Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update guzzle to 7.4.5 due to security vulnerabilities #461

Merged
merged 1 commit into from
Jul 14, 2022

Conversation

Rubinum
Copy link
Contributor

@Rubinum Rubinum commented Jul 14, 2022

I updated browscap to work with guzzle 7.4.5 which is the next safe version for guzzle. Guzzle had some troubles with security lately. See https://packagist.org/packages/guzzlehttp/guzzle#7.4.5 and https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2022-29248.yaml for more information about it.

We are using "^7.4.3" as version constraint for guzzle which is fine in most cases. I updated the version anyway, because there can be situations, where people still receive a problematic guzzle version.

I found this while playing with security scanners in my company :).

@codecov-commenter
Copy link

Codecov Report

Merging #461 (229c06f) into 7.1.x (72bc8c0) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##              7.1.x     #461   +/-   ##
=========================================
  Coverage     38.85%   38.85%           
  Complexity      283      283           
=========================================
  Files            27       27           
  Lines           870      870           
=========================================
  Hits            338      338           
  Misses          532      532           
Flag Coverage Δ
phpunit 38.85% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.


Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 72bc8c0...229c06f. Read the comment docs.

@asgrim asgrim self-assigned this Jul 14, 2022
@asgrim asgrim added this to the 7.1.0 milestone Jul 14, 2022
@asgrim asgrim merged commit f4ac79c into browscap:7.1.x Jul 14, 2022
@asgrim
Copy link
Member

asgrim commented Jul 14, 2022

Thanks @Rubinum !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants