functions_include.php" - ] + ], + "psr-4": { + "GuzzleHttp\\Psr7\\": "src/" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ "MIT" ], "authors": [ + { + "name": "Graham Campbell", + "email": "hello@gjcampbell.co.uk", + "homepage": "https://github.com/GrahamCampbell" + }, { "name": "Michael Dowling", "email": "mtdowling@gmail.com", "homepage": "https://github.com/mtdowling" }, + { + "name": "George Mponos", + "email": "gmponos@gmail.com", + "homepage": "https://github.com/gmponos" + }, + { + "name": "Tobias Nyholm", + "email": "tobias.nyholm@gmail.com", + "homepage": "https://github.com/Nyholm" + }, + { + "name": "Márk Sági-Kazár", + "email": "mark.sagikazar@gmail.com", + "homepage": "https://github.com/sagikazarmark" + }, { "name": "Tobias Schultze", + "email": "webmaster@tubo-world.de", "homepage": "https://github.com/Tobion" } ], @@ -649,8 +714,22 @@ ], "support": { "issues": "https://github.com/guzzle/psr7/issues", - "source": "https://github.com/guzzle/psr7/tree/1.8.2" + "source": "https://github.com/guzzle/psr7/tree/1.8.5" }, + "funding": [ + { + "url": "https://github.com/GrahamCampbell", + "type": "github" + }, + { + "url": "https://github.com/Nyholm", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/psr7", + "type": "tidelift" + } + ], "install-path": "../guzzlehttp/psr7" }, { diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php index ccb2bc107..3afcd1a07 100644 --- a/vendor/composer/installed.php +++ b/vendor/composer/installed.php @@ -6,7 +6,7 @@ 'aliases' => array ( ), - 'reference' => 'f99b38192ba8724d4b58a645423b035ab7a02493', + 'reference' => 'd0cdcb5d2a4d741a4ba25512e9a9e5168b374729', 'name' => 'rhymix/rhymix', ), 'versions' => @@ -76,12 +76,12 @@ ), 'guzzlehttp/guzzle' => array ( - 'pretty_version' => '6.5.5', - 'version' => '6.5.5.0', + 'pretty_version' => '6.5.6', + 'version' => '6.5.6.0', 'aliases' => array ( ), - 'reference' => '9d4290de1cfd701f38099ef7e183b64b4b7b0c5e', + 'reference' => 'f092dd734083473658de3ee4bef093ed77d2689c', ), 'guzzlehttp/promises' => array ( @@ -94,12 +94,12 @@ ), 'guzzlehttp/psr7' => array ( - 'pretty_version' => '1.8.2', - 'version' => '1.8.2.0', + 'pretty_version' => '1.8.5', + 'version' => '1.8.5.0', 'aliases' => array ( ), - 'reference' => 'dc960a912984efb74d0a90222870c72c87f10c91', + 'reference' => '337e3ad8e5716c15f9657bd214d16cc5e69df268', ), 'hautelook/phpass' => array ( @@ -205,7 +205,7 @@ 'aliases' => array ( ), - 'reference' => 'f99b38192ba8724d4b58a645423b035ab7a02493', + 'reference' => 'd0cdcb5d2a4d741a4ba25512e9a9e5168b374729', ), 'rmccue/requests' => array ( diff --git a/vendor/guzzlehttp/guzzle/CHANGELOG.md b/vendor/guzzlehttp/guzzle/CHANGELOG.md index 464cf1c50..95d26df21 100644 --- a/vendor/guzzlehttp/guzzle/CHANGELOG.md +++ b/vendor/guzzlehttp/guzzle/CHANGELOG.md @@ -1,5 +1,9 @@ # Change Log +## 6.5.6 - 2022-05-25 + +* Fix cross-domain cookie leakage + ## 6.5.5 - 2020-06-16 * Unpin version constraint for `symfony/polyfill-intl-idn` [#2678](https://github.com/guzzle/guzzle/pull/2678) diff --git a/vendor/guzzlehttp/guzzle/LICENSE b/vendor/guzzlehttp/guzzle/LICENSE index 50a177b03..fd2375d88 100644 --- a/vendor/guzzlehttp/guzzle/LICENSE +++ b/vendor/guzzlehttp/guzzle/LICENSE @@ -1,4 +1,12 @@ -Copyright (c) 2011-2018 Michael Dowling, https://github.com/mtdowling +The MIT License (MIT) + +Copyright (c) 2011 Michael Dowling +Copyright (c) 2012 Jeremy Lindblom +Copyright (c) 2014 Graham Campbell +Copyright (c) 2015 Márk Sági-Kazár +Copyright (c) 2015 Tobias Schultze +Copyright (c) 2016 Tobias Nyholm +Copyright (c) 2016 George Mponos Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/guzzlehttp/guzzle/README.md b/vendor/guzzlehttp/guzzle/README.md index 5fdb6c5f4..00d2066e9 100644 --- a/vendor/guzzlehttp/guzzle/README.md +++ b/vendor/guzzlehttp/guzzle/README.md @@ -2,7 +2,7 @@ Guzzle, PHP HTTP client ======================= [![Latest Version](https://img.shields.io/github/release/guzzle/guzzle.svg?style=flat-square)](https://github.com/guzzle/guzzle/releases) -[![Build Status](https://img.shields.io/travis/guzzle/guzzle.svg?style=flat-square)](https://travis-ci.org/guzzle/guzzle) +[![Build Status](https://img.shields.io/github/workflow/status/guzzle/guzzle/CI?label=ci%20build&style=flat-square)](https://github.com/guzzle/guzzle/actions?query=workflow%3ACI) [![Total Downloads](https://img.shields.io/packagist/dt/guzzlehttp/guzzle.svg?style=flat-square)](https://packagist.org/packages/guzzlehttp/guzzle) Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and @@ -74,17 +74,20 @@ composer update ## Version Guidance -| Version | Status | Packagist | Namespace | Repo | Docs | PSR-7 | PHP Version | -|---------|------------|---------------------|--------------|---------------------|---------------------|-------|-------------| -| 3.x | EOL | `guzzle/guzzle` | `Guzzle` | [v3][guzzle-3-repo] | [v3][guzzle-3-docs] | No | >= 5.3.3 | -| 4.x | EOL | `guzzlehttp/guzzle` | `GuzzleHttp` | [v4][guzzle-4-repo] | N/A | No | >= 5.4 | -| 5.x | EOL | `guzzlehttp/guzzle` | `GuzzleHttp` | [v5][guzzle-5-repo] | [v5][guzzle-5-docs] | No | >= 5.4 | -| 6.x | Latest | `guzzlehttp/guzzle` | `GuzzleHttp` | [v6][guzzle-6-repo] | [v6][guzzle-6-docs] | Yes | >= 5.5 | +| Version | Status | Packagist | Namespace | Repo | Docs | PSR-7 | PHP Version | +|---------|----------------|---------------------|--------------|---------------------|---------------------|-------|--------------| +| 3.x | EOL | `guzzle/guzzle` | `Guzzle` | [v3][guzzle-3-repo] | [v3][guzzle-3-docs] | No | >=5.3.3,<7.0 | +| 4.x | EOL | `guzzlehttp/guzzle` | `GuzzleHttp` | [v4][guzzle-4-repo] | N/A | No | >=5.4,<7.0 | +| 5.x | EOL | `guzzlehttp/guzzle` | `GuzzleHttp` | [v5][guzzle-5-repo] | [v5][guzzle-5-docs] | No | >=5.4,<7.4 | +| 6.x | Security fixes | `guzzlehttp/guzzle` | `GuzzleHttp` | [v6][guzzle-6-repo] | [v6][guzzle-6-docs] | Yes | >=5.5,<8.0 | +| 7.x | Latest | `guzzlehttp/guzzle` | `GuzzleHttp` | [v7][guzzle-7-repo] | [v7][guzzle-7-docs] | Yes | >=7.2.5,<8.2 | [guzzle-3-repo]: https://github.com/guzzle/guzzle3 [guzzle-4-repo]: https://github.com/guzzle/guzzle/tree/4.x [guzzle-5-repo]: https://github.com/guzzle/guzzle/tree/5.3 -[guzzle-6-repo]: https://github.com/guzzle/guzzle +[guzzle-6-repo]: https://github.com/guzzle/guzzle/tree/6.5 +[guzzle-7-repo]: https://github.com/guzzle/guzzle [guzzle-3-docs]: http://guzzle3.readthedocs.org -[guzzle-5-docs]: http://guzzle.readthedocs.org/en/5.3/ -[guzzle-6-docs]: http://guzzle.readthedocs.org/en/latest/ +[guzzle-5-docs]: http://docs.guzzlephp.org/en/5.3/ +[guzzle-6-docs]: http://docs.guzzlephp.org/en/6.5/ +[guzzle-7-docs]: http://docs.guzzlephp.org/en/latest/ diff --git a/vendor/guzzlehttp/guzzle/composer.json b/vendor/guzzlehttp/guzzle/composer.json index c01864f01..b9cb386a6 100644 --- a/vendor/guzzlehttp/guzzle/composer.json +++ b/vendor/guzzlehttp/guzzle/composer.json @@ -14,10 +14,40 @@ "homepage": "http://guzzlephp.org/", "license": "MIT", "authors": [ + { + "name": "Graham Campbell", + "email": "hello@gjcampbell.co.uk", + "homepage": "https://github.com/GrahamCampbell" + }, { "name": "Michael Dowling", "email": "mtdowling@gmail.com", "homepage": "https://github.com/mtdowling" + }, + { + "name": "Jeremy Lindblom", + "email": "jeremeamia@gmail.com", + "homepage": "https://github.com/jeremeamia" + }, + { + "name": "George Mponos", + "email": "gmponos@gmail.com", + "homepage": "https://github.com/gmponos" + }, + { + "name": "Tobias Nyholm", + "email": "tobias.nyholm@gmail.com", + "homepage": "https://github.com/Nyholm" + }, + { + "name": "Márk Sági-Kazár", + "email": "mark.sagikazar@gmail.com", + "homepage": "https://github.com/sagikazarmark" + }, + { + "name": "Tobias Schultze", + "email": "webmaster@tubo-world.de", + "homepage": "https://github.com/Tobion" } ], "require": { diff --git a/vendor/guzzlehttp/guzzle/src/Cookie/CookieJar.php b/vendor/guzzlehttp/guzzle/src/Cookie/CookieJar.php index 38f98ad7c..394df3a7c 100644 --- a/vendor/guzzlehttp/guzzle/src/Cookie/CookieJar.php +++ b/vendor/guzzlehttp/guzzle/src/Cookie/CookieJar.php @@ -240,6 +240,11 @@ class CookieJar implements CookieJarInterface if (0 !== strpos($sc->getPath(), '/')) { $sc->setPath($this->getCookiePathFromRequest($request)); } + if (!$sc->matchesDomain($request->getUri()->getHost())) { + continue; + } + // Note: At this point `$sc->getDomain()` being a public suffix should + // be rejected, but we don't want to pull in the full PSL dependency. $this->setCookie($sc); } } diff --git a/vendor/guzzlehttp/guzzle/src/Cookie/SetCookie.php b/vendor/guzzlehttp/guzzle/src/Cookie/SetCookie.php index 3d776a70b..55f6901a7 100644 --- a/vendor/guzzlehttp/guzzle/src/Cookie/SetCookie.php +++ b/vendor/guzzlehttp/guzzle/src/Cookie/SetCookie.php @@ -333,12 +333,19 @@ class SetCookie */ public function matchesDomain($domain) { + $cookieDomain = $this->getDomain(); + if (null === $cookieDomain) { + return true; + } + // Remove the leading '.' as per spec in RFC 6265. // http://tools.ietf.org/html/rfc6265#section-5.2.3 - $cookieDomain = ltrim($this->getDomain(), '.'); + $cookieDomain = ltrim(strtolower($cookieDomain), '.'); + + $domain = strtolower($domain); // Domain not set or exact match. - if (!$cookieDomain || !strcasecmp($domain, $cookieDomain)) { + if ('' === $cookieDomain || $domain === $cookieDomain) { return true; } diff --git a/vendor/guzzlehttp/psr7/.github/FUNDING.yml b/vendor/guzzlehttp/psr7/.github/FUNDING.yml new file mode 100644 index 000000000..7d222c582 --- /dev/null +++ b/vendor/guzzlehttp/psr7/.github/FUNDING.yml @@ -0,0 +1,2 @@ +github: [Nyholm, GrahamCampbell] +tidelift: "packagist/guzzlehttp/psr7" diff --git a/vendor/guzzlehttp/psr7/.github/stale.yml b/vendor/guzzlehttp/psr7/.github/stale.yml new file mode 100644 index 000000000..53faa71bd --- /dev/null +++ b/vendor/guzzlehttp/psr7/.github/stale.yml @@ -0,0 +1,14 @@ +daysUntilStale: 120 +daysUntilClose: 14 +exemptLabels: + - lifecycle/keep-open + - lifecycle/ready-for-merge +# Label to