Bump guzzlehttp/guzzle from 7.9.3 to 7.12.1 in /plugins/paymethod/paypal

[dependabot]

Bumps guzzlehttp/guzzle from 7.9.3 to 7.12.1.

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.12.1

Changed

• Adjusted guzzlehttp/psr7 version constraint to ^2.12.1

Fixed

• Reject proxy URLs with a malformed scheme in the cURL handlers instead of letting libcurl mishandle them

Security

• Reject HTTPS proxies when the installed libcurl lacks HTTPS-proxy support (GHSA-wpwq-4j6v-78m3)
• Reject dot-only cookie Domain attributes as match-all (GHSA-cwxw-98qj-8qjx)

7.12.0

Added

• Added RequestOptions constants for curl, retries, and stream_context

Changed

• Adjusted guzzlehttp/psr7 version constraint to ^2.12
• Constrain cURL transport sharing to safe libcurl DNS and SSL session support
• Resolve proxy environment variables in the cURL handlers; libcurl no longer reads the environment itself
• Ignore proxy environment variables when the proxy request option makes a decision
• Disable proxy environment variables on Windows SAPIs other than CLI (httpoxy hardening)
• Redact proxy credentials from cURL handler error messages, following Psr7\Utils::redactUserInfo()
• Normalize no-proxy domain and IP literal matching across the cURL and stream handlers

Deprecated

• Deprecated the request-level handler option, which will be ignored in 8.0
• Deprecated raw cURL request options outside the built-in cURL handlers' allow-list
• Deprecated the CURLOPT_PROXYTYPE cURL request option; set the proxy type via a scheme-prefixed proxy URL
• Deprecated PHP stream context options outside the built-in stream handler allow-list
• Deprecated passing ntlm as a built-in auth type
• Deprecated Utils::describeType()
• Deprecated non-finite floats in the query and form_params options; 8.0 rejects them
• Deprecated non-string scalar values in the body option; 8.0 rejects them

Fixed

• Fix cURL TLS and HTTP/2 capability detection using libcurl feature checks
• Fix proxy no list matches being re-proxied through environment-configured proxies by libcurl
• Fix no list and NO_PROXY matching to support IP CIDR ranges, matching libcurl
• Fix the stream handler not applying scheme-less proxies and their credentials

7.11.2

Fixed

... (truncated)

Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.12.1 - 2026-06-18

Changed

• Adjusted guzzlehttp/psr7 version constraint to ^2.12.1

Fixed

• Reject proxy URLs with a malformed scheme in the cURL handlers instead of letting libcurl mishandle them

Security

• Reject HTTPS proxies when the installed libcurl lacks HTTPS-proxy support (GHSA-wpwq-4j6v-78m3)
• Reject dot-only cookie Domain attributes as match-all (GHSA-cwxw-98qj-8qjx)

7.12.0 - 2026-06-16

Added

• Added RequestOptions constants for curl, retries, and stream_context

Changed

• Adjusted guzzlehttp/psr7 version constraint to ^2.12
• Constrain cURL transport sharing to safe libcurl DNS and SSL session support
• Resolve proxy environment variables in the cURL handlers; libcurl no longer reads the environment itself
• Ignore proxy environment variables when the proxy request option makes a decision
• Disable proxy environment variables on Windows SAPIs other than CLI (httpoxy hardening)
• Redact proxy credentials from cURL handler error messages, following Psr7\Utils::redactUserInfo()
• Normalize no-proxy domain and IP literal matching across the cURL and stream handlers

Deprecated

• Deprecated the request-level handler option, which will be ignored in 8.0
• Deprecated raw cURL request options outside the built-in cURL handlers' allow-list
• Deprecated the CURLOPT_PROXYTYPE cURL request option; set the proxy type via a scheme-prefixed proxy URL
• Deprecated PHP stream context options outside the built-in stream handler allow-list
• Deprecated passing ntlm as a built-in auth type
• Deprecated Utils::describeType()
• Deprecated non-finite floats in the query and form_params options; 8.0 rejects them
• Deprecated non-string scalar values in the body option; 8.0 rejects them

Fixed

• Fix cURL TLS and HTTP/2 capability detection using libcurl feature checks
• Fix proxy no list matches being re-proxied through environment-configured proxies by libcurl
• Fix no list and NO_PROXY matching to support IP CIDR ranges, matching libcurl
• Fix the stream handler not applying scheme-less proxies and their credentials

... (truncated)

Commits

• d346274 Release 7.12.1
• 7f537cd Reject dot-only cookie domains (#3653)
• 29482f2 Adjust version constraints (#3651)
• fc70174 Reject proxy URLs with a malformed scheme in the cURL handlers (#3637)
• 0f4da82 Reject HTTPS proxies when libcurl lacks HTTPS-proxy support (#3626)
• eaa8159 Release 7.12.0
• e0d3349 Adjusted guzzlehttp/psr7 version constraint and corrected links (#3646)
• 8ca9415 Normalize scalar body request options (#3644)
• 1a8d3aa Translate scheme-less proxies and their credentials in the stream handler (#3...
• 751f7a5 Revert too aggressive authenticated proxy tunnel reuse mitigation (#3641)
• Additional commits viewable in compare view

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}