chore(deps): bump the minor-production-deps group in /packages/php with 3 updates

[dependabot]

Bumps the minor-production-deps group in /packages/php with 3 updates: ramsey/uuid, composer/composer and guzzlehttp/guzzle.

Updates ramsey/uuid from 4.7.4 to 4.7.5

Release notes

Sourced from ramsey/uuid's releases.

4.7.5

Fixed

• Protect against UUIDv7 collisions within the same millisecond, as reported in #518 and fixed in #522.
• Improve the return type hint for UuidInterface::compareTo().

Changelog

Sourced from ramsey/uuid's changelog.

4.7.5 - 2023-11-08

Fixed

• Protect against UUIDv7 collisions within the same millisecond, as reported in #518 and fixed in #522.
• Improve the return type hint for UuidInterface::compareTo().

Commits

• 5f0df49 chore: prepare release 4.7.5
• 9308b6a Improve return type of UuidInterface::compareTo() (#508)
• 00945e1 Fix typo in SystemDceSecurityProviderTest (#510)
• 41b1497 chore: use Python 3.7 for Read The Docs
• 8553048 chore: fix RTD configuration
• bc93c5f Fixed UnixTimeGenerator collisions (#522)
• 8aa7e3c Fix typo in CHANGELOG (#511)
• cc15557 chore(deps): bump ridedott/merge-me-action from 2.10.54 to 2.10.56
• c02f0c8 Test against php 8.3 (#517)
• c05b666 chore(deps): bump actions/checkout from 3 to 4
• Additional commits viewable in compare view

Updates composer/composer from 2.6.1 to 2.6.6

Release notes

Sourced from composer/composer's releases.

2.6.6

• Fixed symfony/console requirement to exclude 7.x as Composer 2.6 is not compatible, 2.7 will be (#11741)
• Fixed libpq parsing to use the global constant if available (#11684)
• Fixed error output when updating with a temporary constraint fails (#11692)

2.6.5

• Fixed error when vendor dir contains broken symlinks (#11670)
• Fixed composer.lock missing from Composer's zip archives (#11674)
• Fixed AutoloadGenerator::dump() non-BC signature change in 2.6.4 (cb363b0e8)

2.6.4

• Security: Fixed possible remote code execution vulnerability if composer.phar is publicly accessible, executable as PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf / CVE-2023-43655)
• Fixed json output of abandoned packages in audit command (#11647)
• Fixed autoloader suffix to reuse the content-hash from lock file if available to make for more reproducible builds by default (#11663)
• Performance improvement in pool optimization step (#11638)
• Performance improvement in show -a <packagename> (#11659)

2.6.3

• Added audit.abandoned config setting. Can be set to ignore, report (current default) or fail (future default in 2.7) to make the audit command report abandoned packages as a security problem (#11639)
• Added a warning when duplicates files autoload rules are detected (#11109)
• Fixed unhandled promise rejection regression (#11620)
• Fixed loading of root aliases on path repo packages when doing partial updates (#11632)
• Fixed archive command not producing the correct output if the temp dir is a symlink (#11636)
• Fixed some replaced packages being incorrectly missing when unlocked in a partial update (#11629)

2.6.2

• Reverted "Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562)" which caused a regression (#11617)
• Fixed non-zero exit code on failed audits to only apply to install --audit runs and not implicit audits with require, create-project or update commands (#11616)
• Fixed create-project infinite post-install loop in some circumstances (#11613)

Changelog

Sourced from composer/composer's changelog.

[2.6.6] 2023-12-08

• Fixed symfony/console requirement to exclude 7.x as Composer 2.6 is not compatible, 2.7 will be (#11741)
• Fixed libpq parsing to use the global constant if available (#11684)
• Fixed error output when updating with a temporary constraint fails (#11692)

[2.6.5] 2023-10-06

• Fixed error when vendor dir contains broken symlinks (#11670)
• Fixed composer.lock missing from Composer's zip archives (#11674)
• Fixed AutoloadGenerator::dump() non-BC signature change in 2.6.4 (cb363b0e8)

[2.6.4] 2023-09-29

• Security: Fixed possible remote code execution vulnerability if composer.phar is publicly accessible, executable as PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf / CVE-2023-43655)
• Fixed json output of abandoned packages in audit command (#11647)
• Performance improvement in pool optimization step (#11638)
• Performance improvement in show -a <packagename> (#11659)

[2.6.3] 2023-09-15

• Added audit.abandoned config setting. Can be set to ignore, report (current default) or fail (future default in 2.7) to make the audit command report abandoned packages as a security problem (#11639)
• Added a warning when duplicates files autoload rules are detected (#11109)
• Fixed unhandled promise rejection regression (#11620)
• Fixed loading of root aliases on path repo packages when doing partial updates (#11632)
• Fixed archive command not producing the correct output if the temp dir is a symlink (#11636)
• Fixed some replaced packages being incorrectly missing when unlocked in a partial update (#11629)

[2.6.2] 2023-09-03

• Reverted "Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562)" which caused a regression (#11617)
• Fixed non-zero exit code on failed audits to only apply to install --audit runs and not implicit audits with require, create-project or update commands (#11616)
• Fixed create-project infinite post-install loop in some circumstances (#11613)

Commits

• 683557b Release 2.6.6
• 86c63b0 Update changelog
• 3d6a6c2 Update lock hash
• 8c0f1e1 Display error instead of throwing exception when unable to update with tempor...
• 23be508 Fix build on 2.6
• 81b662d Suggest running 'require' not 'update' if a root req fails to update (#11691)
• 03085c8 Fix Git Driver to use supported Git VCS driver URL
• 708b07a Update deps
• c827c93 Use global constant if available for libpq version (#11684)
• 9a407b5 10796 Increase coverage of ShowCommand (#11677)
• Additional commits viewable in compare view

Updates guzzlehttp/guzzle from 7.8.0 to 7.8.1

Release notes

Sourced from guzzlehttp/guzzle's releases.

Release 7.8.1

Changed

• Updated links in docs to their canonical versions
• Replaced call_user_func* with native calls

Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.8.1 - 2023-12-03

Changed

• Updated links in docs to their canonical versions
• Replaced call_user_func* with native calls

Commits

• 41042bc Fix GitHub CI Workflow Badge URL (#3188)
• 4d6ca3b Add tests for cookie removal and update in FileCookieJar (#3182)
• 9338d98 Add another base_uri example in documentation (#3189)
• d68085a Release 7.8.1 (#3193)
• 9cb80ef Switch to actions/checkout@v4 and upgrade SA tools (#3192)
• d95d9ab Replace call_user_func* syntax in tests (#3174)
• a427580 Revert "Pin to Composer 2.5.8"
• 56a99b5 Pin to Composer 2.5.8
• 1cfc24f Replaced bad all insecure/invalid/redirecting links
• e79c79e Update link in server.js to point to an https site
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #971.