use when marking an issue as stale +staleLabel: lifecycle/stale +# Comment to post when marking an issue as stale. Set to `false` to disable +markComment: > + This issue has been automatically marked as stale because it has not had + recent activity. It will be closed after 2 weeks if no further activity occurs. Thank you + for your contributions. +# Comment to post when closing a stale issue. Set to `false` to disable +closeComment: false diff --git a/vendor/guzzlehttp/psr7/.github/workflows/bc.yml b/vendor/guzzlehttp/psr7/.github/workflows/bc.yml deleted file mode 100644 index 9eaedbce7..000000000 --- a/vendor/guzzlehttp/psr7/.github/workflows/bc.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: BC Check - -on: - pull_request: - -jobs: - roave-bc-check: - name: Roave BC Check - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Roave BC Check - uses: docker://nyholm/roave-bc-check-ga diff --git a/vendor/guzzlehttp/psr7/.github/workflows/ci.yml b/vendor/guzzlehttp/psr7/.github/workflows/ci.yml index da7414e57..eda7dceb5 100644 --- a/vendor/guzzlehttp/psr7/.github/workflows/ci.yml +++ b/vendor/guzzlehttp/psr7/.github/workflows/ci.yml @@ -10,7 +10,7 @@ jobs: strategy: max-parallel: 10 matrix: - php: ['5.6', '7.0', '7.1', '7.2', '7.3', '7.4'] + php: ['5.5', '5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1'] steps: - name: Set up PHP @@ -23,8 +23,12 @@ jobs: - name: Checkout code uses: actions/checkout@v2 + - name: Mimic PHP 8.0 + run: composer config platform.php 8.0.999 + if: matrix.php > 8 + - name: Install dependencies - run: composer update --no-interaction --no-progress --prefer-dist + run: composer update --no-interaction --no-progress - name: Run tests run: make test diff --git a/vendor/guzzlehttp/psr7/.github/workflows/integration.yml b/vendor/guzzlehttp/psr7/.github/workflows/integration.yml index b6e0eb241..3c31f9ef2 100644 --- a/vendor/guzzlehttp/psr7/.github/workflows/integration.yml +++ b/vendor/guzzlehttp/psr7/.github/workflows/integration.yml @@ -26,7 +26,7 @@ jobs: - name: Download dependencies uses: ramsey/composer-install@v1 with: - composer-options: --no-interaction --prefer-dist --optimize-autoloader + composer-options: --no-interaction --optimize-autoloader - name: Start server run: php -S 127.0.0.1:10002 tests/Integration/server.php & diff --git a/vendor/guzzlehttp/psr7/CHANGELOG.md b/vendor/guzzlehttp/psr7/CHANGELOG.md index 6a6b7bf98..f177f583f 100644 --- a/vendor/guzzlehttp/psr7/CHANGELOG.md +++ b/vendor/guzzlehttp/psr7/CHANGELOG.md @@ -9,6 +9,24 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## Unreleased +## 1.8.5 - 2022-03-20 + +### Fixed + +- Correct header value validation + +## 1.8.4 - 2022-03-20 + +### Fixed + +- Validate header values properly + +## 1.8.3 - 2021-10-05 + +### Fixed + +- Return `null` in caching stream size if remote size is `null` + ## 1.8.2 - 2021-04-26 ### Fixed diff --git a/vendor/guzzlehttp/psr7/LICENSE b/vendor/guzzlehttp/psr7/LICENSE index 581d95f92..51c7ec81c 100644 --- a/vendor/guzzlehttp/psr7/LICENSE +++ b/vendor/guzzlehttp/psr7/LICENSE @@ -1,4 +1,11 @@ -Copyright (c) 2015 Michael Dowling, https://github.com/mtdowling +The MIT License (MIT) + +Copyright (c) 2015 Michael Dowling +Copyright (c) 2015 Márk Sági-Kazár +Copyright (c) 2015 Graham Campbell +Copyright (c) 2016 Tobias Schultze +Copyright (c) 2016 George Mponos +Copyright (c) 2018 Tobias Nyholm Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/guzzlehttp/psr7/README.md b/vendor/guzzlehttp/psr7/README.md index acfabfdcb..464cae4f2 100644 --- a/vendor/guzzlehttp/psr7/README.md +++ b/vendor/guzzlehttp/psr7/README.md @@ -807,3 +807,18 @@ Whether two URIs can be considered equivalent. Both URIs are normalized automati `$normalizations` bitmask. The method also accepts relative URI references and returns true when they are equivalent. This of course assumes they will be resolved against the same base URI. If this is not the case, determination of equivalence or difference of relative references does not mean anything. + + +## Security + +If you discover a security vulnerability within this package, please send an email to security@tidelift.com. All security vulnerabilities will be promptly addressed. Please do not disclose security-related issues publicly until a fix has been announced. Please see [Security Policy](https://github.com/guzzle/psr7/security/policy) for more information. + +## License + +Guzzle is made available under the MIT License (MIT). Please see [License File](LICENSE) for more information. + +## For Enterprise + +Available as part of the Tidelift Subscription + +The maintainers of Guzzle and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. [Learn more.](https://tidelift.com/subscription/pkg/packagist-guzzlehttp-psr7?utm_source=packagist-guzzlehttp-psr7&utm_medium=referral&utm_campaign=enterprise&utm_term=repo) diff --git a/vendor/guzzlehttp/psr7/composer.json b/vendor/guzzlehttp/psr7/composer.json index 58dcb07e4..7ecdc8ba3 100644 --- a/vendor/guzzlehttp/psr7/composer.json +++ b/vendor/guzzlehttp/psr7/composer.json @@ -1,17 +1,37 @@ { "name": "guzzlehttp/psr7", - "type": "library", "description": "PSR-7 message implementation that also provides common utility methods", "keywords": ["request", "response", "message", "stream", "http", "uri", "url", "psr-7"], "license": "MIT", "authors": [ + { + "name": "Graham Campbell", + "email": "hello@gjcampbell.co.uk", + "homepage": "https://github.com/GrahamCampbell" + }, { "name": "Michael Dowling", "email": "mtdowling@gmail.com", "homepage": "https://github.com/mtdowling" }, + { + "name": "George Mponos", + "email": "gmponos@gmail.com", + "homepage": "https://github.com/gmponos" + }, + { + "name": "Tobias Nyholm", + "email": "tobias.nyholm@gmail.com", + "homepage": "https://github.com/Nyholm" + }, + { + "name": "Márk Sági-Kazár", + "email": "mark.sagikazar@gmail.com", + "homepage": "https://github.com/sagikazarmark" + }, { "name": "Tobias Schultze", + "email": "webmaster@tubo-world.de", "homepage": "https://github.com/Tobion" } ], @@ -45,5 +65,12 @@ "branch-alias": { "dev-master": "1.7-dev" } + }, + "config": { + "preferred-install": "dist", + "sort-packages": true, + "allow-plugins": { + "bamarni/composer-bin-plugin": true + } } } diff --git a/vendor/guzzlehttp/psr7/src/CachingStream.php b/vendor/guzzlehttp/psr7/src/CachingStream.php index fe749e981..febade9f4 100644 --- a/vendor/guzzlehttp/psr7/src/CachingStream.php +++ b/vendor/guzzlehttp/psr7/src/CachingStream.php @@ -36,7 +36,13 @@ class CachingStream implements StreamInterface public function getSize() { - return max($this->stream->getSize(), $this->remoteStream->getSize()); + $remoteSize = $this->remoteStream->getSize(); + + if (null === $remoteSize) { + return null; + } + + return max($this->stream->getSize(), $remoteSize); } public function rewind() diff --git a/vendor/guzzlehttp/psr7/src/MessageTrait.php b/vendor/guzzlehttp/psr7/src/MessageTrait.php index 99203bb43..0ac8663da 100644 --- a/vendor/guzzlehttp/psr7/src/MessageTrait.php +++ b/vendor/guzzlehttp/psr7/src/MessageTrait.php @@ -157,17 +157,22 @@ trait MessageTrait } } + /** + * @param mixed $value + * + * @return string[] + */ private function normalizeHeaderValue($value) { if (!is_array($value)) { - return $this->trimHeaderValues([$value]); + return $this->trimAndValidateHeaderValues([$value]); } if (count($value) === 0) { throw new \InvalidArgumentException('Header value can not be an empty array.'); } - return $this->trimHeaderValues($value); + return $this->trimAndValidateHeaderValues($value); } /** @@ -178,13 +183,13 @@ trait MessageTrait * header-field = field-name ":" OWS field-value OWS * OWS = *( SP / HTAB ) * - * @param string[] $values Header values + * @param mixed[] $values Header values * * @return string[] Trimmed header values * * @see https://tools.ietf.org/html/rfc7230#section-3.2.4 */ - private function trimHeaderValues(array $values) + private function trimAndValidateHeaderValues(array $values) { return array_map(function ($value) { if (!is_scalar($value) && null !== $value) { @@ -194,10 +199,20 @@ trait MessageTrait )); } - return trim((string) $value, " \t"); + $trimmed = trim((string) $value, " \t"); + $this->assertValue($trimmed); + + return $trimmed; }, array_values($values)); } + /** + * @see https://tools.ietf.org/html/rfc7230#section-3.2 + * + * @param mixed $header + * + * @return void + */ private function assertHeader($header) { if (!is_string($header)) { @@ -210,5 +225,46 @@ trait MessageTrait if ($header === '') { throw new \InvalidArgumentException('Header name can not be empty.'); } + + if (! preg_match('/^[a-zA-Z0-9\'`#$%&*+.^_|~!-]+$/', $header)) { + throw new \InvalidArgumentException( + sprintf( + '"%s" is not valid header name', + $header + ) + ); + } + } + + /** + * @param string $value + * + * @return void + * + * @see https://tools.ietf.org/html/rfc7230#section-3.2 + * + * field-value = *( field-content / obs-fold ) + * field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ] + * field-vchar = VCHAR / obs-text + * VCHAR = %x21-7E + * obs-text = %x80-FF + * obs-fold = CRLF 1*( SP / HTAB ) + */ + private function assertValue($value) + { + // The regular expression intentionally does not support the obs-fold production, because as + // per RFC 7230#3.2.4: + // + // A sender MUST NOT generate a message that includes + // line folding (i.e., that has any field-value that contains a match to + // the obs-fold rule) unless the message is intended for packaging + // within the message/http media type. + // + // Clients must not send a request with line folding and a server sending folded headers is + // likely very rare. Line folding is a fairly obscure feature of HTTP/1.1 and thus not accepting + // folding is not likely to break any legitimate use case. + if (! preg_match('/^[\x20\x09\x21-\x7E\x80-\xFF]*$/', $value)) { + throw new \InvalidArgumentException(sprintf('"%s" is not valid header value', $value)); + } } }