Skip to content

chore(deps): bump the php-deps group across 1 directory with 9 updates#119

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/legacy/php-deps-ac53d504ef
Open

chore(deps): bump the php-deps group across 1 directory with 9 updates#119
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/legacy/php-deps-ac53d504ef

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the php-deps group with 9 updates in the /legacy directory:

Package From To
guzzlehttp/guzzle 7.11.1 7.13.1
symfony/console 7.4.13 7.4.14
symfony/yaml 7.4.13 7.4.14
symfony/finder 7.4.8 7.4.14
symfony/event-dispatcher 7.4.9 7.4.14
symfony/dependency-injection 7.4.13 7.4.14
symfony/config 7.4.10 7.4.14
symfony/var-dumper 7.4.8 7.4.14
friendsofphp/php-cs-fixer 3.95.5 3.95.11

Updates guzzlehttp/guzzle from 7.11.1 to 7.13.1

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.13.1

Fixed

  • Allow middleware to rewrite partial URIs before transports validate them

7.13.0

Added

  • Added the crypto_method_max request option to cap the maximum TLS protocol version
  • Added HTTP QUERY redirect support, preserving method and body on 301 and 302

Changed

  • Section proxy tunnel connection reuse by credential so distinct credentials never share a tunnel
  • Isolate concurrent foreign cURL proxy tunnels added while another owner's tunnel is active
  • Route credentialed HTTP(S) proxy Proxy-Authorization headers through cURL proxy header handling
  • Reject request-level CURLOPT_SHARE when combined with authenticated HTTP/HTTPS proxy tunnel configuration
  • Remove deprecation for raw cURL CURLOPT_PREREQFUNCTION callbacks when defined by PHP cURL
  • Route TLS 1.2 crypto_method requests to the stream handler when cURL cannot select TLS 1.2
  • Reject final request URIs missing a scheme or host before transfer

Deprecated

  • Deprecate invalid protocols, force_ip_resolve, delay, cookies, and allow_redirects values

7.12.3

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.3

Security

7.12.2

Fixed

  • Clamp out-of-range Max-Age so a very large value no longer overflows to an already-expired timestamp
  • Use strict comparison in CookieJar conflict resolution so distinct numeric-string names don't overwrite
  • Store a cookie whose Domain has a trailing dot on the origin host instead of silently discarding it
  • Fix StreamHandler hard-failing on bracketed IPv6 literal hosts when force_ip_resolve is set
  • Use strict cookie Path comparison so CookieJar::clear() with a numeric path keeps a distinct-path cookie
  • Fixed cookie handling for falsey Domain, Max-Age, path, and name values
  • Fixed decode_content handling for falsey string values
  • Fixed deprecated request option values reaching built-in handlers before normalization

7.12.1

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.1

... (truncated)

Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.13.1 - 2026-06-29

Fixed

  • Allow middleware to rewrite partial URIs before transports validate them

7.13.0 - 2026-06-29

Added

  • Added the crypto_method_max request option to cap the maximum TLS protocol version
  • Added HTTP QUERY redirect support, preserving method and body on 301 and 302

Changed

  • Section proxy tunnel connection reuse by credential so distinct credentials never share a tunnel
  • Isolate concurrent foreign cURL proxy tunnels added while another owner's tunnel is active
  • Route credentialed HTTP(S) proxy Proxy-Authorization headers through cURL proxy header handling
  • Reject request-level CURLOPT_SHARE when combined with authenticated HTTP/HTTPS proxy tunnel configuration
  • Remove deprecation for raw cURL CURLOPT_PREREQFUNCTION callbacks when defined by PHP cURL
  • Route TLS 1.2 crypto_method requests to the stream handler when cURL cannot select TLS 1.2
  • Reject final request URIs missing a scheme or host before transfer

Deprecated

  • Deprecate invalid protocols, force_ip_resolve, delay, cookies, and allow_redirects values

7.12.3 - 2026-06-23

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.3

Security

7.12.2 - 2026-06-23

Fixed

  • Clamp out-of-range Max-Age so a very large value no longer overflows to an already-expired timestamp
  • Use strict comparison in CookieJar conflict resolution so distinct numeric-string names don't overwrite
  • Store a cookie whose Domain has a trailing dot on the origin host instead of silently discarding it
  • Fix StreamHandler hard-failing on bracketed IPv6 literal hosts when force_ip_resolve is set
  • Use strict cookie Path comparison so CookieJar::clear() with a numeric path keeps a distinct-path cookie
  • Fixed cookie handling for falsey Domain, Max-Age, path, and name values

