search

slimphp / Slim-Psr7

PSR-7 implementation for use with Slim 4
MIT License
131 stars 45 forks source link

Update php-http/psr7-integration-tests requirement from 1.x-dev to 1.3.0 #290

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Updates the requirements on php-http/psr7-integration-tests to permit the latest version.

Release notes

Sourced from php-http/psr7-integration-tests's releases.

1.3.0

Added

  • Adds UriIntegrationTest::testSpecialCharsInUserInfo and UriIntegrationTest::testAlreadyEncodedUserInfo. These validate that usernames and passwords which contain reserved characters (defined by RFC3986) are being encoded so that the URI does not contain these reserved characters at any time.

  • Adds support for testing against PSR-7 1.1 and 2.0. In particular, it adapts tests that were verifying invalid parameters threw InvalidArgumentException previously now either throw that OR (more correctly) raise a TypeError.

Changelog

Sourced from php-http/psr7-integration-tests's changelog.

[1.3.0] - 2023-04-28

Added

  • Adds UriIntegrationTest::testSpecialCharsInUserInfo and UriIntegrationTest::testAlreadyEncodedUserInfo. These validate that usernames and passwords which contain reserved characters (defined by RFC3986) are being encoded so that the URI does not contain these reserved characters at any time.

  • Adds support for testing against PSR-7 1.1 and 2.0. In particular, it adapts tests that were verifying invalid parameters threw InvalidArgumentException previously now either throw that OR (more correctly) raise a TypeError.

[1.2.0] - 2022-12-01

Added

  • Adds UriIntegrationTest::testGetPathNormalizesMultipleLeadingSlashesToSingleSlashToPreventXSS(), UriIntegrationTest::testStringRepresentationWithMultipleSlashes(array $test), and RequestIntegrationTest::testGetRequestTargetInOriginFormNormalizesUriWithMultipleLeadingSlashesInPath(). These validate that a path containing multiple leading slashes is (a) represented with a single slash when calling UriInterface::getPath(), and (b) represented without changes when calling UriInterface::__toString(), including when calling RequestInterface::getRequestTarget() (which returns the path without the URI authority by default, to comply with origin-form). This is done to validate mitigations for CVE-2015-3257.

Changed

  • Modifies UriIntegrationTest::testPathWithMultipleSlashes() to only validate multiple slashes in the middle of a path. Multiple leading slashes are covered with the newly introduced tests.

[1.1.1] - 2021-02-20

Changed

  • Replace deprecated assertRegExp() with assertMatchesRegularExpression()

[1.1.0] - 2020-10-17

Added

  • Support for PHP8 and PHPUnit 8 and 9

[1.0.0] - 2019-12-16

Added

  • Compatible with PHP5
Commits
  • c333566 prepare release
  • 8e94d70 Merge pull request #72 from php-http/semantic-branch-naming
  • be42896 semantic branch naming
  • d1ff748 Merge pull request #71 from php-http/split-tests
  • 8d1993c split out legacy tests
  • 30a7596 Adapt tests to work with v1.1 and v2.0 of PSR-7 (#68)
  • 201aeb5 Allow UploadedFile to be of size zero (#48)
  • 1a21935 Merge pull request #56 from filecage/uri-authority-testcase-host-and-port-only
  • de17925 Merge pull request #62 from php-http/fix-setup
  • c28dd3d move from defunct travis to github workflow
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
coveralls commented 1 year ago

Coverage Status

coverage: 100.0%. remained the same when pulling 2f53d863a49dbecd4c61a847cbf55548779b0538 on dependabot/composer/php-http/psr7-integration-tests-1.3.0 into c4c9e4a5e8855c66475e9d3346ee775c9b671ae6 on master.