Skip to content

Update dependency guzzlehttp/guzzle to v7.12.3#385

Merged
renovate[bot] merged 1 commit into
masterfrom
renovate/guzzlehttp-guzzle-7.x
Jun 23, 2026
Merged

Update dependency guzzlehttp/guzzle to v7.12.3#385
renovate[bot] merged 1 commit into
masterfrom
renovate/guzzlehttp-guzzle-7.x

Conversation

@renovate

@renovate renovate Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
guzzlehttp/guzzle (source) 7.12.17.12.3 age confidence

Release Notes

guzzle/guzzle (guzzlehttp/guzzle)

v7.12.3

Compare Source

Changed
  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.3
Security

v7.12.2

Compare Source

Fixed
  • Clamp out-of-range Max-Age so a very large value no longer overflows to an already-expired timestamp
  • Use strict comparison in CookieJar conflict resolution so distinct numeric-string names don't overwrite
  • Store a cookie whose Domain has a trailing dot on the origin host instead of silently discarding it
  • Fix StreamHandler hard-failing on bracketed IPv6 literal hosts when force_ip_resolve is set
  • Use strict cookie Path comparison so CookieJar::clear() with a numeric path keeps a distinct-path cookie
  • Fixed cookie handling for falsey Domain, Max-Age, path, and name values
  • Fixed decode_content handling for falsey string values
  • Fixed deprecated request option values reaching built-in handlers before normalization

v7.12.1

Compare Source

Changed
  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.1
Fixed
  • Reject proxy URLs with a malformed scheme in the cURL handlers instead of letting libcurl mishandle them
Security

v7.12.0

Compare Source

Added
  • Added RequestOptions constants for curl, retries, and stream_context
Changed
  • Adjusted guzzlehttp/psr7 version constraint to ^2.12
  • Constrain cURL transport sharing to safe libcurl DNS and SSL session support
  • Resolve proxy environment variables in the cURL handlers; libcurl no longer reads the environment itself
  • Ignore proxy environment variables when the proxy request option makes a decision
  • Disable proxy environment variables on Windows SAPIs other than CLI (httpoxy hardening)
  • Redact proxy credentials from cURL handler error messages, following Psr7\Utils::redactUserInfo()
  • Normalize no-proxy domain and IP literal matching across the cURL and stream handlers
Deprecated
  • Deprecated the request-level handler option, which will be ignored in 8.0
  • Deprecated raw cURL request options outside the built-in cURL handlers' allow-list
  • Deprecated the CURLOPT_PROXYTYPE cURL request option; set the proxy type via a scheme-prefixed proxy URL
  • Deprecated PHP stream context options outside the built-in stream handler allow-list
  • Deprecated passing ntlm as a built-in auth type
  • Deprecated Utils::describeType()
  • Deprecated non-finite floats in the query and form_params options; 8.0 rejects them
  • Deprecated non-string scalar values in the body option; 8.0 rejects them
Fixed
  • Fix cURL TLS and HTTP/2 capability detection using libcurl feature checks
  • Fix proxy no list matches being re-proxied through environment-configured proxies by libcurl
  • Fix no list and NO_PROXY matching to support IP CIDR ranges, matching libcurl
  • Fix the stream handler not applying scheme-less proxies and their credentials

v7.11.2

Compare Source

Fixed
  • Fixed non-finite float values emitting coercion warnings on PHP 8.5

v7.11.1

Compare Source

Fixed
  • Ignore request-level transport_sharing, matching other unknown request options

v7.11.0

Compare Source

Added
  • Added support for providing the proxy request option's no value as a comma-delimited string
  • Added the protocols request option to restrict allowed URI schemes for request transfers
  • Added cert_type and ssl_key_type request options for TLS certificate and private-key file types
  • Added PHP stream handler support for the ssl_key request option
  • Added transport sharing via the transport_sharing client and cURL handler options
Changed
  • Adjusted guzzlehttp/promises version constraint to ^2.5
  • Adjusted guzzlehttp/psr7 version constraint to ^2.11
  • Allowed domainless SetCookie instances to be stored without wildcard request matching
  • Changed no-proxy matching to respect request ports for host-and-port rules
  • Prevented CurlMultiHandler destructors from throwing during cleanup
  • Improved invalid response handling across handlers
Deprecated
  • Deprecated non-iterable Pool request collections, which will be rejected in 8.0
  • Deprecated non-uppercase easy request methods; 8.0 preserves method casing
  • Deprecated non-string headers request option values, which will be rejected in 8.0
  • Deprecated empty headers request option value arrays, which will be rejected in 8.0
  • Deprecated empty and malformed request protocol versions, which will be rejected in 8.0
  • Deprecated conflicting raw cURL request options, including CURLOPT_SHARE, which will be rejected in 8.0
  • Deprecated scalar-coerced idn_conversion request option values, which will be rejected in 8.0
  • Deprecated invalid documented request option value types, which will be rejected in 8.0
  • Deprecated selected request options ignored by incompatible built-in handlers, which will be rejected in 8.0
  • Deprecated RequestException::wrapException(), which will be removed in 8.0
  • Deprecated RetryMiddleware::exponentialDelay(), which will be removed in 8.0