... (truncated)

Commits

Updates symfony/console from 7.4.13 to 7.4.14

Release notes

Sourced from symfony/console's releases.

v7.4.14

Changelog (symfony/console@v7.4.13...v7.4.14)

Commits
  • 92f58bc Merge branch '6.4' into 7.4
  • 9ef84af Console: use mb_convert_encoding() instead of mb_convert_variables()
  • b7f25c3 Merge branch '6.4' into 7.4
  • 7d0c9d7 [Console] Render formatter tags in ChoiceQuestion default value
  • 4262fe6 Merge branch '6.4' into 7.4
  • 65dbd37 Drop PR warning and auto-closing on subtree splits
  • See full diff in compare view

Updates symfony/yaml from 7.4.13 to 7.4.14

Release notes

Sourced from symfony/yaml's releases.

v7.4.14

Changelog (symfony/yaml@v7.4.13...v7.4.14)

Commits

Updates symfony/finder from 7.4.8 to 7.4.14

Release notes

Sourced from symfony/finder's releases.

v7.4.14

Changelog (symfony/finder@v7.4.9...v7.4.14)

Commits
  • 13b3872 Merge branch '6.4' into 7.4
  • 0b73dac [Finder] Update tests to pass on Windows
  • ccf08ee Merge branch '6.4' into 7.4
  • 71a2852 bug #64236 [Finder] Fix recursion into stream wrapper subdirectories on Windo...
  • 16ca342 Merge branch '6.4' into 7.4
  • 9011b7d Drop PR warning and auto-closing on subtree splits
  • ffd26d8 [Finder] Fix recursion into stream wrapper subdirectories on Windows
  • cd62ddd Update XSD references in phpunit.xml.dist files
  • 172cf94 Merge branch '6.4' into 7.4
  • 1166223 CS fixes - native_function_invocation & static_lambda
  • Additional commits viewable in compare view

Updates symfony/event-dispatcher from 7.4.9 to 7.4.14

Release notes

Sourced from symfony/event-dispatcher's releases.

v7.4.14

Changelog (symfony/event-dispatcher@v7.4.9...v7.4.14)

Commits
  • 51fe3d1 Make tests compatible with PHPUnit 13.2 and Twig 3.28
  • 0a1ec98 Merge branch '6.4' into 7.4
  • d4ad45a Drop PR warning and auto-closing on subtree splits
  • See full diff in compare view

Updates symfony/dependency-injection from 7.4.13 to 7.4.14

Release notes

Sourced from symfony/dependency-injection's releases.

v7.4.14

Changelog (symfony/dependency-injection@v7.4.13...v7.4.14)

Commits
  • 2c8c64a [FrameworkBundle] Fix false positives for _instanceof
  • 5d03483 Merge branch '6.4' into 7.4
  • ba3538a Unsafe unserialize phpstan rule
  • 843abfc Merge branch '6.4' into 7.4
  • efb0d5e Drop PR warning and auto-closing on subtree splits
  • See full diff in compare view

Updates symfony/config from 7.4.10 to 7.4.14

Release notes

Sourced from symfony/config's releases.

v7.4.14

Changelog (symfony/config@v7.4.10...v7.4.14)

Commits
  • 7b665e4 Merge branch '6.4' into 7.4
  • 922d980 Harden __toString trampolines via __unserialize()
  • c6343f4 Merge branch '6.4' into 7.4
  • 1152f21 Unsafe unserialize phpstan rule
  • 992eb8e Merge branch '6.4' into 7.4
  • 56b43e9 Drop PR warning and auto-closing on subtree splits
  • See full diff in compare view

Updates symfony/var-dumper from 7.4.8 to 7.4.14

Release notes

Sourced from symfony/var-dumper's releases.

v7.4.14

Changelog (symfony/var-dumper@v7.4.9...v7.4.14)

Commits
  • 9a3a56a Merge branch '6.4' into 7.4
  • 29adc5e Unsafe unserialize phpstan rule
  • 067784d Merge branch '6.4' into 7.4
  • f280b3d Drop PR warning and auto-closing on subtree splits
  • 1aa10bc Update XSD references in phpunit.xml.dist files
  • e08ac46 [Tests] Fix "Incomplete version" PHPUnit warnings
  • d49f310 Merge branch '6.4' into 7.4
  • d6839e4 Fix tests
  • 0b0b6db CS fixes
  • b824d8f Merge branch '6.4' into 7.4
  • Additional commits viewable in compare view

Updates friendsofphp/php-cs-fixer from 3.95.5 to 3.95.11

Release notes

Sourced from friendsofphp/php-cs-fixer's releases.

v3.95.11 Adalbertus

What's Changed

Full Changelog: PHP-CS-Fixer/PHP-CS-Fixer@v3.95.10...v3.95.11

v3.95.10 Adalbertus

What's Changed

Full Changelog: PHP-CS-Fixer/PHP-CS-Fixer@v3.95.9...v3.95.10

v3.95.9 Adalbertus

What's Changed

Full Changelog: PHP-CS-Fixer/PHP-CS-Fixer@v3.95.8...v3.95.9

v3.95.8 Adalbertus

What's Changed

Full Changelog: PHP-CS-Fixer/PHP-CS-Fixer@v3.95.7...v3.95.8

v3.95.7 Adalbertus

What's Changed

Full Changelog: PHP-CS-Fixer/PHP-CS-Fixer@v3.95.6...v3.95.7

v3.95.6 Adalbertus

What's Changed

... (truncated)

Changelog

Sourced from friendsofphp/php-cs-fixer's changelog.

Changelog for v3.95.11

  • fix: NoBreakCommentFixer - handle enum cases, TokensAnalyzer::isEnumCase - fix handling nested switch-cases (#9565)
  • deps: bump actions/checkout from 6 to 7 in /.github/workflows in the all group across 1 directory (#9694)
  • deps: bump dev deps (#9702)
  • deps: bump phpstan/phpstan-symfony from 2.0.19 to 2.0.20 in /dev-tools in the phpstan group (#9693)
  • test: use correct test precondition failure mode in PharTest (#9700)

Changelog for v3.95.10

  • fix: TokensAnalyzer - handle T_PUBLIC_SET, T_PROTECTED_SET, T_PRIVATE_SET (#9696)

Changelog for v3.95.9

  • chore: apply class_keyword (#9689)
  • refactor: change Fixers execution order to always-deterministic (#9690)

Changelog for v3.95.8

  • fix: SingleClassElementPerStatementFixer - do not drop modifiers when splitting final constants/properties (#9687)

Changelog for v3.95.7

  • fix: ClassReferenceNameCasingFixer - do not change case of typed class constant names (#9686)

Changelog for v3.95.6

  • chore: Docker - ignore root-user warning for pip (#9682)
  • chore: fix typo in comment about fixer configuration (#9675)
  • chore: narrow Preg::match/Preg::matchAll subject string type when match is truthy (#9668)
  • deps: bump alpine from 3.23 to 3.24 in the all group (#9679)
  • deps: bump codecov/codecov-action from 6 to 7 in /.github/workflows in the all group across 1 directory (#9681)
  • deps: bump shipmonk/dead-code-detector from 1.1.3 to 1.2.0 in /dev-tools in the shipmonk group across 1 directory (#9661)
  • deps: update dev-deps (#9683)
  • deps: upgrade deep-deps for dev-tools (#9677)
  • fix: PhpUnitAttributesFixer - correctly handle @requires PHPUnit with space-separated version constraint (#9684)
  • UX: Cache - explicit deprecation for usage of non-handled objects in rules configuration, as they silently fail now; add support for JsonSerializable config values (#9678)
Commits
  • 35f98e1 prepared the 3.95.11 release
  • 538077d deps: bump dev deps (#9702)
  • 4cf4bb9 fix: NoBreakCommentFixer - handle enum cases, TokensAnalyzer::isEnumCase ...
  • 3a73c6c test: use correct test precondition failure mode in PharTest (#9700)
  • f91d7b0 deps: bump phpstan/phpstan-symfony from 2.0.19 to 2.0.20 in /dev-tools in the...
  • 327cc85 deps: bump actions/checkout from 6 to 7 in /.github/workflows in the all grou...
  • 63e5098 bumped version
  • 93e1ab3 prepared the 3.95.10 release
  • f5ef45e fix: TokensAnalyzer - handle T_PUBLIC_SET, T_PROTECTED_SET, `T_PRIVATE_...
  • 204b56e bumped version
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the php-deps group with 9 updates in the /legacy directory:

| Package | From | To |
| --- | --- | --- |
| [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) | `7.11.1` | `7.13.1` |
| [symfony/console](https://github.com/symfony/console) | `7.4.13` | `7.4.14` |
| [symfony/yaml](https://github.com/symfony/yaml) | `7.4.13` | `7.4.14` |
| [symfony/finder](https://github.com/symfony/finder) | `7.4.8` | `7.4.14` |
| [symfony/event-dispatcher](https://github.com/symfony/event-dispatcher) | `7.4.9` | `7.4.14` |
| [symfony/dependency-injection](https://github.com/symfony/dependency-injection) | `7.4.13` | `7.4.14` |
| [symfony/config](https://github.com/symfony/config) | `7.4.10` | `7.4.14` |
| [symfony/var-dumper](https://github.com/symfony/var-dumper) | `7.4.8` | `7.4.14` |
| [friendsofphp/php-cs-fixer](https://github.com/PHP-CS-Fixer/PHP-CS-Fixer) | `3.95.5` | `3.95.11` |



Updates `guzzlehttp/guzzle` from 7.11.1 to 7.13.1
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.13/CHANGELOG.md)
- [Commits](guzzle/guzzle@7.11.1...7.13.1)

Updates `symfony/console` from 7.4.13 to 7.4.14
- [Release notes](https://github.com/symfony/console/releases)
- [Changelog](https://github.com/symfony/console/blob/8.2/CHANGELOG.md)
- [Commits](symfony/console@v7.4.13...v7.4.14)

Updates `symfony/yaml` from 7.4.13 to 7.4.14
- [Release notes](https://github.com/symfony/yaml/releases)
- [Changelog](https://github.com/symfony/yaml/blob/8.2/CHANGELOG.md)
- [Commits](symfony/yaml@v7.4.13...v7.4.14)

Updates `symfony/finder` from 7.4.8 to 7.4.14
- [Release notes](https://github.com/symfony/finder/releases)
- [Changelog](https://github.com/symfony/finder/blob/8.2/CHANGELOG.md)
- [Commits](symfony/finder@v7.4.8...v7.4.14)

Updates `symfony/event-dispatcher` from 7.4.9 to 7.4.14
- [Release notes](https://github.com/symfony/event-dispatcher/releases)
- [Changelog](https://github.com/symfony/event-dispatcher/blob/8.2/CHANGELOG.md)
- [Commits](symfony/event-dispatcher@v7.4.9...v7.4.14)

Updates `symfony/dependency-injection` from 7.4.13 to 7.4.14
- [Release notes](https://github.com/symfony/dependency-injection/releases)
- [Changelog](https://github.com/symfony/dependency-injection/blob/8.2/CHANGELOG.md)
- [Commits](symfony/dependency-injection@v7.4.13...v7.4.14)

Updates `symfony/config` from 7.4.10 to 7.4.14
- [Release notes](https://github.com/symfony/config/releases)
- [Changelog](https://github.com/symfony/config/blob/8.2/CHANGELOG.md)
- [Commits](symfony/config@v7.4.10...v7.4.14)

Updates `symfony/var-dumper` from 7.4.8 to 7.4.14
- [Release notes](https://github.com/symfony/var-dumper/releases)
- [Changelog](https://github.com/symfony/var-dumper/blob/8.2/CHANGELOG.md)
- [Commits](symfony/var-dumper@v7.4.8...v7.4.14)

Updates `friendsofphp/php-cs-fixer` from 3.95.5 to 3.95.11
- [Release notes](https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/releases)
- [Changelog](https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/blob/master/CHANGELOG.md)
- [Commits](PHP-CS-Fixer/PHP-CS-Fixer@v3.95.5...v3.95.11)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-version: 7.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: php-deps
- dependency-name: symfony/console
  dependency-version: 7.4.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: php-deps
- dependency-name: symfony/yaml
  dependency-version: 7.4.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: php-deps
- dependency-name: symfony/finder
  dependency-version: 7.4.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: php-deps
- dependency-name: symfony/event-dispatcher
  dependency-version: 7.4.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: php-deps
- dependency-name: symfony/dependency-injection
  dependency-version: 7.4.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: php-deps
- dependency-name: symfony/config
  dependency-version: 7.4.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: php-deps
- dependency-name: symfony/var-dumper
  dependency-version: 7.4.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: php-deps
- dependency-name: friendsofphp/php-cs-fixer
  dependency-version: 3.95.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: php-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Jun 30, 2026
Copilot AI review requested due to automatic review settings June 30, 2026 14:34
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Jun 30, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant