Skip to content

chore(deps): bump the php-deps group across 1 directory with 3 updates#122

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/legacy/php-deps-49e52d0a92
Open

chore(deps): bump the php-deps group across 1 directory with 3 updates#122
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/legacy/php-deps-49e52d0a92

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor

Bumps the php-deps group with 3 updates in the /legacy directory: guzzlehttp/guzzle, phpunit/phpunit and friendsofphp/php-cs-fixer.

Updates guzzlehttp/guzzle from 7.13.1 to 7.14.1

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.14.1

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.5

Fixed

  • Fail closed when a proxy tunnel isolation cURL option cannot be applied
  • Normalize Stringable proxy credential values before computing connection-reuse section signatures
  • Restore conservative credential redaction for unparseable proxies with multiple @ separators
  • Redact request URI credentials from the stream handler connection error message
  • Reject enabled response streaming (stream => true) on cap-configured stream handlers
  • Distinguish CurlMultiHandler and StreamHandler outcomes in connection-cap custom-handler guidance
  • Reject raw cURL options that conflict with explicit multiplexing guarantees
  • Stop explicit multiplexing conflict checks faulting on non-array cURL multi options values
  • Reject required multiplexing when the final CURLOPT_HTTPAUTH mask permits NTLM
  • Require an integer CURLMOPT_PIPELINING when combined with explicit multiplexing
  • Check the required multiplexing cleartext proxy rule against the final cURL configuration
  • Bound cURL multi handler blocking selects by the earliest pending request delay
  • Stop synchronous cURL multi handler waits blocking on other transfers once the target has settled
  • Stop cURL multi completion processing double-settling promises canceled from completion callbacks
  • Run ready promise queue tasks before sleeping for delayed cURL multi requests
  • Avoid integer overflow in cURL multi delay timing on 32-bit platforms
  • Roll back failed cURL multi handle attachment instead of leaving requests pending
  • Release the cURL easy handle when the on_stats callback throws
  • Normalize response trailer field names to lowercase with values in wire order
  • Retain response trailers only when an on_trailers callback is configured
  • Validate the on_trailers callback before starting a cURL transfer
  • Reject the on_trailers request option on the stream handler, which cannot observe trailers
  • Match cookies, proxy schemes, auth types, and header names with locale-independent ASCII folding
  • Reject proxy option values that Guzzle cannot classify identically to ext-curl

7.14.0

Added

  • Added the on_trailers request option to expose parsed HTTP response trailers
  • Added the multiplex request option with Multiplexing::* modes to control or require HTTP/2 multiplexing
  • Added rejection of explicit multiplex requests when CURLMOPT_PIPELINING disables multiplexing
  • Added the max_host_connections and max_total_connections client and cURL multi handler options

Changed

  • Redirects that discard the request body no longer require it to be rewindable
  • Synchronous cURL multi handler requests no longer wait for other queued transfers
  • Section SOCKS proxy connections by credentials on libcurl before 7.69.0
  • Reject request-level CURLOPT_SHARE when combined with authenticated SOCKS proxy configuration
  • Redact proxy userinfo containing raw control bytes in cURL errors
  • Check linked curl/libcurl NTLM support before applying NTLM auth
  • Clarify that NTLM is deprecated by both Guzzle and curl/libcurl
  • Remove deprecation for the raw cURL CURLOPT_CERTINFO option

... (truncated)

Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.14.1 - 2026-07-13

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.5

Fixed

  • Fail closed when a proxy tunnel isolation cURL option cannot be applied
  • Normalize Stringable proxy credential values before computing connection-reuse section signatures
  • Restore conservative credential redaction for unparseable proxies with multiple @ separators
  • Redact request URI credentials from the stream handler connection error message
  • Reject enabled response streaming (stream => true) on cap-configured stream handlers
  • Distinguish CurlMultiHandler and StreamHandler outcomes in connection-cap custom-handler guidance
  • Reject raw cURL options that conflict with explicit multiplexing guarantees
  • Stop explicit multiplexing conflict checks faulting on non-array cURL multi options values
  • Reject required multiplexing when the final CURLOPT_HTTPAUTH mask permits NTLM
  • Require an integer CURLMOPT_PIPELINING when combined with explicit multiplexing
  • Check the required multiplexing cleartext proxy rule against the final cURL configuration
  • Bound cURL multi handler blocking selects by the earliest pending request delay
  • Stop synchronous cURL multi handler waits blocking on other transfers once the target has settled
  • Stop cURL multi completion processing double-settling promises canceled from completion callbacks
  • Run ready promise queue tasks before sleeping for delayed cURL multi requests
  • Avoid integer overflow in cURL multi delay timing on 32-bit platforms
  • Roll back failed cURL multi handle attachment instead of leaving requests pending
  • Release the cURL easy handle when the on_stats callback throws
  • Normalize response trailer field names to lowercase with values in wire order
  • Retain response trailers only when an on_trailers callback is configured
  • Validate the on_trailers callback before starting a cURL transfer
  • Reject the on_trailers request option on the stream handler, which cannot observe trailers
  • Match cookies, proxy schemes, auth types, and header names with locale-independent ASCII folding
  • Reject proxy option values that Guzzle cannot classify identically to ext-curl

7.14.0 - 2026-07-08

Added

  • Added the on_trailers request option to expose parsed HTTP response trailers
  • Added the multiplex request option with Multiplexing::* modes to control or require HTTP/2 multiplexing
  • Added rejection of explicit multiplex requests when CURLMOPT_PIPELINING disables multiplexing
  • Added the max_host_connections and max_total_connections client and cURL multi handler options

Changed

  • Redirects that discard the request body no longer require it to be rewindable
  • Synchronous cURL multi handler requests no longer wait for other queued transfers
  • Section SOCKS proxy connections by credentials on libcurl before 7.69.0
  • Reject request-level CURLOPT_SHARE when combined with authenticated SOCKS proxy configuration
  • Redact proxy userinfo containing raw control bytes in cURL errors

... (truncated)

Commits
  • 6b1d242 Release 7.14.1
  • ecc7e53 Bump guzzlehttp/psr7 to ^2.12.5 (#3868)
  • f8e8f4d Reject ambiguous raw proxy option types (#3862)
  • 89e3d12 Tidy the 7.14.1 changelog (#3859)
  • 3ebe5d8 Fix the multiplex conflict check for non-array multi options (#3858)
  • 3384955 Fail closed on tunnel isolation and normalize proxy credentials (#3854)
  • caf0f4e Correct the stream handler connection-cap contract wording (#3842)
  • 97aa9ea Compare cookie and credential header names with ASCII folding (#3848)
  • 29dd901 Use locale-independent ASCII folding for matching decisions (#3845)
  • 1eaec96 Roll back failed cURL multi handle attachment (#3827)
  • Additional commits viewable in compare view

Updates phpunit/phpunit from 11.5.55 to 11.5.56

Release notes

Sourced from phpunit/phpunit's releases.

PHPUnit 11.5.56

Changed

  • #6797: Adapt code generated for test double of interface with constructor for PHP 8.6

Learn how to install or update PHPUnit 11.5 in the documentation.

Keep up to date with PHPUnit:

Changelog

Sourced from phpunit/phpunit's changelog.

[11.5.56] - 2026-07-06

Changed

  • #6797: Adapt code generated for test double of interface with constructor for PHP 8.6
Commits

Updates friendsofphp/php-cs-fixer from 3.95.11 to 3.95.13

Release notes

Sourced from friendsofphp/php-cs-fixer's releases.

v3.95.13 Adalbertus

What's Changed

Full Changelog: PHP-CS-Fixer/PHP-CS-Fixer@v3.95.12...v3.95.13

v3.95.12 Adalbertus

What's Changed

Full Changelog: PHP-CS-Fixer/PHP-CS-Fixer@v3.95.11...v3.95.12

Changelog

Sourced from friendsofphp/php-cs-fixer's changelog.

Changelog for v3.95.13

  • fix: SelfAccessorFixer - do not replace constant with same name as class in the middle of a static access chain (#9716)
  • fix: SingleClassElementPerStatementFixer - do not drop type of typed constants (#9706)

Changelog for v3.95.12

  • fix: BinaryOperatorSpacesFixer - do not align nested array in yield with following yields (#9708)
  • chore: cleanup RuleSetDocumentationGenerator (#9705)
  • chore: unblock self-approval (#9699)
  • deps: bump crate-ci/typos from 1.47.2 to 1.48.0 in /.github/workflows in the all group across 1 directory (#9712)
  • deps: bump shipmonk/dead-code-detector from 1.2.1 to 1.3.0 in /dev-tools in the shipmonk group across 1 directory (#9711)
  • deps: bump the all group across 2 directories with 1 update (#9704)
  • deps: bump the phpstan group in /dev-tools with 2 updates (#9710)
  • deps: PHPUnit - PHP 8.6 compat changes (#9714)
Commits
  • ea94111 prepared the 3.95.13 release
  • 21c4a4c fix: SingleClassElementPerStatementFixer - do not drop type of typed consta...
  • 6781e80 fix: SelfAccessorFixer - do not replace constant with same name as class in...
  • 02b69f8 bumped version
  • b1b9055 prepared the 3.95.12 release
  • 7476331 deps: PHPUnit - PHP 8.6 compat changes (#9714)
  • 9a881c2 fix: BinaryOperatorSpacesFixer - do not align nested array in yield with fo...
  • c733bbf deps: bump shipmonk/dead-code-detector from 1.2.1 to 1.3.0 in /dev-tools in t...
  • 320cb97 deps: bump the phpstan group in /dev-tools with 2 updates (#9710)
  • a297418 deps: bump crate-ci/typos from 1.47.2 to 1.48.0 in /.github/workflows in the ...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Jul 7, 2026
Copilot AI review requested due to automatic review settings July 7, 2026 14:33
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Jul 7, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.

Bumps the php-deps group with 3 updates in the /legacy directory: [guzzlehttp/guzzle](https://github.com/guzzle/guzzle), [phpunit/phpunit](https://github.com/sebastianbergmann/phpunit) and [friendsofphp/php-cs-fixer](https://github.com/PHP-CS-Fixer/PHP-CS-Fixer).


Updates `guzzlehttp/guzzle` from 7.13.1 to 7.14.1
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.15/CHANGELOG.md)
- [Commits](guzzle/guzzle@7.13.1...7.14.1)

Updates `phpunit/phpunit` from 11.5.55 to 11.5.56
- [Release notes](https://github.com/sebastianbergmann/phpunit/releases)
- [Changelog](https://github.com/sebastianbergmann/phpunit/blob/11.5.56/ChangeLog-11.5.md)
- [Commits](sebastianbergmann/phpunit@11.5.55...11.5.56)

Updates `friendsofphp/php-cs-fixer` from 3.95.11 to 3.95.13
- [Release notes](https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/releases)
- [Changelog](https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/blob/master/CHANGELOG.md)
- [Commits](PHP-CS-Fixer/PHP-CS-Fixer@v3.95.11...v3.95.13)

---
updated-dependencies:
- dependency-name: friendsofphp/php-cs-fixer
  dependency-version: 3.95.12
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: php-deps
- dependency-name: guzzlehttp/guzzle
  dependency-version: 7.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: php-deps
- dependency-name: phpunit/phpunit
  dependency-version: 11.5.56
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: php-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump the php-deps group in /legacy with 3 updates chore(deps): bump the php-deps group across 1 directory with 3 updates Jul 14, 2026
@dependabot dependabot Bot force-pushed the dependabot/composer/legacy/php-deps-49e52d0a92 branch from 1e06e1d to d1f1560 Compare July 14, 2026 14:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant