Bump pear/http_request2 from 2.5.1 to 2.7.0 in /system

[dependabot]

Bumps pear/http_request2 from 2.5.1 to 2.7.0.

Release notes

Sourced from pear/http_request2's releases.

Release 2.7.0 - Minor security fixes

• Tested on PHP 8.4, psalm 6 used for static analysis;
• Prevent XSS if PHP files backing networked tests (those in tests/_network directory) are served from a publicly available website.

Changelog

Sourced from pear/http_request2's changelog.

[2.7.0] - 2025-04-06

Added

• Tested on PHP 8.4;
• Psalm 6 used for static analysis;
• Updated Public Suffix List.

Fixed

• Prevent XSS when PHP files backing server-side tests are served from a publicly available website, thanks to Peter Potrowl (peter017 at gmail dot com) for the report.
• data/generate-list.php will only run with a command-line SAPI.
• Better random value used for cnonce parameter in Digest authentication, see [issue #30]. Digest authentication should be considered deprecated, however.
• psalm.xml configuration file is no longer installed by composer.

2.6.0 - 2023-11-01

• Tested on PHP 8.2 and 8.3
• Use [psalm] for static analysis, several minor issues fixed
• Correctly parse HTTP status line with an empty reason-phrase (see [pull request #26])
• Updated Public Suffix List

Commits

• b1c61b7 Prepare release 2.7.0
• f898ac2 Better random cnonce for Digest auth, this fixes #30
• 1dc1743 PSL update
• 2ecb1e1 Copyright year update
• 07925aa Encode all input, warn not to serve on public websites
• 265e05f Add a note to not keep server-side test files publicly accessible
• b4ba9f9 Require CLI SAPI, enable peer validation, better checks for autoloader
• f4ed749 Do not install psalm.xml
• 0ee779f Fix branch name
• 1722802 Upgrade to psalm 6, test on PHP 8.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.