Explicitly require guzzlehttp/guzzle ^6.3

You can see the fails this allows in the CI results in #3044175-8: [DO NOT COMMIT] Vendor minimum testing issue, specifically within the Drupal\Tests\system\Functional\Session\ namespace.

The patch works in the context of solving that CI fail.

But it also has this side effect in PHP 7.2 (from --prefer-lowest against HEAD to --prefer-lowest against patched):

  - Updating guzzlehttp/psr7 (1.3.1 => 1.4.0): Downloading (100%)         

If I start with HEAD and say composer update --prefer-lowest, I end up with this error:

$ ./vendor/bin/phpunit -c core/ --testsuite functional --filter SessionHttpsTest
PHPUnit 6.5.0 by Sebastian Bergmann and contributors.

Testing 
E                                                                   1 / 1 (100%)

Time: 17.21 seconds, Memory: 160.00MB

There was 1 error:

1) Drupal\Tests\system\Functional\Session\SessionHttpsTest::testHttpsSession
count(): Parameter must be an array or an object that implements Countable

And I think this is fixed by the guzzle/psr7 update.

So this fixes potentially two problems with our lower constraint for guzzle.

Committed bd68dbe and pushed to 8.8.x. Thanks!

The drupal/core package metadata is outdated in the lock file. After running composer update drupal/core I got following changes:

@@ -702,7 +702,7 @@
                 "ext-spl": "*",
                 "ext-tokenizer": "*",
                 "ext-xml": "*",
-                "guzzlehttp/guzzle": "^6.2.1",
+                "guzzlehttp/guzzle": "^6.3",
                 "masterminds/html5": "^2.1",
                 "pear/archive_tar": "^1.4",
                 "php": ">=7.0.8",

Let's leave this alone for now. It's not causing any bugs (as far as I know) and this'll be fixed in #3039611: Update core PHP dependencies for 8.8.x which will hopefully land today / tomorrow.

And if I run composer update drupal/core on HEAD atm i get

diff --git a/composer.lock b/composer.lock
index f14f1ef6f8..731d1a5208 100644
--- a/composer.lock
+++ b/composer.lock
@@ -680,7 +680,7 @@
             "dist": {
                 "type": "path",
                 "url": "core",
-                "reference": "e2be0fd3ef7feeefbcea5ee4d6129298e7debc97"
+                "reference": "9f543281e9dedd8f935e23a3133efd023ff41736"
             },
             "require": {
                 "asm89/stack-cors": "^1.1",
@@ -702,7 +702,7 @@
                 "ext-spl": "*",
                 "ext-tokenizer": "*",
                 "ext-xml": "*",
-                "guzzlehttp/guzzle": "^6.2.1",
+                "guzzlehttp/guzzle": "^6.3",
                 "masterminds/html5": "^2.1",
                 "pear/archive_tar": "^1.4",
                 "php": ">=7.0.8",
@@ -716,7 +716,7 @@
                 "symfony/http-kernel": "~3.4.14",
                 "symfony/polyfill-iconv": "^1.0",
                 "symfony/process": "~3.4.0",
-                "symfony/psr-http-message-bridge": "^1.0",
+                "symfony/psr-http-message-bridge": "^1.1.2",
                 "symfony/routing": "~3.4.0",
                 "symfony/serializer": "~3.4.0",
                 "symfony/translation": "~3.4.0",
@@ -845,13 +845,13 @@
             },
             "type": "drupal-core",
             "extra": {
-                "composer-scaffold": {
+                "drupal-scaffold": {
                     "file-mapping": {
+                        "[project-root]/.editorconfig": "assets/scaffold/files/editorconfig",
+                        "[project-root]/.gitattributes": "assets/scaffold/files/gitattributes",
                         "[web-root]/.csslintrc": "assets/scaffold/files/csslintrc",
-                        "[web-root]/.editorconfig": "assets/scaffold/files/editorconfig",
                         "[web-root]/.eslintignore": "assets/scaffold/files/eslintignore",
                         "[web-root]/.eslintrc.json": "assets/scaffold/files/eslintrc.json",
-                        "[web-root]/.gitattributes": "assets/scaffold/files/gitattributes",
                         "[web-root]/.ht.router.php": "assets/scaffold/files/ht.router.php",
                         "[web-root]/.htaccess": "assets/scaffold/files/htaccess",
                         "[web-root]/example.gitignore": "assets/scaffold/files/example.gitignore",

So it's not just this change.

Added a release note snippet.

This probably caused a sudden failure in my tests for IndieWeb, starting from 8.8.x and 8.9.x branch. I don't have this problem in 8.7.x

Granted, it's funky stuff. I'm using guzzle internally to upload an image, and doing this with guzzle is overly underdocumented, so getting that right was a pain to begin with anyway.
See https://git.drupalcode.org/project/indieweb/blob/8.x-1.x/tests/src/Funct...

Anyway, I'll report back if I can confirm, but it might be interesting for other people if they are using this too. So, this is not a call need to revert this commit, I'll figure it out :)

(if anyone has tips if maybe something else starting from the 8.8.x branch might trigger upload failures though, very welcome too of course)

Actually, probably not guzzle, trying to figure it out now what else changed, sorry for the noise.

@swentel Drupal 8.7.x ships with a composer lock file

            "name": "guzzlehttp/guzzle",
            "version": "6.3.3",

So we've not actually bumped the version here - so I'm not sure this is the cause.

@swentel here's the cause #3089697: Regression due to File::setValidationRequired in _file_save_upload_single()