Security vulnerabilities in specific guzzlehttp/psr7 dependency

googleapis / google-api-php-client

A PHP client library for accessing Google APIs

Apache License 2.0

9.2k stars 3.52k forks source link

Security vulnerabilities in specific guzzlehttp/psr7 dependency #2539

Closed gravelld closed 5 months ago

gravelld commented 6 months ago

Thanks for your work on this library.

Due to GHSA-wxmh-65f7-jcvw the minimum version for the 1.x version of guzzlehttp/psr7 should be 1.9.1. This means the entry in composer.json should be:

"guzzlehttp/psr7": "^1.9.1||^2.2.1"

Is this something you are likely to change and issue a release for?

bshaffer commented 6 months ago

fixed in https://github.com/googleapis/google-api-php-client/releases/tag/v2.15.2

bshaffer commented 6 months ago

Woops, my mistake. The fix was for guzzlehttp/guzzle, not for guzzlehttp/psr. Yes please submit a fix, that would be much appreciated!

Mohammed-radwan commented 6 months ago

Hi, Thanx for your effort, Are you planning to release a fix for this soon?

Thanx