v7.10.6

Compare Source

Fixed
  • CurlMultiHandler now rejects the promise when CurlFactory::finish() throws, preserving sibling transfers
  • SetCookie now normalizes unparseable Expires values to null instead of false
  • Fix stream handler decoded gzip/deflate truncation by dropping invalid Content-Length

v7.10.5

Compare Source

Fixed
  • Defer cURL multi cancellation cleanup until after progress callbacks return
  • Classify additional stream handler connection failures as ConnectException

v7.10.4

Compare Source

Fixed
  • Fix IPv6 literal matching in no-proxy rules
  • Handle cURL multi completion messages without handles after cancelled transfers
  • Fix magic client request methods such as options() to uppercase inferred HTTP methods

v7.10.3

Compare Source

Fixed
  • Fail clearly when an HTTP response header line is invalid
  • Remove middleware by name when the name is also a callable string
  • Treat empty request protocol versions as HTTP/1.1

v7.10.2

Compare Source

Fixed
  • Normalize HTTP version request options before applying them to PSR-7 requests
  • Use string values for headers generated by request preparation and response decoding

v7.10.1

Compare Source

Fixed
  • Fail clearly when cURL options cannot be applied
  • Fail clearly when the certificate option is malformed
  • Fail clearly when JSON decode depth is invalid
  • Fail clearly when session cookie data is malformed
  • Fail clearly when the stream progress option is not callable
  • Prevent response creation failures from exposing stale cURL responses

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the update Update of the dependencies of the project label Jun 23, 2026
@renovate renovate Bot enabled auto-merge (squash) June 23, 2026 17:39
@renovate

renovate Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: composer.lock
Command failed: composer update guzzlehttp/guzzle:7.12.3 --with-dependencies --ignore-platform-req=ext-* --ignore-platform-req=lib-* --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins --minimal-changes
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires laravel/framework 9.52.21 (exact version match: 9.52.21 or 9.52.21.0), found laravel/framework[v9.52.21] but the package is fixed to v9.52.20 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
  Problem 2
    - Root composer.json requires laravel/tinker 2.11.1 (exact version match: 2.11.1 or 2.11.1.0), found laravel/tinker[v2.11.1] but the package is fixed to v2.10.1 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
  Problem 3
    - Root composer.json requires laravel/pint 1.29.3 (exact version match: 1.29.3 or 1.29.3.0), found laravel/pint[v1.29.3] but the package is fixed to v1.24.0 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
  Problem 4
    - Root composer.json requires laravel/sail 1.62.0 (exact version match: 1.62.0 or 1.62.0.0), found laravel/sail[v1.62.0] but the package is fixed to v1.45.0 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
  Problem 5
    - Root composer.json requires phpstan/phpstan 1.12.33 (exact version match: 1.12.33 or 1.12.33.0), found phpstan/phpstan[1.12.33] but the package is fixed to 1.12.28 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
  Problem 6
    - Root composer.json requires phpunit/phpunit 9.6.34 (exact version match: 9.6.34 or 9.6.34.0), found phpunit/phpunit[9.6.34] but the package is fixed to 9.6.25 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
  Problem 7
    - Root composer.json requires spatie/laravel-ignition 1.7.2 (exact version match: 1.7.2 or 1.7.2.0), found spatie/laravel-ignition[1.7.2] but the package is fixed to 1.7.0 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
  Problem 8
    - Root composer.json requires squizlabs/php_codesniffer 3.13.5 (exact version match: 3.13.5 or 3.13.5.0), found squizlabs/php_codesniffer[3.13.5] but the package is fixed to 3.13.4 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
  Problem 9
    - laravel-doctrine/orm is locked to version 1.8.3 and an update of this package was not requested.
    - laravel-doctrine/orm 1.8.3 requires illuminate/auth ^9.0 -> satisfiable by laravel/framework[v9.52.20].
    - laravel/framework v9.52.20 requires league/commonmark ^2.2.1 -> satisfiable by league/commonmark[2.6.1].
    - league/commonmark 2.6.1 requires league/config ^1.1.1 -> satisfiable by league/config[v1.2.0].
    - league/config v1.2.0 requires nette/schema ^1.2 -> satisfiable by nette/schema[v1.3.2].
    - nette/schema v1.3.2 requires php 8.1 - 8.4 -> your php version (8.5.7) does not satisfy that requirement.

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.

@renovate renovate Bot merged commit c006154 into master Jun 23, 2026
3 of 5 checks passed
@renovate renovate Bot deleted the renovate/guzzlehttp-guzzle-7.x branch June 23, 2026 17:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

update Update of the dependencies of the project

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants