Requesting security review of Guzzle 6.3.3 per https://www.mediawiki.org/wiki/Manual:External_libraries
The intention is to replace existing custom code with a well-maintained, PSR-7 compliant external library, which provides automatic fallback from curl to php streams. See proposed change at T202110
Guzzle would likely also be used in MultiHttpClient, which needs a non-curl, mediawiki-independent http solution. See T139169 , which resolved MultiHttpClient's curl dependency but introduced a dependency on mediawiki code that is undesirable in a library.