Security vulnerabilities in specific guzzlehttp/guzzle versions affecting 1.x
Closed this issue · 1 comments
gravelld commented
Thanks for this project. Due to these vulnerabilities:
- GHSA-25mq-v84q-4j7r
- GHSA-cwmx-hcrq-mhc3
- GHSA-f2wf-25xc-69c9
- GHSA-m6ch-gg5f-wxx3
- GHSA-q559-8m2m-g699
- GHSA-w248-ffj2-4v5q
The minimum version for guzzlehttp/guzzle should be 6.5.8. This means the entry in composer.json should be:
"guzzlehttp/guzzle": "^6.5.8 || ^7.4.4",
Is this something you are likely to change and issue a new 1.x release for?