Skip to content

Bump guzzlehttp/guzzle from 7.13.2 to 7.14.0#282

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/composer/guzzlehttp/guzzle-7.14.0
Jul 13, 2026
Merged

Bump guzzlehttp/guzzle from 7.13.2 to 7.14.0#282
github-actions[bot] merged 1 commit into
mainfrom
dependabot/composer/guzzlehttp/guzzle-7.14.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps guzzlehttp/guzzle from 7.13.2 to 7.14.0.

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.14.0

Added

  • Added the on_trailers request option to expose parsed HTTP response trailers
  • Added the multiplex request option with Multiplexing::* modes to control or require HTTP/2 multiplexing
  • Added rejection of explicit multiplex requests when CURLMOPT_PIPELINING disables multiplexing
  • Added the max_host_connections and max_total_connections client and cURL multi handler options

Changed

  • Redirects that discard the request body no longer require it to be rewindable
  • Synchronous cURL multi handler requests no longer wait for other queued transfers
  • Section SOCKS proxy connections by credentials on libcurl before 7.69.0
  • Reject request-level CURLOPT_SHARE when combined with authenticated SOCKS proxy configuration
  • Redact proxy userinfo containing raw control bytes in cURL errors
  • Check linked curl/libcurl NTLM support before applying NTLM auth
  • Clarify that NTLM is deprecated by both Guzzle and curl/libcurl
  • Remove deprecation for the raw cURL CURLOPT_CERTINFO option
  • Warn when a cURL multi option cannot be applied

Deprecated

  • Deprecate the raw CURLOPT_PIPEWAIT cURL option in favour of the multiplex request option
  • Deprecate unknown handler constructor options
  • Deprecate invalid select_timeout cURL multi handler option values
  • Deprecate raw cURL multi connection cap options in favour of the named options

7.13.3

Changed

  • Adjusted guzzlehttp/promises version constraint to ^2.5.1
  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.4
  • Pass explicit trim characters ahead of the PHP 8.6 trim default change

Fixed

  • Stop matching cookie domains against hosts with a trailing newline
  • Reject HTTP status codes and certificate type extensions with a trailing newline
  • Treat PCRE engine failures as invalid cookie names during cookie validation
  • Report PCRE engine failures when formatting log messages
  • Report PCRE engine failures when splitting no_proxy values
Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.14.0 - 2026-07-08

Added

  • Added the on_trailers request option to expose parsed HTTP response trailers
  • Added the multiplex request option with Multiplexing::* modes to control or require HTTP/2 multiplexing
  • Added rejection of explicit multiplex requests when CURLMOPT_PIPELINING disables multiplexing
  • Added the max_host_connections and max_total_connections client and cURL multi handler options

Changed

  • Redirects that discard the request body no longer require it to be rewindable
  • Synchronous cURL multi handler requests no longer wait for other queued transfers
  • Section SOCKS proxy connections by credentials on libcurl before 7.69.0
  • Reject request-level CURLOPT_SHARE when combined with authenticated SOCKS proxy configuration
  • Redact proxy userinfo containing raw control bytes in cURL errors
  • Check linked curl/libcurl NTLM support before applying NTLM auth
  • Clarify that NTLM is deprecated by both Guzzle and curl/libcurl
  • Remove deprecation for the raw cURL CURLOPT_CERTINFO option
  • Warn when a cURL multi option cannot be applied

Deprecated

  • Deprecate the raw CURLOPT_PIPEWAIT cURL option in favour of the multiplex request option
  • Deprecate unknown handler constructor options
  • Deprecate invalid select_timeout cURL multi handler option values
  • Deprecate raw cURL multi connection cap options in favour of the named options

7.13.3 - 2026-07-08

Changed

  • Adjusted guzzlehttp/promises version constraint to ^2.5.1
  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.4
  • Pass explicit trim characters ahead of the PHP 8.6 trim default change

Fixed

  • Stop matching cookie domains against hosts with a trailing newline
  • Reject HTTP status codes and certificate type extensions with a trailing newline
  • Treat PCRE engine failures as invalid cookie names during cookie validation
  • Report PCRE engine failures when formatting log messages
  • Report PCRE engine failures when splitting no_proxy values
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 7.13.2 to 7.14.0.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.15/CHANGELOG.md)
- [Commits](guzzle/guzzle@7.13.2...7.14.0)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-version: 7.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Jul 13, 2026
@github-actions github-actions Bot enabled auto-merge (squash) July 13, 2026 08:06
@github-actions github-actions Bot merged commit 238fd52 into main Jul 13, 2026
29 checks passed
@github-actions github-actions Bot deleted the dependabot/composer/guzzlehttp/guzzle-7.14.0 branch July 13, 2026 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Development

Successfully merging this pull request may close these issues.

0 participants