Skip to content

Bump the composer group across 1 directory with 2 updates#112

Merged
sjinks merged 1 commit into
productionfrom
dependabot/composer/composer-70bd376701
Jun 13, 2026
Merged

Bump the composer group across 1 directory with 2 updates#112
sjinks merged 1 commit into
productionfrom
dependabot/composer/composer-70bd376701

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the composer group with 2 updates in the / directory: symfony/process and guzzlehttp/psr7.

Updates symfony/process from 6.4.20 to 7.4.13

Release notes

Sourced from symfony/process's releases.

v7.4.13

Changelog (symfony/process@v7.4.11...v7.4.13)

v7.4.11

Changelog (symfony/process@v7.4.8...v7.4.11)

v7.4.8

Changelog (symfony/process@v7.4.7...v7.4.8)

  • bug #63611 Throw InvalidArgumentException when env block exceeds Windows limit (Nadim AL ABDOU)

v7.4.5

Changelog (symfony/process@v7.4.4...v7.4.5)

v7.4.4

Changelog (symfony/process@v7.4.3...v7.4.4)

v7.4.3

Changelog (symfony/process@v7.4.2...v7.4.3)

v7.4.0

Changelog (symfony/process@v7.4.0-RC3...v7.4.0)

  • no significant changes

v7.4.0-RC1

Changelog (symfony/process@v7.4.0-BETA2...v7.4.0-RC1)

  • no significant changes

v7.4.0-BETA1

Changelog (symfony/process@v7.3.4...v7.4.0-BETA1)

  • no significant changes

v7.3.11

Changelog (symfony/process@v7.3.10...v7.3.11)

  • security #cve-2026-24739 Fix escaping for MSYS on Windows (nicolas-grekas)

... (truncated)

Changelog

Sourced from symfony/process's changelog.

CHANGELOG

7.3

  • Add RunProcessMessage::fromShellCommandline() to instantiate a Process via the fromShellCommandline method

7.1

  • Add Process::setIgnoredSignals() to disable signal propagation to the child process

6.4

  • Add PhpSubprocess to handle PHP subprocesses that take over the configuration from their parent
  • Add RunProcessMessage and RunProcessMessageHandler

5.2.0

  • added Process::setOptions() to set Process specific options
  • added option create_new_console to allow a subprocess to continue to run after the main script exited, both on Linux and on Windows

5.1.0

  • added Process::getStartTime() to retrieve the start time of the process as float

5.0.0

  • removed Process::inheritEnvironmentVariables()
  • removed PhpProcess::setPhpBinary()
  • Process must be instantiated with a command array, use Process::fromShellCommandline() when the command should be parsed by the shell
  • removed Process::setCommandLine()

4.4.0

  • deprecated Process::inheritEnvironmentVariables(): env variables are always inherited.
  • added Process::getLastOutputTime() method

4.2.0

... (truncated)

Commits
  • f5804be Merge branch '6.4' into 7.4
  • c8fc09b [Process] Stop leaking CGI/FastCGI request-context vars to subprocesses
  • d9593c9 Merge branch '6.4' into 7.4
  • 6c93071 [Process] Ignore array env values before proc_open
  • 7eab480 [7.4] Remove usages of named arguments in tests
  • 89c0b22 Update XSD references in phpunit.xml.dist files
  • e79d445 Merge branch '6.4' into 7.4
  • 7b8e6e8 More CS fixes
  • 2df4ad6 Merge branch '6.4' into 7.4
  • 5731331 CS fixes - native_function_invocation & static_lambda
  • Additional commits viewable in compare view

Updates guzzlehttp/psr7 from 2.7.1 to 2.11.0

Release notes

Sourced from guzzlehttp/psr7's releases.

2.11.0

Changed

  • Changed Utils::modifyRequest() to reject conflicting URI and Host header changes in the same call
  • Changed Header::parse() to split semicolon-separated parameters without repeated regular expression lookaheads
  • Changed UriComparator::isCrossOrigin() so only HTTP and HTTPS missing ports receive implicit default ports

Deprecated

  • Deprecated invalid PSR-7 arguments that guzzlehttp/psr7 3.0 will require native types for
  • Deprecated non-string header values that guzzlehttp/psr7 3.0 will reject
  • Deprecated empty header value arrays that guzzlehttp/psr7 3.0 will reject
  • Deprecated URI schemes that do not match guzzlehttp/psr7 3.0 syntax requirements
  • Deprecated multipart boundary and custom part header metadata that guzzlehttp/psr7 3.0 will reject
  • Deprecated reliance on automatic uppercasing of request methods; guzzlehttp/psr7 3.0 preserves method casing
  • Deprecated invalid Utils::modifyRequest() change values that guzzlehttp/psr7 3.0 will reject

Fixed

  • Fixed Utils::copyToStream() to retry short destination writes instead of dropping the unwritten remainder
  • Fixed Header::parse() splitting of semicolon-separated parameters with escaped quotes

2.10.4

Fixed

  • Apply UriNormalizer percent-encoding normalizations to URI fragments
  • Make LimitStream::getSize() return 0 for slices past the underlying stream end
  • Make AppendStream::read() return an empty string when no streams are attached
  • Make CachingStream::read() throw on an incomplete cache-target write instead of silently corrupting replays
  • Prevent CachingStream::seek() from looping indefinitely when the remote stream makes no progress

2.10.3

Fixed

  • Fixed URI parsing for IPv6 literals containing embedded IPv4 addresses
  • Fixed malformed UTF-8 URI strings being parsed as empty URIs

2.10.2

Security

Fixed

  • Make ServerRequest::fromGlobals() robust against unexpected HTTP header value types in $_SERVER

2.10.1

Fixed

... (truncated)

Changelog

Sourced from guzzlehttp/psr7's changelog.

2.11.0 - 2026-06-02

Changed

  • Changed Utils::modifyRequest() to reject conflicting URI and Host header changes in the same call
  • Changed Header::parse() to split semicolon-separated parameters without repeated regular expression lookaheads
  • Changed UriComparator::isCrossOrigin() so only HTTP and HTTPS missing ports receive implicit default ports

Deprecated

  • Deprecated invalid PSR-7 arguments that guzzlehttp/psr7 3.0 will require native types for
  • Deprecated non-string header values that guzzlehttp/psr7 3.0 will reject
  • Deprecated empty header value arrays that guzzlehttp/psr7 3.0 will reject
  • Deprecated URI schemes that do not match guzzlehttp/psr7 3.0 syntax requirements
  • Deprecated multipart boundary and custom part header metadata that guzzlehttp/psr7 3.0 will reject
  • Deprecated reliance on automatic uppercasing of request methods; guzzlehttp/psr7 3.0 preserves method casing
  • Deprecated invalid Utils::modifyRequest() change values that guzzlehttp/psr7 3.0 will reject

Fixed

  • Fixed Utils::copyToStream() to retry short destination writes instead of dropping the unwritten remainder
  • Fixed Header::parse() splitting of semicolon-separated parameters with escaped quotes

2.10.4 - 2026-05-29

Fixed

  • Apply UriNormalizer percent-encoding normalizations to URI fragments
  • Make LimitStream::getSize() return 0 for slices past the underlying stream end
  • Make AppendStream::read() return an empty string when no streams are attached
  • Make CachingStream::read() throw on an incomplete cache-target write instead of silently corrupting replays
  • Prevent CachingStream::seek() from looping indefinitely when the remote stream makes no progress

2.10.3 - 2026-05-27

Fixed

  • Fixed URI parsing for IPv6 literals containing embedded IPv4 addresses
  • Fixed malformed UTF-8 URI strings being parsed as empty URIs

2.10.2 - 2026-05-25

Security

Fixed

  • Make ServerRequest::fromGlobals() robust against unexpected HTTP header value types in $_SERVER

... (truncated)

Commits
  • bbb5e61 Release 2.11.0
  • aac7d94 Restore copyToStream throws annotation (#781)
  • d6f9070 Fix copyToStream short writes (#772)
  • 844006a Merge branch '2.10' into 2.11
  • d2a1a09 Release 2.10.4
  • 89a2ce5 Merge branch '2.10' into 2.11
  • cbd42fc Throw when the CachingStream cache target does not persist a full write (#768)
  • 7853a2c Fix Header parameter splitting with escaped quotes (#744)
  • 76ea73a Merge branch '2.10' into 2.11
  • 930f155 Limit UriComparator default ports to HTTP and HTTPS (#743)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the composer group across 1 directory with 2 updates
cfe728e 
Bumps the composer group with 2 updates in the / directory: [symfony/process](https://github.com/symfony/process) and [guzzlehttp/psr7](https://github.com/guzzle/psr7).


Updates `symfony/process` from 6.4.20 to 7.4.13
- [Release notes](https://github.com/symfony/process/releases)
- [Changelog](https://github.com/symfony/process/blob/8.2/CHANGELOG.md)
- [Commits](symfony/process@v6.4.20...v7.4.13)

Updates `guzzlehttp/psr7` from 2.7.1 to 2.11.0
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/2.11/CHANGELOG.md)
- [Commits](guzzle/psr7@2.7.1...2.11.0)

---
updated-dependencies:
- dependency-name: symfony/process
  dependency-version: 7.4.13
  dependency-type: indirect
  dependency-group: composer
- dependency-name: guzzlehttp/psr7
  dependency-version: 2.11.0
  dependency-type: indirect
  dependency-group: composer
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Jun 13, 2026
@sjinks sjinks self-assigned this Jun 13, 2026
@sjinks sjinks added this pull request to the merge queue Jun 13, 2026
Merged via the queue into production with commit 310516b Jun 13, 2026
25 of 26 checks passed
@dependabot dependabot Bot deleted the dependabot/composer/composer-70bd376701 branch June 13, 2026 18:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sjinks sjinks sjinks approved these changes

Assignees

@sjinks sjinks

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sjinks