search

googleapis / google-api-php-client

A PHP client library for accessing Google APIs
Apache License 2.0
9.2k stars 3.52k forks source link

guzzle 6.x version requirement should be updated to avoid security vulnerabilities #2535

Closed gravelld closed 6 months ago

gravelld commented 6 months ago

composer.json lists:

    "guzzlehttp/guzzle": "~6.5||~7.0",

However, this vulnerability mandates >=6.5.8. So shouldn't it be:

    "guzzlehttp/guzzle": "~6.5.8||~7.0",

?

Apologies if I'm missing something...