Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use http client discovery #29

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

arjenschol
Copy link

@arjenschol arjenschol commented Jul 6, 2022

The security checker now has a hard dependency on guzzlehttp/guzzle, which unfortunately had a few security issues in the last weeks. So even when not using guzzlehttp in your application, this would generate a security warning.

By following https://docs.php-http.org/en/latest/httplug/library-developers.html we implemented ClientDiscovery so an existing PSR-18 compatible HTTP client (i.e. symfony/http-client) could be reused.

Unfortunately this is not possible while keeping PHP 5.6 support because psr/http-factory requires >= 7.0.

Is this acceptable for a 1.11 release or should it target a 2.0 release?
composer.json must be updated according to this choice..

Arjen Schol added 3 commits July 6, 2022 12:17
- Remove last GuzzleException
- Require at least php-http/discovery 1.6.1 which is the last version with PHP 5.6 support.
@arjenschol arjenschol marked this pull request as ready for review July 6, 2022 13:12
@paras-malhotra
Copy link
Member

Let's target a 2.0 release. Thanks for this pull request!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants