Skip to content

Bump guzzlehttp/psr7 from 2.8.0 to 2.12.3#604

Merged
phavekes merged 1 commit into
mainfrom
dependabot/composer/guzzlehttp/psr7-2.12.1
Jul 2, 2026
Merged

Bump guzzlehttp/psr7 from 2.8.0 to 2.12.3#604
phavekes merged 1 commit into
mainfrom
dependabot/composer/guzzlehttp/psr7-2.12.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps guzzlehttp/psr7 from 2.8.0 to 2.12.3.

Release notes

Sourced from guzzlehttp/psr7's releases.

2.12.3

Security

2.12.2

Fixed

  • Report URI parsing, filtering, and normalization PCRE failures explicitly
  • Report HTTP message parser PCRE failures explicitly
  • Fail closed when PCRE validation fails for request targets and hosts

2.12.1

Security

2.12.0

Deprecated

  • Deprecated non-finite float values in Query::build() that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-finite float multipart contents that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-string scalar bodies in Utils::streamFor(); cast them to a string for 3.0
  • Deprecated non-string Uri::withQueryValues() values; cast them to a string for 3.0

2.11.1

Fixed

  • Fixed non-finite float values emitting coercion warnings on PHP 8.5

2.11.0

Changed

  • Changed Utils::modifyRequest() to reject conflicting URI and Host header changes in the same call
  • Changed Header::parse() to split semicolon-separated parameters without repeated regular expression lookaheads
  • Changed UriComparator::isCrossOrigin() so only HTTP and HTTPS missing ports receive implicit default ports

Deprecated

  • Deprecated invalid PSR-7 arguments that guzzlehttp/psr7 3.0 will require native types for
  • Deprecated non-string header values that guzzlehttp/psr7 3.0 will reject
  • Deprecated empty header value arrays that guzzlehttp/psr7 3.0 will reject
  • Deprecated URI schemes that do not match guzzlehttp/psr7 3.0 syntax requirements
  • Deprecated multipart boundary and custom part header metadata that guzzlehttp/psr7 3.0 will reject
  • Deprecated reliance on automatic uppercasing of request methods; guzzlehttp/psr7 3.0 preserves method casing
  • Deprecated invalid Utils::modifyRequest() change values that guzzlehttp/psr7 3.0 will reject

Fixed

  • Fixed Utils::copyToStream() to retry short destination writes instead of dropping the unwritten remainder

... (truncated)

Changelog

Sourced from guzzlehttp/psr7's changelog.

2.12.3 - 2026-06-23

Security

2.12.2 - 2026-06-23

Fixed

  • Report URI parsing, filtering, and normalization PCRE failures explicitly
  • Report HTTP message parser PCRE failures explicitly
  • Fail closed when PCRE validation fails for request targets and hosts

2.12.1 - 2026-06-18

Security

2.12.0 - 2026-06-16

Deprecated

  • Deprecated non-finite float values in Query::build() that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-finite float multipart contents that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-string scalar bodies in Utils::streamFor(); cast them to a string for 3.0
  • Deprecated non-string Uri::withQueryValues() values; cast them to a string for 3.0

2.11.1 - 2026-06-12

Fixed

  • Fixed non-finite float values emitting coercion warnings on PHP 8.5

2.11.0 - 2026-06-02

Changed

  • Changed Utils::modifyRequest() to reject conflicting URI and Host header changes in the same call
  • Changed Header::parse() to split semicolon-separated parameters without repeated regular expression lookaheads
  • Changed UriComparator::isCrossOrigin() so only HTTP and HTTPS missing ports receive implicit default ports

Deprecated

  • Deprecated invalid PSR-7 arguments that guzzlehttp/psr7 3.0 will require native types for
  • Deprecated non-string header values that guzzlehttp/psr7 3.0 will reject
  • Deprecated empty header value arrays that guzzlehttp/psr7 3.0 will reject
  • Deprecated URI schemes that do not match guzzlehttp/psr7 3.0 syntax requirements
  • Deprecated multipart boundary and custom part header metadata that guzzlehttp/psr7 3.0 will reject

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels Jun 22, 2026
@phavekes

Copy link
Copy Markdown
Member

@dependabot rebase

Bumps [guzzlehttp/psr7](https://github.com/guzzle/psr7) from 2.8.0 to 2.12.3.
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/2.12/CHANGELOG.md)
- [Commits](guzzle/psr7@2.8.0...2.12.3)

---
updated-dependencies:
- dependency-name: guzzlehttp/psr7
  dependency-version: 2.12.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump guzzlehttp/psr7 from 2.8.0 to 2.12.1 Bump guzzlehttp/psr7 from 2.8.0 to 2.12.3 Jun 30, 2026
@dependabot dependabot Bot force-pushed the dependabot/composer/guzzlehttp/psr7-2.12.1 branch from ee3977c to 8544112 Compare June 30, 2026 09:45
@phavekes phavekes merged commit 7365da8 into main Jul 2, 2026
1 of 2 checks passed
@dependabot dependabot Bot deleted the dependabot/composer/guzzlehttp/psr7-2.12.1 branch July 2, 2026 09:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update Php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant