New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency laravel/framework to v10 [SECURITY] #121

Open

renovate wants to merge 1 commit into main from renovate/packagist-laravel-framework-vulnerability

Contributor

renovate bot commented Mar 6, 2025 •

edited

Loading

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
laravel/framework (source)	`^8.83` -> `^10.0`

GitHub Vulnerability Alerts

CVE-2024-52301

Description

When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request.

Resolution

The framework now ignores argv values for environment detection on non-cli SAPIs.

CVE-2025-27515

When using wildcard validation to validate a given file or image field array (files.*), a user-crafted malicious request could potentially bypass the validation rules.

Release Notes

laravel/framework (laravel/framework)

`v10.48.29`

`v10.48.28`

`v10.48.27`

`v10.48.26`

[10.x] Refine error messages for detecting lost connections (Debian bookworm compatibility) by @mfn in https://github.com/laravel/framework/pull/53794
[10.x] Bump minimum league/commonmark by @crynobone in https://github.com/laravel/framework/pull/53829
[10.x] Backport 11.x PHP 8.4 fix for str_getcsv deprecation by @aka-tpayne in https://github.com/laravel/framework/pull/54074

`v10.48.25`

[10.x] PHP 8.4 Code Compatibility by @crynobone in https://github.com/laravel/framework/pull/53612

`v10.48.24`

`v10.48.23`

[10.x] Ensure headers are only attached to illuminate responses by @timacdonald in https://github.com/laravel/framework/pull/53019
[10.x] Fix append and prepend batch to chain by @Bencute in https://github.com/laravel/framework/pull/53455

`v10.48.22`

`v10.48.21`

[10.x] Fixes whereDate, whereDay, whereMonth, whereTime, whereYear and whereJsonLength to ignore invalid $operator by @crynobone in https://github.com/laravel/framework/pull/52704
Fix arguments passed to artisan commands that start with 'env' by @willrowe in https://github.com/laravel/framework/pull/52748

`v10.48.20`

[10.x] fix: prevent casting empty string to array from triggering json error by @calebdw in https://github.com/laravel/framework/pull/52415

`v10.48.19`

Add compatible query type to Model::resolveRouteBindingQuery by @sebj54 in https://github.com/laravel/framework/pull/52339
[10.x] Fix Factory::afterCreating callable argument type by @villfa in https://github.com/laravel/framework/pull/52335
[10.x] backport #52204 by @calebdw in https://github.com/laravel/framework/pull/52389
[10.x] In MySQL, harvest last insert ID immediately after query is executed by @piurafunk in https://github.com/laravel/framework/pull/52390

`v10.48.18`

[10.x] backport #52188 by @calebdw in https://github.com/laravel/framework/pull/52293
[10.x] Fix runPaginationCountQuery not working properly for union queries by @chinleung in https://github.com/laravel/framework/pull/52314

`v10.48.17`

[10.x] Fix PHP_CLI_SERVER_WORKERS warning by suppressing it by @pelomedusa in https://github.com/laravel/framework/pull/52094
[10.x] Backport #51615 by @GrahamCampbell in https://github.com/laravel/framework/pull/52215

`v10.48.16`

[10.x] Fix Http::retry so that throw is respected for call signature Http::retry([1,2], throw: false) by @paulyoungnb in https://github.com/laravel/framework/pull/52002
[10.x] Set application_name and character set as PostgreSQL DSN string by @sunaoka in https://github.com/laravel/framework/pull/51985

`v10.48.15`

[10.x] Set previous exception on HttpResponseException by @hafezdivandari in https://github.com/laravel/framework/pull/51986

`v10.48.14`

[10.x] Fixes unable to call another command as a initialized instance of Command class by @crynobone in https://github.com/laravel/framework/pull/51824
[10.x] fix handle shift() on an empty collection by @Treggats in https://github.com/laravel/framework/pull/51841
[10.x] Ensureschema:dump will dump the migrations table only if it exists by @NickSdot in https://github.com/laravel/framework/pull/51827

`v10.48.13`

[10.x] Fix typo in return comment of createSesTransport method by @zds-s in https://github.com/laravel/framework/pull/51688
[10.x] Fix collection shift less than one item by @faissaloux in https://github.com/laravel/framework/pull/51686
[10.x] Turn Enumerable unless() $callback parameter optional by @faissaloux in https://github.com/laravel/framework/pull/51701
Revert "[10.x] Turn Enumerable unless() $callback parameter optional" by @taylorotwell in https://github.com/laravel/framework/pull/51707

`v10.48.12`

[10.x] Fix typo by @Issei0804-ie in https://github.com/laravel/framework/pull/51535
[10.x] Fix SQL Server detection in database store by @staudenmeir in https://github.com/laravel/framework/pull/51547
[10.x] - Fix batch list loading in Horizon when serialization error by @jeffortegad in https://github.com/laravel/framework/pull/51551
[10.x] Fixes explicit route binding with BackedEnum by @CAAHS in https://github.com/laravel/framework/pull/51586

`v10.48.11`

[10.x] Backport: Fix SesV2Transport to use correct EmailTags argument by @Tietew in https://github.com/laravel/framework/pull/51352
[10.x] Fix PHPDoc typo by @staudenmeir in https://github.com/laravel/framework/pull/51390
[10.x] Fix apa on non ASCII characters by @faissaloux in https://github.com/laravel/framework/pull/51428
[10.x] Fixes view engine resolvers leaking memory by @nunomaduro in https://github.com/laravel/framework/pull/51450
[10.x] Do not use app() Foundation helper on ViewServiceProvider by @rodrigopedra in https://github.com/laravel/framework/pull/51522

`v10.48.10`

[10.x] Fix typo in signed URL tampering tests by @Krisell in https://github.com/laravel/framework/pull/51238
[10.x] Add "Server has gone away" to DetectsLostConnection by @Jubeki in https://github.com/laravel/framework/pull/51241
[10.x] Fix support for the LARAVEL_STORAGE_PATH env var (#51238) by @dunglas in https://github.com/laravel/framework/pull/51243

`v10.48.9`

[10.x] Binding order is incorrect when using cursor paginate with multiple unions with a where by @thijsvdanker in https://github.com/laravel/framework/pull/50884
[10.x] Fix cursor paginate with union and column alias by @thijsvdanker in https://github.com/laravel/framework/pull/50882
[10.x] Address Null Parameter Deprecations in UrlGenerator by @aldobarr in https://github.com/laravel/framework/pull/51148

`v10.48.8`

[10.x] Fix error when using orderByRaw() in query before using cursorPaginate() by @axlon in https://github.com/laravel/framework/pull/51023
[10.x] Database layer fixes by @saadsidqui in https://github.com/laravel/framework/pull/49787

`v10.48.7`

Fix more query builder methods by @taylorotwell in laravel/framework@95ef230

`v10.48.6`

[10.x] Added eachById and chunkByIdDesc to BelongsToMany by @lonnylot in https://github.com/laravel/framework/pull/50991

`v10.48.5`

[10.x] Prevent Redis connection error report flood on queue worker by @kasus in https://github.com/laravel/framework/pull/50812
[10.x] Laravel 10x optional withSize for hasTable by @apspan in https://github.com/laravel/framework/pull/50888
[10.x] Add serializeAndRestore() to NotificationFake by @dbpolito in https://github.com/laravel/framework/pull/50935

`v10.48.4`

[10.x] Fix Collection::concat() return type by @axlon in https://github.com/laravel/framework/pull/50669
[10.x] Fix command alias registration and usage by @crynobone in https://github.com/laravel/framework/pull/50695

`v10.48.3`

Re-tag version

`v10.48.2`

[10.x] Update mockery conflict to just disallow the broken version by @GrahamCampbell in https://github.com/laravel/framework/pull/50472
[10.x] Conflict with specific release by @driesvints in https://github.com/laravel/framework/pull/50473
[10.x] Fix for attributes being escaped on Dynamic Blade Components by @pascalbaljet in https://github.com/laravel/framework/pull/50471
[10.x] Revert PR 50403 by @driesvints in https://github.com/laravel/framework/pull/50482

`v10.48.1`

[10.x] Add conflict for Mockery v1.6.8 by @driesvints in https://github.com/laravel/framework/pull/50468

`v10.48.0`

fix: allow null, string and string array as allowed tags by @maartenpaauw in https://github.com/laravel/framework/pull/50409
[10.x] Allow Expression at more places in Query Builder by @pascalbaljet in https://github.com/laravel/framework/pull/50402
[10.x] Sleep syncing by @timacdonald in https://github.com/laravel/framework/pull/50392
[10.x] Cleaning Trait on multi-lines by @gcazin in https://github.com/laravel/framework/pull/50413
fix: incomplete type for Builder::from property by @sebj54 in https://github.com/laravel/framework/pull/50426
[10.x] After commit callback throwing an exception causes broken transactions afterwards by @oprypkhantc in https://github.com/laravel/framework/pull/50423
[10.x] Anonymous component bound attribute values are evaluated twice by @danharrin in https://github.com/laravel/framework/pull/50403
[10.x] Fix for sortByDesc ignoring multiple attributes by @TWithers in https://github.com/laravel/framework/pull/50431
[10.x] Allow sync with carbon to be set from fake method by @abenerd in https://github.com/laravel/framework/pull/50450
[10.x] Improves Illuminate\Mail\Mailables\Envelope docblock by @crynobone in https://github.com/laravel/framework/pull/50448
[10.x] Incorrect return in FileSystem.php by @gcazin in https://github.com/laravel/framework/pull/50459
[10.x] fix return types by @imahmood in https://github.com/laravel/framework/pull/50461
fix: phpstan issue - right side of || always false by @Carnicero90 in https://github.com/laravel/framework/pull/50453

`v10.47.0`

[10.x] Allow for relation key to be an enum by @AJenbo in https://github.com/laravel/framework/pull/50311
FIx for "empty" strings passed to Str::apa() by @tiagof in https://github.com/laravel/framework/pull/50335
[10.x] Fixed header mail text component to not use markdown by @dmyers in https://github.com/laravel/framework/pull/50332
[10.x] Add test for the "empty strings in Str::apa()" fix by @osbre in https://github.com/laravel/framework/pull/50340
[10.x] Fix the cache cannot expire cache with 0 TTL by @kayw-geek in https://github.com/laravel/framework/pull/50359
[10.x] Add fail on timeout to queue listener by @saeedhosseiinii in https://github.com/laravel/framework/pull/50352
[10.x] Support sort option flags on sortByMany Collections by @TWithers in https://github.com/laravel/framework/pull/50269
[10.x] Add whereAll and whereAny methods to the query builder by @musiermoore in https://github.com/laravel/framework/pull/50344
[10.x] Adds Reverb broadcasting driver by @joedixon in https://github.com/laravel/framework/pull/50088

`v10.46.0`

[10.x] Ensure lazy-loading for trashed morphTo relations works by @nuernbergerA in https://github.com/laravel/framework/pull/50176
[10.x] Arr::select not working when $keys is a string by @Sicklou in https://github.com/laravel/framework/pull/50169
[10.x] Added passing loaded relationship to value callback by @dkulyk in https://github.com/laravel/framework/pull/50167
[10.x] Fix optional charset and collation when creating database by @GrahamCampbell in https://github.com/laravel/framework/pull/50168
[10.x] update doc block in PendingProcess.php by @saMahmoudzadeh in https://github.com/laravel/framework/pull/50198
[10.x] Fix Accepting nullable Parameters, updated doc block, and null pointer exception handling in batchable trait by @saMahmoudzadeh in https://github.com/laravel/framework/pull/50209
Make GuardsAttributes fillable property DocBlock more specific by @liamduckett in https://github.com/laravel/framework/pull/50229
[10.x] Add only and except methods to Enum validation rule by @Anton5360 in https://github.com/laravel/framework/pull/50226
[10.x] Fixes on nesting operations performed while applying scopes. by @Guilhem-DELAITRE in https://github.com/laravel/framework/pull/50207
[10.x] Custom RateLimiter increase by @khepin in https://github.com/laravel/framework/pull/50197
[10.x] Add Lateral Join to Query Builder by @Bakke in https://github.com/laravel/framework/pull/50050
[10.x] Update return type by @AmirRezaM75 in https://github.com/laravel/framework/pull/50252
[10.x] Fix dockblock by @michaelnabil230 in https://github.com/laravel/framework/pull/50259
[10.x] Add Conditionable in enum rule by @michaelnabil230 in https://github.com/laravel/framework/pull/50257
[10.x] Update Facade::$app to nullable by @villfa in https://github.com/laravel/framework/pull/50260
[10.x] Truncate sqlite table name with prefix by @kitloong in https://github.com/laravel/framework/pull/50251
Correction comment for Str::orderedUuid() - https://github.com/larave… by @wq9578 in https://github.com/laravel/framework/pull/50268

`v10.45.1`

Fix typehint for ResetPassword::toMailUsing() by @KKSzymanowski in https://github.com/laravel/framework/pull/50163
[10.x] Fix Process::fake() never matching multi-line commands by @SjorsO in https://github.com/laravel/framework/pull/50164

`v10.45.0`

[10.x] Update Stringable phpdoc by @milwad-dev in https://github.com/laravel/framework/pull/50075
[10.x] Allow Collection::select() to work on ArrayAccess by @axlon in https://github.com/laravel/framework/pull/50072
[10.x] Add before to the PendingBatch by @xiCO2k in https://github.com/laravel/framework/pull/50058
[10.x] Adjust rules call sequence by @driesvints in https://github.com/laravel/framework/pull/50084
[10.x] Fixes Illuminate\Support\Str::fromBase64() return type by @SamAsEnd in https://github.com/laravel/framework/pull/50108
[10.x] Actually fix fromBase64 return type by @GrahamCampbell in https://github.com/laravel/framework/pull/50113
[10.x] Fix warning and deprecation for Str::api by @driesvints in https://github.com/laravel/framework/pull/50114
[10.x] Mark model instanse as not exists on deleting MorphPivot relation. by @dkulyk in https://github.com/laravel/framework/pull/50135
[10.x] Adds Tappable and Conditionable to Relation class by @DarkGhostHunter in https://github.com/laravel/framework/pull/50124
[10.x] Added getQualifiedMorphTypeName to MorphToMany by @dkulyk in https://github.com/laravel/framework/pull/50153

`v10.44.0`

[10.x] Fix empty request for HTTP connection exception by @driesvints in https://github.com/laravel/framework/pull/49924
[10.x] Add Collection::select() method by @morrislaptop in https://github.com/laravel/framework/pull/49845
[10.x] Refactor getPreviousUrlFromSession method in UrlGenerator by @milwad-dev in https://github.com/laravel/framework/pull/49944
[10.x] Add POSIX compliant cleanup to artisan serve by @Tofandel in https://github.com/laravel/framework/pull/49943
[10.x] Fix infinite loop when global scopes query contains aggregates by @mateusjunges in https://github.com/laravel/framework/pull/49972
[10.x] Adds PHPUnit 11 as conflict by @nunomaduro in https://github.com/laravel/framework/pull/49957
Revert "[10.x] fix Before/After validation rules" by @taylorotwell in https://github.com/laravel/framework/pull/50013
[10.x] Fix the phpdoc for replaceMatches in Str and Stringable helpers by @joke2k in https://github.com/laravel/framework/pull/49990
[10.x] Added setAbly() method for AblyBroadcaster by @Rijoanul-Shanto in https://github.com/laravel/framework/pull/49981
[10.x] Fix in appendExceptionToException method exception type check by @t1nkl in https://github.com/laravel/framework/pull/49958
[10.x] DB command: add sqlcmd -C flag when 'trust_server_certificate' is set by @hulkur in https://github.com/laravel/framework/pull/49952
Allows Setup and Teardown actions to be reused in alternative TestCase for Laravel by @crynobone in https://github.com/laravel/framework/pull/49973
[10.x] Add toBase64() and fromBase64() methods to Stringable and Str classes by @mtownsend5512 in https://github.com/laravel/framework/pull/49984
[10.x] Allows to defer resolving pcntl only if it's available by @crynobone in https://github.com/laravel/framework/pull/50024
[10.x] Fixes missing Throwable import and handle if originalExceptionHandler or originalDeprecationHandler property isn't used by alternative TestCase by @crynobone in https://github.com/laravel/framework/pull/50021
[10.x] Type hinting for conditional validation rules by @lorenzolosa in https://github.com/laravel/framework/pull/50017
[10.x] Introduce new Arr::take() helper by @ryangjchandler in https://github.com/laravel/framework/pull/50015
[10.x] Improved Handling of Empty Component Slots with HTML Comments or Line Breaks by @comes in https://github.com/laravel/framework/pull/49966
[10.x] Introduce Observe attribute for models by @emargareten in https://github.com/laravel/framework/pull/49843
[10.x] Add ScopedBy attribute for models by @emargareten in https://github.com/laravel/framework/pull/50034
[10.x] Update reserved names in GeneratorCommand by @xurshudyan in https://github.com/laravel/framework/pull/50043
[10.x] fix Validator::validated get nullable array by @helitik in https://github.com/laravel/framework/pull/50056
[10.x] Pass Herd specific env variables to "artisan serve" by @mpociot in https://github.com/laravel/framework/pull/50069
Remove regex case insensitivity modifier in UUID detection to speed it up slightly by @maximal in https://github.com/laravel/framework/pull/50067
[10.x] HTTP retry method can accept array as first param by @me-shaon in https://github.com/laravel/framework/pull/50064
[10.x] Fix DB::afterCommit() broken in tests using DatabaseTransactions by @oprypkhantc in https://github.com/laravel/framework/pull/50068

`v10.43.0`

[10.x] Add storage:unlink command by @salkovmx in https://github.com/laravel/framework/pull/49795
[10.x] Unify \Illuminate\Log\LogManager method definition comments with \Psr\Logger\Interface by @eusonlito in https://github.com/laravel/framework/pull/49805
[10.x] class-name string argument for global scopes by @emargareten in https://github.com/laravel/framework/pull/49802
[10.x] Add hasIndex() and minor Schema enhancements by @hafezdivandari in https://github.com/laravel/framework/pull/49796
[10.x] Do not touch BelongsToMany relation when using withoutTouching by @mateusjunges in https://github.com/laravel/framework/pull/49798
[10.x] Check properties on mailables are initialized before sharing with the view by @j3j5 in https://github.com/laravel/framework/pull/49813
[10.x] Remove duplicate actions/checkout from queue workflow by @Jubeki in https://github.com/laravel/framework/pull/49828
[10.x] Add insertOrIgnoreUsing for Eloquent by @trovster in https://github.com/laravel/framework/pull/49827
[10.x] Make hasIndex() Order-sensitive by @hafezdivandari in https://github.com/laravel/framework/pull/49840
[10.x] Release action by @driesvints in https://github.com/laravel/framework/pull/49838
[10.x] Add MariaDb1060Platform by @driesvints in https://github.com/laravel/framework/pull/49848
[10.x] Unified Pivot and Model Doc Block $guarded by @eusonlito in https://github.com/laravel/framework/pull/49851
[10.x] Introducing beforeStartingTransaction callback and use it in LazilyRefreshDatabase by @pascalbaljet in https://github.com/laravel/framework/pull/49853
[10.x] fix password max validation message by @MrPunyapal in https://github.com/laravel/framework/pull/49861
[10.x] Fix validation message used for max file size by @mateusjunges in https://github.com/laravel/framework/pull/49879
Update README.md by @foremtehan in https://github.com/laravel/framework/pull/49878
[10.x] Adds FormRequest@getRules() method by @cosmastech in https://github.com/laravel/framework/pull/49860
[10.x] add addGlobalScopes method by @emargareten in https://github.com/laravel/framework/pull/49880
[10.x] Allow brick/math 0.12 by @LogicSatinn in https://github.com/laravel/framework/pull/49883
[10.x] Add support for streamed JSON Response by @pelmered in https://github.com/laravel/framework/pull/49873
[10.x] Using the native fopen exception in LockableFile.php by @eusonlito in https://github.com/laravel/framework/pull/49895
[10.x] Fix LazilyRefreshDatabase when testing artisan commands by @iamgergo in https://github.com/laravel/framework/pull/49914
[10.x] Fix expressions in with-functions doing aggregates by @tpetry in https://github.com/laravel/framework/pull/49912
[10.x] Fix redis tag entries never becoming stale if cache ttl is past time by @jagers in https://github.com/laravel/framework/pull/49864
[10.x] Fix - The Translator may incorrectly report the locale of a missing translation key by @VicGUTT in https://github.com/laravel/framework/pull/49900
[10.x] fix Before/After validation rules by @MrPunyapal in https://github.com/laravel/framework/pull/49871

`v10.42.0`

[10.x] Switch to hash_equals in File::hasSameHash() by @simonhamp in https://github.com/laravel/framework/pull/49721
[10.x] fix Rule::unless for callable $condition by @dbakan in https://github.com/laravel/framework/pull/49726
[10.x] Adds JobQueueing event by @dmason30 in https://github.com/laravel/framework/pull/49722
[10.x] Fix decoding issue in MailLogTransport by @rojtjo in https://github.com/laravel/framework/pull/49727
[10.x] Implement "max" validation rule for passwords by @angelej in https://github.com/laravel/framework/pull/49739
[10.x] Add multiple channels/routes to AnonymousNotifiable at once by @iamgergo in https://github.com/laravel/framework/pull/49745
[10.x] Sort service providers alphabetically by @buismaarten in https://github.com/laravel/framework/pull/49762
[10.x] Global default options for the http factory by @timacdonald in https://github.com/laravel/framework/pull/49767
[10.x] Only use Carbon if accessed from Laravel or also uses illuminate/support by @crynobone in https://github.com/laravel/framework/pull/49772
[10.x] Add Str::unwrap by @stevebauman in https://github.com/laravel/framework/pull/49779
[10.x] Allow Uuid and Ulid in Carbon::createFromId() by @kylekatarnls in https://github.com/laravel/framework/pull/49783
[10.x] Test Improvements by @crynobone in https://github.com/laravel/framework/pull/49785

`v10.41.0`

[10.x] Add a threshold parameter to the Number::spell helper by @caendesilva in https://github.com/laravel/framework/pull/49610
Revert "[10.x] Make ComponentAttributeBag Arrayable" by @luanfreitasdev in https://github.com/laravel/framework/pull/49623
[10.x] Fix return value and docblock by @dwightwatson in https://github.com/laravel/framework/pull/49627
[10.x] Add an option to specify the default path to the models directory for php artisan model:prune by @dbhynds in https://github.com/laravel/framework/pull/49617
[10.x] Allow job chains to be conditionally dispatched by @fjarrett in https://github.com/laravel/framework/pull/49624
[10.x] Add test for existing empty test by @lioneaglesolutions in https://github.com/laravel/framework/pull/49632
[10.x] Add additional context to Mailable assertion messages by @lioneaglesolutions in https://github.com/laravel/framework/pull/49631
[10.x] Allow job batches to be conditionally dispatched by @fjarrett in https://github.com/laravel/framework/pull/49639
[10.x] Revert parameter name change by @timacdonald in https://github.com/laravel/framework/pull/49659
[10.x] Printing Name of The Method that Calls ensureIntlExtensionIsInstalled in Number class. by @devajmeireles in https://github.com/laravel/framework/pull/49660
[10.x] Update pagination tailwind.blade.php by @anasmorahhib in https://github.com/laravel/framework/pull/49665
[10.x] feat: add base argument to Stringable->toInteger() by @adamczykpiotr in https://github.com/laravel/framework/pull/49670
[10.x]: Remove unused class ShouldBeUnique when make a job by @Kenini1805 in https://github.com/laravel/framework/pull/49669
[10.x] Add tests for Eloquent methods by @milwad-dev in https://github.com/laravel/framework/pull/49673
Implement draft workflow by @driesvints in https://github.com/laravel/framework/pull/49683
[10.x] Fixing Types, Word and Returns of Numberclass. by @devajmeireles in https://github.com/laravel/framework/pull/49681
[10.x] Test Improvements by @crynobone in https://github.com/laravel/framework/pull/49679
[10.x] Officially support floats in trans_choice and Translator::choice by @philbates35 in https://github.com/laravel/framework/pull/49693
[10.x] Use static function by @michaelnabil230 in https://github.com/laravel/framework/pull/49696
[10.x] Revert "[10.x] Improve numeric comparison for custom casts" by @driesvints in https://github.com/laravel/framework/pull/49702
[10.x] Add exit code to queue:clear, and queue:forget commands by @bytestream in https://github.com/laravel/framework/pull/49707
[10.x] Allow StreamInterface as raw HTTP Client body by @janolivermr in https://github.com/laravel/framework/pull/49705

`v10.40.0`

[10.x] Model::preventAccessingMissingAttributes() raises exception for enums & primitive castable attributes that were not retrieved by @cosmastech in https://github.com/laravel/framework/pull/49480
[10.x] Include system versioned tables for MariaDB by @hafezdivandari in https://github.com/laravel/framework/pull/49509
[10.x] Fixes the Arr::dot() method to properly handle indexes array by @kayw-geek in https://github.com/laravel/framework/pull/49507
[10.x] Expand Gate::allows & Gate::denies signature by @antonkomarev in https://github.com/laravel/framework/pull/49503
[10.x] Improve numeric comparison for custom casts by @imahmood in https://github.com/laravel/framework/pull/49504
[10.x] Add session except method by @xurshudyan in https://github.com/laravel/framework/pull/49520
[10.x] Add Number::clamp by @jbrooksuk in https://github.com/laravel/framework/pull/49512
[10.x] Fix Schedule test by @michaelnabil230 in https://github.com/laravel/framework/pull/49538
[10.x] Use correct format of date by @buismaarten in https://github.com/laravel/framework/pull/49541
[10.x] Clean Arr by @michaelnabil230 in https://github.com/laravel/framework/pull/49530
[10.x] Make ComponentAttributeBag Arrayable by @iamgergo in https://github.com/laravel/framework/pull/49524
[10.x] Fix whenAggregated when default is not specified by @lovePizza in https://github.com/laravel/framework/pull/49521
[10.x] Update AsArrayObject.php to use ARRAY_AS_PROPS flag by @pintend in https://github.com/laravel/framework/pull/49534
[10.x] Remove invalid RedisCluster::client() call by @tillkruss in https://github.com/laravel/framework/pull/49560
[10.x] Remove unused code from PhpRedisConnector by @tillkruss in https://github.com/laravel/framework/pull/49559
[10.x] Flush about command during test runs by @timacdonald in https://github.com/laravel/framework/pull/49557
[10.x] Fix parentOfParameter method by @iamgergo in https://github.com/laravel/framework/pull/49548
[10.x] Make the Schema Builder macroable by @kevinb1989 in https://github.com/laravel/framework/pull/49547
[10.x] Remove unused code from tests by @imahmood in https://github.com/laravel/framework/pull/49566
[10.x] Update Query/Builder.php $columns typehint by @Grldk in https://github.com/laravel/framework/pull/49563
[10.x] Add assertViewEmpty to TestView by @dwightwatson in [https://github.com/[10.x] Add assertViewEmpty to TestView laravel/framework#49558](https://redirect.github.com/laravel/framew

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Contributor Author

renovate bot commented Mar 6, 2025 •

edited

Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: composer.lock

Command failed: composer update laravel/framework:10.48.29 --with-dependencies --ignore-platform-req='ext-*' --ignore-platform-req='lib-*' --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires fruitcake/laravel-cors ^3.0, found fruitcake/laravel-cors[dev-master, v3.0.0, 3.0.x-dev (alias of dev-master)] but the package is fixed to v2.0.4 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
  Problem 2
    - Root composer.json requires nunomaduro/collision ^7.0, found nunomaduro/collision[v7.0.0, ..., v7.x-dev] but the package is fixed to v5.4.0 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
  Problem 3
    - Root composer.json requires phpunit/phpunit ^10.0.0, found phpunit/phpunit[10.0.0, ..., 10.5.x-dev] but the package is fixed to 9.6.13 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
  Problem 4
    - Root composer.json requires laravel/framework ^10.0 -> satisfiable by laravel/framework[v10.48.29].
    - laravel/framework v10.48.29 requires monolog/monolog ^3.0 -> found monolog/monolog[dev-main, 3.0.0-RC1, ..., 3.x-dev] but these were not loaded, likely because it conflicts with another require.

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.

renovate bot changed the title ~~Update dependency laravel/framework to v11 [SECURITY]~~ Update dependency laravel/framework to v8.83.28 [SECURITY]


          Update dependency laravel/framework to v10 [SECURITY]

6cf529a

renovate bot force-pushed the renovate/packagist-laravel-framework-vulnerability branch from 64b222e to 6cf529a Compare

March 13, 2025 05:37

renovate bot changed the title ~~Update dependency laravel/framework to v8.83.28 [SECURITY]~~ Update dependency laravel/framework to v10 [SECURITY]

sonarqubecloud bot commented Mar 13, 2025

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet