chore(deps): bump symfony/http-client from 5.4.49 to 7.4.13 by dependabot[bot] · Pull Request #194 · keymanapp/keymanweb.com

dependabot · 2026-06-15T19:22:21Z

Bumps symfony/http-client from 5.4.49 to 7.4.13.

Release notes

Sourced from symfony/http-client's releases.

v7.4.13

Changelog (symfony/http-client@v7.4.9...v7.4.13)

security #cve-2026-48736 Block IPv6 transition forms in NoPrivateNetworkHttpClient (@nicolas-grekas)

bug #64349 ntlm regression on authPersistNonNTLM=false connections with reset() (@Dooij)

bug #64260 Various fixes and hardenings (@Lctrs)

v7.4.9

Changelog (symfony/http-client@v7.4.8...v7.4.9)

bug #64046 Don't share CURL_LOCK_DATA_CONNECT to honor max_host_connections (@ousamabenyounes)

v7.4.8

Changelog (symfony/http-client@v7.4.7...v7.4.8)

bug #63692 Fix broken streams when first event is delayed (@LachlanArthur)

bug #63726 Unset push response content when the push handler is released (@sakozoko)

v7.4.7

Changelog (symfony/http-client@v7.4.6...v7.4.7)

bug #63573 Fix CachingHttpClient compatibility with decorator clients on 304 responses (@nicolas-grekas)

v7.4.6

Changelog (symfony/http-client@v7.4.5...v7.4.6)

bug #58460 Fix destructor throwing while timeout was handled (@Seldaek, @nicolas-grekas)

v7.4.5

Changelog (symfony/http-client@v7.4.4...v7.4.5)

bug #63212 Fix dealing with truncated streams after headers arrived with CurlHttpClient (nicolas-grekas)

bug #63211 Fix dealing with multiple levels of AsyncResponse decoration (@nicolas-grekas)

v7.4.4

Changelog (symfony/http-client@v7.4.3...v7.4.4)

bug #63155 Skip HTTP/3 when using a proxy (nicolas-grekas)

bug #62954 Fix existing headers must be replaced in CachingHttpClient (Toflar)

bug #62898 update chunk items' expiration on revalidation (@Lctrs)

v7.4.3

Changelog (symfony/http-client@v7.4.2...v7.4.3)

bug symfony/symfony#62845 [HttpClient] Fix ever growing $maxHostConnections (@nicolas-grekas)

bug symfony/symfony#62728 [HttpClient] mark response stale when age equals freshness lifetime (@Lctrs)

bug symfony/symfony#62699 [HttpClient] Fix ScopingHttpClient to always pass base_uri as string instead of parsed array (@santysisi)

bug symfony/symfony#62706 [HttpClient] Fix PHP deprecation when using AmpHttpClient (@nicolas-grekas)

bug symfony/symfony#62698 [HttpClient] Fix copy as curl for arrays with resources & unreachable host (@HypeMC)

... (truncated)

Changelog

Sourced from symfony/http-client's changelog.

CHANGELOG

8.1

Add support for the max_connect_duration option

Add option extra.use_persistent_connections to CurlHttpClient to control the use of persistent connections introduced in PHP 8.5

Add GuzzleHttpHandler that allows using Symfony HttpClient as a Guzzle handler

Add $allowList argument to NoPrivateNetworkHttpClient to allow specific hosts (e.g. a local proxy) to bypass the private-network filter

Add DnsResolvingHttpClient decorator to resolve host names using a custom resolver, including on redirects

Change $maxTtl argument of CachingHttpClient to default to 86400 (24h) instead of null

Deprecate passing null as $maxTtl to CachingHttpClient, pass a positive integer instead

Make CachingHttpClient implement Psr\Log\LoggerAwareInterface to log when a stale cached response is served because the upstream call failed (stale-if-error fallback)

8.0

Remove support for passing an instance of StoreInterface as $cache argument to CachingHttpClient constructor, use a TagAwareCacheInterface instead

Remove support for amphp/http-client < 5

Remove setLogger() methods on decorators; configure the logger on the wrapped client directly instead

7.4

Add RFC 9111–based caching support to CachingHttpClient

Add option auto_upgrade_http_version to control how the request HTTP version is handled in HttplugClient and Psr18Client

Add QUERY to the list of retriable HTTP methods

Deprecate using amphp/http-client < 5

Deprecate passing an instance of StoreInterface as $cache argument to CachingHttpClient constructor

7.3

Add IPv6 support to NativeHttpClient

Allow using HTTP/3 with the CurlHttpClient

7.2

Add support for amphp/http-client v5 on PHP 8.4+

7.1

Add HttpOptions::setHeader() to add or replace a single header

Allow mocking start_time info in MockResponse

Add MockResponse::fromFile() and JsonMockResponse::fromFile() methods to help using fixtures files

Add ThrottlingHttpClient to enable limiting the number of requests within a certain period

Deprecate the setLogger() methods of the NoPrivateNetworkHttpClient, TraceableHttpClient and ScopingHttpClient classes, configure the logger of the wrapped clients directly instead

... (truncated)

Commits

e8a112b Merge branch '6.4' into 7.4
dd69700 [ErrorHandler][HttpClient][Translation] Fix edge case spotted by the CI
766f077 Merge branch '6.4' into 7.4
7b869d1 [HttpClient] Decouple NTLM tests from contracts update
1541157 Merge branch '6.4' into 7.4
c8fecb7 [HttpClient] ntlm regression on authPersistNonNTLM=false connections where re...
dd5dfb8 [HttpClient] Honor request Cache-Control directives in cache
fda130a [HttpClient] Update cached metadata from 304 responses
c424266 [HttpClient] Match validators before using 304 responses
1affb96 [HttpClient] Do not store Connection-nominated headers
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [symfony/http-client](https://github.com/symfony/http-client) from 5.4.49 to 7.4.13. - [Release notes](https://github.com/symfony/http-client/releases) - [Changelog](https://github.com/symfony/http-client/blob/8.2/CHANGELOG.md) - [Commits](symfony/http-client@v5.4.49...v7.4.13) --- updated-dependencies: - dependency-name: symfony/http-client dependency-version: 7.4.13 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels Jun 15, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump symfony/http-client from 5.4.49 to 7.4.13#194

chore(deps): bump symfony/http-client from 5.4.49 to 7.4.13#194
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/composer/symfony/http-client-7.4.13

dependabot Bot commented on behalf of github Jun 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 15, 2026

v7.4.13

v7.4.9

v7.4.8

v7.4.7

v7.4.6

v7.4.5

v7.4.4

v7.4.3

CHANGELOG

8.1

8.0

7.4

7.3

7.2

7.1

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants