Skip to content

chore(deps-dev): bump guzzlehttp/guzzle from 7.12.0 to 7.14.0#25

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/guzzlehttp/guzzle-7.14.0
Open

chore(deps-dev): bump guzzlehttp/guzzle from 7.12.0 to 7.14.0#25
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/guzzlehttp/guzzle-7.14.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps guzzlehttp/guzzle from 7.12.0 to 7.14.0.

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.14.0

Added

  • Added the on_trailers request option to expose parsed HTTP response trailers
  • Added the multiplex request option with Multiplexing::* modes to control or require HTTP/2 multiplexing
  • Added rejection of explicit multiplex requests when CURLMOPT_PIPELINING disables multiplexing
  • Added the max_host_connections and max_total_connections client and cURL multi handler options

Changed

  • Redirects that discard the request body no longer require it to be rewindable
  • Synchronous cURL multi handler requests no longer wait for other queued transfers
  • Section SOCKS proxy connections by credentials on libcurl before 7.69.0
  • Reject request-level CURLOPT_SHARE when combined with authenticated SOCKS proxy configuration
  • Redact proxy userinfo containing raw control bytes in cURL errors
  • Check linked curl/libcurl NTLM support before applying NTLM auth
  • Clarify that NTLM is deprecated by both Guzzle and curl/libcurl
  • Remove deprecation for the raw cURL CURLOPT_CERTINFO option
  • Warn when a cURL multi option cannot be applied

Deprecated

  • Deprecate the raw CURLOPT_PIPEWAIT cURL option in favour of the multiplex request option
  • Deprecate unknown handler constructor options
  • Deprecate invalid select_timeout cURL multi handler option values
  • Deprecate raw cURL multi connection cap options in favour of the named options

7.13.3

Changed

  • Adjusted guzzlehttp/promises version constraint to ^2.5.1
  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.4
  • Pass explicit trim characters ahead of the PHP 8.6 trim default change

Fixed

  • Stop matching cookie domains against hosts with a trailing newline
  • Reject HTTP status codes and certificate type extensions with a trailing newline
  • Treat PCRE engine failures as invalid cookie names during cookie validation
  • Report PCRE engine failures when formatting log messages
  • Report PCRE engine failures when splitting no_proxy values

7.13.2

Fixed

  • Stop the cURL multi handler busy-waiting on request delays shorter than one second
  • Stop cURL HEAD requests with request bodies hanging on responses that declare a content length
  • The cURL handler no longer transmits request bodies on HEAD requests
  • Preserve response headers when a response includes HTTP trailers
  • Harden cURL response header block detection when HTTP trailers are received

... (truncated)

Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.14.0 - 2026-07-08

Added

  • Added the on_trailers request option to expose parsed HTTP response trailers
  • Added the multiplex request option with Multiplexing::* modes to control or require HTTP/2 multiplexing
  • Added rejection of explicit multiplex requests when CURLMOPT_PIPELINING disables multiplexing
  • Added the max_host_connections and max_total_connections client and cURL multi handler options

Changed

  • Redirects that discard the request body no longer require it to be rewindable
  • Synchronous cURL multi handler requests no longer wait for other queued transfers
  • Section SOCKS proxy connections by credentials on libcurl before 7.69.0
  • Reject request-level CURLOPT_SHARE when combined with authenticated SOCKS proxy configuration
  • Redact proxy userinfo containing raw control bytes in cURL errors
  • Check linked curl/libcurl NTLM support before applying NTLM auth
  • Clarify that NTLM is deprecated by both Guzzle and curl/libcurl
  • Remove deprecation for the raw cURL CURLOPT_CERTINFO option
  • Warn when a cURL multi option cannot be applied

Deprecated

  • Deprecate the raw CURLOPT_PIPEWAIT cURL option in favour of the multiplex request option
  • Deprecate unknown handler constructor options
  • Deprecate invalid select_timeout cURL multi handler option values
  • Deprecate raw cURL multi connection cap options in favour of the named options

7.13.3 - 2026-07-08

Changed

  • Adjusted guzzlehttp/promises version constraint to ^2.5.1
  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.4
  • Pass explicit trim characters ahead of the PHP 8.6 trim default change

Fixed

  • Stop matching cookie domains against hosts with a trailing newline
  • Reject HTTP status codes and certificate type extensions with a trailing newline
  • Treat PCRE engine failures as invalid cookie names during cookie validation
  • Report PCRE engine failures when formatting log messages
  • Report PCRE engine failures when splitting no_proxy values

7.13.2 - 2026-07-05

Fixed

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 7.12.0 to 7.14.0.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.14/CHANGELOG.md)
- [Commits](guzzle/guzzle@7.12.0...7.14.0)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-version: 7.14.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@private-packagist

Copy link
Copy Markdown

composer.lock

Dev Package changes

Package Operation From To About
guzzlehttp/guzzle upgrade 7.12.0 ⚠️ 7.14.0 ✅ diff
guzzlehttp/promises upgrade 2.5.0 2.5.1 diff
guzzlehttp/psr7 upgrade 2.12.0 ⚠️ 2.12.4 ✅ diff
symfony/deprecation-contracts upgrade v3.7.0 v3.7.1 diff

Settings · Docs · Powered by Private Packagist

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants