Skip to content

composer update and guzzlehttp/guzzle version #40103

Description

@phil-davis

In current core master:

$ composer update
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - roave/security-advisories dev-master conflicts with guzzlehttp/guzzle <6.5.6|>=7,<7.4.3.
    - Root composer.json requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master].
    - Root composer.json requires guzzlehttp/guzzle ^5.3 -> satisfiable by guzzlehttp/guzzle[5.3.0, ..., 5.3.4].

https://github.com/guzzle/guzzle/releases/tag/6.5.6 and https://github.com/guzzle/guzzle/releases/tag/7.4.3 were released yesterday. They are patch releases that with changelog https://github.com/guzzle/guzzle/blob/7.4.3/CHANGELOG.md#743---2022-05-25 "Fix cross-domain cookie leakage"

oC10 core currently uses guzzlehttp/guzzle major version 5. No patch has been released for that - it is no longer maintained.

roave/security-advisories now reports that the latest major version v6 or v7 patch release should be used.

It seems that it is time to move forward with the guzzlehttp/guzzle major version bump. PR #39368 is waiting - I just rebased it. When CI is green we should coordinate merging that to core master (ready for the next core release) and applying any needed code changes in oC10 apps.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions