search

Nexmo / comms-router

A server which allows you to route tasks to agents.
Apache License 2.0
19 stars 11 forks source link

Update dependency react/http to v1 (main) #142

Open mend-for-github-com[bot] opened 2 months ago

mend-for-github-com[bot] commented 2 months ago

This PR contains the following updates:

Package Type Update Change
react/http require major ^0.8.3 -> ^1.7.0

By merging this PR, the issue #130 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
Medium Medium 5.3 CVE-2022-36032

Release Notes

reactphp/http (react/http) ### [`v1.7.0`](https://togithub.com/reactphp/http/blob/HEAD/CHANGELOG.md#170-2022-08-23) [Compare Source](https://togithub.com/reactphp/http/compare/v1.6.0...v1.7.0) This is a **SECURITY** and feature release for the 1.x series of ReactPHP's HTTP component. - Security fix: This release fixes a medium severity security issue in ReactPHP's HTTP server component that affects all versions between `v0.7.0` and `v1.6.0`. All users are encouraged to upgrade immediately. Special thanks to Marco Squarcina (TU Wien) for reporting this and working with us to coordinate this release. (CVE-2022-36032 reported by [@​lavish](https://togithub.com/lavish) and fixed by [@​clue](https://togithub.com/clue)) - Feature: Improve HTTP server performance by ~20%, reuse syscall values for clock time and socket addresses. ([#​457](https://togithub.com/reactphp/http/issues/457) and [#​467](https://togithub.com/reactphp/http/issues/467) by [@​clue](https://togithub.com/clue)) - Feature: Full PHP 8.2+ compatibility, refactor internal `Transaction` to avoid assigning dynamic properties. ([#​459](https://togithub.com/reactphp/http/issues/459) by [@​clue](https://togithub.com/clue) and [#​466](https://togithub.com/reactphp/http/issues/466) by [@​WyriHaximus](https://togithub.com/WyriHaximus)) - Feature / Fix: Allow explicit `Content-Length` response header on `HEAD` requests. ([#​444](https://togithub.com/reactphp/http/issues/444) by [@​mrsimonbennett](https://togithub.com/mrsimonbennett)) - Minor documentation improvements. ([#​452](https://togithub.com/reactphp/http/issues/452) by [@​clue](https://togithub.com/clue), [#​458](https://togithub.com/reactphp/http/issues/458) by [@​nhedger](https://togithub.com/nhedger), [#​448](https://togithub.com/reactphp/http/issues/448) by [@​jorrit](https://togithub.com/jorrit) and [#​446](https://togithub.com/reactphp/http/issues/446) by [@​SimonFrings](https://togithub.com/SimonFrings)) - Improve test suite, update to use new reactphp/async package instead of clue/reactphp-block, skip memory tests when lowering memory limit fails and fix legacy HHVM build. ([#​464](https://togithub.com/reactphp/http/issues/464) and [#​440](https://togithub.com/reactphp/http/issues/440) by [@​clue](https://togithub.com/clue) and [#​450](https://togithub.com/reactphp/http/issues/450) by [@​SimonFrings](https://togithub.com/SimonFrings)) ### [`v1.6.0`](https://togithub.com/reactphp/http/blob/HEAD/CHANGELOG.md#160-2022-02-03) [Compare Source](https://togithub.com/reactphp/http/compare/v1.5.0...v1.6.0) - Feature: Add factory methods for common HTML/JSON/plaintext/XML response types. ([#​439](https://togithub.com/reactphp/http/issues/439) by [@​clue](https://togithub.com/clue)) ```php $response = React\Http\Response\html("

Hello wörld!

\n"); $response = React\Http\Response\json(['message' => 'Hello wörld!']); $response = React\Http\Response\plaintext("Hello wörld!\n"); $response = React\Http\Response\xml("Hello wörld!\n"); ``` - Feature: Expose all status code constants via `Response` class. ([#​432](https://togithub.com/reactphp/http/issues/432) by [@​clue](https://togithub.com/clue)) ```php $response = new React\Http\Message\Response( React\Http\Message\Response::STATUS_OK, // 200 OK … ); $response = new React\Http\Message\Response( React\Http\Message\Response::STATUS_NOT_FOUND, // 404 Not Found … ); ``` - Feature: Full support for PHP 8.1 release. ([#​433](https://togithub.com/reactphp/http/issues/433) by [@​SimonFrings](https://togithub.com/SimonFrings) and [#​434](https://togithub.com/reactphp/http/issues/434) by [@​clue](https://togithub.com/clue)) - Feature / Fix: Improve protocol handling for HTTP responses with no body. ([#​429](https://togithub.com/reactphp/http/issues/429) and [#​430](https://togithub.com/reactphp/http/issues/430) by [@​clue](https://togithub.com/clue)) - Internal refactoring and internal improvements for handling requests and responses. ([#​422](https://togithub.com/reactphp/http/issues/422) by [@​WyriHaximus](https://togithub.com/WyriHaximus) and [#​431](https://togithub.com/reactphp/http/issues/431) by [@​clue](https://togithub.com/clue)) - Improve documentation, update proxy examples, include error reporting in examples. ([#​420](https://togithub.com/reactphp/http/issues/420), [#​424](https://togithub.com/reactphp/http/issues/424), [#​426](https://togithub.com/reactphp/http/issues/426), and [#​427](https://togithub.com/reactphp/http/issues/427) by [@​clue](https://togithub.com/clue)) - Update test suite to use default loop. ([#​438](https://togithub.com/reactphp/http/issues/438) by [@​clue](https://togithub.com/clue)) ### [`v1.5.0`](https://togithub.com/reactphp/http/blob/HEAD/CHANGELOG.md#150-2021-08-04) [Compare Source](https://togithub.com/reactphp/http/compare/v1.4.0...v1.5.0) - Feature: Update `Browser` signature to take optional `$connector` as first argument and to match new Socket API without nullable loop arguments. ([#​418](https://togithub.com/reactphp/http/issues/418) and [#​419](https://togithub.com/reactphp/http/issues/419) by [@​clue](https://togithub.com/clue)) ```php // unchanged $browser = new React\Http\Browser(); // deprecated $browser = new React\Http\Browser(null, $connector); $browser = new React\Http\Browser($loop, $connector); // new $browser = new React\Http\Browser($connector); $browser = new React\Http\Browser($connector, $loop); ``` - Feature: Rename `Server` to `HttpServer` to avoid class name collisions and to avoid any ambiguities with regards to the new `SocketServer` API. ([#​417](https://togithub.com/reactphp/http/issues/417) and [#​419](https://togithub.com/reactphp/http/issues/419) by [@​clue](https://togithub.com/clue)) ```php // deprecated $server = new React\Http\Server($handler); $server->listen(new React\Socket\Server(8080)); // new $http = new React\Http\HttpServer($handler); $http->listen(new React\Socket\SocketServer('127.0.0.1:8080')); ``` ### [`v1.4.0`](https://togithub.com/reactphp/http/blob/HEAD/CHANGELOG.md#140-2021-07-11) [Compare Source](https://togithub.com/reactphp/http/compare/v1.3.0...v1.4.0) A major new feature release, see [**release announcement**](https://clue.engineering/2021/announcing-reactphp-default-loop). - Feature: Simplify usage by supporting new [default loop](https://reactphp.org/event-loop/#loop). ([#​410](https://togithub.com/reactphp/http/issues/410) by [@​clue](https://togithub.com/clue)) ```php // old (still supported) $browser = new React\Http\Browser($loop); $server = new React\Http\Server($loop, $handler); // new (using default loop) $browser = new React\Http\Browser(); $server = new React\Http\Server($handler); ``` ### [`v1.3.0`](https://togithub.com/reactphp/http/blob/HEAD/CHANGELOG.md#130-2021-04-11) [Compare Source](https://togithub.com/reactphp/http/compare/v1.2.0...v1.3.0) - Feature: Support persistent connections (`Connection: keep-alive`). ([#​405](https://togithub.com/reactphp/http/issues/405) by [@​clue](https://togithub.com/clue)) This shows a noticeable performance improvement especially when benchmarking using persistent connections (which is the default pretty much everywhere). Together with other changes in this release, this improves benchmarking performance by around 100%. - Feature: Require `Host` request header for HTTP/1.1 requests. ([#​404](https://togithub.com/reactphp/http/issues/404) by [@​clue](https://togithub.com/clue)) - Minor documentation improvements. ([#​398](https://togithub.com/reactphp/http/issues/398) by [@​fritz-gerneth](https://togithub.com/fritz-gerneth) and [#​399](https://togithub.com/reactphp/http/issues/399) and [#​400](https://togithub.com/reactphp/http/issues/400) by [@​pavog](https://togithub.com/pavog)) - Improve test suite, use GitHub actions for continuous integration (CI). ([#​402](https://togithub.com/reactphp/http/issues/402) by [@​SimonFrings](https://togithub.com/SimonFrings)) ### [`v1.2.0`](https://togithub.com/reactphp/http/blob/HEAD/CHANGELOG.md#120-2020-12-04) [Compare Source](https://togithub.com/reactphp/http/compare/v1.1.0...v1.2.0) - Feature: Keep request body in memory also after consuming request body. ([#​395](https://togithub.com/reactphp/http/issues/395) by [@​clue](https://togithub.com/clue)) This means consumers can now always access the complete request body as detailed in the documentation. This allows building custom parsers and more advanced processing models without having to mess with the default parsers. ### [`v1.1.0`](https://togithub.com/reactphp/http/blob/HEAD/CHANGELOG.md#110-2020-09-11) [Compare Source](https://togithub.com/reactphp/http/compare/v1.0.0...v1.1.0) - Feature: Support upcoming PHP 8 release, update to reactphp/socket v1.6 and adjust type checks for invalid chunk headers. ([#​391](https://togithub.com/reactphp/http/issues/391) by [@​clue](https://togithub.com/clue)) - Feature: Consistently resolve base URL according to HTTP specs. ([#​379](https://togithub.com/reactphp/http/issues/379) by [@​clue](https://togithub.com/clue)) - Feature / Fix: Expose `Transfer-Encoding: chunked` response header and fix chunked responses for `HEAD` requests. ([#​381](https://togithub.com/reactphp/http/issues/381) by [@​clue](https://togithub.com/clue)) - Internal refactoring to remove unneeded `MessageFactory` and `Response` classes. ([#​380](https://togithub.com/reactphp/http/issues/380) and [#​389](https://togithub.com/reactphp/http/issues/389) by [@​clue](https://togithub.com/clue)) - Minor documentation improvements and improve test suite, update to support PHPUnit 9.3. ([#​385](https://togithub.com/reactphp/http/issues/385) by [@​clue](https://togithub.com/clue) and [#​393](https://togithub.com/reactphp/http/issues/393) by [@​SimonFrings](https://togithub.com/SimonFrings)) ### [`v1.0.0`](https://togithub.com/reactphp/http/blob/HEAD/CHANGELOG.md#100-2020-07-11) [Compare Source](https://togithub.com/reactphp/http/compare/v0.8.7...v1.0.0) A major new feature release, see [**release announcement**](https://clue.engineering/2020/announcing-reactphp-http). - First stable LTS release, now following [SemVer](https://semver.org/). We'd like to emphasize that this component is production ready and battle-tested. We plan to support all long-term support (LTS) releases for at least 24 months, so you have a rock-solid foundation to build on top of. This update involves some major new features and a number of BC breaks due to some necessary API cleanup. We've tried hard to avoid BC breaks where possible and minimize impact otherwise. We expect that most consumers of this package will be affected by BC breaks, but updating should take no longer than a few minutes. See below for more details: - Feature: Add async HTTP client implementation. ([#​368](https://togithub.com/reactphp/http/issues/368) by [@​clue](https://togithub.com/clue)) ```php $browser = new React\Http\Browser($loop); $browser->get($url)->then(function (Psr\Http\Message\ResponseInterface $response) { echo $response->getBody(); }); ``` The code has been imported as-is from [clue/reactphp-buzz v2.9.0](https://togithub.com/clue/reactphp-buzz), with only minor changes to the namespace and we otherwise leave all the existing APIs unchanged. Upgrading from [clue/reactphp-buzz v2.9.0](https://togithub.com/clue/reactphp-buzz) to this release should be a matter of updating some namespace references only: ```php // old $browser = new Clue\React\Buzz\Browser($loop); // new $browser = new React\Http\Browser($loop); ``` - Feature / BC break: Add `LoopInterface` as required first constructor argument to `Server` and change `Server` to accept variadic middleware handlers instead of `array`. ([#​361](https://togithub.com/reactphp/http/issues/361) and [#​362](https://togithub.com/reactphp/http/issues/362) by [@​WyriHaximus](https://togithub.com/WyriHaximus)) ```php // old $server = new React\Http\Server($handler); $server = new React\Http\Server([$middleware, $handler]); // new $server = new React\Http\Server($loop, $handler); $server = new React\Http\Server($loop, $middleware, $handler); ``` - Feature / BC break: Move `Response` class to `React\Http\Message\Response` and expose `ServerRequest` class to `React\Http\Message\ServerRequest`. ([#​370](https://togithub.com/reactphp/http/issues/370) by [@​clue](https://togithub.com/clue)) ```php // old $response = new React\Http\Response(200, [], 'Hello!'); // new $response = new React\Http\Message\Response(200, [], 'Hello!'); ``` - Feature / BC break: Add `StreamingRequestMiddleware` to stream incoming requests, mark `StreamingServer` as internal. ([#​367](https://togithub.com/reactphp/http/issues/367) by [@​clue](https://togithub.com/clue)) ```php // old: advanced StreamingServer is now internal only $server = new React\Http\StreamingServer($handler); // new: use StreamingRequestMiddleware instead of StreamingServer $server = new React\Http\Server( $loop, new React\Http\Middleware\StreamingRequestMiddleware(), $handler ); ``` - Feature / BC break: Improve default concurrency to 1024 requests and cap default request buffer at 64K. ([#​371](https://togithub.com/reactphp/http/issues/371) by [@​clue](https://togithub.com/clue)) This improves default concurrency to 1024 requests and caps the default request buffer at 64K. The previous defaults resulted in just 4 concurrent requests with a request buffer of 8M. See [`Server`](README.md#server) for details on how to override these defaults. - Feature: Expose ReactPHP in `User-Agent` client-side request header and in `Server` server-side response header. ([#​374](https://togithub.com/reactphp/http/issues/374) by [@​clue](https://togithub.com/clue)) - Mark all classes as `final` to discourage inheriting from it. ([#​373](https://togithub.com/reactphp/http/issues/373) by [@​WyriHaximus](https://togithub.com/WyriHaximus)) - Improve documentation and use fully-qualified class names throughout the documentation and add ReactPHP core team as authors to `composer.json` and license file. ([#​366](https://togithub.com/reactphp/http/issues/366) and [#​369](https://togithub.com/reactphp/http/issues/369) by [@​WyriHaximus](https://togithub.com/WyriHaximus) and [#​375](https://togithub.com/reactphp/http/issues/375) by [@​clue](https://togithub.com/clue)) - Improve test suite and support skipping all online tests with `--exclude-group internet`. ([#​372](https://togithub.com/reactphp/http/issues/372) by [@​clue](https://togithub.com/clue)) ### [`v0.8.7`](https://togithub.com/reactphp/http/blob/HEAD/CHANGELOG.md#087-2020-07-05) [Compare Source](https://togithub.com/reactphp/http/compare/v0.8.6...v0.8.7) - Fix: Fix parsing multipart request body with quoted header parameters (dot net). ([#​363](https://togithub.com/reactphp/http/issues/363) by [@​ebimmel](https://togithub.com/ebimmel)) - Fix: Fix calculating concurrency when `post_max_size` ini is unlimited. ([#​365](https://togithub.com/reactphp/http/issues/365) by [@​clue](https://togithub.com/clue)) - Improve test suite to run tests on PHPUnit 9 and clean up test suite. ([#​364](https://togithub.com/reactphp/http/issues/364) by [@​SimonFrings](https://togithub.com/SimonFrings)) ### [`v0.8.6`](https://togithub.com/reactphp/http/blob/HEAD/CHANGELOG.md#086-2020-01-12) [Compare Source](https://togithub.com/reactphp/http/compare/v0.8.5...v0.8.6) - Fix: Fix parsing `Cookie` request header with comma in its values. ([#​352](https://togithub.com/reactphp/http/issues/352) by [@​fiskie](https://togithub.com/fiskie)) - Fix: Avoid unneeded warning when decoding invalid data on PHP 7.4. ([#​357](https://togithub.com/reactphp/http/issues/357) by [@​WyriHaximus](https://togithub.com/WyriHaximus)) - Add .gitattributes to exclude dev files from exports. ([#​353](https://togithub.com/reactphp/http/issues/353) by [@​reedy](https://togithub.com/reedy)) ### [`v0.8.5`](https://togithub.com/reactphp/http/blob/HEAD/CHANGELOG.md#085-2019-10-29) [Compare Source](https://togithub.com/reactphp/http/compare/v0.8.4...v0.8.5) - Internal refactorings and optimizations to improve request parsing performance. Benchmarks suggest number of requests/s improved by ~30% for common `GET` requests. ([#​345](https://togithub.com/reactphp/http/issues/345), [#​346](https://togithub.com/reactphp/http/issues/346), [#​349](https://togithub.com/reactphp/http/issues/349) and [#​350](https://togithub.com/reactphp/http/issues/350) by [@​clue](https://togithub.com/clue)) - Add documentation and example for JSON/XML request body and improve documentation for concurrency and streaming requests and for error handling. ([#​341](https://togithub.com/reactphp/http/issues/341) and [#​342](https://togithub.com/reactphp/http/issues/342) by [@​clue](https://togithub.com/clue)) ### [`v0.8.4`](https://togithub.com/reactphp/http/blob/HEAD/CHANGELOG.md#084-2019-01-16) [Compare Source](https://togithub.com/reactphp/http/compare/v0.8.3...v0.8.4) - Improvement: Internal refactoring to simplify response header logic. ([#​321](https://togithub.com/reactphp/http/issues/321) by [@​clue](https://togithub.com/clue)) - Improvement: Assign Content-Length response header automatically only when size is known. ([#​329](https://togithub.com/reactphp/http/issues/329) by [@​clue](https://togithub.com/clue)) - Improvement: Import global functions for better performance. ([#​330](https://togithub.com/reactphp/http/issues/330) by [@​WyriHaximus](https://togithub.com/WyriHaximus))