Comments (3)
GrahamCampbell
commented on April 28, 2024
1
Yes, but in any case, Guzzle 6 is EOL and doesn't support even a version of PHP that is still getting security fixes. Guzzle 7 is the only release of Guzzle that should be used, today.
from guzzle.
GrahamCampbell
commented on April 28, 2024
No, it is not necessary for us to change this. One could just install an old version of guzzle to get the vulnerability, in the same way one could install an old psr7 package.
from guzzle.
gravelld
commented on April 28, 2024
Context: this is a security audit. composer.jsons are scanned to look for dependencies on vulnerable software.
If the composer.jsons are declared such that it can be proved that there are no dependencies on vulnerable software, the audit is passed. Otherwise, it is failed.
In that context, you cannot "just install an old version of guzzle" because it would be vulnerable.
I guess I'm missing something?
from guzzle.
Related Issues (20)
- The no proxy request option does not avoid falling back to proxies set in ENV vars HOT 2
- Maximum execution time of 30 seconds exceeded HOT 2
- upgradin to PHP 8 and Guzzle 7. Breaks app HOT 1
- Remove content-type header when a redirect to GET: cURL does and Guzzle doesn't HOT 3
- Host Header HOT 5
- PHP Fatal Error when retrieving certain pages. HOT 4
- Pool promise wait() breaks with guzzlehttp/promises v2 HOT 9
- Intermittent 501 Not Implemented Error Due to Unexpected 'offsetGet' Method in Guzzle Requests HOT 4
- Using `"stream" => true` in options makes PSR7 responses read-once HOT 3
- [DOCS] In online documentation, the request option connect_timeout still says that the default value of 0 waits indefinitely, which was never true HOT 4
- No exception gets thrown on responses with status code >= 400 HOT 1
- http://www.guzzlephp.org displays Indonesian gambling site advert HOT 2
- Organization Information HOT 1
- Can GuzzleHttp be used to listen to a specific event to obtain request body data? HOT 3
- Unable to parse URI in Ipv6 HOT 14
- Document `GuzzleHttp\Client::__construct()` parameters at type level? HOT 3
- endless yield problem HOT 1
- Proxy chain support HOT 1
- Mistake
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from guzzle.