Merge tag '3.0.3' into develop

Fixed a vulnerability that could be used to trigger either an open redirect or a SSRF attack

composer.json

@@ -102,7 +102,7 @@
     ],
     "patches": {
       "ytdl-org/youtube-dl": {
-        "Disable redirects in generic extractor": "patches/youtube-dl-redirect.diff"
+        "Disable the generic extractor": "patches/youtube-dl-disable-generic.diff"
       }
     }
   },

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "974394449b698311047a0560ca06f431",
+    "content-hash": "04ca8a247b1de3e0c910e0da6e5e5f01",
     "packages": [
         {
             "name": "aura/session",
@@ -4090,12 +4090,12 @@
             },
             "type": "library",
             "autoload": {
-                "psr-4": {
-                    "Amp\\Serialization\\": "src"
-                },
                 "files": [
                     "src/functions.php"
-                ]
+                ],
+                "psr-4": {
+                    "Amp\\Serialization\\": "src"
+                }
             },
             "notification-url": "https://packagist.org/downloads/",
             "license": [

patches/youtube-dl-disable-generic.diff

@@ -0,0 +1,12 @@
+diff --git a/youtube_dl/extractor/__init__.py b/youtube_dl/extractor/__init__.py
+index 18d8dbcd6..4d3edfac3 100644
+--- a/youtube_dl/extractor/__init__.py
++++ b/youtube_dl/extractor/__init__.py
+@@ -13,7 +13,6 @@ except ImportError:
+         for name, klass in globals().items()
+         if name.endswith('IE') and name != 'GenericIE'
+     ]
+-    _ALL_CLASSES.append(GenericIE)
+ 
+ 
+ def gen_extractor_classes():

patches/youtube-dl-redirect.diff

@@ -1,12 +0,0 @@
-diff --git a/youtube_dl/extractor/generic.py b/youtube_dl/extractor/generic.py
-index f99d887ca..749ed6ecf 100644
---- a/youtube_dl/extractor/generic.py
-+++ b/youtube_dl/extractor/generic.py
-@@ -2252,6 +2252,7 @@ class GenericIE(InfoExtractor):
- 
-     def report_following_redirect(self, new_url):
-         """Report information extraction."""
-+        raise UnsupportedError('Redirects are not allowed')
-         self._downloader.to_screen('[redirect] Following redirect to %s' % new_url)
- 
-     def _extract_rss(self, url, video_id, doc):