[Security] Bump symfony/http-client from 4.4.1 to 5.2.1

[dependabot-preview]

Bumps symfony/http-client from 4.4.1 to 5.2.1. This update includes a security fix.

Vulnerabilities fixed

Sourced from The PHP Security Advisories Database.

CVE-2020-15094: Prevent RCE when calling untrusted remote with CachingHttpClient

Affected versions: >=4.3.0, =5.1.0, <5.1.5

Release notes

Sourced from symfony/http-client's releases.

v5.2.1

Changelog (symfony/http-client@v5.2.0...v5.2.1)

• bug #39228 Fix content swallowed by AsyncClient initializer (jderusse)
• bug #39286 throw clearer error when no scheme is provided (BackEndTea)

v5.2.0

Changelog (symfony/http-client@v5.2.0-RC2...v5.2.0)

• bug #39211 fix binding to network interfaces (nicolas-grekas)
• bug #39115 don't fallback to HTTP/1.1 when HTTP/2 streams break (nicolas-grekas)

v5.2.0-RC2

Changelog (symfony/http-client@v5.2.0-RC1...v5.2.0-RC2)

• no changes

v5.2.0-RC1

Changelog (symfony/http-client@v5.2.0-BETA3...v5.2.0-RC1)

• bug #38977 Check status code before decoding content in TraceableResponse (chalasr)

v5.1.10

Changelog (symfony/http-client@v5.1.9...v5.1.10)

• bug #39286 throw clearer error when no scheme is provided (BackEndTea)

v5.1.9

Changelog (symfony/http-client@v5.1.8...v5.1.9)

• bug #39211 fix binding to network interfaces (nicolas-grekas)
• bug #39115 don't fallback to HTTP/1.1 when HTTP/2 streams break (nicolas-grekas)
• bug #38977 Check status code before decoding content in TraceableResponse (chalasr)

v5.1.8

Changelog (symfony/http-client@v5.1.7...v5.1.8)

• bug #38647 relax auth bearer format requirements (xabbuh)
• bug #38551 Remove content-type check on toArray methods (jderusse)
• bug #38530 fix reading the body after a ClientException (nicolas-grekas)
• bug #38493 Fix CurlHttpClient memory leak (HypeMC)

v5.1.7

Changelog (symfony/http-client@v5.1.6...v5.1.7)

• bug #38388 Always "buffer" empty responses (nicolas-grekas)
• bug #38375 fix using proxies with NativeHttpClient (nicolas-grekas)
• bug #38368 Fix using https with proxies (bohanyang)

v5.1.6

... (truncated)

Changelog

Sourced from symfony/http-client's changelog.

CHANGELOG

5.2.0

• added AsyncDecoratorTrait to ease processing responses without breaking async
• added support for pausing responses with a new pause_handler callable exposed as an info item
• added StreamableInterface to ease turning responses into PHP streams
• added MockResponse::getRequestMethod() and getRequestUrl() to allow inspecting which request has been sent
• added EventSourceHttpClient a Server-Sent events stream implementing the EventSource specification
• added option "extra.curl" to allow setting additional curl options in CurlHttpClient
• added RetryableHttpClient to automatically retry failed HTTP requests.
• added extra.trace_content option to TraceableHttpClient to prevent it from keeping the content in memory

5.1.0

• added NoPrivateNetworkHttpClient decorator
• added AmpHttpClient, a portable HTTP/2 implementation based on Amp
• added LoggerAwareInterface to ScopingHttpClient and TraceableHttpClient
• made HttpClient::create() return an AmpHttpClient when amphp/http-client is found but curl is not or too old

4.4.0

• added canceled to ResponseInterface::getInfo()
• added HttpClient::createForBaseUri()
• added HttplugClient with support for sync and async requests
• added max_duration option
• added support for NTLM authentication
• added StreamWrapper to cast any ResponseInterface instances to PHP streams.
• added $response->toStream() to cast responses to regular PHP streams
• made Psr18Client implement relevant PSR-17 factories and have streaming responses
• added TraceableHttpClient, HttpClientDataCollector and HttpClientPass to integrate with the web profiler
• allow enabling buffering conditionally with a Closure
• allow option "buffer" to be a stream resource
• allow arbitrary values for the "json" option

4.3.0

• added the component

Commits

• a77cbec Merge branch '5.1' into 5.2
• 81c60c5 Remove check for unsupported PHP version
• 13b0dab bug #39228 [HttpClient] Fix content swallowed by AsyncClient initializer (jde...
• 2e66085 Fix content swallowed by AsyncClient initializer
• 54a2306 Merge branch '5.1' into 5.2
• 9287d86 Merge branch '4.4' into 5.1
• dc518f6 [HttpClient] throw clearer error when no scheme is provided
• 5b9fc5d Merge branch '5.1' into 5.2
• 8b23627 [HttpClient] partial revert of previous commit
• 474b87c Merge branch '5.1' into 5.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)