Bump pear/http_request2 from 2.3.0 to 2.4.1

dependabot-preview[bot] commented 4 years ago

Bumps pear/http_request2 from 2.3.0 to 2.4.1.

Changelog

Sourced from pear/http_request2's changelog.

2.4.1

Switch socket to blocking mode when enabling crypto, this fixes HTTPS requests through proxy with Socket adapter (issue #20)

Add .gitattributes file to omit installing tests (issue #19)

2.4.0

Minimum required version is now PHP 5.6, as using older versions for HTTPS requests may be insecure

Removed support for magic_quotes_runtime, as get_magic_quotes_runtime() was deprecated in PHP 7.4 and the functionality itself was disabled since PHP 5.4 (bug #23839)

Socket adapter now uses socket in non-blocking mode, as some configurations could have problems with timeouts in HTTPS requests (bug #21229)

Fixed bogus size check error with gzipped responses larger than 4 GiB uncompressed (bug #21239)

Use current "Intermediate compatibility" cipher list

Updated Public Suffix List

The package is now 100% autoload-compatible, when installed with composer it no longer uses include-path and does not contain require_once statements

Commits

72d3992 Prepare release 2.4.1
623a263 Use .gitattributes to omit tests when installing, this should fix #19
81077bf Set blocking mode on socket when enabling crypto
1039ce8 Prepare release 2.4.0
b37386a Fix version in User-Agent string when installed with composer
b01ebfb Copyright year
4304ec1 Update PSL
84a2170 Keep BC with previous versions by honouring default_socket_timeout
da1c767 Use non-blocking sockets and timeout for stream_select()
e8776d8 Use a bit more recent list of ciphers
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)