[Security] Bump symfony/http-client from 4.3.5 to 4.4.27

[dependabot-preview]

Bumps symfony/http-client from 4.3.5 to 4.4.27. This update includes a security fix.

Vulnerabilities fixed

Sourced from The PHP Security Advisories Database.

CVE-2020-15094: Prevent RCE when calling untrusted remote with CachingHttpClient

Affected versions: >=4.3.0, =5.1.0, <5.1.5

Release notes

Sourced from symfony/http-client's releases.

v4.4.27

Changelog (symfony/http-client@v4.4.26...v4.4.27)

• bug #42174 Indicate compatibility with psr/log 2 and 3 (derrabus)

v4.4.26

Changelog (symfony/http-client@v4.4.25...v4.4.26)

• bug #41807 fix Psr18Client when allow_url_fopen=0 (nicolas-grekas)
• bug #41624 Revert bindto workaround for unaffected PHP versions (derrabus)

v4.4.25

Changelog (symfony/http-client@v4.4.24...v4.4.25)

• no significant changes

v4.4.24

Changelog (symfony/http-client@v4.4.23...v4.4.24)

• bug #41224 fix adding query string to relative URLs with scoped clients (nicolas-grekas)

v4.4.23

Changelog (symfony/http-client@v4.4.22...v4.4.23)

• bug #41160 Don't prepare the request in ScopingHttpClient (nicolas-grekas)

v4.4.22

Changelog (symfony/http-client@v4.4.21...v4.4.22)

• bug #40702 allow CurlHttpClient on Windows (n0rbyt3)

v4.4.21

Changelog (symfony/http-client@v4.4.20...v4.4.21)

• bug #40587 fix using stream_copy_to_stream() with responses cast to php streams (nicolas-grekas)
• bug #40538 remove using $http_response_header (nicolas-grekas)

v4.4.20

Changelog (symfony/http-client@v4.4.19...v4.4.20)

• bug #40239 MockResponse total_time should not be simulated when provided (Pierrick VIGNAND)

v4.4.19

Changelog (symfony/http-client@v4.4.18...v4.4.19)

• bug #39889 Add check for constant in Curl client (pierredup)
• bug #39794 Dont allow unserializing classes with a destructor - 4.4 (jderusse)

v4.4.18

Changelog (symfony/http-client@v4.4.17...v4.4.18)

... (truncated)

Changelog

Sourced from symfony/http-client's changelog.

CHANGELOG

5.3

• Implement HttpClientInterface::withOptions() from symfony/contracts v2.4
• Add DecoratorTrait to ease writing simple decorators

5.2.0

• added AsyncDecoratorTrait to ease processing responses without breaking async
• added support for pausing responses with a new pause_handler callable exposed as an info item
• added StreamableInterface to ease turning responses into PHP streams
• added MockResponse::getRequestMethod() and getRequestUrl() to allow inspecting which request has been sent
• added EventSourceHttpClient a Server-Sent events stream implementing the EventSource specification
• added option "extra.curl" to allow setting additional curl options in CurlHttpClient
• added RetryableHttpClient to automatically retry failed HTTP requests.
• added extra.trace_content option to TraceableHttpClient to prevent it from keeping the content in memory

5.1.0

• added NoPrivateNetworkHttpClient decorator
• added AmpHttpClient, a portable HTTP/2 implementation based on Amp
• added LoggerAwareInterface to ScopingHttpClient and TraceableHttpClient
• made HttpClient::create() return an AmpHttpClient when amphp/http-client is found but curl is not or too old

4.4.0

• added canceled to ResponseInterface::getInfo()
• added HttpClient::createForBaseUri()
• added HttplugClient with support for sync and async requests
• added max_duration option
• added support for NTLM authentication
• added StreamWrapper to cast any ResponseInterface instances to PHP streams.
• added $response->toStream() to cast responses to regular PHP streams
• made Psr18Client implement relevant PSR-17 factories and have streaming responses
• added TraceableHttpClient, HttpClientDataCollector and HttpClientPass to integrate with the web profiler
• allow enabling buffering conditionally with a Closure
• allow option "buffer" to be a stream resource
• allow arbitrary values for the "json" option

4.3.0

• added the component

Commits

• ade6979 [4.4] Add missing @return annotations
• 7eae617 Fix typo
• 48df568 Leverage str_contains/str_starts_with
• 24936f6 Leverage str_ends_with
• 343ba5b Indicate compatibility with psr/log 2 and 3
• 5c9b42e Backport type fixes
• 78bd379 [HttpClient] fix Psr18Client when allow_url_fopen=0
• 534bac2 [HttpClient] Revert bindto workaround
• d6c0260 fix tests (quinter)
• 0b97bcf fix tests (ter)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)