Skip to content

chore(deps): bump guzzlehttp/guzzle from 7.13.3 to 7.14.0#536

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/composer/guzzlehttp/guzzle-7.14.0
Open

chore(deps): bump guzzlehttp/guzzle from 7.13.3 to 7.14.0#536
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/composer/guzzlehttp/guzzle-7.14.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps guzzlehttp/guzzle from 7.13.3 to 7.14.0.

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.14.0

Added

  • Added the on_trailers request option to expose parsed HTTP response trailers
  • Added the multiplex request option with Multiplexing::* modes to control or require HTTP/2 multiplexing
  • Added rejection of explicit multiplex requests when CURLMOPT_PIPELINING disables multiplexing
  • Added the max_host_connections and max_total_connections client and cURL multi handler options

Changed

  • Redirects that discard the request body no longer require it to be rewindable
  • Synchronous cURL multi handler requests no longer wait for other queued transfers
  • Section SOCKS proxy connections by credentials on libcurl before 7.69.0
  • Reject request-level CURLOPT_SHARE when combined with authenticated SOCKS proxy configuration
  • Redact proxy userinfo containing raw control bytes in cURL errors
  • Check linked curl/libcurl NTLM support before applying NTLM auth
  • Clarify that NTLM is deprecated by both Guzzle and curl/libcurl
  • Remove deprecation for the raw cURL CURLOPT_CERTINFO option
  • Warn when a cURL multi option cannot be applied

Deprecated

  • Deprecate the raw CURLOPT_PIPEWAIT cURL option in favour of the multiplex request option
  • Deprecate unknown handler constructor options
  • Deprecate invalid select_timeout cURL multi handler option values
  • Deprecate raw cURL multi connection cap options in favour of the named options
Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.14.0 - 2026-07-08

Added

  • Added the on_trailers request option to expose parsed HTTP response trailers
  • Added the multiplex request option with Multiplexing::* modes to control or require HTTP/2 multiplexing
  • Added rejection of explicit multiplex requests when CURLMOPT_PIPELINING disables multiplexing
  • Added the max_host_connections and max_total_connections client and cURL multi handler options

Changed

  • Redirects that discard the request body no longer require it to be rewindable
  • Synchronous cURL multi handler requests no longer wait for other queued transfers
  • Section SOCKS proxy connections by credentials on libcurl before 7.69.0
  • Reject request-level CURLOPT_SHARE when combined with authenticated SOCKS proxy configuration
  • Redact proxy userinfo containing raw control bytes in cURL errors
  • Check linked curl/libcurl NTLM support before applying NTLM auth
  • Clarify that NTLM is deprecated by both Guzzle and curl/libcurl
  • Remove deprecation for the raw cURL CURLOPT_CERTINFO option
  • Warn when a cURL multi option cannot be applied

Deprecated

  • Deprecate the raw CURLOPT_PIPEWAIT cURL option in favour of the multiplex request option
  • Deprecate unknown handler constructor options
  • Deprecate invalid select_timeout cURL multi handler option values
  • Deprecate raw cURL multi connection cap options in favour of the named options
Commits
  • aef2424 Release 7.14.0
  • 6500b0a Document the synchronous cURL multi handler change (#3808)
  • 9cecd3b Redact proxy credentials containing raw separators (#3806)
  • 62fce70 Merge branch '7.13' into 7.14
  • 1a337c6 Adjust the minimum promises and psr7 versions (#3801)
  • 897fb51 Redact proxy credentials containing raw control bytes (#3798)
  • 5b1f9c6 Drop package-lock.json as its unused (#3789)
  • ef4174e Merge branch '7.13' into 7.14
  • 5732a81 Section SOCKS proxy connections by credentials (#3773)
  • 267a618 Merge branch '7.13' into 7.14
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 7.13.3 to 7.14.0.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.14/CHANGELOG.md)
- [Commits](guzzle/guzzle@7.13.3...7.14.0)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-version: 7.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update Php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants