Skip to content

chore(deps): bump guzzlehttp/guzzle from 7.13.0 to 7.13.3#1194

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/guzzlehttp/guzzle-7.13.3
Closed

chore(deps): bump guzzlehttp/guzzle from 7.13.0 to 7.13.3#1194
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/guzzlehttp/guzzle-7.13.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps guzzlehttp/guzzle from 7.13.0 to 7.13.3.

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.13.3

Changed

  • Adjusted guzzlehttp/promises version constraint to ^2.5.1
  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.4
  • Pass explicit trim characters ahead of the PHP 8.6 trim default change

Fixed

  • Stop matching cookie domains against hosts with a trailing newline
  • Reject HTTP status codes and certificate type extensions with a trailing newline
  • Treat PCRE engine failures as invalid cookie names during cookie validation
  • Report PCRE engine failures when formatting log messages
  • Report PCRE engine failures when splitting no_proxy values

7.13.2

Fixed

  • Stop the cURL multi handler busy-waiting on request delays shorter than one second
  • Stop cURL HEAD requests with request bodies hanging on responses that declare a content length
  • The cURL handler no longer transmits request bodies on HEAD requests
  • Preserve response headers when a response includes HTTP trailers
  • Harden cURL response header block detection when HTTP trailers are received
  • Corrected the PSR-7 class names in the Pool iterator exception
  • Redirect body rewind failures no longer leak a bare RuntimeException

7.13.1

Fixed

  • Allow middleware to rewrite partial URIs before transports validate them
Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.13.3 - 2026-07-08

Changed

  • Adjusted guzzlehttp/promises version constraint to ^2.5.1
  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.4
  • Pass explicit trim characters ahead of the PHP 8.6 trim default change

Fixed

  • Stop matching cookie domains against hosts with a trailing newline
  • Reject HTTP status codes and certificate type extensions with a trailing newline
  • Treat PCRE engine failures as invalid cookie names during cookie validation
  • Report PCRE engine failures when formatting log messages
  • Report PCRE engine failures when splitting no_proxy values

7.13.2 - 2026-07-05

Fixed

  • Stop the cURL multi handler busy-waiting on request delays shorter than one second
  • Stop cURL HEAD requests with request bodies hanging on responses that declare a content length
  • The cURL handler no longer transmits request bodies on HEAD requests
  • Preserve response headers when a response includes HTTP trailers
  • Harden cURL response header block detection when HTTP trailers are received
  • Corrected the PSR-7 class names in the Pool iterator exception
  • Redirect body rewind failures no longer leak a bare RuntimeException

7.13.1 - 2026-06-29

Fixed

  • Allow middleware to rewrite partial URIs before transports validate them
Commits
  • caa5491 Release 7.13.3
  • 307cfe2 Adjust the minimum promises and psr7 versions (#3801) (#3802)
  • 922049c Anchor validation patterns to the true end of input (#3778)
  • ca7212c Freeze trim characters and handle PCRE engine failures (#3777)
  • bcd989a Release 7.13.2
  • f6acd72 Wrap redirect body rewind failures in RequestException (#3763)
  • 85c3f64 Fix the PSR-7 class names in the Pool iterator exception (#3757)
  • 8deafa0 Harden trailer status-line handling (#3754)
  • e5dcfff Fix cURL multi handler busy-waiting on sub-second delays (#3751)
  • ac4529d Preserve response headers when HTTP trailers arrive (#3735)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 7.13.0 to 7.13.3.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.14/CHANGELOG.md)
- [Commits](guzzle/guzzle@7.13.0...7.13.3)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-version: 7.13.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels Jul 8, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #1195.

@dependabot dependabot Bot closed this Jul 9, 2026
@dependabot dependabot Bot deleted the dependabot/composer/guzzlehttp/guzzle-7.13.3 branch July 9, 2026 21:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update Php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants