Skip to content

chore(deps-dev): bump guzzlehttp/guzzle from 7.12.0 to 7.13.1 in /vendor-bin/php-coveralls#7819

Merged
vitormattos merged 1 commit into
mainfrom
dependabot/composer/vendor-bin/php-coveralls/guzzlehttp/guzzle-7.12.1
Jun 30, 2026
Merged

chore(deps-dev): bump guzzlehttp/guzzle from 7.12.0 to 7.13.1 in /vendor-bin/php-coveralls#7819
vitormattos merged 1 commit into
mainfrom
dependabot/composer/vendor-bin/php-coveralls/guzzlehttp/guzzle-7.12.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps guzzlehttp/guzzle from 7.12.0 to 7.13.1.

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.13.1

Fixed

  • Allow middleware to rewrite partial URIs before transports validate them

7.13.0

Added

  • Added the crypto_method_max request option to cap the maximum TLS protocol version
  • Added HTTP QUERY redirect support, preserving method and body on 301 and 302

Changed

  • Section proxy tunnel connection reuse by credential so distinct credentials never share a tunnel
  • Isolate concurrent foreign cURL proxy tunnels added while another owner's tunnel is active
  • Route credentialed HTTP(S) proxy Proxy-Authorization headers through cURL proxy header handling
  • Reject request-level CURLOPT_SHARE when combined with authenticated HTTP/HTTPS proxy tunnel configuration
  • Remove deprecation for raw cURL CURLOPT_PREREQFUNCTION callbacks when defined by PHP cURL
  • Route TLS 1.2 crypto_method requests to the stream handler when cURL cannot select TLS 1.2
  • Reject final request URIs missing a scheme or host before transfer

Deprecated

  • Deprecate invalid protocols, force_ip_resolve, delay, cookies, and allow_redirects values

7.12.3

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.3

Security

7.12.2

Fixed

  • Clamp out-of-range Max-Age so a very large value no longer overflows to an already-expired timestamp
  • Use strict comparison in CookieJar conflict resolution so distinct numeric-string names don't overwrite
  • Store a cookie whose Domain has a trailing dot on the origin host instead of silently discarding it
  • Fix StreamHandler hard-failing on bracketed IPv6 literal hosts when force_ip_resolve is set
  • Use strict cookie Path comparison so CookieJar::clear() with a numeric path keeps a distinct-path cookie
  • Fixed cookie handling for falsey Domain, Max-Age, path, and name values
  • Fixed decode_content handling for falsey string values
  • Fixed deprecated request option values reaching built-in handlers before normalization

7.12.1

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.1

... (truncated)

Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.13.1 - 2026-06-29

Fixed

  • Allow middleware to rewrite partial URIs before transports validate them

7.13.0 - 2026-06-29

Added

  • Added the crypto_method_max request option to cap the maximum TLS protocol version
  • Added HTTP QUERY redirect support, preserving method and body on 301 and 302

Changed

  • Section proxy tunnel connection reuse by credential so distinct credentials never share a tunnel
  • Isolate concurrent foreign cURL proxy tunnels added while another owner's tunnel is active
  • Route credentialed HTTP(S) proxy Proxy-Authorization headers through cURL proxy header handling
  • Reject request-level CURLOPT_SHARE when combined with authenticated HTTP/HTTPS proxy tunnel configuration
  • Remove deprecation for raw cURL CURLOPT_PREREQFUNCTION callbacks when defined by PHP cURL
  • Route TLS 1.2 crypto_method requests to the stream handler when cURL cannot select TLS 1.2
  • Reject final request URIs missing a scheme or host before transfer

Deprecated

  • Deprecate invalid protocols, force_ip_resolve, delay, cookies, and allow_redirects values

7.12.3 - 2026-06-23

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.3

Security

7.12.2 - 2026-06-23

Fixed

  • Clamp out-of-range Max-Age so a very large value no longer overflows to an already-expired timestamp
  • Use strict comparison in CookieJar conflict resolution so distinct numeric-string names don't overwrite
  • Store a cookie whose Domain has a trailing dot on the origin host instead of silently discarding it
  • Fix StreamHandler hard-failing on bracketed IPv6 literal hosts when force_ip_resolve is set
  • Use strict cookie Path comparison so CookieJar::clear() with a numeric path keeps a distinct-path cookie
  • Fixed cookie handling for falsey Domain, Max-Age, path, and name values

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels Jun 19, 2026
@github-project-automation github-project-automation Bot moved this to 0. Needs triage in Roadmap Jun 19, 2026

@vitormattos vitormattos left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

@github-project-automation github-project-automation Bot moved this from 0. Needs triage to 1. to do in Roadmap Jun 19, 2026
@vitormattos

Copy link
Copy Markdown
Member

@dependabot recreate

Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 7.12.0 to 7.13.1.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.13/CHANGELOG.md)
- [Commits](guzzle/guzzle@7.12.0...7.13.1)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-version: 7.12.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps-dev): bump guzzlehttp/guzzle from 7.12.0 to 7.12.1 in /vendor-bin/php-coveralls chore(deps-dev): bump guzzlehttp/guzzle from 7.12.0 to 7.13.1 in /vendor-bin/php-coveralls Jun 30, 2026
@dependabot dependabot Bot force-pushed the dependabot/composer/vendor-bin/php-coveralls/guzzlehttp/guzzle-7.12.1 branch from 4218db1 to 0f4a708 Compare June 30, 2026 20:23

@vitormattos vitormattos left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

@vitormattos vitormattos merged commit 906a846 into main Jun 30, 2026
73 checks passed
@vitormattos vitormattos deleted the dependabot/composer/vendor-bin/php-coveralls/guzzlehttp/guzzle-7.12.1 branch June 30, 2026 21:12
@github-project-automation github-project-automation Bot moved this from 1. to do to 4. to release in Roadmap Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update Php code

Projects

Status: 4. to release

Development

Successfully merging this pull request may close these issues.

1 participant