Skip to content

Bump guzzlehttp/psr7 from 2.8.0 to 2.12.3#523

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/composer/guzzlehttp/psr7-2.12.1
Closed

Bump guzzlehttp/psr7 from 2.8.0 to 2.12.3#523
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/composer/guzzlehttp/psr7-2.12.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps guzzlehttp/psr7 from 2.8.0 to 2.12.3.

Release notes

Sourced from guzzlehttp/psr7's releases.

2.12.3

Security

2.12.2

Fixed

  • Report URI parsing, filtering, and normalization PCRE failures explicitly
  • Report HTTP message parser PCRE failures explicitly
  • Fail closed when PCRE validation fails for request targets and hosts

2.12.1

Security

2.12.0

Deprecated

  • Deprecated non-finite float values in Query::build() that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-finite float multipart contents that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-string scalar bodies in Utils::streamFor(); cast them to a string for 3.0
  • Deprecated non-string Uri::withQueryValues() values; cast them to a string for 3.0

2.11.1

Fixed

  • Fixed non-finite float values emitting coercion warnings on PHP 8.5

2.11.0

Changed

  • Changed Utils::modifyRequest() to reject conflicting URI and Host header changes in the same call
  • Changed Header::parse() to split semicolon-separated parameters without repeated regular expression lookaheads
  • Changed UriComparator::isCrossOrigin() so only HTTP and HTTPS missing ports receive implicit default ports

Deprecated

  • Deprecated invalid PSR-7 arguments that guzzlehttp/psr7 3.0 will require native types for
  • Deprecated non-string header values that guzzlehttp/psr7 3.0 will reject
  • Deprecated empty header value arrays that guzzlehttp/psr7 3.0 will reject
  • Deprecated URI schemes that do not match guzzlehttp/psr7 3.0 syntax requirements
  • Deprecated multipart boundary and custom part header metadata that guzzlehttp/psr7 3.0 will reject
  • Deprecated reliance on automatic uppercasing of request methods; guzzlehttp/psr7 3.0 preserves method casing
  • Deprecated invalid Utils::modifyRequest() change values that guzzlehttp/psr7 3.0 will reject

Fixed

  • Fixed Utils::copyToStream() to retry short destination writes instead of dropping the unwritten remainder

... (truncated)

Changelog

Sourced from guzzlehttp/psr7's changelog.

2.12.3 - 2026-06-23

Security

2.12.2 - 2026-06-23

Fixed

  • Report URI parsing, filtering, and normalization PCRE failures explicitly
  • Report HTTP message parser PCRE failures explicitly
  • Fail closed when PCRE validation fails for request targets and hosts

2.12.1 - 2026-06-18

Security

2.12.0 - 2026-06-16

Deprecated

  • Deprecated non-finite float values in Query::build() that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-finite float multipart contents that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-string scalar bodies in Utils::streamFor(); cast them to a string for 3.0
  • Deprecated non-string Uri::withQueryValues() values; cast them to a string for 3.0

2.11.1 - 2026-06-12

Fixed

  • Fixed non-finite float values emitting coercion warnings on PHP 8.5

2.11.0 - 2026-06-02

Changed

  • Changed Utils::modifyRequest() to reject conflicting URI and Host header changes in the same call
  • Changed Header::parse() to split semicolon-separated parameters without repeated regular expression lookaheads
  • Changed UriComparator::isCrossOrigin() so only HTTP and HTTPS missing ports receive implicit default ports

Deprecated

  • Deprecated invalid PSR-7 arguments that guzzlehttp/psr7 3.0 will require native types for
  • Deprecated non-string header values that guzzlehttp/psr7 3.0 will reject
  • Deprecated empty header value arrays that guzzlehttp/psr7 3.0 will reject
  • Deprecated URI schemes that do not match guzzlehttp/psr7 3.0 syntax requirements
  • Deprecated multipart boundary and custom part header metadata that guzzlehttp/psr7 3.0 will reject

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Jun 23, 2026
Bumps [guzzlehttp/psr7](https://github.com/guzzle/psr7) from 2.8.0 to 2.12.3.
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/2.12/CHANGELOG.md)
- [Commits](guzzle/psr7@2.8.0...2.12.3)

---
updated-dependencies:
- dependency-name: guzzlehttp/psr7
  dependency-version: 2.12.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump guzzlehttp/psr7 from 2.8.0 to 2.12.1 Bump guzzlehttp/psr7 from 2.8.0 to 2.12.3 Jul 3, 2026
@dependabot dependabot Bot force-pushed the dependabot/composer/guzzlehttp/psr7-2.12.1 branch from 04414f0 to c3bf79c Compare July 3, 2026 17:28
@dependabot @github

dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Looks like guzzlehttp/psr7 is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 3, 2026
@dependabot dependabot Bot deleted the dependabot/composer/guzzlehttp/psr7-2.12.1 branch July 3, 2026 17:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant