guzzlehttp/psr7

guzzlehttp/psr7: CRLF injection via Host header in URI host components

guzzlehttp/psr7 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components, allowing CRLF inje