composer update and guzzlehttp/guzzle version

[phil-davis]

In current core master:

$ composer update
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - roave/security-advisories dev-master conflicts with guzzlehttp/guzzle <6.5.6|>=7,<7.4.3.
    - Root composer.json requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master].
    - Root composer.json requires guzzlehttp/guzzle ^5.3 -> satisfiable by guzzlehttp/guzzle[5.3.0, ..., 5.3.4].

https://github.com/guzzle/guzzle/releases/tag/6.5.6 and https://github.com/guzzle/guzzle/releases/tag/7.4.3 were released yesterday. They are patch releases that with changelog https://github.com/guzzle/guzzle/blob/7.4.3/CHANGELOG.md#743---2022-05-25 "Fix cross-domain cookie leakage"

oC10 core currently uses guzzlehttp/guzzle major version 5. No patch has been released for that - it is no longer maintained.

roave/security-advisories now reports that the latest major version v6 or v7 patch release should be used.

It seems that it is time to move forward with the guzzlehttp/guzzle major version bump. PR #39368 is waiting - I just rebased it. When CI is green we should coordinate merging that to core master (ready for the next core release) and applying any needed code changes in oC10 apps.

[phil-davis]

Note: https://github.com/guzzle/guzzle/releases/tag/7.4.4 was released last week with some other fixes. So we need to go to that when we bump.

[phil-davis]

PR #39368 has been merged. That resolves this composer roave/security-advisories issue.