Skip to content

chore(deps): bump guzzlehttp/guzzle from 7.10.0 to 7.14.0#96

Open
dependabot[bot] wants to merge 110 commits into
masterfrom
dependabot/composer/guzzlehttp/guzzle-7.12.1
Open

chore(deps): bump guzzlehttp/guzzle from 7.10.0 to 7.14.0#96
dependabot[bot] wants to merge 110 commits into
masterfrom
dependabot/composer/guzzlehttp/guzzle-7.12.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown
Contributor

Bumps guzzlehttp/guzzle from 7.10.0 to 7.14.0.

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.14.0

Added

  • Added the on_trailers request option to expose parsed HTTP response trailers
  • Added the multiplex request option with Multiplexing::* modes to control or require HTTP/2 multiplexing
  • Added rejection of explicit multiplex requests when CURLMOPT_PIPELINING disables multiplexing
  • Added the max_host_connections and max_total_connections client and cURL multi handler options

Changed

  • Redirects that discard the request body no longer require it to be rewindable
  • Synchronous cURL multi handler requests no longer wait for other queued transfers
  • Section SOCKS proxy connections by credentials on libcurl before 7.69.0
  • Reject request-level CURLOPT_SHARE when combined with authenticated SOCKS proxy configuration
  • Redact proxy userinfo containing raw control bytes in cURL errors
  • Check linked curl/libcurl NTLM support before applying NTLM auth
  • Clarify that NTLM is deprecated by both Guzzle and curl/libcurl
  • Remove deprecation for the raw cURL CURLOPT_CERTINFO option
  • Warn when a cURL multi option cannot be applied

Deprecated

  • Deprecate the raw CURLOPT_PIPEWAIT cURL option in favour of the multiplex request option
  • Deprecate unknown handler constructor options
  • Deprecate invalid select_timeout cURL multi handler option values
  • Deprecate raw cURL multi connection cap options in favour of the named options

7.13.3

Changed

  • Adjusted guzzlehttp/promises version constraint to ^2.5.1
  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.4
  • Pass explicit trim characters ahead of the PHP 8.6 trim default change

Fixed

  • Stop matching cookie domains against hosts with a trailing newline
  • Reject HTTP status codes and certificate type extensions with a trailing newline
  • Treat PCRE engine failures as invalid cookie names during cookie validation
  • Report PCRE engine failures when formatting log messages
  • Report PCRE engine failures when splitting no_proxy values

7.13.2

Fixed

  • Stop the cURL multi handler busy-waiting on request delays shorter than one second
  • Stop cURL HEAD requests with request bodies hanging on responses that declare a content length
  • The cURL handler no longer transmits request bodies on HEAD requests
  • Preserve response headers when a response includes HTTP trailers
  • Harden cURL response header block detection when HTTP trailers are received

... (truncated)

Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.14.0 - 2026-07-08

Added

  • Added the on_trailers request option to expose parsed HTTP response trailers
  • Added the multiplex request option with Multiplexing::* modes to control or require HTTP/2 multiplexing
  • Added rejection of explicit multiplex requests when CURLMOPT_PIPELINING disables multiplexing
  • Added the max_host_connections and max_total_connections client and cURL multi handler options

Changed

  • Redirects that discard the request body no longer require it to be rewindable
  • Synchronous cURL multi handler requests no longer wait for other queued transfers
  • Section SOCKS proxy connections by credentials on libcurl before 7.69.0
  • Reject request-level CURLOPT_SHARE when combined with authenticated SOCKS proxy configuration
  • Redact proxy userinfo containing raw control bytes in cURL errors
  • Check linked curl/libcurl NTLM support before applying NTLM auth
  • Clarify that NTLM is deprecated by both Guzzle and curl/libcurl
  • Remove deprecation for the raw cURL CURLOPT_CERTINFO option
  • Warn when a cURL multi option cannot be applied

Deprecated

  • Deprecate the raw CURLOPT_PIPEWAIT cURL option in favour of the multiplex request option
  • Deprecate unknown handler constructor options
  • Deprecate invalid select_timeout cURL multi handler option values
  • Deprecate raw cURL multi connection cap options in favour of the named options

7.13.3 - 2026-07-08

Changed

  • Adjusted guzzlehttp/promises version constraint to ^2.5.1
  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.4
  • Pass explicit trim characters ahead of the PHP 8.6 trim default change

Fixed

  • Stop matching cookie domains against hosts with a trailing newline
  • Reject HTTP status codes and certificate type extensions with a trailing newline
  • Treat PCRE engine failures as invalid cookie names during cookie validation
  • Report PCRE engine failures when formatting log messages
  • Report PCRE engine failures when splitting no_proxy values

7.13.2 - 2026-07-05

Fixed

... (truncated)

Commits

dependabot Bot and others added 30 commits May 17, 2026 17:25
Bumps [uuid](https://github.com/uuidjs/uuid) from 11.1.0 to 11.1.1.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/v11.1.1/CHANGELOG.md)
- [Commits](uuidjs/uuid@v11.1.0...v11.1.1)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 11.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [mermaid](https://github.com/mermaid-js/mermaid) from 11.12.3 to 11.15.0.
- [Release notes](https://github.com/mermaid-js/mermaid/releases)
- [Commits](https://github.com/mermaid-js/mermaid/compare/mermaid@11.12.3...mermaid@11.15.0)

---
updated-dependencies:
- dependency-name: mermaid
  dependency-version: 11.15.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [twig/markdown-extra](https://github.com/twigphp/markdown-extra) from 3.23.0 to 3.26.0.
- [Release notes](https://github.com/twigphp/markdown-extra/releases)
- [Commits](twigphp/markdown-extra@v3.23.0...v3.26.0)

---
updated-dependencies:
- dependency-name: twig/markdown-extra
  dependency-version: 3.26.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [twig/twig](https://github.com/twigphp/Twig) from 3.22.2 to 3.26.0.
- [Release notes](https://github.com/twigphp/Twig/releases)
- [Changelog](https://github.com/twigphp/Twig/blob/3.x/CHANGELOG)
- [Commits](twigphp/Twig@v3.22.2...v3.26.0)

---
updated-dependencies:
- dependency-name: twig/twig
  dependency-version: 3.26.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/security-http](https://github.com/symfony/security-http) from 7.4.3 to 7.4.13.
- [Release notes](https://github.com/symfony/security-http/releases)
- [Changelog](https://github.com/symfony/security-http/blob/8.1/CHANGELOG.md)
- [Commits](symfony/security-http@v7.4.3...v7.4.13)

---
updated-dependencies:
- dependency-name: symfony/security-http
  dependency-version: 7.4.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/routing](https://github.com/symfony/routing) from 7.4.3 to 7.4.13.
- [Release notes](https://github.com/symfony/routing/releases)
- [Changelog](https://github.com/symfony/routing/blob/8.1/CHANGELOG.md)
- [Commits](symfony/routing@v7.4.3...v7.4.13)

---
updated-dependencies:
- dependency-name: symfony/routing
  dependency-version: 7.4.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/web-profiler-bundle](https://github.com/symfony/web-profiler-bundle) from 7.4.3 to 7.4.12.
- [Release notes](https://github.com/symfony/web-profiler-bundle/releases)
- [Changelog](https://github.com/symfony/web-profiler-bundle/blob/8.1/CHANGELOG.md)
- [Commits](symfony/web-profiler-bundle@v7.4.3...v7.4.12)

---
updated-dependencies:
- dependency-name: symfony/web-profiler-bundle
  dependency-version: 7.4.12
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/http-kernel](https://github.com/symfony/http-kernel) from 7.4.3 to 7.4.13.
- [Release notes](https://github.com/symfony/http-kernel/releases)
- [Changelog](https://github.com/symfony/http-kernel/blob/8.1/CHANGELOG.md)
- [Commits](symfony/http-kernel@v7.4.3...v7.4.13)

---
updated-dependencies:
- dependency-name: symfony/http-kernel
  dependency-version: 7.4.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/monolog-bridge](https://github.com/symfony/monolog-bridge) from 7.4.0 to 7.4.12.
- [Release notes](https://github.com/symfony/monolog-bridge/releases)
- [Changelog](https://github.com/symfony/monolog-bridge/blob/8.1/CHANGELOG.md)
- [Commits](symfony/monolog-bridge@v7.4.0...v7.4.12)

---
updated-dependencies:
- dependency-name: symfony/monolog-bridge
  dependency-version: 7.4.12
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/cache](https://github.com/symfony/cache) from 7.4.3 to 7.4.13.
- [Release notes](https://github.com/symfony/cache/releases)
- [Changelog](https://github.com/symfony/cache/blob/8.1/CHANGELOG.md)
- [Commits](symfony/cache@v7.4.3...v7.4.13)

---
updated-dependencies:
- dependency-name: symfony/cache
  dependency-version: 7.4.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/mime](https://github.com/symfony/mime) from 7.4.0 to 7.4.12.
- [Release notes](https://github.com/symfony/mime/releases)
- [Changelog](https://github.com/symfony/mime/blob/8.1/CHANGELOG.md)
- [Commits](symfony/mime@v7.4.0...v7.4.12)

---
updated-dependencies:
- dependency-name: symfony/mime
  dependency-version: 7.4.12
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/mailer](https://github.com/symfony/mailer) from 7.4.4 to 7.4.12.
- [Release notes](https://github.com/symfony/mailer/releases)
- [Changelog](https://github.com/symfony/mailer/blob/8.1/CHANGELOG.md)
- [Commits](symfony/mailer@v7.4.4...v7.4.12)

---
updated-dependencies:
- dependency-name: symfony/mailer
  dependency-version: 7.4.12
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/yaml](https://github.com/symfony/yaml) from 7.4.1 to 7.4.12.
- [Release notes](https://github.com/symfony/yaml/releases)
- [Changelog](https://github.com/symfony/yaml/blob/8.1/CHANGELOG.md)
- [Commits](symfony/yaml@v7.4.1...v7.4.12)

---
updated-dependencies:
- dependency-name: symfony/yaml
  dependency-version: 7.4.12
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/polyfill-intl-idn](https://github.com/symfony/polyfill-intl-idn) from 1.33.0 to 1.38.1.
- [Release notes](https://github.com/symfony/polyfill-intl-idn/releases)
- [Commits](symfony/polyfill-intl-idn@v1.33.0...v1.38.1)

---
updated-dependencies:
- dependency-name: symfony/polyfill-intl-idn
  dependency-version: 1.38.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/composer/guzzlehttp/guzzle-7.12.1 branch from 487921f to 2b40b33 Compare June 21, 2026 22:12
Naroh091 and others added 26 commits June 22, 2026 01:08
* docs: spec + plan for agent-present progress modal

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* fix: make ⌘K solicitud search case-insensitive

PostgreSQL LIKE is case-sensitive; wrap columns/params in LOWER() to match
the ResolutionRepository convention.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat: add shared agentPresent Alpine store for progress modal

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat: add shared agent-present modal partial (store-driven)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat: drive complaint present modal from agentPresent store

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* refactor: unify solicitudes/show complaint present onto shared modal

Retires agent_present_controller.js and the status pill/fallback.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat: show progress modal for bulk solicitud submission

dispatchBatch now returns per-task statusUrl; realizar canvas tracks them in
the shared agentPresent modal instead of redirecting immediately.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* docs: document unified agent-present progress modal

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* fix: re-enable realizar submit button after dispatch

The progress modal is store-driven; if the user closes it to stay on the
page, the dispatch CTA must not remain disabled. Use restoreButton() instead
of only clearing the in-flight flag.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ok (#99)

- complete(): treat present_complaint_reg as a submission so portal markers
  persist and submission_uncertain is cleared/flagged (it was omitted from
  $isSubmission).
- AgentWebhookProcessor: honor metadata.documentType so an agent upload keyed
  by access_request_id can pre-type the REG justificante as complaint_receipt.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
)

* feat: add bundled request-generation chat prompt for Langfuse

* refactor: source request-generation prompt from Langfuse via PromptStore

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat: link request-generation trace to Langfuse prompt ref

Adapt AssistantChatController::request() to consume CompiledPrompt from
RequestPromptComposer::compose(), propagating promptRef/traceName/hasDraft
to AssistantChatTurn — mirroring the existing complaint() method.
Also removes unused $registry variable and its import from the composer test.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* docs: document Langfuse-managed request-generation prompt

Add note in request-workflow.md that the request chat prompt is
managed in Langfuse as `pideinfo-request-generate-request-chat`
with bundled fallback; cross-reference added to architecture.md
prompt list.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: register request-generation chat prompt in PromptCatalog

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* docs: add design spec and implementation plan for request-prompt Langfuse migration

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat: implement CRUD for criteria

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat: add draft-only AI solicitud flow (#81)

Add a third option in the "Nueva solicitud" page that lets users draft
a solicitud with AI assistance without any sending capability. Includes:

- Third card ("Quiero redactarla con IA sin enviarla") in start.html.twig,
  switching the grid to 3 columns with green icon accent.
- GET /solicitudes/nueva/redactar → simple organism picker with TomSelect
  autocomplete (create: true so users can type a new name).
- POST /solicitudes/nueva/redactar → looks up the organism case-insensitively
  or creates a minimal PublicBody, then creates a STATUS_PENDING AccessRequest
  (draft_only=true in metadata) and redirects to the existing AI drafting page.
- Dedicated draft_only_picker Stimulus controller wiring the TomSelect
  instance and enabling the submit button only when a value is selected.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

* feat: add third option "just generate with AI"

---------

Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
The agentPresent progress modal polls task status with the session
cookie, but statusUrl pointed at `api_agent_tasks_get`
(/api/agent/tasks/{id}). That firewall is stateless + JWT, so it
ignores the cookie and answers 401 "JWT Token not found" — the modal
never advanced past "pending".

Add AgentTaskStatusController (GET /panel/agent/tasks/{id}/estado,
`app_agent_task_status`) served by the main firewall (cookie auth,
ROLE_USER + ownership check) and repoint the three statusUrl
generators to it. The JWT /api/agent/tasks API stays untouched for the
desktop agent.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…104)

* fix: serve agent task status to browser via cookie-auth endpoint

The agentPresent progress modal polls task status with the session
cookie, but statusUrl pointed at `api_agent_tasks_get`
(/api/agent/tasks/{id}). That firewall is stateless + JWT, so it
ignores the cookie and answers 401 "JWT Token not found" — the modal
never advanced past "pending".

Add AgentTaskStatusController (GET /panel/agent/tasks/{id}/estado,
`app_agent_task_status`) served by the main firewall (cookie auth,
ROLE_USER + ownership check) and repoint the three statusUrl
generators to it. The JWT /api/agent/tasks API stays untouched for the
desktop agent.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat: MCP generate_access_request + semantic search_reg_destinations

Add two MCP tools to prepare a sendable access request (distinct from
create_access_request, which records an already-sent one):

- search_reg_destinations (mcp:read): semantic search over REG/DIR3
  destinations. New pgvector store ai_reg_destinations (halfvec(3072)+HNSW),
  RegDestinationTextBuilder + RegDestinationIndexer + RegDestinationRetriever,
  and app:reg:embed-destinations (incremental / --force). Opt-in --embed hook
  in app:reg:import-destinations keeps the store in sync.
- generate_access_request (mcp:write): server-side AI single-shot draft into a
  PENDING AccessRequest with the RegDestination attached, tagged
  metadata.generated_via = mcp/{client_id}.

Extract RequestDraftGenerator from AssistantChatController (shared applyDraft
normalisation) and fix the latent App\Service\AI\Vector class-not-found that
silently forced the resolution retrieval onto the text fallback.

Docs (mcp.md/architecture.md/request-workflow.md) and unit tests included.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* feat: MCP generate_access_request + semantic search_reg_destinations

Add two MCP tools to prepare a sendable access request (distinct from
create_access_request, which records an already-sent one):

- search_reg_destinations (mcp:read): semantic search over REG/DIR3
  destinations. New pgvector store ai_reg_destinations (halfvec(3072)+HNSW),
  RegDestinationTextBuilder + RegDestinationIndexer + RegDestinationRetriever,
  and app:reg:embed-destinations (incremental / --force). Opt-in --embed hook
  in app:reg:import-destinations keeps the store in sync.
- generate_access_request (mcp:write): server-side AI single-shot draft into a
  PENDING AccessRequest with the RegDestination attached, tagged
  metadata.generated_via = mcp/{client_id}.

Extract RequestDraftGenerator from AssistantChatController (shared applyDraft
normalisation) and fix the latent App\Service\AI\Vector class-not-found that
silently forced the resolution retrieval onto the text fallback.

Docs (mcp.md/architecture.md/request-workflow.md) and unit tests included.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat: create RegDestination picker

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ai-store v0.10.0 VectorDocument::__construct requires int|string $id and
rejects UuidV7 objects under strict_types, crashing app:reg:embed-destinations.
Pass Uuid::v7()->toRfc4122() instead.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 7.10.0 to 7.14.0.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.14/CHANGELOG.md)
- [Commits](guzzle/guzzle@7.10.0...7.14.0)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-version: 7.12.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump guzzlehttp/guzzle from 7.10.0 to 7.12.1 chore(deps): bump guzzlehttp/guzzle from 7.10.0 to 7.14.0 Jul 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/composer/guzzlehttp/guzzle-7.12.1 branch from 2b40b33 to 70898b5 Compare July 9, 2026 21:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant