security-checker icon indicating copy to clipboard operation
security-checker copied to clipboard

Published 20 hours ago verified publisher icon enlightn

Use http client discovery

Open arjenschol opened this issue 2 years ago • 1 comments

The security checker now has a hard dependency on guzzlehttp/guzzle, which unfortunately had a few security issues in the last weeks. So even when not using guzzlehttp in your application, this would generate a security warning.

By following https://docs.php-http.org/en/latest/httplug/library-developers.html we implemented ClientDiscovery so an existing PSR-18 compatible HTTP client (i.e. symfony/http-client) could be reused.

Unfortunately this is not possible while keeping PHP 5.6 support because psr/http-factory requires >= 7.0.

Is this acceptable for a 1.11 release or should it target a 2.0 release? composer.json must be updated according to this choice..

arjenschol avatar Jul 06 '22 11:07 arjenschol

Let's target a 2.0 release. Thanks for this pull request!

paras-malhotra avatar Jul 19 '22 10:07 paras-malhotra