Skip to content

Bump the composer group across 1 directory with 4 updates#2

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/composer-9fd3f4c863
Open

Bump the composer group across 1 directory with 4 updates#2
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/composer/composer-9fd3f4c863

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 20, 2026

Copy link
Copy Markdown

Bumps the composer group with 1 update in the / directory: laravel/framework.

Updates laravel/framework from 13.9.0 to 13.12.0

Release notes

Sourced from laravel/framework's releases.

v13.12.0

v13.11.2

v13.11.1

v13.11.0

v13.10.0

... (truncated)

Changelog

Sourced from laravel/framework's changelog.

v13.12.0 - 2026-05-26

v13.11.2 - 2026-05-20

v13.11.1 - 2026-05-19

v13.11.0 - 2026-05-19

v13.10.0 - 2026-05-19

... (truncated)

Commits
  • 6ac27a7 Update version to v13.12.0
  • 5d0dd30 update comment
  • fae546e [13.x] Throw ManagedQueueNotFoundException when a managed queue is missing (#...
  • 2627847 use display name
  • 4db3505 Fix #60278 - View\Factory::flushComponents() doesn't reset $slots / $slotStac...
  • a67650e Apply fixes from StyleCI
  • ee6949d Add Client\Request::uri() (#60282)
  • 566f2c4 Supports using URI-based connection for SQLite using file: prefix (#60261)
  • 7104220 [13.x] Fix incorrect @​return types in Number::spell(), ordinal(), and spellOr...
  • 39cb3f2 Guard base_path() call in SQLiteConnector for standalone usage (#60260) (#60266)
  • Additional commits viewable in compare view

Updates guzzlehttp/psr7 from 2.9.0 to 2.12.1

Release notes

Sourced from guzzlehttp/psr7's releases.

2.12.1

Security

2.12.0

Deprecated

  • Deprecated non-finite float values in Query::build() that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-finite float multipart contents that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-string scalar bodies in Utils::streamFor(); cast them to a string for 3.0
  • Deprecated non-string Uri::withQueryValues() values; cast them to a string for 3.0

2.11.1

Fixed

  • Fixed non-finite float values emitting coercion warnings on PHP 8.5

2.11.0

Changed

  • Changed Utils::modifyRequest() to reject conflicting URI and Host header changes in the same call
  • Changed Header::parse() to split semicolon-separated parameters without repeated regular expression lookaheads
  • Changed UriComparator::isCrossOrigin() so only HTTP and HTTPS missing ports receive implicit default ports

Deprecated

  • Deprecated invalid PSR-7 arguments that guzzlehttp/psr7 3.0 will require native types for
  • Deprecated non-string header values that guzzlehttp/psr7 3.0 will reject
  • Deprecated empty header value arrays that guzzlehttp/psr7 3.0 will reject
  • Deprecated URI schemes that do not match guzzlehttp/psr7 3.0 syntax requirements
  • Deprecated multipart boundary and custom part header metadata that guzzlehttp/psr7 3.0 will reject
  • Deprecated reliance on automatic uppercasing of request methods; guzzlehttp/psr7 3.0 preserves method casing
  • Deprecated invalid Utils::modifyRequest() change values that guzzlehttp/psr7 3.0 will reject

Fixed

  • Fixed Utils::copyToStream() to retry short destination writes instead of dropping the unwritten remainder
  • Fixed Header::parse() splitting of semicolon-separated parameters with escaped quotes

2.10.4

Fixed

  • Apply UriNormalizer percent-encoding normalizations to URI fragments
  • Make LimitStream::getSize() return 0 for slices past the underlying stream end
  • Make AppendStream::read() return an empty string when no streams are attached
  • Make CachingStream::read() throw on an incomplete cache-target write instead of silently corrupting replays
  • Prevent CachingStream::seek() from looping indefinitely when the remote stream makes no progress

2.10.3

... (truncated)

Changelog

Sourced from guzzlehttp/psr7's changelog.

2.12.1 - 2026-06-18

Security

2.12.0 - 2026-06-16

Deprecated

  • Deprecated non-finite float values in Query::build() that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-finite float multipart contents that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-string scalar bodies in Utils::streamFor(); cast them to a string for 3.0
  • Deprecated non-string Uri::withQueryValues() values; cast them to a string for 3.0

2.11.1 - 2026-06-12

Fixed

  • Fixed non-finite float values emitting coercion warnings on PHP 8.5

2.11.0 - 2026-06-02

Changed

  • Changed Utils::modifyRequest() to reject conflicting URI and Host header changes in the same call
  • Changed Header::parse() to split semicolon-separated parameters without repeated regular expression lookaheads
  • Changed UriComparator::isCrossOrigin() so only HTTP and HTTPS missing ports receive implicit default ports

Deprecated

  • Deprecated invalid PSR-7 arguments that guzzlehttp/psr7 3.0 will require native types for
  • Deprecated non-string header values that guzzlehttp/psr7 3.0 will reject
  • Deprecated empty header value arrays that guzzlehttp/psr7 3.0 will reject
  • Deprecated URI schemes that do not match guzzlehttp/psr7 3.0 syntax requirements
  • Deprecated multipart boundary and custom part header metadata that guzzlehttp/psr7 3.0 will reject
  • Deprecated reliance on automatic uppercasing of request methods; guzzlehttp/psr7 3.0 preserves method casing
  • Deprecated invalid Utils::modifyRequest() change values that guzzlehttp/psr7 3.0 will reject

Fixed

  • Fixed Utils::copyToStream() to retry short destination writes instead of dropping the unwritten remainder
  • Fixed Header::parse() splitting of semicolon-separated parameters with escaped quotes

2.10.4 - 2026-05-29

Fixed

  • Apply UriNormalizer percent-encoding normalizations to URI fragments
  • Make LimitStream::getSize() return 0 for slices past the underlying stream end

... (truncated)

Commits

Updates symfony/http-foundation from 8.0.8 to 7.4.13

Commits
  • bc354f4 Merge branch '6.4' into 7.4
  • 48d76c2 security #cve-2026-48736 [HttpFoundation] Block IPv6 transition forms in IpUt...
  • fda5ebe Merge branch '6.4' into 7.4
  • 5979ae8 Ignore Doctrine DBAL deprecations that can't be worked around
  • 10d5daa [HttpFoundation] Fix tests for PHP 8.6: session.cookie_samesite=Lax
  • 3ebc78a [HttpFoundation] Block IPv6 transition forms in IpUtils::PRIVATE_SUBNETS
  • 051a962 Merge branch '6.4' into 7.4
  • 5402ad1 Remove wrong documentation
  • c38f205 [7.4] Remove usages of named arguments in tests
  • a762b60 Update XSD references in phpunit.xml.dist files
  • Additional commits viewable in compare view

Updates symfony/routing from 8.0.9 to 7.4.13

Commits
  • 3a16217 Merge branch '6.4' into 7.4
  • af04c79 Merge branch '5.4' into 6.4
  • e6f3f03 Fix tests and merge resolution after merging 6.4 into 7.4
  • 5156fe8 Merge branch '6.4' into 7.4
  • be4ce34 [Routing][RateLimiter][Mime][Security] Harden __unserialize against __toStrin...
  • f4ca0c5 [Routing] Fix dot-segment encoding for chained "../" and "./" in generated URLs
  • 3b04a5e Merge branch '6.4' into 7.4
  • 0cd0d2f Merge branch '5.4' into 6.4
  • 275b313 [Routing] Fix regex alternation anchoring in UrlGenerator requirement validation
  • 4720254 Merge branch '7.3' into 7.4
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the composer group with 1 update in the / directory: [laravel/framework](https://github.com/laravel/framework).


Updates `laravel/framework` from 13.9.0 to 13.12.0
- [Release notes](https://github.com/laravel/framework/releases)
- [Changelog](https://github.com/laravel/framework/blob/13.x/CHANGELOG.md)
- [Commits](laravel/framework@v13.9.0...v13.12.0)

Updates `guzzlehttp/psr7` from 2.9.0 to 2.12.1
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/2.12/CHANGELOG.md)
- [Commits](guzzle/psr7@2.9.0...2.12.1)

Updates `symfony/http-foundation` from 8.0.8 to 7.4.13
- [Release notes](https://github.com/symfony/http-foundation/releases)
- [Changelog](https://github.com/symfony/http-foundation/blob/8.2/CHANGELOG.md)
- [Commits](symfony/http-foundation@v8.0.8...v7.4.13)

Updates `symfony/routing` from 8.0.9 to 7.4.13
- [Release notes](https://github.com/symfony/routing/releases)
- [Changelog](https://github.com/symfony/routing/blob/8.2/CHANGELOG.md)
- [Commits](symfony/routing@v8.0.9...v7.4.13)

---
updated-dependencies:
- dependency-name: laravel/framework
  dependency-version: 13.12.0
  dependency-type: direct:production
  dependency-group: composer
- dependency-name: guzzlehttp/psr7
  dependency-version: 2.12.1
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/http-foundation
  dependency-version: 7.4.13
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/routing
  dependency-version: 7.4.13
  dependency-type: indirect
  dependency-group: composer
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Jun 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants