Update dependency guzzlehttp/psr7 to v2 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
guzzlehttp/psr7	^1.8.2 → ^2.0.0

---

Release Notes

guzzle/psr7 (guzzlehttp/psr7)

v2.11.0

Compare Source

Changed

• Changed Utils::modifyRequest() to reject conflicting URI and Host header changes in the same call
• Changed Header::parse() to split semicolon-separated parameters without repeated regular expression lookaheads
• Changed UriComparator::isCrossOrigin() so only HTTP and HTTPS missing ports receive implicit default ports

Deprecated

• Deprecated invalid PSR-7 arguments that guzzlehttp/psr7 3.0 will require native types for
• Deprecated non-string header values that guzzlehttp/psr7 3.0 will reject
• Deprecated empty header value arrays that guzzlehttp/psr7 3.0 will reject
• Deprecated URI schemes that do not match guzzlehttp/psr7 3.0 syntax requirements
• Deprecated multipart boundary and custom part header metadata that guzzlehttp/psr7 3.0 will reject
• Deprecated reliance on automatic uppercasing of request methods; guzzlehttp/psr7 3.0 preserves method casing
• Deprecated invalid Utils::modifyRequest() change values that guzzlehttp/psr7 3.0 will reject

Fixed

• Fixed Utils::copyToStream() to retry short destination writes instead of dropping the unwritten remainder
• Fixed Header::parse() splitting of semicolon-separated parameters with escaped quotes

v2.10.4

Compare Source

Fixed

• Apply UriNormalizer percent-encoding normalizations to URI fragments
• Make LimitStream::getSize() return 0 for slices past the underlying stream end
• Make AppendStream::read() return an empty string when no streams are attached
• Make CachingStream::read() throw on an incomplete cache-target write instead of silently corrupting replays
• Prevent CachingStream::seek() from looping indefinitely when the remote stream makes no progress

v2.10.3

Compare Source

Fixed

• Fixed URI parsing for IPv6 literals containing embedded IPv4 addresses
• Fixed malformed UTF-8 URI strings being parsed as empty URIs

v2.10.2

Compare Source

Security

• Reject control and whitespace characters in URI host components (GHSA-hq7v-mx3g-29hw)
• Reject malformed Host values when constructing request URIs (GHSA-34xg-wgjx-8xph)

Fixed

• Make ServerRequest::fromGlobals() robust against unexpected HTTP header value types in $_SERVER

v2.10.1

Compare Source

Fixed

• Fix Utils::modifyRequest() with numeric header names

v2.10.0

Compare Source

Changed

• Harden ServerRequest::fromGlobals() against malformed $_SERVER values
• Prevent custom stream metadata from affecting internal size handling
• Throw when StreamWrapper::getResource() cannot create a resource
• Preserve custom request implementations in Utils::modifyRequest()
• Preserve custom URI implementations in UriResolver::resolve()
• Make Uri::__toString() side-effect-free

v2.9.1

Compare Source

Fixed

• Fix parsing of relative path references containing a colon in a non-initial path segment
• Fix CachingStream::detach() returning an incomplete resource before the decorated stream has been fully read
• Fix Message::bodySummary() returning null when truncating printable UTF-8 bodies inside a multibyte character

v2.9.0

Compare Source

Added

• Added nested array expansion support to MultipartStream
• Added @return static to MessageTrait methods

Changed

• Updated MIME type mappings

v2.8.1

Compare Source

Fixed

• Encode + signs in Uri::withQueryValue() and Uri::withQueryValues() to prevent them being interpreted as spaces

v2.8.0

Compare Source

Added

• Allow empty lists as header values

Changed

• PHP 8.5 support

v2.7.1

Compare Source

Fixed

• Fixed uppercase IPv6 addresses in URI

Changed

• Improve uploaded file error message

v2.7.0

Compare Source

Added

• Add Utils::redactUserInfo() method
• Add ability to encode bools as ints in Query::build

v2.6.3

Compare Source

Fixed

• Make StreamWrapper::stream_stat() return false if inner stream's size is null

Changed

• PHP 8.4 support

v2.6.2

Compare Source

Fixed

• Fixed another issue with the fact that PHP transforms numeric strings in array keys to ints

Changed

• Updated links in docs to their canonical versions
• Replaced call_user_func* with native calls

v2.6.1

Compare Source

Fixed

• Properly handle the fact that PHP transforms numeric strings in array keys to ints

v2.6.0

Compare Source

Changed

• Updated the mime type map to add some new entries, fix a couple of invalid entries, and remove an invalid entry
• Fallback to application/octet-stream if we are unable to guess the content type for a multipart file upload

v2.5.1

Compare Source

Fixed

• Corrected mime type for .acc files to audio/aac

Changed

• PHP 8.3 support

v2.5.0

Compare Source

Changed

• Adjusted psr/http-message version constraint to ^1.1 || ^2.0

v2.4.5

Compare Source

Fixed

• Prevent possible warnings on unset variables in ServerRequest::normalizeNestedFileSpec
• Fixed Message::bodySummary when preg_match fails
• Fixed header validation issue

v2.4.4

Compare Source

Changed

• Removed the need for AllowDynamicProperties in LazyOpenStream

v2.4.3

Compare Source

Changed

• Replaced sha1(uniqid()) by bin2hex(random_bytes(20))

v2.4.2

Compare Source

Fixed

• Fixed erroneous behaviour when combining host and relative path

v2.4.1

Compare Source

Fixed

• Rewind body before reading in Message::bodySummary

v2.4.0

Compare Source

Added

• Added provisional PHP 8.2 support
• Added UriComparator::isCrossOrigin method

v2.3.0

Compare Source

Fixed

• Added Header::splitList method
• Added Utils::tryGetContents method
• Improved Stream::getContents method
• Updated mimetype mappings

v2.2.2

Compare Source

Fixed

• Fix Message::parseRequestUri for numeric headers
• Re-wrap exceptions thrown in fread into runtime exceptions
• Throw an exception when multipart options is misformatted

v2.2.1

Compare Source

Fixed

• Correct header value validation

v2.2.0

Compare Source

Added

• A more compressive list of mime types
• Add JsonSerializable to Uri
• Missing return types

Fixed

• Bug MultipartStream no uri metadata
• Bug MultipartStream with filename for data:// streams
• Fixed new line handling in MultipartStream
• Reduced RAM usage when copying streams
• Updated parsing in Header::normalize()

v2.1.2

Compare Source

See change log for changes.

v2.1.1

Compare Source

Fixed

• Validate header values properly

v2.1.0

Compare Source

Changed

• Attempting to create a Uri object from a malformed URI will no longer throw a generic
  InvalidArgumentException, but rather a MalformedUriException, which inherits from the former
  for backwards compatibility. Callers relying on the exception being thrown to detect invalid
  URIs should catch the new exception.

Fixed

• Return null in caching stream size if remote size is null

v2.0.0

Compare Source

Identical to the RC release.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.