chore(deps): Bump guzzlehttp/guzzle from 7.10.0 to 7.12.0

[dependabot]

Bumps guzzlehttp/guzzle from 7.10.0 to 7.12.0.

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.12.0

Added

• Added RequestOptions constants for curl, retries, and stream_context

Changed

• Adjusted guzzlehttp/psr7 version constraint to ^2.12
• Constrain cURL transport sharing to safe libcurl DNS and SSL session support
• Resolve proxy environment variables in the cURL handlers; libcurl no longer reads the environment itself
• Ignore proxy environment variables when the proxy request option makes a decision
• Disable proxy environment variables on Windows SAPIs other than CLI (httpoxy hardening)
• Redact proxy credentials from cURL handler error messages, following Psr7\Utils::redactUserInfo()
• Normalize no-proxy domain and IP literal matching across the cURL and stream handlers

Deprecated

• Deprecated the request-level handler option, which will be ignored in 8.0
• Deprecated raw cURL request options outside the built-in cURL handlers' allow-list
• Deprecated the CURLOPT_PROXYTYPE cURL request option; set the proxy type via a scheme-prefixed proxy URL
• Deprecated PHP stream context options outside the built-in stream handler allow-list
• Deprecated passing ntlm as a built-in auth type
• Deprecated Utils::describeType()
• Deprecated non-finite floats in the query and form_params options; 8.0 rejects them
• Deprecated non-string scalar values in the body option; 8.0 rejects them

Fixed

• Fix cURL TLS and HTTP/2 capability detection using libcurl feature checks
• Fix proxy no list matches being re-proxied through environment-configured proxies by libcurl
• Fix no list and NO_PROXY matching to support IP CIDR ranges, matching libcurl
• Fix the stream handler not applying scheme-less proxies and their credentials

7.11.2

Fixed

• Fixed non-finite float values emitting coercion warnings on PHP 8.5

Release 7.11.1

Fixed

• Ignore request-level transport_sharing, matching other unknown request options

Release 7.11.0

Added

• Added support for providing the proxy request option's no value as a comma-delimited string
• Added the protocols request option to restrict allowed URI schemes for request transfers
• Added cert_type and ssl_key_type request options for TLS certificate and private-key file types
• Added PHP stream handler support for the ssl_key request option

... (truncated)

Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.12.0 - 2026-06-16

Added

• Added RequestOptions constants for curl, retries, and stream_context

Changed

• Adjusted guzzlehttp/psr7 version constraint to ^2.12
• Constrain cURL transport sharing to safe libcurl DNS and SSL session support
• Resolve proxy environment variables in the cURL handlers; libcurl no longer reads the environment itself
• Ignore proxy environment variables when the proxy request option makes a decision
• Disable proxy environment variables on Windows SAPIs other than CLI (httpoxy hardening)
• Redact proxy credentials from cURL handler error messages, following Psr7\Utils::redactUserInfo()
• Normalize no-proxy domain and IP literal matching across the cURL and stream handlers

Deprecated

• Deprecated the request-level handler option, which will be ignored in 8.0
• Deprecated raw cURL request options outside the built-in cURL handlers' allow-list
• Deprecated the CURLOPT_PROXYTYPE cURL request option; set the proxy type via a scheme-prefixed proxy URL
• Deprecated PHP stream context options outside the built-in stream handler allow-list
• Deprecated passing ntlm as a built-in auth type
• Deprecated Utils::describeType()
• Deprecated non-finite floats in the query and form_params options; 8.0 rejects them
• Deprecated non-string scalar values in the body option; 8.0 rejects them

Fixed

• Fix cURL TLS and HTTP/2 capability detection using libcurl feature checks
• Fix proxy no list matches being re-proxied through environment-configured proxies by libcurl
• Fix no list and NO_PROXY matching to support IP CIDR ranges, matching libcurl
• Fix the stream handler not applying scheme-less proxies and their credentials

7.11.2 - 2026-06-12

Fixed

• Fixed non-finite float values emitting coercion warnings on PHP 8.5

7.11.1 - 2026-06-07

Fixed

• Ignore request-level transport_sharing, matching other unknown request options

7.11.0 - 2026-06-02

... (truncated)

Commits

• eaa8159 Release 7.12.0
• e0d3349 Adjusted guzzlehttp/psr7 version constraint and corrected links (#3646)
• 8ca9415 Normalize scalar body request options (#3644)
• 1a8d3aa Translate scheme-less proxies and their credentials in the stream handler (#3...
• 751f7a5 Revert too aggressive authenticated proxy tunnel reuse mitigation (#3641)
• d5be98c Deprecate the CURLOPT_PROXYTYPE cURL request option (#3632)
• fa33c8e Deprecate non-string scalar values in the body request option (#3631)
• a19ce18 Deprecate non-finite floats in the query and form_params options (#3623)
• 03cada3 Merge branch '7.11' into 7.12
• bf5f35a Release 7.11.2
• Additional commits viewable in compare view

[sourceant]

Code Review Summary

This PR updates guzzlehttp/guzzle from 7.10.0 to 7.12.0, along with its core dependencies. This is a routine maintenance update that includes security hardening and preparation for the upcoming major version.

🚀 Key Improvements

• Bumped guzzlehttp/guzzle to 7.12.0.
• Included security hardening for proxy credential redaction and 'httpoxy' mitigations.
• Updated guzzlehttp/psr7 to 2.12.0 and guzzlehttp/promises to 2.5.0.
• Added symfony/polyfill-php80 as a required dependency for Guzzle's internal components.

💡 Minor Suggestions

• Check for deprecated handler option usage in the codebase to prepare for Guzzle 8.0.

[sourceant]

Review complete. No specific code suggestions were generated. See the overview comment for a summary.

[github-actions]

Coverage Report
PR coverage: 71.24%
Baseline: 0%
Change: ✅+71.2%