Skip to content

chore(deps): update dependency guzzlehttp/guzzle to v7.13.1#31

Merged
renovate[bot] merged 1 commit into
mainfrom
renovate/guzzlehttp-guzzle-7.x-lockfile
Jul 15, 2026
Merged

chore(deps): update dependency guzzlehttp/guzzle to v7.13.1#31
renovate[bot] merged 1 commit into
mainfrom
renovate/guzzlehttp-guzzle-7.x-lockfile

Conversation

@renovate

@renovate renovate Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
guzzlehttp/guzzle (source) 7.12.17.13.1 age confidence

Release Notes

guzzle/guzzle (guzzlehttp/guzzle)

v7.13.1

Compare Source

Fixed
  • Allow middleware to rewrite partial URIs before transports validate them

v7.13.0

Compare Source

Added
  • Added the crypto_method_max request option to cap the maximum TLS protocol version
  • Added HTTP QUERY redirect support, preserving method and body on 301 and 302
Changed
  • Section proxy tunnel connection reuse by credential so distinct credentials never share a tunnel
  • Isolate concurrent foreign cURL proxy tunnels added while another owner's tunnel is active
  • Route credentialed HTTP(S) proxy Proxy-Authorization headers through cURL proxy header handling
  • Reject request-level CURLOPT_SHARE when combined with authenticated HTTP/HTTPS proxy tunnel configuration
  • Remove deprecation for raw cURL CURLOPT_PREREQFUNCTION callbacks when defined by PHP cURL
  • Route TLS 1.2 crypto_method requests to the stream handler when cURL cannot select TLS 1.2
  • Reject final request URIs missing a scheme or host before transfer
Deprecated
  • Deprecate invalid protocols, force_ip_resolve, delay, cookies, and allow_redirects values

v7.12.3

Compare Source

Changed
  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.3
Security

v7.12.2

Compare Source

Fixed
  • Clamp out-of-range Max-Age so a very large value no longer overflows to an already-expired timestamp
  • Use strict comparison in CookieJar conflict resolution so distinct numeric-string names don't overwrite
  • Store a cookie whose Domain has a trailing dot on the origin host instead of silently discarding it
  • Fix StreamHandler hard-failing on bracketed IPv6 literal hosts when force_ip_resolve is set
  • Use strict cookie Path comparison so CookieJar::clear() with a numeric path keeps a distinct-path cookie
  • Fixed cookie handling for falsey Domain, Max-Age, path, and name values
  • Fixed decode_content handling for falsey string values
  • Fixed deprecated request option values reaching built-in handlers before normalization

Configuration

📅 Schedule: (in timezone Europe/Berlin)

  • Branch creation
    • Between 12:00 AM and 06:59 AM, only on Monday (* 0-6 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
renovate Bot merged commit 8ac9530 into main Jul 15, 2026
4 checks passed
@renovate
renovate Bot deleted the renovate/guzzlehttp-guzzle-7.x-lockfile branch July 15, 2026 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants