Skip to content

Bump the dependencies group with 2 updates#2014

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/composer/dependencies-6e7dcbe9fe
Jun 29, 2026
Merged

Bump the dependencies group with 2 updates#2014
github-actions[bot] merged 1 commit into
mainfrom
dependabot/composer/dependencies-6e7dcbe9fe

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 2 updates: guzzlehttp/guzzle and phpro/grumphp.

Updates guzzlehttp/guzzle from 7.12.1 to 7.13.0

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.13.0

Added

  • Added the crypto_method_max request option to cap the maximum TLS protocol version
  • Added HTTP QUERY redirect support, preserving method and body on 301 and 302

Changed

  • Section proxy tunnel connection reuse by credential so distinct credentials never share a tunnel
  • Isolate concurrent foreign cURL proxy tunnels added while another owner's tunnel is active
  • Route credentialed HTTP(S) proxy Proxy-Authorization headers through cURL proxy header handling
  • Reject request-level CURLOPT_SHARE when combined with authenticated HTTP/HTTPS proxy tunnel configuration
  • Remove deprecation for raw cURL CURLOPT_PREREQFUNCTION callbacks when defined by PHP cURL
  • Route TLS 1.2 crypto_method requests to the stream handler when cURL cannot select TLS 1.2
  • Reject final request URIs missing a scheme or host before transfer

Deprecated

  • Deprecate invalid protocols, force_ip_resolve, delay, cookies, and allow_redirects values

7.12.3

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.3

Security

7.12.2

Fixed

  • Clamp out-of-range Max-Age so a very large value no longer overflows to an already-expired timestamp
  • Use strict comparison in CookieJar conflict resolution so distinct numeric-string names don't overwrite
  • Store a cookie whose Domain has a trailing dot on the origin host instead of silently discarding it
  • Fix StreamHandler hard-failing on bracketed IPv6 literal hosts when force_ip_resolve is set
  • Use strict cookie Path comparison so CookieJar::clear() with a numeric path keeps a distinct-path cookie
  • Fixed cookie handling for falsey Domain, Max-Age, path, and name values
  • Fixed decode_content handling for falsey string values
  • Fixed deprecated request option values reaching built-in handlers before normalization
Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.13.0 - 2026-06-29

Added

  • Added the crypto_method_max request option to cap the maximum TLS protocol version
  • Added HTTP QUERY redirect support, preserving method and body on 301 and 302

Changed

  • Section proxy tunnel connection reuse by credential so distinct credentials never share a tunnel
  • Isolate concurrent foreign cURL proxy tunnels added while another owner's tunnel is active
  • Route credentialed HTTP(S) proxy Proxy-Authorization headers through cURL proxy header handling
  • Reject request-level CURLOPT_SHARE when combined with authenticated HTTP/HTTPS proxy tunnel configuration
  • Remove deprecation for raw cURL CURLOPT_PREREQFUNCTION callbacks when defined by PHP cURL
  • Route TLS 1.2 crypto_method requests to the stream handler when cURL cannot select TLS 1.2
  • Reject final request URIs missing a scheme or host before transfer

Deprecated

  • Deprecate invalid protocols, force_ip_resolve, delay, cookies, and allow_redirects values

7.12.3 - 2026-06-23

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.3

Security

7.12.2 - 2026-06-23

Fixed

  • Clamp out-of-range Max-Age so a very large value no longer overflows to an already-expired timestamp
  • Use strict comparison in CookieJar conflict resolution so distinct numeric-string names don't overwrite
  • Store a cookie whose Domain has a trailing dot on the origin host instead of silently discarding it
  • Fix StreamHandler hard-failing on bracketed IPv6 literal hosts when force_ip_resolve is set
  • Use strict cookie Path comparison so CookieJar::clear() with a numeric path keeps a distinct-path cookie
  • Fixed cookie handling for falsey Domain, Max-Age, path, and name values
  • Fixed decode_content handling for falsey string values
  • Fixed deprecated request option values reaching built-in handlers before normalization
Commits

Updates phpro/grumphp from 2.21.0 to 2.22.0

Release notes

Sourced from phpro/grumphp's releases.

Version 2.22.0

Say hi to Mago 🦊

GrumPHP just made a new friend. Starting this release, you can run Mago straight from your hooks.

Mago is a PHP toolchain written in Rust. The name means "wizard," which fits: it does the work of four tools at once. A formatter, a linter, a static analyzer, and an architectural guard, all in a single fast binary. It's already showing up in places like Drupal.

We didn't bolt it on as one big task. Each part gets its own, so you turn on only what you want and configure them separately:

  • mago_format keeps your code style consistent
  • mago_lint catches style slips, smells, and likely bugs
  • mago_analyze does the deeper work: types, control flow, logic errors
  • mago_guard enforces your architecture and layer rules

Format, lint, and analyze run read-only by default. When one fails, GrumPHP offers to re-run it with fixes applied, so you stay in control. Guard only reports, because you can't auto-fix an architecture problem (Mago won't pretend otherwise).

Add it to your project like any other tool:

composer require --dev carthage-software/mago
vendor/bin/mago init

Then point your grumphp.yml at whichever tasks you want. Full setup and options live in the Mago task docs.

The grump approves. Welcome to the family, Mago. 🧙‍🦊

What's Changed

New Contributors

Full Changelog: phpro/grumphp@v2.21.0...v2.22.0

Commits
  • 738616a 2.22.0 release
  • c364ee4 Merge pull request #1216 from johnatas-x/mago-task
  • ccf187b Merge pull request #1224 from reynkonig/feature/commit-message-amend-prefix
  • ea60826 Support git autosquash amend! prefix in commit message task
  • 7c9292f Merge pull request #1223 from rodrigoaguilera/eslint-cache
  • ed5cac9 Fix ESLint cache test expected binary name
  • 75b50c8 Refactor Mago into standalone per-command tasks
  • 815490c Refactor Mago tasks based on threads
  • a75b3f8 Add tests for new eslint cache config
  • c5a134f Add docs
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 2 updates: [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) and [phpro/grumphp](https://github.com/phpro/grumphp).


Updates `guzzlehttp/guzzle` from 7.12.1 to 7.13.0
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.13/CHANGELOG.md)
- [Commits](guzzle/guzzle@7.12.1...7.13.0)

Updates `phpro/grumphp` from 2.21.0 to 2.22.0
- [Release notes](https://github.com/phpro/grumphp/releases)
- [Commits](phpro/grumphp@v2.21.0...v2.22.0)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-version: 7.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: phpro/grumphp
  dependency-version: 2.22.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels Jun 29, 2026
@codecov

codecov Bot commented Jun 29, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.45%. Comparing base (a3ad8e5) to head (d4ec252).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff            @@
##               main    #2014   +/-   ##
=========================================
  Coverage     92.45%   92.45%           
  Complexity     1960     1960           
=========================================
  Files           123      123           
  Lines          7114     7114           
=========================================
  Hits           6577     6577           
  Misses          537      537           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@github-actions github-actions Bot merged commit 9f76383 into main Jun 29, 2026
26 checks passed
@github-actions github-actions Bot deleted the dependabot/composer/dependencies-6e7dcbe9fe branch June 29, 2026 14:55
@github-actions

Copy link
Copy Markdown

Try the dev build for this PR: https://acquia-cli.s3.amazonaws.com/build/pr/2014/acli.phar

curl -OL https://acquia-cli.s3.amazonaws.com/build/pr/2014/acli.phar
chmod +x acli.phar

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update Php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants