Skip to content

chore(deps): bump guzzlehttp/guzzle from 7.13.2 to 7.14.0 in the minor-and-patch group#41677

Merged
phil-davis merged 1 commit into
masterfrom
dependabot/composer/minor-and-patch-def74cef9e
Jul 13, 2026
Merged

chore(deps): bump guzzlehttp/guzzle from 7.13.2 to 7.14.0 in the minor-and-patch group#41677
phil-davis merged 1 commit into
masterfrom
dependabot/composer/minor-and-patch-def74cef9e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 12, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 1 update: guzzlehttp/guzzle.

Updates guzzlehttp/guzzle from 7.13.2 to 7.14.0

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.14.0

Added

  • Added the on_trailers request option to expose parsed HTTP response trailers
  • Added the multiplex request option with Multiplexing::* modes to control or require HTTP/2 multiplexing
  • Added rejection of explicit multiplex requests when CURLMOPT_PIPELINING disables multiplexing
  • Added the max_host_connections and max_total_connections client and cURL multi handler options

Changed

  • Redirects that discard the request body no longer require it to be rewindable
  • Synchronous cURL multi handler requests no longer wait for other queued transfers
  • Section SOCKS proxy connections by credentials on libcurl before 7.69.0
  • Reject request-level CURLOPT_SHARE when combined with authenticated SOCKS proxy configuration
  • Redact proxy userinfo containing raw control bytes in cURL errors
  • Check linked curl/libcurl NTLM support before applying NTLM auth
  • Clarify that NTLM is deprecated by both Guzzle and curl/libcurl
  • Remove deprecation for the raw cURL CURLOPT_CERTINFO option
  • Warn when a cURL multi option cannot be applied

Deprecated

  • Deprecate the raw CURLOPT_PIPEWAIT cURL option in favour of the multiplex request option
  • Deprecate unknown handler constructor options
  • Deprecate invalid select_timeout cURL multi handler option values
  • Deprecate raw cURL multi connection cap options in favour of the named options

7.13.3

Changed

  • Adjusted guzzlehttp/promises version constraint to ^2.5.1
  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.4
  • Pass explicit trim characters ahead of the PHP 8.6 trim default change

Fixed

  • Stop matching cookie domains against hosts with a trailing newline
  • Reject HTTP status codes and certificate type extensions with a trailing newline
  • Treat PCRE engine failures as invalid cookie names during cookie validation
  • Report PCRE engine failures when formatting log messages
  • Report PCRE engine failures when splitting no_proxy values
Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.14.0 - 2026-07-08

Added

  • Added the on_trailers request option to expose parsed HTTP response trailers
  • Added the multiplex request option with Multiplexing::* modes to control or require HTTP/2 multiplexing
  • Added rejection of explicit multiplex requests when CURLMOPT_PIPELINING disables multiplexing
  • Added the max_host_connections and max_total_connections client and cURL multi handler options

Changed

  • Redirects that discard the request body no longer require it to be rewindable
  • Synchronous cURL multi handler requests no longer wait for other queued transfers
  • Section SOCKS proxy connections by credentials on libcurl before 7.69.0
  • Reject request-level CURLOPT_SHARE when combined with authenticated SOCKS proxy configuration
  • Redact proxy userinfo containing raw control bytes in cURL errors
  • Check linked curl/libcurl NTLM support before applying NTLM auth
  • Clarify that NTLM is deprecated by both Guzzle and curl/libcurl
  • Remove deprecation for the raw cURL CURLOPT_CERTINFO option
  • Warn when a cURL multi option cannot be applied

Deprecated

  • Deprecate the raw CURLOPT_PIPEWAIT cURL option in favour of the multiplex request option
  • Deprecate unknown handler constructor options
  • Deprecate invalid select_timeout cURL multi handler option values
  • Deprecate raw cURL multi connection cap options in favour of the named options

7.13.3 - 2026-07-08

Changed

  • Adjusted guzzlehttp/promises version constraint to ^2.5.1
  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.4
  • Pass explicit trim characters ahead of the PHP 8.6 trim default change

Fixed

  • Stop matching cookie domains against hosts with a trailing newline
  • Reject HTTP status codes and certificate type extensions with a trailing newline
  • Treat PCRE engine failures as invalid cookie names during cookie validation
  • Report PCRE engine failures when formatting log messages
  • Report PCRE engine failures when splitting no_proxy values
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added dependencies php Pull requests that update Php code labels Jul 12, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 12, 2026 22:02
@dependabot dependabot Bot added the php Pull requests that update Php code label Jul 12, 2026
@update-docs

update-docs Bot commented Jul 12, 2026

Copy link
Copy Markdown

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

Bumps the minor-and-patch group with 1 update: [guzzlehttp/guzzle](https://github.com/guzzle/guzzle).


Updates `guzzlehttp/guzzle` from 7.13.2 to 7.14.0
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.14/CHANGELOG.md)
- [Commits](guzzle/guzzle@7.13.2...7.14.0)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-version: 7.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@phil-davis phil-davis force-pushed the dependabot/composer/minor-and-patch-def74cef9e branch from 3e414d8 to 91071ec Compare July 13, 2026 04:12
@phil-davis phil-davis merged commit c373e01 into master Jul 13, 2026
27 checks passed
@phil-davis phil-davis deleted the dependabot/composer/minor-and-patch-def74cef9e branch July 13, 2026 04:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies php Pull requests that update Php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant