Skip to content

Bump the dependencies group with 3 updates#2016

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/composer/dependencies-2940a724e1
Jul 6, 2026
Merged

Bump the dependencies group with 3 updates#2016
github-actions[bot] merged 1 commit into
mainfrom
dependabot/composer/dependencies-2940a724e1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 3 updates: guzzlehttp/guzzle, phpstan/phpstan and twig/twig.

Updates guzzlehttp/guzzle from 7.13.0 to 7.13.2

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.13.2

Fixed

  • Stop the cURL multi handler busy-waiting on request delays shorter than one second
  • Stop cURL HEAD requests with request bodies hanging on responses that declare a content length
  • The cURL handler no longer transmits request bodies on HEAD requests
  • Preserve response headers when a response includes HTTP trailers
  • Harden cURL response header block detection when HTTP trailers are received
  • Corrected the PSR-7 class names in the Pool iterator exception
  • Redirect body rewind failures no longer leak a bare RuntimeException

7.13.1

Fixed

  • Allow middleware to rewrite partial URIs before transports validate them
Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.13.2 - 2026-07-05

Fixed

  • Stop the cURL multi handler busy-waiting on request delays shorter than one second
  • Stop cURL HEAD requests with request bodies hanging on responses that declare a content length
  • The cURL handler no longer transmits request bodies on HEAD requests
  • Preserve response headers when a response includes HTTP trailers
  • Harden cURL response header block detection when HTTP trailers are received
  • Corrected the PSR-7 class names in the Pool iterator exception
  • Redirect body rewind failures no longer leak a bare RuntimeException

7.13.1 - 2026-06-29

Fixed

  • Allow middleware to rewrite partial URIs before transports validate them
Commits

Updates phpstan/phpstan from 2.2.2 to 2.2.5

Commits

Updates twig/twig from 3.27.1 to 3.28.0

Release notes

Sourced from twig/twig's releases.

v3.28.0

Changelog (twigphp/Twig@v3.27.1...v3.28.0)

  • bug #4850 Render backed enums using their backing value in the html_attr function (@​fabpot)
  • minor #4845 Add documention note about variable scope of override blocks in { embed ... only } (@​andy-blum)
  • minor #4843 Define macros at the template root in the cache macro fixture (@​fabpot)
  • bug #4841 Fix Markup truthiness in boolean expressions (@​xtrime-ru)
  • bug #4842 Fix a PHP 8.5 chr() deprecation when decoding octal string escapes (@​austinderrick)
  • feature #4292 Introduce a CorrectnessNodeVisitor to validate that templates are semantically correct (@​fabpot)
  • feature #4840 Mark Markup as final (@​fabpot)
  • feature #4838 Allow calling a macro with a dynamic name via the dot operator (@​fabpot)
  • bug #4835 Fix markdown_to_html mangling content that starts with a blank line (@​fabpot)
  • feature #4819 Add an allow-list for tests to the sandbox security policy (@​fabpot)
  • minor #4837 Reduce memory usage of the context restoration compiled at the end of for loops (@​fabpot)
  • feature #4816 Add an always_allowed_in_sandbox flag for filters, functions, and tags (@​fabpot)
  • feature #4834 Track the source offset of each token and expose it in syntax errors (@​fabpot)
  • minor #4836 Document how to customize the markdown_to_html converter (@​fabpot)
  • minor #4662 CoreExtension::getAttribute: small improvement regarding getter/isser/hasser (@​gharlan)
  • bug #4825 Make the include() function return a Markup object (@​fabpot)
  • bug #4830 Fix nested block() resolution when a directly rendered block calls parent() (@​fabpot)
  • minor #4827 Document {#--#} as the replacement for the deprecated spaceless filter (@​fabpot)
  • bug #4828 Stop reporting a skipped test in IntegrationTestCase when there is no legacy test to run (@​fabpot)
  • minor #4829 Document storing an enum in a variable to avoid repeating its FQCN (@​fabpot)
  • bug #4824 Cast printed expressions to string so values that cannot be converted to a string (arrays, non-Stringable objects, ...) report a usable stack trace at the print location (@​stof, @​fabpot)
  • feature #4826 Make IntegrationTestCase and NodeTestCase compatible with PHPUnit 11 (@​fabpot)
  • feature #4823 Skip the sandbox __toString check on arguments whose PHP parameter type cannot implicitly coerce to string (@​fabpot)
Changelog

Sourced from twig/twig's changelog.

3.28.0 (2026-07-03)

  • Render backed enums using their backing value in the html_attr function
  • Fix empty Markup values being treated as truthy in and, or, xor, not, ternary, and elvis expressions
  • Fix a PHP 8.5 chr() deprecation when decoding an octal string escape sequence larger than \377 (such as "\777")
  • Mark Twig\Markup as @final; it will be final in Twig 4.0
  • Reduce memory usage and speed up the context restoration compiled at the end of for loops
  • Allow calling a macro with a dynamic name via the dot operator (macros.(name)(args))
  • Report the column number in syntax errors and expose it via Error::getTemplateColumn()
  • Track the source offset of each token and expose it via Token::getOffset()
  • Fix nested block() calls to resolve against the overriding template when a block rendered through block(name, template) calls parent()
  • Deprecate the possibility to use a block tag within a capture node (like set)
  • Deprecate the possibility to use a block tag within a capture node (like set) in child templates
  • Deprecate using a macro, extends, or use tag outside the root of a template
  • Stop reporting a skipped test in IntegrationTestCase when there is no legacy test to run
  • Fix markdown_to_html to strip the indentation shared by all lines instead of mangling content that starts with a blank line
  • Make the IntegrationTestCase and NodeTestCase test helpers compatible with PHPUnit 11
  • Cast printed expressions to string so values that cannot be converted to a string (arrays, non-Stringable objects, ...) report a usable stack trace at the print location
  • Make the include() function return a Markup object so an assigned result is not re-escaped when printed
  • Skip the sandbox __toString check on arguments whose PHP parameter type cannot implicitly coerce to string
  • Document the criteria for marking a callable or tag as always allowed in a sandbox, and the list of built-in tags, filters, and functions that will be always allowed in Twig 4.0
  • Add an always_allowed_in_sandbox option for filters, functions, and tests, and an isAlwaysAllowedInSandbox() method for token parsers, to let authors mark callables and tags that are always allowed in sandbox mode without explicit allow-listing
  • Add an allow-list for tests to Twig\Sandbox\SecurityPolicy, with the safe built-in tests flagged as always allowed so they keep working without allow-listing
Commits
  • 597c12e Prepare the 3.28.0 release
  • 6a175a5 bug #4850 Render backed enums using their backing value in the html_attr func...
  • 9323a82 Render backed enums using their backing value in the html_attr function
  • ec0f5d5 Tweak previous merge
  • 4007231 minor #4845 Add documention note about variable scope of override blocks in {...
  • 068a2e6 Add documention note about variable scope of override blocks in {% embed ... ...
  • f6152fe minor #4843 Define macros at the template root in the cache macro fixture (fa...
  • 424d2f1 Define the macro at the template root in the cache macro fixture
  • e3b8e15 Update CHANGELOG
  • 2f202b0 bug #4841 Fix Markup truthiness in boolean expressions (xtrime-ru)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 3 updates: [guzzlehttp/guzzle](https://github.com/guzzle/guzzle), [phpstan/phpstan](https://github.com/phpstan/phpstan-phar-composer-source) and [twig/twig](https://github.com/twigphp/Twig).


Updates `guzzlehttp/guzzle` from 7.13.0 to 7.13.2
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.14/CHANGELOG.md)
- [Commits](guzzle/guzzle@7.13.0...7.13.2)

Updates `phpstan/phpstan` from 2.2.2 to 2.2.5
- [Commits](https://github.com/phpstan/phpstan-phar-composer-source/commits)

Updates `twig/twig` from 3.27.1 to 3.28.0
- [Release notes](https://github.com/twigphp/Twig/releases)
- [Changelog](https://github.com/twigphp/Twig/blob/3.x/CHANGELOG)
- [Commits](twigphp/Twig@v3.27.1...v3.28.0)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-version: 7.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: phpstan/phpstan
  dependency-version: 2.2.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: twig/twig
  dependency-version: 3.28.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels Jul 6, 2026
@codecov

codecov Bot commented Jul 6, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.49%. Comparing base (ac9039e) to head (f4c58c0).

Additional details and impacted files
@@            Coverage Diff            @@
##               main    #2016   +/-   ##
=========================================
  Coverage     92.49%   92.49%           
  Complexity     1991     1991           
=========================================
  Files           123      123           
  Lines          7232     7232           
=========================================
  Hits           6689     6689           
  Misses          543      543           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@github-actions github-actions Bot merged commit 4f6ac74 into main Jul 6, 2026
26 checks passed
@github-actions github-actions Bot deleted the dependabot/composer/dependencies-2940a724e1 branch July 6, 2026 14:55
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

Try the dev build for this PR: https://acquia-cli.s3.amazonaws.com/build/pr/2016/acli.phar

curl -OL https://acquia-cli.s3.amazonaws.com/build/pr/2016/acli.phar
chmod +x acli.phar

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update Php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants