Skip to content

Chore(deps-dev): Bump guzzlehttp/guzzle from 7.11.1 to 7.12.3 in /vendor-bin/psalm#3454

Merged
github-actions[bot] merged 1 commit into
stable5.3from
dependabot/composer/vendor-bin/psalm/stable5.3/guzzlehttp/guzzle-7.12.1
Jun 27, 2026
Merged

Chore(deps-dev): Bump guzzlehttp/guzzle from 7.11.1 to 7.12.3 in /vendor-bin/psalm#3454
github-actions[bot] merged 1 commit into
stable5.3from
dependabot/composer/vendor-bin/psalm/stable5.3/guzzlehttp/guzzle-7.12.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 27, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps guzzlehttp/guzzle from 7.11.1 to 7.12.3.

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.12.3

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.3

Security

7.12.2

Fixed

  • Clamp out-of-range Max-Age so a very large value no longer overflows to an already-expired timestamp
  • Use strict comparison in CookieJar conflict resolution so distinct numeric-string names don't overwrite
  • Store a cookie whose Domain has a trailing dot on the origin host instead of silently discarding it
  • Fix StreamHandler hard-failing on bracketed IPv6 literal hosts when force_ip_resolve is set
  • Use strict cookie Path comparison so CookieJar::clear() with a numeric path keeps a distinct-path cookie
  • Fixed cookie handling for falsey Domain, Max-Age, path, and name values
  • Fixed decode_content handling for falsey string values
  • Fixed deprecated request option values reaching built-in handlers before normalization

7.12.1

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.1

Fixed

  • Reject proxy URLs with a malformed scheme in the cURL handlers instead of letting libcurl mishandle them

Security

7.12.0

Added

  • Added RequestOptions constants for curl, retries, and stream_context

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12
  • Constrain cURL transport sharing to safe libcurl DNS and SSL session support
  • Resolve proxy environment variables in the cURL handlers; libcurl no longer reads the environment itself
  • Ignore proxy environment variables when the proxy request option makes a decision
  • Disable proxy environment variables on Windows SAPIs other than CLI (httpoxy hardening)
  • Redact proxy credentials from cURL handler error messages, following Psr7\Utils::redactUserInfo()
  • Normalize no-proxy domain and IP literal matching across the cURL and stream handlers

... (truncated)

Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.12.3 - 2026-06-23

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.3

Security

7.12.2 - 2026-06-23

Fixed

  • Clamp out-of-range Max-Age so a very large value no longer overflows to an already-expired timestamp
  • Use strict comparison in CookieJar conflict resolution so distinct numeric-string names don't overwrite
  • Store a cookie whose Domain has a trailing dot on the origin host instead of silently discarding it
  • Fix StreamHandler hard-failing on bracketed IPv6 literal hosts when force_ip_resolve is set
  • Use strict cookie Path comparison so CookieJar::clear() with a numeric path keeps a distinct-path cookie
  • Fixed cookie handling for falsey Domain, Max-Age, path, and name values
  • Fixed decode_content handling for falsey string values
  • Fixed deprecated request option values reaching built-in handlers before normalization

7.12.1 - 2026-06-18

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.1

Fixed

  • Reject proxy URLs with a malformed scheme in the cURL handlers instead of letting libcurl mishandle them

Security

7.12.0 - 2026-06-16

Added

  • Added RequestOptions constants for curl, retries, and stream_context

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12

... (truncated)

Commits

@dependabot dependabot Bot added 3. to review Waiting for reviews dependencies Pull requests that update a dependency file labels Jun 27, 2026
@github-actions github-actions Bot enabled auto-merge June 27, 2026 01:14
@codecov

codecov Bot commented Jun 27, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@Chartman123

Chartman123 commented Jun 27, 2026

Copy link
Copy Markdown
Collaborator

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jun 27, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR is already up-to-date with stable5.3! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@Chartman123

Chartman123 commented Jun 27, 2026

Copy link
Copy Markdown
Collaborator

@dependabot recreate

@dependabot
Chore(deps-dev): Bump guzzlehttp/guzzle in /vendor-bin/psalm
012685c 
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 7.11.1 to 7.12.3.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.12/CHANGELOG.md)
- [Commits](guzzle/guzzle@7.11.1...7.12.3)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-version: 7.12.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Chore(deps-dev): Bump guzzlehttp/guzzle from 7.11.1 to 7.12.1 in /vendor-bin/psalm Chore(deps-dev): Bump guzzlehttp/guzzle from 7.11.1 to 7.12.3 in /vendor-bin/psalm Jun 27, 2026
@dependabot dependabot Bot force-pushed the dependabot/composer/vendor-bin/psalm/stable5.3/guzzlehttp/guzzle-7.12.1 branch from 384b0a6 to 012685c Compare June 27, 2026 15:50
@github-actions github-actions Bot merged commit 6c6a4be into stable5.3 Jun 27, 2026
52 checks passed
@github-actions github-actions Bot deleted the dependabot/composer/vendor-bin/psalm/stable5.3/guzzlehttp/guzzle-7.12.1 branch June 27, 2026 15:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

3. to review Waiting for reviews dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Chartman123